Overview

Objectives

• Identify repetitive response actions suitable for automation

• Build small, reliable scripts with safe defaults

• Test thoroughly and document usage and rollback steps

• Integrate notifications so humans stay in the loop

Prerequisites

• Basic Python or Bash skills

• Access to a lab or permitted environment for testing

• Secure storage for keys and secrets

Implementation

1. Task selection

• Chose three actions for fast wins: host isolation, Internet Protocol blocking, and team notification.

• Defined inputs, outputs, and required permissions for each.

2. Environment

• Created a versioned repo with a virtual environment and requirements file.

• Stored secrets in environment variables or a vault and used SSH keys for remote commands.

3. Scripts

• Isolate host: connect over SSH and disable a network interface on the target.

• Block Internet Protocol: add a deny rule using the host firewall or edge device API.

• Notify team: send a structured message or email with incident context and links.

4. Safety and logging

• Added dry run flags, input validation, and clear error messages.

• Logged actions and results for audit and rollback.

5. Testing

• Ran unit tests where possible and performed end to end tests on lab hosts.

• Captured before and after network reachability and firewall state.

6. Runbooks

• Wrote short operator guides with prerequisites, command examples, and rollback steps.

• Mapped each script to an alert type for rapid use.

Outcomes

• Reduced containment time for common incidents

• Consistent response steps with auditable logs

• Easier handoffs between analysts and on-call engineers

Skills demonstrated

• Security automation and scripting

• Remote administration and firewall control

• Operational documentation and safe change practices