Let’s take a look at how to subscribe to a G Suite endpoint and receive webhooks for important user account events. This will let us build custom workflows and tailored security responses for a range of scenarios.
We will explore and then automate search operations for a simple Threat Hunting example. We will then turn our learnings into a fully-fledged self-service internal tool for use by colleagues (or perhaps other teams in your organization).
Let’s start by familiarizing ourselves with the Qualys VM/PC REST API. We will combine some simple steps into a more complex (but not complicated) outcome.
In the digital realm, we, as defenders, are too often on the back foot. We hunt for and react to an attacker’s movements, but what if we could direct them for a change and automate what happens next?