Profile artwork by Paper and Cat
| Topic | Description |
|---|---|
| Event collection to Sentinel | Various topics on events ingestion to Sentinel |
| Windows security events collected by Sentinel | Write-up on the events collected by Sentinel Windows security DCR when configured for All, Common or Minimal set of Windows security events |
| Windows event forwarding | Windows event forwarding between machines in separate domains or WORKGROUP environments |
| Logs ingestion API | Ingest events to Sentinel using logs ingestion API |
| File hash hunting | Threat hunting in Sentinel for file hash indicators with Sysmon events |
| Domain name hunting | Threat hunting in Sentinel for domain name indicators using Sysmon and syslog events |
| Sentinel in Defender portal | Walk through on connecting Sentinel workspace to Defender portal |
| Sentinel MCP | Write-up on Sentinel MCP for agentic operations |
| Topic | Description |
|---|---|
| Defender access control | Granular access control in Defender with Unified RBAC, device groups and cloud scopes |
| Multi-tenant management | Setup multi-tenant Defender for B2B tenants |
| Topic | Description |
|---|---|
| Microsoft Foundry | • Setup AI resources in Azure • Connect to models via API endpoint and key (for use with tools like n8n and Langflow) |
| Entra OAuth 2.0 flows | Flow sequence diagram and examples for: • Client credential flow with client secrets ant certificate • Authorization code flow |
| Azure perimeter network | Secure Azure virtual network: • VM access with Bastion • Outbound internet connection with Azure Firewall and NAT gateway |
| Key vault | Onboard VM credentials to key vault to secure VM access via bastion |
| Azure Arc | Connect on-premise Windows and Linux machines for Azure hybrid cloud management |
| Configuration manager | • Setup Configuration Manager and system roles • Setup Endpoint Protection feature |
| Topic | Description |
|---|---|
| Setup Cribl | Install Cribl and configure syslog and WEF data sources |
| Cribl to Sentinel | • Setup Entra app registration for Cribl • Setup data collection endpoint/rule • Configure Sentinel data destination • Routing events to Sentinel |
| Cribl pipelines | • Pipeline to process syslog and WEF events • Map parameters to schema of Sentinel native Syslog and SecurityEvent tables |
| Topic | Description |
|---|---|
| Observability lab | Observability stack with: • OpenTelemetry (collector) • Prometheus (metrics) • Tempo (traces • Loki (logs) • Grafana (visualization) + Node.js demo app adapted from OpenTelemetry |
| UsersApp | Example Node.js application on user authentication service • Publish web app through Express framework • Example user pages and API endpoints • Backend databases on both MySQL and PostgreSQL • User credential hashing with bcrypt • Session management with JWT cookie • Deployment methods: Kubernetes, Podman quadlets and manual install |
| CityApp | Simple PHP application: fetch a random row from example world database |
| CityApp in Node.js and Python with: • Secrets Manager • IAM Authentication |
Serverless application on AWS • AJAX client-end web page • API Gateway • Lambda (Node.js) • Database on RDS (MySQL) + EC2 examples with Python and Node.js |
| Node.js notes | • Understanding functions and variables • Using exports and module.exports • Using callbacks and promises • Connecting node.js to MySQL database |
| Topic | Description |
|---|---|
| Lab Certs | All the lab certificates and openssl commands for self-signed certificate chain |
| Podman | Podman setup and notes on the nuances of container networking and volume mounts |
| Kubernetes | Single-node Kubernetes setup on Ubuntu with Helm, cert-manager, Traefik and Kubernetes dashboard |
| Traefik | Setup Traefik for lab traffic routing; nuances on Traefik routing under routing-notes |
| Nginx | Setup Nginx for reverse proxy and TLS offloading |
| Databases | Running PostgreSQL in container for the lab services (and MySQL maybe in the future) |
| Agent Runners | Setting up n8n and Langflow for agentic AI lab |
| OpenCTI | Setup OpenCTI lab and various connectors |
| Lab Services | Setup demo services: SmartMail SMTP, GitLab CI/CD and Keycloak IdP |
| Web Request | Notes on using cURL and PowerShell to make web requests |
| Topic | Link |
|---|---|
| Hashicorp Vault and Boundary | https://github.com/joetanx/hashicorp |
| Delinea Secret Server | https://github.com/joetanx/delinea-secret-server |
| Teleport | https://github.com/joetanx/teleport |
| Elastic SOC Lab + Suricata and CyberArk PAM integration | https://github.com/joetanx/setup/blob/main/archived/soc-lab.md |
| Load Balancing CyberArk Servers | https://github.com/joetanx/load-balancing-cyberark/ |
| Topic | Link |
|---|---|
| Setup standalone Conjur Enterprise leader on Podman on RHEL 9 | https://github.com/joetanx/setup/blob/main/archived/conjur.md |
| Setup Conjur Enterprise cluster and followers + Podman + RHEL 9 + Keepalived + Nginx | https://github.com/joetanx/conjur-cluster/ |
| Setup Conjur Open Source Suite on RHEL with Podman | https://github.com/joetanx/conjur-oss/ |
| Topic | Link |
|---|---|
| Kubernetes | cje: https://github.com/joetanx/conjur-k8s/ cjc: https://github.com/joetanx/cjc-k8s/ |
| GitLab | cje https://github.com/joetanx/conjur-gitlab/ cjc: https://github.com/joetanx/cjc-gitlab/ |
| Openshift | https://github.com/joetanx/conjur-ocp/ |
| Jenkins | https://github.com/joetanx/conjur-jenkins/ |
| Terraform | https://github.com/joetanx/conjur-terraform/ |
| Ansible Automation Platform | https://github.com/joetanx/cybr-aap/ |
| Ansible Core | https://github.com/joetanx/conjur-ansible/ |
| Puppet | https://github.com/joetanx/conjur-puppet/ |