A few months ago I began working on a short paper to generate CPEs used for renewing my GIAC/SANS certifications. With few requirements around what the content or format of the paper had to be, this left me opened to writing about something I truly enjoy – automation.
For years I have worked on IRC bots, proxy monitoring and wargame automation in my spare time. At work I spend the majority of my time designing, implementing and managing automation for a variety of purposes. This paper is not meant as a definitive guide on all things automation, but rather as my perspective on designing automation specific to analytical workflows.
The final version of this paper is a long way from where I started, and almost double the length required for my certifications. I ended up learning quite a lot about something I already thought I knew in the process. Many thanks to those of you who provided feedback and review of this to help me get it polished.
Hopefully this is useful or interesting to someone other than me: Automating Security Analysis