As a security analyst for a major MSSP, I use the fancy expensive tools for work. OpenSOC showcases the power of some awesome open source tools that many people have never used. Here are some things I learned by having access to data that’s normally hidden behind an API or totally inaccessible and features not included in large platforms.

Sometimes I have a casual personal project where I just want to get the logs into something where I can easily run queries and create visualizations. The popular content packs on the Graylog Marketplace seem to be deprecated or designed for the NGINX Docker container. This guide will get NGINX logs forwarding to Graylog in just a few minutes. Security and reliability are not guaranteed.

Here’s how to run Docker on Windows 10 and connect it to the Windows Subsystem for Linux (WSL) CLI.

Jinja is a powerful template engine for Python. It’s commonly used to place variables and other content in files. You can see it in action by using Ansible’s template task. There is much more functionality that can be used to take Ansible playbooks to the next level.

The pause module can stop execution for an amount of time or wait for the user to hit Return. One of its return parameters is user_input which makes it great for getting variables or confirming actions during task execution. In this example, we ask the user to confirm that they want to delete an important file. The deletion task will be only be run when the user explicitly types yes or true.