2 posts tagged with "Automation"

Huntress provides a one-liner to install their Linux EDR agent. It works fine when you run it manually on a single machine you control. It does not work reliably when you fire it across dozens of client endpoints via an RMM, against distros you did not pick, behind firewalls configured however the client configured them, on machines you have never touched.

The gap between "one-liner that installs the agent" and "deployment that succeeds consistently at scale" is a wrapper script. This post is about that wrapper, the decisions behind it, and three specific bugs that would have silently broken deployments without the fixes.

When a user reports a phishing email, the ticket lands and someone has to deal with it. Without automation that means: download the .eml, open it in a text editor, read through several hundred lines of raw headers, manually pull SPF/DKIM/DMARC verdicts, and write up a note. Every analyst does it slightly differently. Some do it thoroughly. Some do it fast. Most do it inconsistently at 4pm on a Friday.

I built an automation that fires the moment the ticket is created, parses the attached .eml, evaluates authentication headers, and posts a structured triage summary back to the ticket (usually within a few seconds of the ticket opening). Here is what it does and the part that would have burned me if I had not caught it.