Description
This project aimed to automate the entire process of handling credential leak alerts, targeting both customer and employee accounts compromised during login attempts. The solution included:
- Automating password resets in the IdentityServer database to prevent unauthorized access.
- Creating incidents in ITSM, assigning them to relevant teams based on the affected service.
- Assessing intrusion risks by analyzing login patterns in Active Directory.
- Sending automated alert emails and logging all actions in SIEM for traceability.
- Storing securely hashed compromised indicators in a dedicated SQL database, avoiding redundant analysis for repeated breaches.
The project significantly improved response times, completely eliminated manual workload, and enhanced overall account security through a fully automated and documented workflow.
Technology used
- Python
- PowerShell
- ITSM
- Active Directory
- SQL