Detecting Misuse with the Claude Compliance API: The Threat Is in the Content
Detections for Claude Enterprise built on Compliance API content: a prefilter and LLM judge that catch prompt injection, jailbreaks and data exfiltration.
Auditing Claude Enterprise: Shipping the Compliance API into Your SIEM
In this post I show how to use Anthropic's Compliance API to stream Claude Enterprise audit events into your SIEM, and introduce claude-compliance-sdk, a Python SDK I built to make interacting with the API easier. Why bother? You don't need me to tell you
Going Further with Slack DLP: SIEM Ingestion and Alerting Workflow
This post builds on my previous article explaining how to export Slack DLP alerts using my export script, and also introduces a Python SDK for interacting with Slack DLP. Using these, I’ll show how we can go further by ingesting DLP logs into a SIEM and, finally, building a
Extracting Rich Slack DLP Alerts
Slack’s audit logs don’t include enough context to investigate DLP detections. In this post, I show how to export the richer DLP details Slack displays in the admin console, and I use my slack-dlp-log-extractor script to do it via the DLP API. What is Slack
Returning to the Cookie Jar
In 2023 I wrote a blog post on how you can extract and use cookies from Slack to authenticate to the API, and it has become one of my most commonly viewed articles. Since then, Slack have changed a few things, and I've been doing some deeper digging
Secrets Management Part 2 – Encrypted Secret Retrieval with Gopass
In this post I explain how to use gopass to GPG encrypt and store your secrets locally, then integrate with direnv to decrypt and load your secrets to environment variables in your shell without exposing them in plaintext. In Part 1 of this Secrets Management series I showed you: * How