𓂀
𓋹

AUTOMATION WITH PYTHON

Lesson 4 of 5
~7 hrs
WARMUP: Repetitive Tasks Brainstorm

Think about tasks you do every day on a computer — checking email, scanning files, backing up data. What if a script could do them automatically while you sleep?

Brainstorm: List 3 security tasks that could be automated. (Examples: log scanning, password rotation, backup verification)

CORE CONCEPTS

Automation saves time, reduces human error, and lets you respond to threats 24/7. A SOC (Security Operations Center) relies heavily on automated alerts.

# Manual vs Automated # Manual: Check logs every hour → slow, tiring # Automated: Script checks logs every 60s → instant alerts

Python can interact with files, send emails, make network requests — everything you need for security automation.

import os import datetime def check_file_changes(path): """Monitor if a file was modified today""" mtime = os.path.getmtime(path) mod_date = datetime.datetime.fromtimestamp(mtime) today = datetime.date.today() if mod_date.date() == today: return f"Modified today: {path}" return f"No changes: {path}" print(check_file_changes("config.py"))

On a real server, scripts are scheduled using cron (Linux) or Task Scheduler (Windows). You can also use a simple while loop with time.sleep() to simulate scheduling.

import time def security_monitor(): while True: scan_logs() check_intrusions() send_report() time.sleep(60) # Wait 60 seconds

This pattern runs forever — perfect for a background monitoring service!

MINI CHALLENGE: File Monitoring Script

Write a Python script that monitors a directory and prints a warning whenever a new file is created or an existing file is modified.

import os import time # Step 1: Save the current state of files files = os.listdir(".") state = {f: os.path.getmtime(f) for f in files} # Step 2: Loop and check for changes # Tip: compare current mtime with saved state
Challenge: Add an alert that prints "INTRUSION DETECTED" if a file named config.json changes.
MAIN PROJECT: Automated Security Alert System

Design and write a Python script that monitors server logs, detects repeated failed login attempts, and sends a simulated alert.

1

Function to read the latest log entries

2

Detect >5 failed attempts from same IP

3

Print or write an alert to a file

4

Run the check every 10 seconds

QUIZ: Automation

Test your automation knowledge.

1. What Python function pauses execution for a given number of seconds?

wait()
pause()
time.sleep()

2. Why is automation important in cybersecurity?

It looks cool
24/7 threat response without human fatigue
It replaces all humans

3. What is a common tool used to schedule Python scripts on Linux?

Task Manager
cron
pip