Exercise 2: Automated User Remediation

Objective

When a user fails a device posture check, automatically send them a remediation guide via Telegram and create a tracking ticket in Jira.

This exercise demonstrates event-driven security automation, showing how to respond to compliance failures with immediate user guidance and proper incident tracking.

What You'll Learn

Event-Driven Architecture: Process R2 object creation events via Queues
Queue-Based Processing: Build resilient, scalable event handling
Multi-API Integration: Coordinate Telegram and Jira APIs
Security Workflows: Automate compliance remediation processes

Architecture Overview

Device Posture Logs → R2 Bucket → Queue Trigger → Worker → [Telegram + Jira]
                                       ↓
                                 Batch Processing
                                       ↓
                               Error Handling & Retry

Trigger: R2 bucket notifications when new posture logs are uploaded
Processing: Queue-based batch processing for resilience
Actions: Telegram DM with remediation steps + Jira ticket creation
Pattern: Event-driven with automatic retry capabilities

Prerequisites

Before starting this exercise, ensure you have:

Cloudflare account with R2 and Queues access
Telegram bot token and ability to send DMs
Jira instance with API access and project permissions
Understanding of queue-based processing patterns

Instructions

1. Infrastructure Setup

Create the required Cloudflare resources:

# Create R2 bucket for posture logs
npx wrangler r2 bucket create posture-log-bucket

# Create queue for processing events
npx wrangler queues create posture-remediation-queue

# Set up bucket notification to trigger queue
npx wrangler r2 bucket notification create posture-log-bucket \
        --event-type object-create \
        --queue posture-remediation-queue

2. Project Setup

Create a new Worker project for processing remediation events:

npm create cloudflare@latest remediation-worker
# Select "Hello World" Worker
# Choose TypeScript
# Select "Yes" to deploy
cd remediation-worker

3. Configure Secrets

Add the required API credentials:

npx wrangler secret put TELEGRAM_BOT_TOKEN
npx wrangler secret put JIRA_API_TOKEN
npx wrangler secret put JIRA_URL
npx wrangler secret put JIRA_USER_EMAIL

4. Update Wrangler Configuration

Configure your wrangler.jsonc for queue processing:

{
  "name": "remediation-worker",
  "main": "src/index.ts",
  "compatibility_date": "2024-12-02",
  "vars": {
    "JIRA_PROJECT_KEY": "SEC",
    "TELEGRAM_CHAT_ID": "-1001234567890"
  },
  "r2_buckets": [
    {
      "binding": "LOG_BUCKET",
      "bucket_name": "posture-log-bucket"
    }
  ],
  "queues": {
    "consumers": [
      {
        "queue": "posture-remediation-queue",
        "max_batch_size": 10,
        "max_batch_timeout": 30,
        "max_retries": 3,
        "deadletter_queue": "posture-remediation-dlq"
      }
    ]
  }
}

5. Implementation Challenge

Your task is to implement a Worker that:

Receives R2 object creation events via the queue system
Downloads and parses posture check log files from R2
Identifies users who failed posture checks
Sends personalized remediation guides via Telegram
Creates tracking tickets in Jira with failure details
Handles batch processing with proper error handling and retries

Key Requirements:

Process queue messages in batches for efficiency
Parse JSON log entries to identify failures
Send targeted Telegram messages with specific remediation steps
Create well-structured Jira tickets with all relevant context
Implement proper error handling with message acknowledgment

💡 Hint: Expected Log Format

Your posture logs should contain entries like:

{
  "timestamp": "2024-07-25T10:30:00Z",
  "email": "user@company.com",
  "name": "disk_encryption_check",
  "passed": false,
  "details": {
    "expected": "enabled",
    "actual": "disabled",
    "device_id": "DEV-12345"
  }
}

🔧 Hint: Queue Message Structure

Queue messages from R2 notifications will have this structure:

{
  "account": "account_id",
  "action": "PutObject", 
  "bucket": "posture-log-bucket",
  "object": {
    "key": "logs/2024/07/25/posture-checks-10-30.json",
    "size": 1024,
    "eTag": "abc123"
  }
}

🚀 Hint: Remediation Messages

Customize Telegram messages based on the failed check type:

Disk Encryption: Steps to enable BitLocker/FileVault
Antivirus: Instructions to update definitions
OS Updates: Guidance for installing patches
Firewall: Configuration steps for host firewall

Testing Your Solution

Upload Test Logs: Place sample posture check files in R2
Monitor Queue: Check queue metrics in the Cloudflare dashboard
Verify Processing: Confirm messages are consumed successfully
Check Outputs: Validate Telegram messages and Jira tickets are created
Test Failures: Simulate errors to verify retry behavior

Success Criteria

Your implementation should:

✅ Successfully process R2 bucket notifications via queues
✅ Download and parse log files without errors
✅ Identify failed posture checks accurately
✅ Send customized Telegram remediation messages
✅ Create detailed Jira tickets with failure context
✅ Handle batch processing efficiently
✅ Implement proper error handling with retries

Solution

🔒 Complete Queue-Based Implementation

This content is password-protected. Enter the password to view the content.

Next Steps

After completing this exercise, you've built a sophisticated security automation system that:

Responds to compliance failures in real-time
Provides immediate user guidance to reduce security risk
Creates proper incident tracking for audit and follow-up
Scales automatically with queue-based processing

This pattern is essential for modern security operations and can be extended to handle other compliance events!

Objective​

What You'll Learn​

Architecture Overview​

Prerequisites​

Instructions​

1. Infrastructure Setup​

2. Project Setup​

3. Configure Secrets​

4. Update Wrangler Configuration​

5. Implementation Challenge​

Testing Your Solution​

Success Criteria​

Solution​