WRKLOG-2026-03-22

Summary

Saturday. Split monolithic attributes.adoc (327 lines) into home/work/styles partials. Added maintenance comments to antora.yml for time-sensitive attributes. Reviewed partials structure. Planning gopass v3 reorganization using gopass-personal-docs key-value patterns.

URGENT - All Domains

Professional Backlog

Carryover Backlog (CRITICAL)

Task Details Origin Days Status

MSCHAPv2 Migration Report

Report due. 6-sheet Standard Report (exec summary, trend, waves, device detail, stale, policy match). Sheet 6 added 05-14: policy match by protocol for removal planning + anonymous identity validation. Migration window 2026-05-04 to 2026-05-30. ~6,227 devices, 5 waves.

2026-04-17

49

P0 - DUE — run report this week

Abnormal Security — ✅ COMPLETE

CR-2026-05-07-abnormal-read-write. CAB approved 2026-05-12. Implemented successfully 2026-05-13. Read/write enabled for pilot group. Post-deployment validation pending.

2026-05-07

29

✅ IMPLEMENTED — post-validation pending

SIEM QRadar → Sentinel Migration

Lead role. Monad console error RESOLVED 2026-05-12 — secrets configured in CHLA production tenant. ISE secure syslog integration in progress — cert imported, remote logging target configured, streaming errors under investigation. Blocking: DCR not created (Rule ID + Stream Name). Azure private network policy unresolved. Victor + Mauricio action.

2026-04-10

56

P0 - ACTIVE — ISE syslog + DCR blocking

Monad Pipeline Evaluation

Sentinel output connector. Console error resolved. 3 of 6 values configured. Remaining: Endpoint URL (have it), Rule ID + Stream Name (need DCR). ISE Remote Logging Target configured 2026-05-18 — TLS cert imported, secure syslog target created. Streaming errors in Monad console under investigation.

2026-03-11

86

P0 - ACTIVE — ISE integration in progress

Guest Redirect ACL

Guest redirect ACL work needed. Related to Mandiant remediation findings.

2026-05-12

24

P0 - TODO

ISE Patch 10 (CVE-2026-20147 CVSS 9.9)

ISE 3.2 Patch 10. Supersedes Patch 9. 61 days on a CVSS 9.9 — schedule maintenance window. Write CR if needed.

2026-03-12

85

P0 - OVERDUE — schedule immediately

k3s NAT verification

NAT rule 170 for 10.42.0.0/16 pod network - test internet connectivity. 64 days — test this week or defer to Q3.

2026-03-09

88

P0 - BLOCKING — TRIAGE: schedule or defer

Wazuh indexer recovery

Restart pod after NAT confirmed working - SIEM visibility blocked. Blocked by k3s NAT — cannot proceed until above resolved.

2026-03-09

88

P0 - Blocked by k3s

Strongline Gateway VLAN fix

8 devices in wrong identity group (David Rukiza assigned)

2026-03-16

81

P0 - TODO

TCP Clocks deployment

ISE identity group validation, query outputs, comms with team. Active d001 data Apr 22-23.

2026-04-22

44

P0 - ACTIVE

IoT Dr. Kim — recurring

Sleep study devices (Apr 15-16), watches recurrence (Apr 22). 5 incident versions in d001. Validate iPSK enrollment.

2026-04-15

51

P0 - RECURRING

Murus Portae (WAF) — Phase 0

FMC cert expired, ACP returns zero rules. d001: zone map, architecture D2, FMC API reference, ops script.

2026-04-16

50

P0 - INVESTIGATING

Vocera EAP-TLS Supplicant Fix

~10 phones failing 802.1X, missing supplicant config. 61 days — schedule with clinical engineering team.

2026-03-12

85

P1 - TODO — schedule

ISE MnT Messaging Service

Enable "Use ISE Messaging Service for UDP syslogs delivery". 61 days — low risk, schedule with ISE Patch 10 maintenance window.

2026-03-12

85

P2 - BUNDLE with Patch 10
Professional backlog remains critical. Monad evaluation 11+ days carried.

Personal Blockers

BLOCKERS — Fix Immediately

Task Details Origin Days Impact

Z Fold 7 Termux

gopass and SSH not working

2026-03-10

58

BLOCKER — Cannot access passwords on mobile

gopass v3 organization

Inconsistent structure, poor key-value usage

2026-03-20

48

Inefficient password management, no aggregation

Git history scrub — sensitive personal terms

Plaintext references to personal legal matters in committed worklogs (WRKLOG-2026-03-14, WRKLOG-2026-04-18). Forward-fixed but old commits still contain strings. Requires git filter-repo + force-push. See runbook below.

2026-04-22

15

SECURITY — sensitive terms in public git history

Runbook: Git History Scrub (d000 Personal Terms)

Problem: Two committed worklogs contained plaintext references to personal legal matters. The files have been edited (forward-fix), but git history retains the original text in prior commits.

Affected commits: Any commit touching these files:

# Identify affected commits
git log --oneline -- \
  docs/modules/ROOT/pages/2026/03/WRKLOG-2026-03-14.adoc \
  docs/modules/ROOT/pages/2026/04/WRKLOG-2026-04-18.adoc

Scrub procedure:

# 1. BEFORE: Full backup of the repo
cp -a ~/atelier/_bibliotheca/domus-captures ~/atelier/_bibliotheca/domus-captures.bak

# 2. Install git-filter-repo (if not present)
# Arch: pacman -S git-filter-repo
# pip: pip install git-filter-repo

# 3. Create expressions file for replacement
cat > /tmp/scrub-expressions.txt << 'EXPR'
regex:(?i)divorce==[REDACTED]
regex:(?i)dissolutio(?!n\.adoc\.age)==[REDACTED-LEGAL]
regex:(?i)iliana==[REDACTED-NAME]
regex:(?i)angulo-arreola==[REDACTED-NAME]
regex:legal-divorce-notes\.age==legal-notes.age
regex:1099-NEC-iliana==1099-NEC
EXPR

# 4. Verify before (dry run — count matches in history)
git log -p --all -S 'divorce' -- '*.adoc' | grep -c 'divorce' || echo "0 matches"
git log -p --all -S 'iliana' -- '*.adoc' | grep -c 'iliana' || echo "0 matches"

# 5. Run filter-repo (DESTRUCTIVE — rewrites all commit hashes)
git filter-repo --replace-text /tmp/scrub-expressions.txt --force

# 6. Verify after
git log -p --all -S 'divorce' -- '*.adoc' | grep -c 'divorce' || echo "0 matches — CLEAN"
git log -p --all -S 'iliana' -- '*.adoc' | grep -c 'iliana' || echo "0 matches — CLEAN"

# 7. Re-add remotes (filter-repo removes them)
git remote add origin git@github.com:<user>/domus-captures.git
# Add any other remotes (Gitea, etc.)

# 8. Force-push to all remotes (DESTRUCTIVE — overwrites remote history)
git remote | xargs -I{} git push {} main --force

# 9. Clean up
rm /tmp/scrub-expressions.txt
rm -rf ~/atelier/_bibliotheca/domus-captures.bak  # only after verifying

Post-scrub checklist:

  • Backup created before running

  • git filter-repo installed

  • Expressions file reviewed — no false positives (e.g., Don Quijote "Angulo el Malo" is in segunda-parte/texto/texto-011.adoc — the regex targets angulo-arreola specifically to avoid this)

  • Dry-run counts match expectations

  • Filter-repo executed

  • Post-scrub verification shows 0 matches

  • Remotes re-added

  • Force-pushed to all remotes

  • Cloudflare Pages rebuild verified

  • Local clones on other machines re-cloned or git fetch --all && git reset --hard origin/main

  • Backup removed

Life Admin

URGENT - Requires Immediate Action

Item Details Deadline Status Impact

Housing Search

Granada Hills area - apartments/rooms

TBD

In Progress

Quality of life, commute

2025 Tax — IRS Transcript Review

MFJ filed 2026-04-22. Pull IRS Return Transcript to verify contents. Consult attorney re: Form 8857 (Innocent Spouse Relief). Details in encrypted case file.

Before attorney meeting

In Progress

Financial — liability exposure. See data/d000/personal/dissolutio/

Rack Relocation

Physical move of server rack. CR written: CR-2026-04-18 (pending in infra-ops). Borg backup completed. VM XML dumps, switch save, shutdown/startup procedure documented.

TBD

Pending

Infrastructure downtime — all services offline during move

D000 Legal Planning

Encrypted case file: data/d000/personal/dissolutio/. Open: dissolutio-open. Close: dissolutio-close. 19 partials + assembler. PDF build for attorney handoff. Critical deadline: Jan 2029.

Before Jan 2029

Active — escalating

Life transition — see case file for details

Credit Report Review

Pull reports from all 3 bureaus via annualcreditreport.com. Verify no unknown joint accounts or debts. Credentials in gopass: v3/personal/finance/credit/annual_credit_report

TBD

In Progress

Financial discovery — FL-142 preparation

Gopass Security Audit

Rotate passwords on shared/known accounts. Add 2FA backup codes to v3/personal/recovery/. Create missing government entries (IRS, SSA, VA, DMV). Add last_login field to active entries.

TBD

Pending

Digital security — pre-filing preparation

Subscription Audit

Download 3 months bank/CC statements (Chase, NFCU, USAA). Identify all recurring charges. Cancel unnecessary. Document active subscriptions for FL-150.

TBD

Pending

Financial — expense documentation

401(k) Enrollment

Enroll in CHLA 401(k) immediately. Post-separation contributions are 100% separate property. Reduces gross income for support calculations. Max 2026: $23,500/yr.

In progress (started 5/4)

In Progress

Financial — support calculation + retirement

Certification Deadlines

URGENT — Performance Review Certifications

Certification Provider Deadline Status Impact

CISSP

ISC² — Certified Information Systems Security Professional

July 12, 2026

ACTIVE — Week 2 of 10 (Project)

Required for performance review. 10-week accelerated plan.

RHCSA 9

Red Hat Certified System Administrator

Q3 2026

ACTIVE — 21-phase curriculum (Project)

After CISSP. Required for performance review.
CISSP: 41 days remaining (exam July 12). Domain 1 study in progress. Schedule exam today (06-01).

Early Morning - 5:30am

Regex Training (CRITICAL CARRYOVER)

  • Session 3 - Character classes, word boundaries

  • Practice drills from regex-mastery curriculum

  • Status: 6 days carried over - DO THIS TODAY

Regex training continues to slip. This is the foundation for all CLI mastery.

Work (CHLA)

CHARGE TIME IN PEOPLESOFT - CRITICAL. Do this NOW before anything else.

PeopleSoft Time Entry Reference

Critical (P0)

Project Description Owner Status Due Blocker

Linux Research (Xianming Ding)

EAP-TLS for Linux workstations, dACL, UFW

Evan

BEHIND (72 days overdue)

02-24

Certificate "password required" - nmcli fix documented

iPSK Manager

Pre-shared key automation

Ben Castillo

BEHIND

 — 

DB replication issues

MSCHAPv2 Migration

Legacy auth deprecation — 6,227 devices, 5 waves. 6 batch SQL queries + 3-API endpoint profile script added (05-11). Report due.

Evan

25% — Report due, batch queries ready

05-30

Report to turn in

Research Segmentation

All endpoints to Untrusted VLAN

Evan

BLOCKED

 — 

CISO decision pending

Disaster Recovery

ISE DR scoping — dot1x closed mode = total blackout

Evan

Scoping

 — 

 — 

Mandiant Remediation

Copy 4/16 findings, Guest ACL lab, Q2 assessment

Evan

Active

 — 

 — 

SIEM QRadar → Sentinel

Full SIEM platform transition. Monad console error resolved 05-12. Secrets configured. Blocked on DCR creation (Rule ID + Stream Name). Azure private network policy unresolved.

Evan

Active — blocked on DCR

Q2 2026

Victor/Mauricio: create DCR, resolve Azure network policy

Abnormal Security

AI email platform — ESA cutover. CR assigned, CAB May 12 15:00. Implementation May 14 10:00.

Evan

Active — CAB today 15:00

05-14

Pre-CAB checklist: confirm Tyler, Jason, Sarah

High Priority (P1)

Project Description Owner Status Target

ISE 3.4 Migration

Upgrade from 3.2p9

Evan

Blocked — maintenance window needed

Q2 2026

Switch Upgrades

IOS-XE fleet update (C9300, 3560CX)

Evan

Pending

Q2 2026

Spikewell BYOD VPN

dACL SQL, AD group integration

Evan

Active

 — 

Strongline Gateway

MAC capture, Identity Group setup — 37 days aging

Evan

Active — David Rukiza assigned

 — 

Abnormal Security

AI email security platform research, ESA cutover timeline

Evan

Newly assigned

 — 

DMZ Migration

External services audit behind NetScaler

Evan

Audit phase

 — 

Firewall Audit (murus-portae)

EtherChannel query, prefilter, policy assignments

Evan

Scoping — ASA API creds needed

 — 

iPSK Manager HA

Server 2 config, TLS, SQL security audit

Evan

In progress

 — 

Sentinel KQL

Build proficiency, distinguish from team

Evan

Onboarding

 — 

VNC Blocking

Block and eliminate VNC protocol enterprise-wide

Evan

Active — Phase 0 (Discovery)

Mid-June 2026

Strategic (P2)

Project Description Owner Status

HHS Regulatory Compliance

New HHS security policies implementation

TBD

NOT STARTED

InfoSec Reporting Dashboard

PowerBI metrics for executives

TBD

NOT STARTED

EDR Migration (AMP → Defender)

Endpoint protection consolidation

TBD

NOT STARTED

Azure Legacy Migration

Modern landing zone

Team

In Progress

ChromeOS EAP-TLS

SCEP + Victor, Paul testing

Victor

In Progress

Case Studies (March 2026)

TAC Cases:

Incidents:

Changes:

RCAs:

Today’s Priorities

  • P0 - Strongline Gateway VLAN fix (blocking Arin - 5 days)

  • P0 - k3s NAT verification (13 days carried - CRITICAL)

  • P1 - Monad Pipeline Evaluation (11 days - CRITICAL)

  • P1 - Wazuh indexer recovery (blocked by NAT)

Notes

Day-specific work notes here.

Session Accomplishments (Claude Code)

Attributes Split - COMPLETE

Split monolithic attributes.adoc (327 lines) into purpose-specific partials:

File Lines Contents

attributes.adoc

94

Home enterprise infra, personal identity, document defaults

attributes-work.adoc

239

CHLA ISE cluster, DNS, AD, personnel, PeopleSoft time tracking, hour baselines

attributes-styles.adoc

33

HTML status styling (.pass/.fail/.pending, priority markers)

New Include Pattern:

// Home-only documents
// ========================================================================
// SHARED ATTRIBUTES -- Home & Personal
// ========================================================================
// Source of truth for personal identity, home infrastructure, and
// document defaults used across daily worklogs and captures.
//
// Usage:
//   include::partial$attributes.adoc[]
//
// For work-specific attributes (CHLA), also include:
//   include::partial$attributes-work.adoc[]
//
// For HTML status styling, also include:
//   include::partial$attributes-styles.adoc[]
//
// Per-document attributes (revdate, document-id, capture-date,
// focus-areas, etc.) remain in each file's header.
// ========================================================================

// ========================================================================
// DOCUMENT DEFAULTS
// ========================================================================
:id: UNSET
:document-id: {id}

// ========================================================================
// AUTHOR & IDENTITY
// ========================================================================
:author-name: Evan Rosado
:author-email-home: evan.rosado@domusdigitalis.dev
:author-email-work: erosado@chla.usc.edu
:author-email-personal: evan.rosado@outlook.com

// ========================================================================
// HOME ENTERPRISE DOMAINS
// ========================================================================
:home-domain: domusdigitalis.dev
:home-domain-internal: inside.domusdigitalis.dev
:home-domain-guest: guest.domusdigitalis.dev
:home-env-name: Home Enterprise ({home-domain})

// ========================================================================
// HOME ENTERPRISE INFRASTRUCTURE
// ========================================================================

// ISE Cluster (Home)
:home-ise-version: 3.3
:home-ise-pan-ip: 10.50.1.21
:home-ise-pan-host: ise-02.inside.domusdigitalis.dev
:home-ise-01-ip: 10.50.1.20
:home-ise-01-host: ise-01.inside.domusdigitalis.dev
:home-ise-02-ip: 10.50.1.21
:home-ise-02-host: ise-02.inside.domusdigitalis.dev

// DNS (BIND)
:home-dns-primary: 10.50.1.90
:home-dns-secondary: 10.50.1.1
:home-bind-ip: 10.50.1.90
:home-bind-host: bind-01.inside.domusdigitalis.dev

// Active Directory
:home-ad-server: HOME-DC01.inside.domusdigitalis.dev
:home-ad-ca: HOME-ROOT-CA

// Network (VyOS replaced pfSense 2026-03-07)
:home-vyos-ip: 10.50.1.2
:home-vyos-host: vyos-01.inside.domusdigitalis.dev
:home-switch-ip: 10.50.1.10
:home-wlc-ip: 10.50.1.40
:home-wlc-host: wlc.inside.domusdigitalis.dev

// Storage
:nas-ip: 10.50.1.70
:nas-name: nas-01
:nas-nfs-path: /volume1/ise_backups

// ========================================================================
// PERSONAL PROJECTS
// ========================================================================
:prj-ipsk-home: PRJ-ISE-IPSK-HOME-ANTORA
:prj-home-linux: PRJ-ISE-HOME-LINUX-ANTORA
:prj-home-lab: PRJ-ISE-HOME-LINUX-ANTORA
:prj-netapi: PRJ-NETAPI-ANTORA
:prj-secrets: PRJ-SECRETS
:prj-recovery: PRJ-RECOVERY
:prj-infra-ops: PRJ-INFRA-OPS-ANTORA

// ========================================================================
// PERSONAL TOOLS
// ========================================================================
:tool-netapi: netapi (Personal ISE automation CLI)
:tool-dsec: dsec (Secrets management)
:tool-ansible: Ansible
:tool-git: Git

// Work documents (CHLA)
// ========================================================================
// SHARED ATTRIBUTES -- Home & Personal
// ========================================================================
// Source of truth for personal identity, home infrastructure, and
// document defaults used across daily worklogs and captures.
//
// Usage:
//   include::partial$attributes.adoc[]
//
// For work-specific attributes (CHLA), also include:
//   include::partial$attributes-work.adoc[]
//
// For HTML status styling, also include:
//   include::partial$attributes-styles.adoc[]
//
// Per-document attributes (revdate, document-id, capture-date,
// focus-areas, etc.) remain in each file's header.
// ========================================================================

// ========================================================================
// DOCUMENT DEFAULTS
// ========================================================================
:id: UNSET
:document-id: {id}

// ========================================================================
// AUTHOR & IDENTITY
// ========================================================================
:author-name: Evan Rosado
:author-email-home: evan.rosado@domusdigitalis.dev
:author-email-work: erosado@chla.usc.edu
:author-email-personal: evan.rosado@outlook.com

// ========================================================================
// HOME ENTERPRISE DOMAINS
// ========================================================================
:home-domain: domusdigitalis.dev
:home-domain-internal: inside.domusdigitalis.dev
:home-domain-guest: guest.domusdigitalis.dev
:home-env-name: Home Enterprise ({home-domain})

// ========================================================================
// HOME ENTERPRISE INFRASTRUCTURE
// ========================================================================

// ISE Cluster (Home)
:home-ise-version: 3.3
:home-ise-pan-ip: 10.50.1.21
:home-ise-pan-host: ise-02.inside.domusdigitalis.dev
:home-ise-01-ip: 10.50.1.20
:home-ise-01-host: ise-01.inside.domusdigitalis.dev
:home-ise-02-ip: 10.50.1.21
:home-ise-02-host: ise-02.inside.domusdigitalis.dev

// DNS (BIND)
:home-dns-primary: 10.50.1.90
:home-dns-secondary: 10.50.1.1
:home-bind-ip: 10.50.1.90
:home-bind-host: bind-01.inside.domusdigitalis.dev

// Active Directory
:home-ad-server: HOME-DC01.inside.domusdigitalis.dev
:home-ad-ca: HOME-ROOT-CA

// Network (VyOS replaced pfSense 2026-03-07)
:home-vyos-ip: 10.50.1.2
:home-vyos-host: vyos-01.inside.domusdigitalis.dev
:home-switch-ip: 10.50.1.10
:home-wlc-ip: 10.50.1.40
:home-wlc-host: wlc.inside.domusdigitalis.dev

// Storage
:nas-ip: 10.50.1.70
:nas-name: nas-01
:nas-nfs-path: /volume1/ise_backups

// ========================================================================
// PERSONAL PROJECTS
// ========================================================================
:prj-ipsk-home: PRJ-ISE-IPSK-HOME-ANTORA
:prj-home-linux: PRJ-ISE-HOME-LINUX-ANTORA
:prj-home-lab: PRJ-ISE-HOME-LINUX-ANTORA
:prj-netapi: PRJ-NETAPI-ANTORA
:prj-secrets: PRJ-SECRETS
:prj-recovery: PRJ-RECOVERY
:prj-infra-ops: PRJ-INFRA-OPS-ANTORA

// ========================================================================
// PERSONAL TOOLS
// ========================================================================
:tool-netapi: netapi (Personal ISE automation CLI)
:tool-dsec: dsec (Secrets management)
:tool-ansible: Ansible
:tool-git: Git
// ========================================================================
// WORK ATTRIBUTES -- CHLA Environment
// ========================================================================
// Contains sensitive work-specific infrastructure, personnel, and project
// attributes. Include only in work-related documents.
//
// Usage:
//   include::partial$attributes-work.adoc[]
// ========================================================================

// ========================================================================
// DOMAINS (Work)
// ========================================================================
:domain: chla.usc.edu
:ad-domain: la.ad.chla.org
:krb5-realm: LA.AD.CHLA.ORG
:ise-domain: ise.chla.org
:work-env-name: Enterprise (CHLA)

// ========================================================================
// ISE CLUSTER (CHLA Production)
// ========================================================================

// Primary PAN
:ise-ppan-ip: 10.101.2.121
:ise-ppan-host: ppan.ise.chla.org

// Secondary PAN
:ise-span-ip: 10.101.2.122
:ise-span-host: span.ise.chla.org
:ise-span: {ise-span-host}

// Primary MnT
:ise-pmnt-ip: 10.101.2.123
:ise-pmnt-host: pmnt.ise.chla.org

// Secondary MnT
:ise-smnt-ip: 10.101.2.124
:ise-smnt-host: smnt.ise.chla.org

// Policy Service Nodes -- Building 1
:ise-psn-1-ip: 10.101.2.131
:ise-psn-2-ip: 10.101.2.132

// Policy Service Nodes -- Building 2
:ise-psn-3-ip: 10.248.11.134
:ise-psn-4-ip: 10.248.11.135

:ise-version: 3.2 Patch 6

// ========================================================================
// DNS SERVERS (CHLA)
// ========================================================================
:dns-primary: 10.112.142.41
:dns-secondary: 10.192.142.41
:dns-backup: 10.112.142.42

// ========================================================================
// ACTIVE DIRECTORY DOMAIN CONTROLLERS (CHLA)
// ========================================================================
// Building 1
:ad-dc-1: 10.112.118.141
:ad-dc-2: 10.112.118.143
// Building 2
:ad-pdc: 10.100.11.28
:ad-dc-3: 10.100.11.27

// ========================================================================
// NETWORK INFRASTRUCTURE (CHLA)
// ========================================================================
:nas-research: 10.134.144.109
:remediation-server: remediation.chla.org

// ========================================================================
// PERSONNEL
// ========================================================================
:user-ben: Ben Castillo (SysEng)
:user-shahab: Dr. Shahab Asgharzadeh
:user-shahab-dept: Spatial Biology and Genomics Core (TSRI SBG)
:user-shahab-mac: b4:e9:b8:f6:c8:17
:user-samuel: Samuel John (Database Architect, Digital Dev & Solutions Architecture)
:user-argam: Argam Darbinian (Endpoint Engineer I)
:user-levitt: Dr. Pat Levitt
:user-levitt-email: plevit@chla.usc.edu
:user-carlos: Carlos (InfoSec)
:user-victor: Victor (Cloud/AD)

// Person shorthand
:person-sarah: Sarah Clizer (CISO)
:person-shahab: {user-shahab}
:person-ben: {user-ben}
:person-victor: {user-victor}
:person-carlos: {user-carlos}

// Teams
:team-infosec: Information Security Team
:team-network: Network Engineering Team
:team-endpoint: Endpoint Engineering Team

// ========================================================================
// PROJECTS
// ========================================================================
:prj-ipsk-chla: PRJ-ISE-IPSK-CHLA-ANTORA
:prj-chla-linux: PRJ-ISE-CHLA-LINUX-ANTORA
:prj-sentinel-migration: PRJ-SENTINEL-MIGRATION
:prj-mschapv2-migration: PRJ-MSCHAPV2-TO-EAPTLS

// ========================================================================
// iPSK ATTRIBUTES
// ========================================================================
:ipsk-primary-hostname: ipsk-mgr-01
:ipsk-secondary-hostname: ipsk-mgr-02
:ssid-iot: CHLA_IoT
:policy-set-name: IoT WIFI iPSK
:odbc-source-name: iPSKManager
:mysql-port: 3306
:db-name: ipsk

// ========================================================================
// TOOLS & PLATFORMS (Security Stack)
// ========================================================================

// SIEM & Security Analytics
:tool-qradar: IBM QRadar SIEM (Legacy - migrating from)
:tool-sentinel: Microsoft Sentinel (Target SIEM)
:tool-defender: Microsoft Defender for Endpoint
:tool-xdr: Microsoft Defender XDR

// Threat Intelligence
:tool-abuseipdb: AbuseIPDB
:tool-virustotal: VirusTotal
:tool-urlscan: URLScan.io
:tool-talos: Cisco Talos Intelligence

// Infrastructure & Access
:tool-claroty: Claroty XDome (OT Security)
:tool-umbrella: Cisco Secure Umbrella (DNS Filtering)
:tool-posture: Cisco Secure Client Posture Module
:tool-ise: Cisco Identity Services Engine
:tool-adcs: Active Directory Certificate Services

// Collaboration & Ticketing
:tool-teams: Microsoft Teams
:tool-servicenow: ServiceNow
:tool-slack: Slack

// Development & Automation
:tool-azure-devops: Azure DevOps

// ========================================================================
// PEOPLESOFT TIME TRACKING
// ========================================================================

// Standard Admin Codes (CHLA InfoSec Engineering)
:ps-account: 605010
:ps-fund-code: 1010
:ps-department: 8492000
:ps-pc-unit: PC100

// ----------------------------------------------------------------------------
// Active Projects (Project # | Combo Code | Activity Code)
// Usage: {prj-<name>}, {combo-<name>}, {activity-<name>}
// ----------------------------------------------------------------------------

// EDR Migration (AMP to Defender)
:prj-edr-migration: 000017633
:combo-edr-migration: 000018546
:activity-edr-migration: 21

// Windows 11 Device Hardening
:prj-win11-hardening: 000017706
:combo-win11-hardening: 000018549
:activity-win11-hardening: 21

// iPad Refresh (Spectrum TV App & GetWell SSID)
:prj-ipad-refresh: 000016444
:combo-ipad-refresh: 000018551
:activity-ipad-refresh: 20

// Immunity Lab Move
:prj-immunity-lab: 000017481
:combo-immunity-lab:
:activity-immunity-lab: 21

// Mind DLP Proof of Value
:prj-mind-dlp: 000017956
:combo-mind-dlp: 000018452
:activity-mind-dlp: 21

// iSensix dACL + IoT VLAN Assignment
:prj-isensix-dacl:
:combo-isensix-dacl:
:activity-isensix-dacl: 21

// Cisco Catalyst Center (DNA Center Migration)
:prj-catalyst-center:
:combo-catalyst-center:
:activity-catalyst-center:

// ----------------------------------------------------------------------------
// Activity Hour Baselines (realistic end-to-end effort)
// ----------------------------------------------------------------------------

// Meetings & Collaboration
:hrs-meeting: 1.0
:hrs-stakeholder-meeting: 1.5
:hrs-workshop: 2.0
:hrs-vendor-call: 1.5
:hrs-cab-attendance: 1.0

// ISE / Network Policy
:hrs-ise-policy-mac: 3.0
:hrs-ise-policy-win: 4.5
:hrs-ise-policy-linux: 4.0
:hrs-dacl-design: 3.5
:hrs-authz-profile: 3.0
:hrs-policy-set: 4.0

// Change Management
:hrs-change-request: 3.5
:hrs-cab-prep: 2.0
:hrs-cutover: 4.0
:hrs-rollback-planning: 2.0

// Testing & Validation
:hrs-device-testing: 2.5
:hrs-pilot-validation: 4.0
:hrs-integration-testing: 3.5

// Support & Operations
:hrs-support: 2.0
:hrs-incident-response: 3.0
:hrs-troubleshooting: 2.5
:hrs-post-cutover-support: 2.5

// Discovery & Documentation
:hrs-discovery: 3.0
:hrs-documentation: 2.0
:hrs-architecture-design: 4.0
// ========================================================================
// STYLE ATTRIBUTES -- HTML Status Styling
// ========================================================================
// Contains CSS styling for status indicators and priority markers.
// Only applied when rendering to HTML (backend-html5).
//
// Usage:
//   include::partial$attributes-styles.adoc[]
//
// Styling classes:
//   .pass, .fail, .pending, .active
//   .status-complete, .status-inprogress, .status-blocked, .status-pending, .status-notstarted
//   .priority-critical, .priority-high, .priority-normal
// ========================================================================

++++
<style>
.pass { color: #22c55e; font-weight: bold; }
.fail { color: #ef4444; font-weight: bold; }
.pending { color: #f59e0b; font-weight: bold; }
.active { color: #3b82f6; font-weight: bold; }
.status-complete { color: #22c55e; font-weight: bold; }
.status-inprogress { color: #3b82f6; font-weight: bold; }
.status-blocked { color: #ef4444; font-weight: bold; }
.status-pending { color: #f59e0b; font-weight: bold; }
.status-notstarted { color: #94a3b8; font-weight: bold; font-style: italic; }
.priority-critical { background-color: #fef2f2; border-left: 4px solid #ef4444; padding: 0.5em; margin: 0.5em 0; }
.priority-high { background-color: #fef9c3; border-left: 4px solid #f59e0b; padding: 0.5em; margin: 0.5em 0; }
.priority-normal { background-color: #f0f9ff; border-left: 4px solid #3b82f6; padding: 0.5em; margin: 0.5em 0; }
</style>
++++

Updated 6 worklogs with new include pattern.

antora.yml Maintenance Comments

Added clear maintenance guidance for time-sensitive attributes:

Section Update Frequency

Current Period

First of each month

Quarterly Statistics

Weekly or when adding cases

Case Studies Statistics

When adding TAC/incidents/changes

Monthly Focus Areas

First of each month (add new line)

Infrastructure

STABLE (sync with domus-infra-ops)

pfSense

DEPRECATED (2026-03-07, replaced by VyOS)

Partials Cleanup

  • Deleted empty partials/music/ directory

  • Music content exists in pages/education/music/ and images/music/

Commits

  • 457361f - docs(antora): Add maintenance comments for time-sensitive attributes

  • e81fbda - refactor(partials): Split attributes.adoc into home/work/styles

Personal

In Progress

Project Description Status Notes

k3s Platform

Production k3s cluster on kvm-01

Active

Prometheus, Grafana, Wazuh deployed

Wazuh Archives

Enable archives indexing in Filebeat

Active

PVC fix pending

kvm-02 Hardware

Supermicro B deployment

Active

Hardware ready, RAM upgrade done

Planned

Project Description Target Blocked By

Vault HA (3-node)

vault-02, vault-03 on kvm-02

Q2 2026 (slipped from Q1)

kvm-02 deployment

k3s HA (3-node)

Control plane HA

Q2 2026 (slipped from Q1)

kvm-02 deployment

ArgoCD GitOps

k3s GitOps deployment

After k3s stable

 — 

MinIO S3

Object storage for k3s

After ArgoCD

 — 

Domus Inventory

Personal asset management (YAML + CLI + AsciiDoc)

Q2 2026

Schema approved

Active — Infrastructure

Task Details Priority Status Due

Wazuh agent deployment

Deploy agents to all infrastructure hosts

P2

Pending

After archives fix

k3s Platform

Production k3s cluster on kvm-01

P1

In Progress

 — 

Wazuh Archives

Enable archives indexing in Filebeat, PVC fix

P1

In Progress

 — 

kvm-02 Hardware

Supermicro B deployment, RAM upgrade done

P1

In Progress

 — 

Active — Security & Encryption

Task Details Priority Status Due

Configure 4th YubiKey

SSH FIDO2 keys

P1

TODO

 — 

Cold storage M-DISC backup

age-encrypted archives

P1

TODO

After YubiKey setup

Active — Development & Tools

Task Details Priority Status Due

netapi Commercialization

Go CLI rewrite with Cobra-style argument discovery, package for distribution

P0

Active

 — 

Ollama API Service

FastAPI (17 endpoints), productize — config audit, doc tools, runbook gen

P0

Active

 — 

Shell functions (fe, fec, fef)

File hunting helpers

P3

TODO

 — 

Active — Documentation

Task Details Priority Status Due

D2 Catppuccin Mocha styling

domus-* spoke repos (177 files total)

P3

In Progress

 — 

Active — Financial

Task Details Priority Status Due

Amazon order history import

Download CSV from Privacy Central → parse with awk → populate subscriptions tracker

P1

Waiting

Pending Amazon data export (requested 2026-04-04)

Active — Education

Task Details Priority Status Due

No active education tasks — see education trackers

Active — Personal & Life Admin

Task Details Priority Status Due

ThinkPad T16g Setup

Arch install, stow dotfiles, Ollama stack, netapi dev env

P0

Pending

 — 

P50 Arch to Ubuntu migration

CR-2026-03-12

P2

In Progress

 — 

X1 Carbon Ubuntu installs

2 laptops, LUKS encryption

P2

In Progress

 — 

P50 Steam Test

Test Flatpak Steam + apt cleanup of broken i386 packages

P3

Pending

 — 

Documentation Sites

gopass v3 Organization - PLANNED

Goal: Restructure gopass v3 store using key-value patterns from gopass-personal-docs.

Current Issues:

  • Inconsistent entry structure across categories

  • Not using full potential of key-value metadata

  • Difficult to query/aggregate (e.g., "show all monthly bills")

Planned Structure (from gopass-personal-docs templates):

Category Key-Value Fields

Bills (Recurring)

provider, amount, due-day, autopay, account-number, website, category

Storage Units

facility, address, unit-number, gate-code (first line), rent, insurance, total

Subscriptions

service, amount, billing-cycle, next-renewal, website

Housing

address, rent, lease-end, landlord, emergency-contact

Vehicles

make, model, year, vin, plate, insurance-policy, registration-due

Tools:

  • gopass-personal-docs - Interactive entry creation with templates

  • gopass-query - Structured queries (bills, storage, subscriptions, export)

Tasks:

  • Audit current v3 structure

  • Identify entries to migrate to new templates

  • Run gopass-personal-docs for new entries

  • Test gopass-query bills aggregation

OpenClaw Evaluation - DEFERRED

Moved to separate machine planning. Security concerns remain.

Notes

Day-specific personal notes here.

Education

Active Tracks (Focus)

Skills Mastery (Critical)

Certification Deadlines

  • CISSP - July 12, 2026 (10-week plan active — Week 1)

  • RHCSA 9 - Q3 2026 (after CISSP)

  • LPIC-1 - Renewal required (blocks LPIC-2)

Language Certifications (DELE/SIELE)

Spanish C1 Certification Goals

Certification Provider Target Status Strategy

SIELE C1

Instituto Cervantes / UNAM / Salamanca

Q2 2026

ACTIVE

Computer-based, faster results - take FIRST

DELE C1

Instituto Cervantes

Q3/Q4 2026

PLANNED

After SIELE success, harder exam

DELE C2

Instituto Cervantes

2027

FUTURE

Mastery level - requires extensive immersion
SIELE is computer-adaptive, results in 3 weeks. DELE is paper-based, results in 3-4 months. Do SIELE first to validate readiness.

Don Quijote Writing Practice - DELE C1/C2 Initiative

Method:

  1. Read chapter in original Spanish

  2. Write personal analysis/understanding en español

  3. AI review for grammar, vocabulary, register

  4. Build comprehensive understanding of literary elements

Today’s Study

  • Focus: Continue Chapter I, written analysis

  • Language: 100% Spanish output

  • Complete Chapter I analysis draft

  • Review with AI for corrections

Regex Training (CRITICAL)

  • Status: 6 days carried over

  • Priority: After PeopleSoft, before Quijote

  • Session: Character classes, word boundaries

Infrastructure

Documentation Sites

Site URL Status Actions Needed

Domus Digitalis

docs.domusdigitalis.dev

Active

Validate, harden, improve

Architectus

docs.architectus.dev

Active

Public portfolio site - maintain

HA Deployment Status

System Description Status Notes

VyOS HA

vyos-01 (kvm-01) + vyos-02 (kvm-02) with VRRP VIP

✅ COMPLETE

2026-03-07 - pfSense decommissioned

BIND DNS HA

bind-01 (kvm-01) + bind-02 (kvm-02) with AXFR

✅ COMPLETE

Zone transfer operational

Vault HA

Raft cluster (vault-01/02/03)

✅ COMPLETE

Integrated with PKI

Keycloak Rebuild

keycloak-01 corrupted, rebuild from scratch

🔄 NEXT

Priority P3 - SSO broken

FreeIPA HA

ipa-02 replica planned

📋 PLANNED

Linux auth redundancy

AD DC HA

home-dc02 replication

📋 PLANNED

Windows auth redundancy

iPSK Manager HA

ipsk-mgr-02 with MySQL replication

📋 PLANNED

PSK portal redundancy

ISE HA

PAN HA (ise-01 reconfigure)

⏳ DEFERRED

Wait until ise-02 stable

ISE 3.5 Migration

Upgrade path: 3.2p9 → 3.4 (P1) → 3.5 (target)

📋 PLANNED

After 3.4 Migration completes (Q2 2026)

Single Points of Failure (CRITICAL)

These systems have NO redundancy - outage impacts production.
System Impact if Down Mitigation

ISE (ise-02)

All 802.1X stops - wired and wireless auth fails

ise-01 reconfiguration deferred until ise-02 stable

Keycloak (keycloak-01)

SAML/OIDC SSO broken (ISE admin, Grafana, etc.)

NEXT PRIORITY - Rebuild runbook

FreeIPA (ipa-01)

Linux auth, sudo rules, HBAC fails

ipa-02 replica planned

AD DC (home-dc01)

Windows auth, Kerberos, GPO fails

home-dc02 replica planned

iPSK Manager

Self-service PSK portal unavailable

ipsk-mgr-02 with MySQL replication planned

Validation Tasks

Task Details Status

docs.domusdigitalis.dev validation

Test all cross-references, search, rendering

TODO

docs.domusdigitalis.dev hardening

HTTPS, CSP headers, security review

TODO

docs.architectus.dev validation

Public site content review

TODO

Hub-spoke sync verification

All components building correctly

Ongoing

Quick Commands

gopass-personal-docs Usage

# Interactive entry creation
gopass-personal-docs

# Categories: 1) Bills 2) Subscriptions 3) Housing 4) Vehicles 5) Insurance

gopass-query Usage

# List all recurring bills with totals
gopass-query bills

# List storage units with gate codes
gopass-query storage

# Export category to JSON
gopass-query export bills

Attribute Includes

// Home documents
// ========================================================================
// SHARED ATTRIBUTES -- Home & Personal
// ========================================================================
// Source of truth for personal identity, home infrastructure, and
// document defaults used across daily worklogs and captures.
//
// Usage:
//   include::partial$attributes.adoc[]
//
// For work-specific attributes (CHLA), also include:
//   include::partial$attributes-work.adoc[]
//
// For HTML status styling, also include:
//   include::partial$attributes-styles.adoc[]
//
// Per-document attributes (revdate, document-id, capture-date,
// focus-areas, etc.) remain in each file's header.
// ========================================================================

// ========================================================================
// DOCUMENT DEFAULTS
// ========================================================================
:id: UNSET
:document-id: {id}

// ========================================================================
// AUTHOR & IDENTITY
// ========================================================================
:author-name: Evan Rosado
:author-email-home: evan.rosado@domusdigitalis.dev
:author-email-work: erosado@chla.usc.edu
:author-email-personal: evan.rosado@outlook.com

// ========================================================================
// HOME ENTERPRISE DOMAINS
// ========================================================================
:home-domain: domusdigitalis.dev
:home-domain-internal: inside.domusdigitalis.dev
:home-domain-guest: guest.domusdigitalis.dev
:home-env-name: Home Enterprise ({home-domain})

// ========================================================================
// HOME ENTERPRISE INFRASTRUCTURE
// ========================================================================

// ISE Cluster (Home)
:home-ise-version: 3.3
:home-ise-pan-ip: 10.50.1.21
:home-ise-pan-host: ise-02.inside.domusdigitalis.dev
:home-ise-01-ip: 10.50.1.20
:home-ise-01-host: ise-01.inside.domusdigitalis.dev
:home-ise-02-ip: 10.50.1.21
:home-ise-02-host: ise-02.inside.domusdigitalis.dev

// DNS (BIND)
:home-dns-primary: 10.50.1.90
:home-dns-secondary: 10.50.1.1
:home-bind-ip: 10.50.1.90
:home-bind-host: bind-01.inside.domusdigitalis.dev

// Active Directory
:home-ad-server: HOME-DC01.inside.domusdigitalis.dev
:home-ad-ca: HOME-ROOT-CA

// Network (VyOS replaced pfSense 2026-03-07)
:home-vyos-ip: 10.50.1.2
:home-vyos-host: vyos-01.inside.domusdigitalis.dev
:home-switch-ip: 10.50.1.10
:home-wlc-ip: 10.50.1.40
:home-wlc-host: wlc.inside.domusdigitalis.dev

// Storage
:nas-ip: 10.50.1.70
:nas-name: nas-01
:nas-nfs-path: /volume1/ise_backups

// ========================================================================
// PERSONAL PROJECTS
// ========================================================================
:prj-ipsk-home: PRJ-ISE-IPSK-HOME-ANTORA
:prj-home-linux: PRJ-ISE-HOME-LINUX-ANTORA
:prj-home-lab: PRJ-ISE-HOME-LINUX-ANTORA
:prj-netapi: PRJ-NETAPI-ANTORA
:prj-secrets: PRJ-SECRETS
:prj-recovery: PRJ-RECOVERY
:prj-infra-ops: PRJ-INFRA-OPS-ANTORA

// ========================================================================
// PERSONAL TOOLS
// ========================================================================
:tool-netapi: netapi (Personal ISE automation CLI)
:tool-dsec: dsec (Secrets management)
:tool-ansible: Ansible
:tool-git: Git

// Work documents
// ========================================================================
// SHARED ATTRIBUTES -- Home & Personal
// ========================================================================
// Source of truth for personal identity, home infrastructure, and
// document defaults used across daily worklogs and captures.
//
// Usage:
//   include::partial$attributes.adoc[]
//
// For work-specific attributes (CHLA), also include:
//   include::partial$attributes-work.adoc[]
//
// For HTML status styling, also include:
//   include::partial$attributes-styles.adoc[]
//
// Per-document attributes (revdate, document-id, capture-date,
// focus-areas, etc.) remain in each file's header.
// ========================================================================

// ========================================================================
// DOCUMENT DEFAULTS
// ========================================================================
:id: UNSET
:document-id: {id}

// ========================================================================
// AUTHOR & IDENTITY
// ========================================================================
:author-name: Evan Rosado
:author-email-home: evan.rosado@domusdigitalis.dev
:author-email-work: erosado@chla.usc.edu
:author-email-personal: evan.rosado@outlook.com

// ========================================================================
// HOME ENTERPRISE DOMAINS
// ========================================================================
:home-domain: domusdigitalis.dev
:home-domain-internal: inside.domusdigitalis.dev
:home-domain-guest: guest.domusdigitalis.dev
:home-env-name: Home Enterprise ({home-domain})

// ========================================================================
// HOME ENTERPRISE INFRASTRUCTURE
// ========================================================================

// ISE Cluster (Home)
:home-ise-version: 3.3
:home-ise-pan-ip: 10.50.1.21
:home-ise-pan-host: ise-02.inside.domusdigitalis.dev
:home-ise-01-ip: 10.50.1.20
:home-ise-01-host: ise-01.inside.domusdigitalis.dev
:home-ise-02-ip: 10.50.1.21
:home-ise-02-host: ise-02.inside.domusdigitalis.dev

// DNS (BIND)
:home-dns-primary: 10.50.1.90
:home-dns-secondary: 10.50.1.1
:home-bind-ip: 10.50.1.90
:home-bind-host: bind-01.inside.domusdigitalis.dev

// Active Directory
:home-ad-server: HOME-DC01.inside.domusdigitalis.dev
:home-ad-ca: HOME-ROOT-CA

// Network (VyOS replaced pfSense 2026-03-07)
:home-vyos-ip: 10.50.1.2
:home-vyos-host: vyos-01.inside.domusdigitalis.dev
:home-switch-ip: 10.50.1.10
:home-wlc-ip: 10.50.1.40
:home-wlc-host: wlc.inside.domusdigitalis.dev

// Storage
:nas-ip: 10.50.1.70
:nas-name: nas-01
:nas-nfs-path: /volume1/ise_backups

// ========================================================================
// PERSONAL PROJECTS
// ========================================================================
:prj-ipsk-home: PRJ-ISE-IPSK-HOME-ANTORA
:prj-home-linux: PRJ-ISE-HOME-LINUX-ANTORA
:prj-home-lab: PRJ-ISE-HOME-LINUX-ANTORA
:prj-netapi: PRJ-NETAPI-ANTORA
:prj-secrets: PRJ-SECRETS
:prj-recovery: PRJ-RECOVERY
:prj-infra-ops: PRJ-INFRA-OPS-ANTORA

// ========================================================================
// PERSONAL TOOLS
// ========================================================================
:tool-netapi: netapi (Personal ISE automation CLI)
:tool-dsec: dsec (Secrets management)
:tool-ansible: Ansible
:tool-git: Git
// ========================================================================
// WORK ATTRIBUTES -- CHLA Environment
// ========================================================================
// Contains sensitive work-specific infrastructure, personnel, and project
// attributes. Include only in work-related documents.
//
// Usage:
//   include::partial$attributes-work.adoc[]
// ========================================================================

// ========================================================================
// DOMAINS (Work)
// ========================================================================
:domain: chla.usc.edu
:ad-domain: la.ad.chla.org
:krb5-realm: LA.AD.CHLA.ORG
:ise-domain: ise.chla.org
:work-env-name: Enterprise (CHLA)

// ========================================================================
// ISE CLUSTER (CHLA Production)
// ========================================================================

// Primary PAN
:ise-ppan-ip: 10.101.2.121
:ise-ppan-host: ppan.ise.chla.org

// Secondary PAN
:ise-span-ip: 10.101.2.122
:ise-span-host: span.ise.chla.org
:ise-span: {ise-span-host}

// Primary MnT
:ise-pmnt-ip: 10.101.2.123
:ise-pmnt-host: pmnt.ise.chla.org

// Secondary MnT
:ise-smnt-ip: 10.101.2.124
:ise-smnt-host: smnt.ise.chla.org

// Policy Service Nodes -- Building 1
:ise-psn-1-ip: 10.101.2.131
:ise-psn-2-ip: 10.101.2.132

// Policy Service Nodes -- Building 2
:ise-psn-3-ip: 10.248.11.134
:ise-psn-4-ip: 10.248.11.135

:ise-version: 3.2 Patch 6

// ========================================================================
// DNS SERVERS (CHLA)
// ========================================================================
:dns-primary: 10.112.142.41
:dns-secondary: 10.192.142.41
:dns-backup: 10.112.142.42

// ========================================================================
// ACTIVE DIRECTORY DOMAIN CONTROLLERS (CHLA)
// ========================================================================
// Building 1
:ad-dc-1: 10.112.118.141
:ad-dc-2: 10.112.118.143
// Building 2
:ad-pdc: 10.100.11.28
:ad-dc-3: 10.100.11.27

// ========================================================================
// NETWORK INFRASTRUCTURE (CHLA)
// ========================================================================
:nas-research: 10.134.144.109
:remediation-server: remediation.chla.org

// ========================================================================
// PERSONNEL
// ========================================================================
:user-ben: Ben Castillo (SysEng)
:user-shahab: Dr. Shahab Asgharzadeh
:user-shahab-dept: Spatial Biology and Genomics Core (TSRI SBG)
:user-shahab-mac: b4:e9:b8:f6:c8:17
:user-samuel: Samuel John (Database Architect, Digital Dev & Solutions Architecture)
:user-argam: Argam Darbinian (Endpoint Engineer I)
:user-levitt: Dr. Pat Levitt
:user-levitt-email: plevit@chla.usc.edu
:user-carlos: Carlos (InfoSec)
:user-victor: Victor (Cloud/AD)

// Person shorthand
:person-sarah: Sarah Clizer (CISO)
:person-shahab: {user-shahab}
:person-ben: {user-ben}
:person-victor: {user-victor}
:person-carlos: {user-carlos}

// Teams
:team-infosec: Information Security Team
:team-network: Network Engineering Team
:team-endpoint: Endpoint Engineering Team

// ========================================================================
// PROJECTS
// ========================================================================
:prj-ipsk-chla: PRJ-ISE-IPSK-CHLA-ANTORA
:prj-chla-linux: PRJ-ISE-CHLA-LINUX-ANTORA
:prj-sentinel-migration: PRJ-SENTINEL-MIGRATION
:prj-mschapv2-migration: PRJ-MSCHAPV2-TO-EAPTLS

// ========================================================================
// iPSK ATTRIBUTES
// ========================================================================
:ipsk-primary-hostname: ipsk-mgr-01
:ipsk-secondary-hostname: ipsk-mgr-02
:ssid-iot: CHLA_IoT
:policy-set-name: IoT WIFI iPSK
:odbc-source-name: iPSKManager
:mysql-port: 3306
:db-name: ipsk

// ========================================================================
// TOOLS & PLATFORMS (Security Stack)
// ========================================================================

// SIEM & Security Analytics
:tool-qradar: IBM QRadar SIEM (Legacy - migrating from)
:tool-sentinel: Microsoft Sentinel (Target SIEM)
:tool-defender: Microsoft Defender for Endpoint
:tool-xdr: Microsoft Defender XDR

// Threat Intelligence
:tool-abuseipdb: AbuseIPDB
:tool-virustotal: VirusTotal
:tool-urlscan: URLScan.io
:tool-talos: Cisco Talos Intelligence

// Infrastructure & Access
:tool-claroty: Claroty XDome (OT Security)
:tool-umbrella: Cisco Secure Umbrella (DNS Filtering)
:tool-posture: Cisco Secure Client Posture Module
:tool-ise: Cisco Identity Services Engine
:tool-adcs: Active Directory Certificate Services

// Collaboration & Ticketing
:tool-teams: Microsoft Teams
:tool-servicenow: ServiceNow
:tool-slack: Slack

// Development & Automation
:tool-azure-devops: Azure DevOps

// ========================================================================
// PEOPLESOFT TIME TRACKING
// ========================================================================

// Standard Admin Codes (CHLA InfoSec Engineering)
:ps-account: 605010
:ps-fund-code: 1010
:ps-department: 8492000
:ps-pc-unit: PC100

// ----------------------------------------------------------------------------
// Active Projects (Project # | Combo Code | Activity Code)
// Usage: {prj-<name>}, {combo-<name>}, {activity-<name>}
// ----------------------------------------------------------------------------

// EDR Migration (AMP to Defender)
:prj-edr-migration: 000017633
:combo-edr-migration: 000018546
:activity-edr-migration: 21

// Windows 11 Device Hardening
:prj-win11-hardening: 000017706
:combo-win11-hardening: 000018549
:activity-win11-hardening: 21

// iPad Refresh (Spectrum TV App & GetWell SSID)
:prj-ipad-refresh: 000016444
:combo-ipad-refresh: 000018551
:activity-ipad-refresh: 20

// Immunity Lab Move
:prj-immunity-lab: 000017481
:combo-immunity-lab:
:activity-immunity-lab: 21

// Mind DLP Proof of Value
:prj-mind-dlp: 000017956
:combo-mind-dlp: 000018452
:activity-mind-dlp: 21

// iSensix dACL + IoT VLAN Assignment
:prj-isensix-dacl:
:combo-isensix-dacl:
:activity-isensix-dacl: 21

// Cisco Catalyst Center (DNA Center Migration)
:prj-catalyst-center:
:combo-catalyst-center:
:activity-catalyst-center:

// ----------------------------------------------------------------------------
// Activity Hour Baselines (realistic end-to-end effort)
// ----------------------------------------------------------------------------

// Meetings & Collaboration
:hrs-meeting: 1.0
:hrs-stakeholder-meeting: 1.5
:hrs-workshop: 2.0
:hrs-vendor-call: 1.5
:hrs-cab-attendance: 1.0

// ISE / Network Policy
:hrs-ise-policy-mac: 3.0
:hrs-ise-policy-win: 4.5
:hrs-ise-policy-linux: 4.0
:hrs-dacl-design: 3.5
:hrs-authz-profile: 3.0
:hrs-policy-set: 4.0

// Change Management
:hrs-change-request: 3.5
:hrs-cab-prep: 2.0
:hrs-cutover: 4.0
:hrs-rollback-planning: 2.0

// Testing & Validation
:hrs-device-testing: 2.5
:hrs-pilot-validation: 4.0
:hrs-integration-testing: 3.5

// Support & Operations
:hrs-support: 2.0
:hrs-incident-response: 3.0
:hrs-troubleshooting: 2.5
:hrs-post-cutover-support: 2.5

// Discovery & Documentation
:hrs-discovery: 3.0
:hrs-documentation: 2.0
:hrs-architecture-design: 4.0
// ========================================================================
// STYLE ATTRIBUTES -- HTML Status Styling
// ========================================================================
// Contains CSS styling for status indicators and priority markers.
// Only applied when rendering to HTML (backend-html5).
//
// Usage:
//   include::partial$attributes-styles.adoc[]
//
// Styling classes:
//   .pass, .fail, .pending, .active
//   .status-complete, .status-inprogress, .status-blocked, .status-pending, .status-notstarted
//   .priority-critical, .priority-high, .priority-normal
// ========================================================================

++++
<style>
.pass { color: #22c55e; font-weight: bold; }
.fail { color: #ef4444; font-weight: bold; }
.pending { color: #f59e0b; font-weight: bold; }
.active { color: #3b82f6; font-weight: bold; }
.status-complete { color: #22c55e; font-weight: bold; }
.status-inprogress { color: #3b82f6; font-weight: bold; }
.status-blocked { color: #ef4444; font-weight: bold; }
.status-pending { color: #f59e0b; font-weight: bold; }
.status-notstarted { color: #94a3b8; font-weight: bold; font-style: italic; }
.priority-critical { background-color: #fef2f2; border-left: 4px solid #ef4444; padding: 0.5em; margin: 0.5em 0; }
.priority-high { background-color: #fef9c3; border-left: 4px solid #f59e0b; padding: 0.5em; margin: 0.5em 0; }
.priority-normal { background-color: #f0f9ff; border-left: 4px solid #3b82f6; padding: 0.5em; margin: 0.5em 0; }
</style>
++++

Related Documents