Codex scanned my whole Arch Linux system, documented all the findings, and wrote the queries for my IDS to keep a watch for exfil and other IoCs. Set up the alerts for me too.

The queries kinda sucked at first, but it was pretty awesome to get to spend more time with my kids while Codex would manage the incident response for me.