GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → secdevopsai → Threat-Intel-Slack-Bot

secdevopsai / Threat-Intel-Slack-Bot

Licence: MIT License
Interactive Threat Intelligence Bot that leverages serverless framework, AWS/GCP, and Slack

Programming Languages

python
139335 projects - #7 most used programming language

Labels

serverlessslackbotinfosecslack-botthreatintelthreatintelligence

Projects that are alternatives of or similar to Threat-Intel-Slack-Bot

Argos
This script will automatically set up an OSINT workstation starting from a Ubuntu OS.
Stars: ✭ 73 (+180.77%)
Mutual labels:  infosec, threatintel, threatintelligence
MurMurHash
This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.
Stars: ✭ 79 (+203.85%)
Mutual labels:  infosec, threatintel, threatintelligence
arXie-Bot
arXie is a Slack bot that browses and filters the arXiv repository for you
Stars: ✭ 29 (+11.54%)
Mutual labels:  slackbot, slack-bot
Powershell-SlackBot
Powershell based Slack Bot using the Real Time Messaging API and WebSockets.
Stars: ✭ 41 (+57.69%)
Mutual labels:  slackbot, slack-bot
progress
Create Slack progress bars
Stars: ✭ 64 (+146.15%)
Mutual labels:  slackbot, slack-bot
iou-slack-bot
💸 IOU Slack Bot - Keep track of your debts with your peers.
Stars: ✭ 13 (-50%)
Mutual labels:  slackbot, slack-bot
slack-metabot
Extract metadata (EXIF) from uploaded files on Slack
Stars: ✭ 15 (-42.31%)
Mutual labels:  slackbot, slack-bot
slack-timezone-bot
🤖⏰ Slack bot to show time in users' timezones
Stars: ✭ 51 (+96.15%)
Mutual labels:  slackbot, slack-bot
Go Sarah
Simple yet customizable bot framework written in Go.
Stars: ✭ 188 (+623.08%)
Mutual labels:  slackbot, slack-bot
git-slack-notify
Sends Slack notifications for new commits in Git repositories
Stars: ✭ 12 (-53.85%)
Mutual labels:  slackbot, slack-bot
pyeti
Python bindings for Yeti's API
Stars: ✭ 15 (-42.31%)
Mutual labels:  infosec, threatintel
slack widgets
An abstraction of the JSON structure needed to create widgets in Slack message attachments
Stars: ✭ 14 (-46.15%)
Mutual labels:  slackbot, slack-bot
walkiebot
walkiebot opensource
Stars: ✭ 42 (+61.54%)
Mutual labels:  slackbot, slack-bot
Awesome Bots
The most awesome list about bots ⭐️🤖
Stars: ✭ 2,864 (+10915.38%)
Mutual labels:  slackbot, slack-bot
Sactive Bot
😈 An extensible chat bot framework. sactive-bot is an evolution of the open source hubot project. - https://www.shipengqi.top/sactive-bot .
Stars: ✭ 212 (+715.38%)
Mutual labels:  slackbot, slack-bot
SlackWebhooksGithubCrawler
Search for Slack Webhooks token publicly exposed on Github
Stars: ✭ 21 (-19.23%)
Mutual labels:  slackbot, slack-bot
Fantasy football chat bot
GroupMe Discord and Slack Chatbot for ESPN Fantasy Football
Stars: ✭ 166 (+538.46%)
Mutual labels:  slackbot, slack-bot
Chatskills
Run and debug Alexa skills on the command-line. Create bots. Run them in Slack. Run them anywhere!
Stars: ✭ 171 (+557.69%)
Mutual labels:  slackbot, slack-bot
slackr
Simple shell command to send or pipe content to slack via webhooks. (To upload snippets or files use: www.github.com/a-sync/slackfu)
Stars: ✭ 41 (+57.69%)
Mutual labels:  slackbot, slack-bot
dienstplan
Slack bot app for duty rotations
Stars: ✭ 14 (-46.15%)
Mutual labels:  slackbot, slack-bot
View All Similar Projects ➔

Threat Intelligence Slack Bot

Motivation

As organizations mature and scale their security infrastructure, it's vital that analysts, engineers, and other team members are able to query and enrich data on demand. Additionally, application features are being introduced at an increasing rate, creating the need for software defined infrastructure. In this project, we'll be exploring scaling automation efforts - with a focus on Threat Intelligence. This project can serve as a guide for when to leverage an interactive bot, creating API endpoints, serverless architecture, and applying actionable threat intelligence.

Video Write-Up

https://www.youtube.com/watch?v=g40LLgYK1uM

Architecture Overview

Architecture

Threat Intel Slack Bot is completely serverless, and is built and deployed using Serverless.js.

There are three Lambdas controlling the process:

  • slashmessage: Function to serve as API Gateway and facilitate execution of cloud functions to query Threat Intelligence databases
  • passivetotal: Triggers indicator query (Domain Names only) to Passive Total and return response to Slack Channel
  • virustotal: Triggers indicator query to VirusTotal and return response to Slack Channel

One Command Deploy

serverless deploy

Environment Variables

When deploying Threat Intel Slack Bot, serverless.yml defines the environment variables that will be passed to lambda functions.

SLACK_API_TOKEN

VIRUSTOTAL_API_KEY

PASSIVETOTAL_USERNAME

PASSIVETOTAL_APIKEY

export SLACK_API_TOKEN=<SLACK API KEY>
export VIRUSTOTAL_API_KEY=<VIRUSTOTAL API KEY>
export PASSIVETOTAL_USERNAME=<PASSIVETOTAL API USERNAME>
export PASSIVETOTAL_APIKEY=<PASSIVE TOTAL API KEY>

Quick Start to Creating A Threat Intel Bot

  1. Clone Threat-Intel-Slack-Bot
    • git clone https://github.com/secdevopsai/Threat-Intel-Slack-Bot.git
  2. cd threat-intel-slack-bot
  3. Install NodeJS -https://nodejs.org/en/download/
  4. Install Serverless
    • sudo npm install -g serverless
  5. Install Serverless Python Requirements Plugin
    • serverless plugin install -n serverless-python-requirements
  6. Configure AWS Account
  7. Install Docker
  8. Create Slack Workspace
  9. Create Slack App
  10. Deploy
    • serverless deploy
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].