Skip to content

Send the result of a PingCastle scan into Slack and highlight the rule diff between two scans

License

Notifications You must be signed in to change notification settings

luffynextgen/PingCastle-Notify

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

28 Commits
 
 
 
 
 
 

Repository files navigation

PingCastle Notify

PingCastle Notify is a tool that will monitor your PingCastle reports ! You will be notified every time a change between a scan and a previous scan is made.

How it works ? PingCastle-Notify is a PS1 script that will run a PingCastle scan, compare the difference between a previous scan, highlight the diff and send the result into a Slack / Teams channel or a log file !

The slack/teams/log message will notify you regarding the different states: correction, recession etc

image

⚠️ If you don't want to use Slack or Teams set the variable $teams and $slack to 0 inside the ps1 script. Skip the step "Create a BOT" and check the log file inside the Reports folder.


▶️ First scan
Slack Teams
image image
▶️ No new vulnerability but some rules have been updated

image

▶️ New vulnerabilty
Slack Teams
image image
▶️ Some vulnerability have been removed
Slack Teams
image image
▶️ No new vulnerability

No result in slack since reports are the same


🔰 Adding the result of the current scan

Set the variable $print_current_result to 1 in the script, the rules flagged on the current scan will be added as a thread into Slack or after the rule diff on Teams.

Slack Teams
image Teams_8N2r3YiVh4

How to install ?

Structure of the project

SECU-TOOL-SCAN/
    - PingCastle-Notify.ps1
    - PingCastle/
        - Reports/
            - domain.local.xml
            - domain.local.html
            - scan.logs <-- contains the logs of the scan (diff scan)
        - Pingcastle.exe
        - ...

PingCastle & PingCastle-Notify.ps1

  1. Download PingCastle
  2. Unzip the archive
  3. Create a "Reports" folder inside the PingCastle folder
  4. Download and add the file PingCastle-Notify.ps1 on the parent directory

Create a BOT

▶️ Slack BOT
  1. In Slack create an application https://api.slack.com/apps
  2. Add the following rights
    • Click on "Add features and functionality" -> Bots (configure the name)
    • Click on "Add features and functionality" -> Permissions (add the following permissions)
    • Generate a "Bot User OAuth Token" on the Permissions tab

image

  1. Get your token add it to the PingCastle-Notify.ps1 script
  2. Create a slack channel and add your bot user to the channel
  3. You can test your bot using https://api.slack.com/methods/chat.postMessage/test
  4. Add the channel to the script
  5. Run the script to test using this command: powershell.exe -exec bypass C:\YOUR_PATH\SECU-TOOL-SCAN\PingCastle-Notify.ps1
▶️ Teams BOT
  1. Create a channel pingcastle-scan
  2. Click on the "..." dots and select "Connectors"
  3. Search for Webhook
  4. Add the webhook
  5. Re-click on the connectors button and on the webhook click "configure"
  6. Add a title and a logo and click Create, copy the wehbook URL
  7. Add the url on the variable $teamsUri
  8. Set the variable $teams to 1 and $slack to 0

Deploy a Scheduled Task

On your Windows Server go to

  1. Create a service account that will run the PS1 script every night (no need to set the service account as domain admin)
  2. Give privileges to the service account on the folder "Reports"

image

  1. Run taskschd.msc to open the Scheduler Task
  2. Create a Task and use the service account you just created
  3. In Actions tab set "Start a program" -> "Script": C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -> "Arguments" -> -exec bypass -f C:\PINGCASTLE\Pingcastle-Notify.ps1
  4. Give the permission "Log on as Batch Job" to service account https://danblee.com/log-on-as-batch-job-rights-for-task-scheduler/
  5. Run the scheduled task to test the result
  6. Enjoy :)

Acknowledgement

License

MIT License

About

Send the result of a PingCastle scan into Slack and highlight the rule diff between two scans

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • PowerShell 100.0%