Skip to content

sbgoodm/tipbot

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
components
components
 
 
public
public
 
 
skills
skills
 
 
test
test
 
 
.env
.env
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
.travis.yml
.travis.yml
 
 
app.json
app.json
 
 
bot.js
bot.js
 
 
package.json
package.json
 
 
readme.md
readme.md
 
 

Repository files navigation

Threat Intel Slackbot Prototype Build Status

This Slackbot talks to AlienVault OTX and will return recently published security alerts and indicators of compromise.

Usage

  1. Visit this link to sign into Slack and authorize the Threat Intel Platform slackbot in your channels.
  2. Either direct message @ATIPbot or invite it to one of your channels.
  3. Say @ATIPBot help for a list of supported commands

Rationale for distributing as a public Slack App

This Slackbot app is based off the very convenient Botkit scaffolding. The code was cloned from https://github.com/howdyai/botkit-starter-slack. Registering a Slack app with a given workspace requires a fair amount of configuration within the Slack API, specifically:

  • Creating a bot user account
  • Enabling OAuth registration with a callback URL
  • Enabling event subscriptions with a callback URL
  • Subscribing to particular events

Additionally, the callback URL requires that this Slackbot be hosted publicly. Given these configuration and hosting needs, it seemed easier to set them up once, and let you install the app to quickly take advantage of the bot functionality in your Slack channels.

Running Slackbot yourself

If you do want to run this Slackbot yourself, you'll need a public hosting solution. Heroku is most convenient, and you can be up and running easily. AWS has a free tier too. Glitch.com is a quick and easy option, but doesn't seem to support git submodules that well. Once you've picked your hosting environment:

  1. Clone this repo.
  2. cd tipbot
  3. git submodule init
  4. git submodule update
  5. npm install
  6. Follow these excellent instructions from Botkit on configuring your Slack App.
  7. Update your .env file with your Slack App's client ID, client secret, AlienVault OTX token, and port.
  8. node .
  9. Browse to http://your-url:your_port/login

To Do

  • Stub out OTX library, so tests don't hit the network, and assertions can be more robust/deterministic
  • Add Travis
  • Add 'help' command
  • Format pulse responses
  • Format IOC responses
  • Add command to get latest pulses posted to OTX (no search term needed)
  • Output a response to slack if nothing is returned by OTX

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages