Awesome
DBOT - Demisto Security Bot
A Slack bot to add security info to messages containing URLs, hashes and IPs. You can see it in action at dbot.demisto.com.
Deprecation Notice
DBot has been deprecated and is no longer supported by the Demisto team.
Authors
This project was built by the Demisto team
Quick Start
Make sure you have a Go environment set up (either using GVM or just native install)
$ go get -t -u -d -v github.com/demisto/alfred
To get the client artifacts (html, css, js) built install node, npm and then:
$ cd $GOPATH/src/github.com/demisto/alfred/client
$ npm i
$ npm run build
(this will create client artifacts under $GOPATH/src/github.com/demisto/alfred/client/build
)
Create the Go wrapper around the client files:
$ go get -v github.com/slavikm/esc
$ cd $GOPATH/src/github.com/demisto/alfred/
$ $GOPATH/bin/esc -o web/static.go -pkg web -prefix client/build -ignore \\.DS_Store client/build
And finally, install and run:
$ cd $GOPATH/src/github.com/demisto/alfred/
$ go install
$ cd $GOPATH/bin
$ ./alfred [-loglevel debug] [-conf path/to/conf] [-logfile path/to/log]
If you are running from bin (as above), make sure to create a soft link to the site
$ ln -s ln -s $GOPATH/src/github.com/demisto/alfred/static/ static
Install mysql
Run the following to configure sql database:
$ mysql -u root (if password is set then add -p)
mysql> CREATE DATABASE demisto CHARACTER SET = utf8;
mysql> CREATE DATABASE demistot CHARACTER SET = utf8;
mysql> CREATE USER demisto IDENTIFIED BY 'password';
mysql> GRANT ALL on demisto.* TO demisto;
mysql> GRANT ALL on demistot.* TO demisto;
mysql> drop user ''@'localhost';
Or, you can run directly from the source without installing by:
$ cd $GOPATH/src/github.com/demisto/alfred/
$ go run alfred.go [-loglevel debug] [-conf path/to/conf] [-logfile path/to/log]
Please make sure to run esc again to embed the fully updated site into Go before release. While developing, you don't need to run esc unless adding new files to the site.
Configuration
- Make sure to specify the Slack client ID and secret in a configuration file
- To get VirusTotal reputation, you must specify the VirusTotal key. See conf/conf.go for more details.
- Add
"Web": true
to configuration file to support web service (access reputation data from the browser) - Add
"Worker": true
to configuration file to support web service (process work by the bot) - Configure mysql database configuration under
"DB"
key (See conf/conf.go for more detail):
{
"ConnectString": "tcp(127.0.0.1:3306)/demisto?parseTime=true", // where "demisto" is the DATABASE name from previous step and 127.0.0.1:3306 is the ip:port of the database
"Username": "demisto", // user created in previous step
"Password": "password", // user's password created in previous step
"ServerCA": "-----BEGIN CERTIFICATE---...", // Not necessary for local mysql
"ClientCert": "-----BEGIN CERTIFICATE----...", // Not necessary for local mysql
"ClientKey": "-----BEGIN RSA PRIVATE KEY--..." // Not necessary for local mysql
}