dropbox/securitybot dropbox/securitybot

  • This repository has been archived on 16/Jul/2019
  • Stars
    star
    993
  • Rank 46,124 (Top 1.0 %)
  • Language
    Python
  • License
    Apache License 2.0
  • Created about 8 years ago
  • Updated about 6 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
dropbox/securitybot
github

dropbox

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Distributed alerting for the masses!

Securitybot

Distributed alerting for the masses!

Securitybot is an open-source implementation of a distributed alerting chat bot, as described in Ryan Huber's blog post. Distributed alerting improves the monitoring efficiency of your security team and can help you catch security incidents faster and more efficiently. We've tried to remove all Dropbox-isms from this code so that setting up your own instance should be fairly painless. It should be relatively easy to install the listed requirements in a virtualenv/Docker container and simply have the bot do its thing. We also provide a simple front end to dive through the database, receive API calls, and create custom alerts for the bot to reach out to people as desired.

Deploying

This guide runs through setting up a Securitybot instance as quickly as possible with no frills. We'll be connecting it to Slack, SQL, and Duo. Once we're done, we'll have a file that looks something like main.py.

SQL

You'll need a database called securitybot on some MySQL server somewhere. We've provided a function called init_sql located in securitybot/sql.py that will initialize SQL. Currently it's set up to use the host localhost with user root and no password. You'll need to change this because of course that's not how your database is set up.

Slack

You'll need a token to be able to integrate with Slack. The best thing to do would be to create a bot user and use that token for Securitybot. You'll also want to set up a channel to which the bot will report when users specify that they haven't performed an action. Find the unique ID for that channel (it'll look similar to C123456) and be sure to invite the bot user into that channel, otherwise it won't be able to send messages.

Duo

For Duo, you'll want to create an Auth API instances, name it something clever, and keep track of the integration key, secret key, and auth API endpoint URI.

Running the bot

Take a look at the provided main.py in the root directory for an example on how to use all of these. Replace all of the global variables with whatever you found above. If the following were all generated successfully, Securitybot should be up and running. To test it, message the bot user it's assigned to and say hi. To test the process of dealing with an alert, message test to test the bot.

Architecture

Securitybot was designed to be as modular as possible. This means that it's possible to easily swap out chat systems, 2FA providers, and alerting data sources. The only system that is tightly integrated with the bot is SQL, but adding support for other databases shouldn't be difficult. Having a database allows alerts to be persistent and means that the bot doesn't lose (too much) state if there's some transient failure.

Securitybot proper

The bot itself performs a small set of functions:

  1. Reads messages, interpreting them as commands.
  2. Polls each user object to update their state of applicable.
  3. Grabs new alerts from the database and assigns them to users or escalates on an unknown user.

Messaging, 2FA, and alert management are provided by configurable modules, and added to the bot upon initialization.

Commands

The bot handles incoming messages as commands. Command parsing and handling is done in the Securitybot class and the commands themselves are provided in two places. The functions for the commands are defined in commands.py and their structure is defined in commands.yaml under the config/ directory.

Messaging

Securitybot is designed to be compatible with a wide variety of messaging systems. We currently provide bindings for Slack, but feel free to contribute any other plugins, like for Gitter or Zulip, upstream. Messaging is made possible by securitybot/chat/chat.py which provides a small number of functions for querying users in a messaging group, messaging those users, and sending messages to a specific channel/room. To add bindings for a new messaging system, subclass Chat.

2FA

2FA support is provided by auth/auth.py, which wraps async 2FA in a few functions that enable checking for 2FA capability, starting a 2FA session, and polling the state of the 2FA session. We provide support for Duo Push via the Duo Auth API, but adding support for a different product or some in-house 2FA solution is as easy as creating a subclass of Auth.

Task management

Task management is provided by tasker/tasker.py and the Tasker class. Since alerts are logged in an SQL database, the provided Tasker is SQLTasker. This provides support for grabbing new tasks and updating them via individual Task objects.

Blacklists

Blacklists are handled by the SQL database, provided in blacklist/blacklist.py and the subclass blacklist/sql_blacklist.py.

Users

The User object provides support for handling user state. We keep track of whatever information a messaging system gives to us, but really only ever use a user's unique ID and username in order to contact them.

Alerts

Alerts are uniquely identified by a SHA-256 hash which comes from some hash of the event that generated them. We assume that a SHA-256 hash is sufficiently random for there to be no collisions. If you encounter a SHA-256 collision, please contact someone at your nearest University and enjoy the fame and fortune it brings upon you.

FAQ

Please ask us things

Contributing

Contributors must abide by the Dropbox Contributor License Agreement.

License

Copyright 2016 Dropbox, Inc.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

More Repositories

1

zxcvbn

Low-Budget Password Strength Estimation
CoffeeScript
15,061
star
2

lepton

Lepton is a tool and file format for losslessly compressing JPEGs by an average of 22%.
C++
5,008
star
3

godropbox

Common libraries for writing Go services/applications.
Go
4,146
star
4

hackpad

Hackpad is a web-based realtime wiki.
Java
3,520
star
5

djinni

A tool for generating cross-language type declarations and interface bindings.
C++
2,860
star
6

json11

A tiny JSON library for C++11.
C++
2,478
star
7

PyHive

Python interface to Hive and Presto. 🐝
Python
1,671
star
8

pyannotate

Auto-generate PEP-484 annotations
Python
1,421
star
9

css-style-guide

Dropbox’s (S)CSS authoring style guide
1,143
star
10

goebpf

Library to work with eBPF programs from Go
Go
1,135
star
11

dbxcli

A command line client for Dropbox built using the Go SDK
Go
1,048
star
12

dropbox-sdk-js

The Official Dropbox API V2 SDK for Javascript
JavaScript
934
star
13

dropbox-sdk-python

The Official Dropbox API V2 SDK for Python
Python
885
star
14

rust-brotli

Brotli compressor and decompressor written in rust that optionally avoids the stdlib
Rust
811
star
15

scooter

An SCSS framework & UI library for Dropbox Web.
CSS
789
star
16

changes

A dashboard for your code. A build system.
Python
759
star
17

SwiftyDropbox

Swift SDK for the Dropbox API v2.
Swift
650
star
18

pb-jelly

A protobuf code generation framework for the Rust language developed at Dropbox.
Rust
611
star
19

AffectedModuleDetector

A Gradle Plugin to determine which modules were affected by a set of files in a commit.
Kotlin
603
star
20

fast_rsync

An optimized implementation of librsync in pure Rust.
Rust
601
star
21

sqlalchemy-stubs

Mypy plugin and stubs for SQLAlchemy
Python
570
star
22

dropbox-sdk-java

A Java library for the Dropbox Core API.
Java
565
star
23

pyxl

A Python extension for writing structured and reusable inline HTML.
Python
525
star
24

dependency-guard

A Gradle plugin that guards against unintentional dependency changes.
Kotlin
404
star
25

stone

The Official API Spec Language for Dropbox API V2
Python
399
star
26

nsot

Network Source of Truth is an open source IPAM and network inventory database
Python
392
star
27

focus

A Gradle plugin that helps you speed up builds by excluding unnecessary modules.
Kotlin
382
star
28

divans

Building better compression together
Rust
368
star
29

dropbox-sdk-dotnet

The Official Dropbox API V2 SDK for .NET
C#
327
star
30

hydra

A multi-process MongoDB collection copier.
Python
319
star
31

mypy-PyCharm-plugin

A simple plugin that allows running mypy from PyCharm and navigate between errors
Java
313
star
32

nn

Non-nullable pointers for C++
C++
312
star
33

avrecode

Lossless video compression: decode an H.264-encoded video file and reversibly re-encode it as as a smaller file.
C++
275
star
34

componentbox

Reactive server-driven UI for iOS, Android, and web
Kotlin
260
star
35

dropshots

Easy on-device screenshot testing for Android.
Kotlin
256
star
36

python-zxcvbn

A realistic password strength estimator.
HTML
253
star
37

zxcvbn-ios

A realistic password strength estimator.
Objective-C
223
star
38

llm-security

Dropbox LLM Security research code and results
Python
208
star
39

dbx_build_tools

Dropbox's Bazel rules and tools
Go
208
star
40

nautilus-dropbox

Dropbox Integration for Nautilus
Python
196
star
41

dropbox-sdk-go-unofficial

⚠️ An UNOFFICIAL Dropbox v2 API SDK for Go
Go
184
star
42

dropbox-sdk-obj-c

Official Objective-C SDK for the Dropbox API v2.
Objective-C
182
star
43

rust-alloc-no-stdlib

An interface to a generic allocator so a no_std rust library can allocate memory, with, or without stdlib being linked.
Rust
172
star
44

pygerduty

A Python library for PagerDuty.
Python
164
star
45

kglb

KgLb - L4 Load Balancer
Go
147
star
46

pytest-flakefinder

Runs tests multiple times to expose flakiness.
Python
140
star
47

mdwebhook

A sample app that uses webhooks to convert Markdown files to HTML.
Python
136
star
48

ts-transform-import-path-rewrite

TS AST transformer to rewrite import path
TypeScript
129
star
49

datagraph

Haskell
127
star
50

miniutf

A C++ library for basic Unicode manipulation.
C
119
star
51

PhotoWatch

A demo app for the SwiftyDropbox SDK.
Swift
118
star
52

pilot

Cross-platform MVVM in Swift
Swift
113
star
53

librsync

Dropbox modified version of librysnc
C
109
star
54

XCoverage

Xcode Plugin that displays coverage data in the text editor
Objective-C
100
star
55

vsmc

Vendor Security Model Contract
97
star
56

merou

Permission management service
Python
95
star
57

othw

OAuth 2 the Hard Way - calling the Dropbox API in lots of languages without any Dropbox or OAuth libraries
JavaScript
86
star
58

hypershard-android

CLI tool for collecting tests
Kotlin
84
star
59

trapperkeeper

A suite of tools for ingesting and displaying SNMP traps.
Python
80
star
60

idle.ts

A TypeScript library used to detect idle/active users.
TypeScript
79
star
61

amqp-coffee

An AMQP 0.9.1 client for Node.js.
CoffeeScript
78
star
62

dropbox-sdk-rust

Dropbox SDK for Rust
Rust
75
star
63

lopper

A lightweight C++ framework for vectorizing image-processing code
C++
75
star
64

differ

C++
73
star
65

dbx-career-framework

Python
70
star
66

typed-css-modules-webpack-plugin

Generate TypeScript typing declarations for your TypeScript + CSS Modules project.
TypeScript
69
star
67

kaiken

User scoping library for Android applications.
Kotlin
69
star
68

dropbox-api-content-hasher

Code to compute the Dropbox API's "content_hash"
Java
69
star
69

stopwatch

Scoped, nested, aggregated python timing library
Python
65
star
70

llama

Library for testing and measuring network loss and latency between distributed endpoints.
Go
62
star
71

nodegallerytutorial

Step by step tutorial to build a production-ready photo gallery Web Service using Node.JS and Dropbox.
JavaScript
62
star
72

load_management

This repository contains Go utilities for managing isolation and improving reliability of multi-tenant systems.
Go
54
star
73

rust-brotli-decompressor

An implementation of https://github.com/google/brotli in rust avoiding the stdlib
Rust
53
star
74

rules_node

Node rules for Bazel (unsupported)
Python
52
star
75

hermes

SRE Event and Autotasking system
Python
48
star
76

dropbox-api-v2-explorer

The Official API Explorer for Dropbox's APIs
TypeScript
45
star
77

pynsot

A Python client and CLI utility for the Network Source of Truth (NSoT) REST API.
Python
45
star
78

DropboxBusinessAdminTool

Power User tool to assist Dropbox Business Administrators in managing their Dropbox team
C#
44
star
79

ts-transform-react-constant-elements

A TypeScript AST Transformer that can speed up reconciliation and reduce garbage collection pressure by hoisting React elements to the highest possible scope.
TypeScript
44
star
80

llama-archive

Loss & LAtency MAtrix
Python
43
star
81

ttvc

Measure Visually Complete metrics in real time
TypeScript
42
star
82

DropboxBusinessScripts

Scripting resources to serve as a base for common Dropbox Business tasks
Python
41
star
83

dropbox-ios-dropins-sdk

An iOS library for choosing files in Dropbox.
Objective-C
40
star
84

encfs

EncFS Encrypted Filesystem
C++
38
star
85

dropbox-api-spec

The Official API Spec for Dropbox API V2 SDKs.
Python
37
star
86

onenote-parser

C++
35
star
87

image-search

A hypothetical Dropbox API app that makes it possible to do image searches from Dropbox.
Haskell
34
star
88

dbx-unittest2pytest

Convert unittest asserts to pytest rewritten asserts.
Python
27
star
89

hypershard-ios

⚡ the ridiculously fast XCUITest collector.
Swift
26
star
90

dropbox-api-v2-repl

Utilities to test the Dropbox API v2.
Python
26
star
91

hocrux

Handwritten optical character recognition
Python
25
star
92

questions

Simple application for storing interview questions.
Python
24
star
93

dropbox_hook

A tool for testing your Dropbox webhook endpoints.
Python
23
star
94

ruba

fast in-memory analytics datastore in Rust
Rust
21
star
95

libunwind

Pyston's fork of libunwind; originally from git://git.sv.gnu.org/libunwind.git
C
21
star
96

changes-client

A build client for Changes.
Go
19
star
97

libavcodec-hooks

Fork of ffmpeg (git://source.ffmpeg.org/ffmpeg.git). Required to compile avrecode lossless video compression (https://github.com/dropbox/avrecode). Adds hooks into low-level coding functions of libavcodec. License: LGPL.
C
19
star
98

phabricator-changes

Integration between Phabricator and Changes. This repository is no longer maintained.
PHP
18
star
99

Dropline

Tool to monitor how busy an area is using Wi-Fi. Originally intended for Dropbox's Tuck Shop.
Haskell
18
star
100

goprotoc

Go
17
star