Automate the detection of vulnerabilities from the National Vulnerability Database (NVD) and streamline communication within your IT team through Slack. This tool eliminates the need for manual vulnerability checks and forwards security patch details to co-admins for quick action.
IT Admins! Security Breach Looming? ⏰ Don't Wait! Fix it before attackers do! Share this critical tool (https://nvdnotifier.vercel.app) with your team and join the discussion over here.
The customer relies on Slack for internal communication, and the IT team wants to extend this to handle newly discovered vulnerabilities. Currently, System Administrators manually visit the NVD daily to identify threats and notify team members. This process is time-consuming and prone to delays in remediation. The NVD Notifier automates these tasks, ensuring that vulnerabilities are quickly communicated and assigned within the team.
- Slack Integration: A Slack app that continuously scans the NVD at a specified interval.
- Automated Notifications: When a new vulnerability is found, a Slack message is sent to the System Administrator.
- Actionable Alerts: Administrators receive:
- Vulnerability details
- A list of team members to assign the task to
- A button to forward the vulnerability details to selected members
- Forwarding Functionality:
- The forwarded message contains the vulnerability description, a text box for remediation details, and a confirmation button to indicate that the issue has been resolved.
Use the package manager pnpm to install the nvd-notifier.
pnpm installTo build and start the application:
pnpm build && pnpm startFor development purposes:
pnpm build && pnpm dev(Note: An OAuth flow can be used to simplify the process for users.)
Video - Onboarding & Slack setup
To integrate with Slack, you first need to create a Slack Bot. Follow these steps:
- Go to the Slack API Apps page.
- Click "Create App" and select "Create App from Manifest."
- Paste the following manifest file:
{
"display_information": {
"name": "Demo Slack Notifier",
"description": "A bot that notifies about new vulnerabilities",
"background_color": "#4A154B"
},
"features": {
"bot_user": {
"display_name": "Vulnerability Bot",
"always_online": true
}
},
"oauth_config": {
"redirect_urls": [
"https://<DOMAIN_NAME_OR_NGROK_URL>/api/slack/callback",
],
"scopes": {
"bot": [
"chat:write",
"users:read",
"im:write",
"mpim:write"
]
}
},
"settings": {
"interactivity": {
"is_enabled": true,
"request_url": "<BASE_URL_OF_YOUR_HOSTED_APP_OR_NGROK_URL>/api/slack/actions"
},
"org_deploy_enabled": false,
"socket_mode_enabled": false,
"token_rotation_enabled": false
}
}- Navigate to Features > Oauth & Permissions
- Under Oauth token click on Install App to your workspace.
- Generate the Bot Token which will allow us to communicate with Slack sdk.
CLIENT_ID=<SLACK_OAUTH_APP_CLIENT_ID>
CLIENT_SECRET=<SLACK_OAUTH_APP_CLIENT_SECRET>
REDIRECT_BASE_URI=<REDIRECT_URL_YOUR_DOMAIN_NAME>
SCAN_INTERVAL=30// In seconds
LAST_SCANNED_DATE="2024-10-07T12:08:00.973Z"
DATABASE_URL="mongodb+srv://<USERNAME>:<PASSWORD>@xyz-cluster.wsq1q.mongodb.net/?retryWrites=true&w=majority&appName=xyz-cluster"
DB_NAME=testnvdnotifier
-
Secure OAuth Token Storage 🔐 Implement a secure method to store and manage OAuth tokens for enhanced data protection.
-
Scalable Notification Queue 🚀 Introduce a queue (Bull, RabbitMQ, SQS) for detected vulnerabilities, with a dedicated Job Worker to fetch from the queue and send Slack notifications aiming to improve stability and scalability of the NVD-notifier.
-
Expanded Bot Capabilities 🤖 Enable additional admin actions to increase bot functionality and flexibility.
-
Broader Incident Management Integration 🔗 Explore integrations with more incident management tools like PagerDuty, Google Chat, Skype, and others.
-
UI/UX Enhancements 🎨 Improve the user interface and experience for more intuitive and seamless interactions.
-
AI-Driven Insights 🧠 Develop AI automation that analyzes detected vulnerabilities and provides admins with insights on discussions from platforms like Reddit and X, offering a broader perspective on emerging threats.
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
Please make sure to update tests as appropriate.