Add option to feed findings to a local Syslog/Siem systems #95

bararchy · 2020-09-15T08:49:16Z

Add tag to CLI which enables feeding "found issues" directly to TCP/UDP syslog server
Also add TLS option for TCP
The issue data should be converted into 1 of 2 formats: CEF (https://www.npmjs.com/package/cef) and standard syslog When running the command nexploit-cli logfeed you will have more options like:
- --syslog-host: address to syslog server
- --port: port of syslog host, default to syslog default
- --protocol: UDP or TCP/TLS, should default to UDP
- --format: cef or format-string (i.e {DATE} {SEVERITY} {DETIALS} {LINK}), default to cef
- --severity-map: cef has severity levels from 0 to 10, we should be able to allow mapping our severity against specified cef numbers, defaults are low=6 medium=8 high=10
all the relevant auth parameters
The CLI needs to actively pull new findings from nexploit.app via api
The back-end should tag which issues have been pulled by the feeder already and the CLI should skip them when polling

The text was updated successfully, but these errors were encountered:

derevnjuk · 2020-09-15T15:50:51Z

@ArtLinkov should the command log the findings of specific scan or all of them?

ArtLinkov · 2020-09-15T16:42:11Z

@derevnjuk all of them, I think this should be an organization level service

bararchy added the Priority: high label Sep 15, 2020

bararchy assigned derevnjuk Sep 15, 2020

derevnjuk added the Type: enhancement New feature or request. label Sep 15, 2020

derevnjuk added Priority: medium and removed Priority: high labels Jan 13, 2021

derevnjuk removed the Priority: medium label Jan 25, 2021

Provide feedback