SECurityTr8Ker is a Python application designed to monitor the U.S. Securities and Exchange Commission's (SEC) RSS feed for new 8-K filings that contain material cybersecurity incident disclosures. This tool is particularly useful for cybersecurity analysts, financial professionals, and researchers interested in real-time alerts of cybersecurity incidents disclosed by publicly traded companies.
- Real-time Monitoring: Continuously monitors the SEC's RSS feed for new 8-K filings
- Intelligent Detection:
- Searches for Item 1.05 (Material Cybersecurity Incidents) disclosures
- Identifies cybersecurity-related keywords and context
- Prevents duplicate notifications
- Multi-channel Notifications:
- Slack
- Microsoft Teams
- Telegram
- Console logging (always enabled)
- Rich Information:
- Company name and CIK number
- Stock ticker symbol (with Google Finance link)
- Direct link to SEC filing
- Filing date and context
- Matching keywords found
- Persistent Storage: Maintains a record of all processed disclosures in JSON format
-
RSS Feed Monitoring:
- Fetches the SEC's RSS feed for 8-K filings
- Processes each filing to extract relevant information
- Respects SEC's rate limiting guidelines
-
Disclosure Detection:
- Checks for "Item 1.05" material cybersecurity incident disclosures
- Searches for cybersecurity-related keywords (e.g., "unauthorized access", "cyber-attack")
- Extracts relevant context around matches
-
Notification Distribution:
- Sends alerts through configured notification channels
- Includes direct links to SEC filings and company information
- Prevents duplicate notifications
-
Data Management:
- Stores processed disclosures in
disclosures.json - Maintains detailed logs for troubleshooting
- Prevents duplicate processing of filings
- Stores processed disclosures in
-
Clone the Repository:
git clone https://github.com/pancak3lullz/SECurityTr8Ker.git cd SECurityTr8Ker -
Install Dependencies:
pip install -r requirements.txt
-
Configure Environment:
# Copy the example environment file cp .env.example .env -
Required Configuration: Edit
.envand set your email address for the SEC API:# REQUIRED: Set your email address for SEC API access USER_AGENT=SECurityTr8Ker/1.0 (your-email@example.com) -
Optional Notification Channels: Configure any of the following in
.env:Slack:
SLACK_WEBHOOK_URL=https://hooks.slack.com/services/your/webhook/urlMicrosoft Teams:
TEAMS_WEBHOOK_URL=https://outlook.office.com/webhook/...Telegram:
TELEGRAM_BOT_TOKEN=your_bot_token TELEGRAM_CHAT_ID=your_chat_idTwitter:
TWITTER_API_KEY=your_api_key TWITTER_API_SECRET=your_api_secret TWITTER_BEARER_TOKEN=your_bearer_token TWITTER_ACCESS_TOKEN=your_access_token TWITTER_ACCESS_TOKEN_SECRET=your_access_token_secret -
Run the Program:
python main.py
2025-01-01 19:27:36,581 - INFO - SECurityTr8Ker starting up...
2025-01-01 19:27:36,581 - INFO - Starting new check cycle...
2025-01-01 19:27:36,581 - INFO - Fetching SEC RSS feed for 8-K filings...
2025-01-01 19:27:36,809 - INFO - Found 200 filings to inspect
2025-01-01 19:27:36,809 - INFO - Inspecting documents for cybersecurity disclosures...
All notification channels receive alerts in this format:
Cybersecurity Incident Disclosure
Published on: Tue, 31 Dec 2024 17:30:28 EST
Company: Example Corp (Ticker: $EXMP)
CIK: 0000123456
View SEC Filing: https://www.sec.gov/...
main.py: Main program entry pointsrc/config.py: Configuration and environment variablesutils.py: Core functionality for processing filingslogger.py: Logging configurationslack_poster.py: Slack notification moduleteams_poster.py: Microsoft Teams notification moduletelegram_poster.py: Telegram notification moduletwitter_poster.py: Twitter notification module
.env: Configuration file (create from .env.example)disclosures.json: Record of processed disclosureslogs/: Directory containing log files
- SEC EDGAR system for providing public access to filings
- Inspired by the need for real-time cybersecurity incident monitoring
- Idea presented by Will Hawkins & Board-Cybersecurity.com
