Giter VIP home page Giter VIP logo

pymisp_cisa_alerts's Introduction

PyMISP CISA Alerts

Build Status

The aim of this tool is to provide a simple and automated way of gathering alerts about vulnerabilities and some threats regarding ICS/SCADA. The tool uses the feedparser Python library for consuming RSS feed published by CISA, which publishes alerts regarding this topic regularly.

The alerts gathered will be correlated to a keywords list(software.txt) in order to be aware of the vulnerabilities that you want to monitor. If any of the alerts contain one or more keywords stored in the software.txt file, the alerts will be sent to the configured MISP instance.

National Cyber Awareness System (NCAS)

The tool gathers information from the followings sources within the CISA NCAS.

  • Bulletins: Weekly summaries of new vulnerabilities (including patch information if available).
  • Advisories: Timely information about current security issues, vulnerabilities and exploits.

MISP

The alerts containing any of the keywords stored in the software.txt file will be sent to the configured MISP instance. The events created will contain the tag "vulnerability".

Configuration

In order to send only relevant threats and vulnerabilities to your MISP instance, you will have to create a list of software products that you want to monitor. This list will be stored in the software.txt file (config/config_files/). For instance, imagine that you want to stay up to date about vulnerabilities in AXIS Q16 cameras and Siemens S7-1200 PLCs, you will add to the software.txt file the following elements:

  • AXIS Q16
  • Siemens S7-1200

Besides, the software.txt file, there's a SQLite database (config->sqlite) for storing the entries that you already have analysed.

Using the tool

Gathering only Vulnerability Bulletins from CISA reports.

python main.py --vulns

Gathering only ICS threats from CISA reports.

python main.py --threats

Gathering entries from ICS threats and Vulnerability Bulletins reported by CISA.

python main.py --full

Using proxy for MISP instance connection.

python main.py --proxy

pymisp_cisa_alerts's People

Contributors

alejandropradatreetk avatar aleprada avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar

Forkers

mdudek-ics

pymisp_cisa_alerts's Issues

Unable to fetch data from CISA.

Hi, I am unable to fetch any threat data from Cisa. I always get the following output:

image

Software.txt consists of following keyword:
image

MISP config is as follows:
image

I checked the latest Cisa Advisories, there are threats related to my keyword (i.e. in software.txt) but still the output shows that there are no new threats or vulnerabilities.
image

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.