zbnio / zbn Goto Github PK

View Code? Open in Web Editor NEW

58.0 2.0 9.0 9.6 MB

安全编排与自动化响应平台

Home Page: https://zbn.io

License: GNU General Public License v3.0

Python 83.89% Dockerfile 1.53% Shell 3.87% PLpgSQL 10.08% JavaScript 0.63%

soar zbn zbnio tools security security-tools security-automation hacker hackerrank-python python3 hacking automation

zbn's Introduction

ZBN SOAR 是什么?

ZBN SOAR 是一款安全编排与自动化响应平台，将安全产品以及安全流程链接整合起来，通过预定义的工作流（Workflow）和剧本（Playbook）来标准化事故的调查处置流程，提升威胁响应的自动化程度和执行效率。

ZBN SOAR 的价值

缩短应急处置安全事故的时间
减少和优化传统SOC中不必要和冗余的工作
安全产品整合的API加速了自动化
丰富的安全数据服务：威胁情报平台TIP
提高告警分析的质量和侦测发现能力
提高工作精准度，安全运维流程的文档化以及证据的管理
减少培训新安全运维分析人员的代价
整体提高衡量和管理安全运维的能力

ZBN SOAR 平台展示

仪表盘展示

剧本展示

直达连接

官网：https://zbn.io
Github：https://github.com/zbnio/zbn
文档： https://www.yuque.com/zbn/docs/ayilv9

联系作者

E-Mail

[email protected]

微信

加作者微信进群，请备注 SOAR、ZBN、织布鸟

zbn's People

Contributors

Stargazers

Watchers

Forkers

ddzzj lordlight zhoupingzong kkact wanglibin1314 dizhaung xuanxihao 111cyber0cculte888

zbn's Issues

点击仪表盘报错：Error: Request failed with status code 500
报错日志：
Traceback (most recent call last): File "/usr/local/python3/lib/python3.7/site-packages/flask/app.py", line 2447, in wsgi_app response = self.full_dispatch_request() File "/usr/local/python3/lib/python3.7/site-packages/flask/app.py", line 1952, in full_dispatch_request rv = self.handle_user_exception(e) File "/usr/local/python3/lib/python3.7/site-packages/flask_cors/extension.py", line 165, in wrapped_function return cors_after_request(app.make_response(f(*args, **kwargs))) File "/usr/local/python3/lib/python3.7/site-packages/flask/app.py", line 1821, in handle_user_exception reraise(exc_type, exc_value, tb) File "/usr/local/python3/lib/python3.7/site-packages/flask/_compat.py", line 39, in reraise raise value File "/usr/local/python3/lib/python3.7/site-packages/flask/app.py", line 1950, in full_dispatch_request rv = self.dispatch_request() File "/usr/local/python3/lib/python3.7/site-packages/flask/app.py", line 1936, in dispatch_request return self.view_functions[rule.endpoint](**req.view_args) File "/export/Packages/zbn/app/handler/dashboard/view.py", line 67, in get_dashboard_exec exec_data = db.select(sql) File "/usr/local/python3/lib/python3.7/site-packages/orator/connections/connection.py", line 35, in _run e, query, bindings, wrapped File "/usr/local/python3/lib/python3.7/site-packages/orator/connections/connection.py", line 357, in _try_again_if_caused_by_lost_connection raise QueryException(query, bindings, e) orator.exceptions.query.QueryException: (1055, "Expression #1 of SELECT list is not in GROUP BY clause and contains nonaggregated column 'zbn_db.zbn_logs.create_time' which is not functionally dependent on columns in GROUP BY clause; this is incompatible with sql_mode=only_full_group_by") (SQL: SELECT DATE_FORMAT(create_time, '%%m-%%d') as timex, count(id) as value FROM zbn_logs WHERE DATE(create_time) > DATE_SUB(CURDATE(), INTERVAL 7 DAY) GROUP BY DATE(create_time); (None))

en locale

How to enable en locale in its default dashboard?

app应用后期会改成插件形式吗？

改成插件形式，写一个标准框架，这样可以集中大家的力量不断完善里面的应用。

剧本执行报错。

生成了一个端口扫描的剧本执行没反应？后台看有报错提示

Welcome to ZBN SOAR service
===========================
Web : https://zbn.io
Github : https://github.com/zbnio/zbn
===========================
Running on http://0.0.0.0:8888/ (Press CTRL+C to quit)
Traceback (most recent call last):
File "C:\Program Files\Python37\lib\site-packages\gevent\pywsgi.py", line 970, in handle_one_response self.run_application()
File "C:\Program Files\Python37\lib\site-packages\geventwebsocket\handler.py", line 75, in run_application self.run_websocket()
File "C:\Program Files\Python37\lib\site-packages\geventwebsocket\handler.py", line 52, in run_websocket
list(self.application(self.environ, lambda s, h, e=None: [])) File "C:\Program Files\Python37\lib\site-packages\flask\app.py", line 2464, in__call__ return self.wsgi_app(environ, start_response)
File "C:\Program Files\Python37\lib\site-packages\flask_sockets.py", line 45,in __call__handler(environment, **values)
File "D:\software\ZBN\app\handler\workflow\view.py", line 113, in echo_socket run_exec(socket=socket, uuid=uuid)
File "core.py", line 138, in core.run_exec
File "core.py", line 69, in core.get_app_data
File "core.py", line 50, in core.execute
UnboundLocalError: local variable 'import_path' referenced before assignment2020-11-16T05:01:05Z {'REMOTE_ADDR': '192.168.10.200', 'REMOTE_PORT': '52564', 'HTTP_HOST': '192.168.10.222:8888', (hidden keys: 32)} failed with UnboundLocalError

剧本执行报错

run_exec(socket=socket, uuid=uuid)
File "core.py", line 138, in core.run_exec
File "core.py", line 69, in core.get_app_data
File "core.py", line 50, in core.execute
UnboundLocalError: local variable 'import_path' referenced before assignment

点击开始按钮后，报错信息如上。烦请支持。

加一个知识库功能

项目首次运行报错

ImportError: /root/zbn/app/core/linux/core.so: undefined symbol: PyInterpreterState_GetID

系统：Ubuntu 18.04.3 LTS
python 版本：3.6.9（是不是一定要3.7才能用？）

加一个工单功能

配置剧本的时候不太友好，我用的时候把图标拖出来了。

docker运行报错

docker的方式运行项目，登陆页面可以正常显示，但是当用默认的admin和12345678登陆的时候，会报错
Error: Request failed with status code 500（前端的报错，进入docker后台日志无错误）

运行出错

第一次登陆的时候就报错：
* Running on http://0.0.0.0:8888/ (Press CTRL+C to quit)
[2020-11-16 11:17:02,411] ERROR in app: Exception on /api/v1/login [POST]
Traceback (most recent call last):
File "D:\python\python37\lib\site-packages\flask_sockets.py", line 40, in call
handler, values = adapter.match()
File "D:\python\python37\lib\site-packages\werkzeug\routing.py", line 1945, in match
raise NotFound()
werkzeug.exceptions.NotFound: 404 Not Found: The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.