CD2H gitForager

auth0/audit-droid

Name: audit-droid

Owner: Auth0

Description: Gynoid that audits Slack messages and executes actions in response

Created: 2016-10-01 05:26:17.0

Updated: 2018-04-13 20:06:21.0

Pushed: 2017-02-06 21:36:51.0

Homepage:

Size: 76

Language: JavaScript

GitHub Committers

User	Most Recent Commit	# Commits

Other Committers

User	Email	Most Recent Commit	# Commits

README

Audit-Droid

Overview

Audit-droid is part of Auth0's bot army. We use it to get our users to acknowledgement a particular security event. There are more details on how to use it in this blog post.

The bot is constructed from existing Auth0 components:

Audit-droid extends Gynoid.
Auth0's Slask is used to simplify Slack button workflows. You will need a Slask account, key and callback ID to use this code.
We use a Webtask for the Slask webhook (example code is included).

Flow Diagram:

When Audit-Droid matches an event (defined in droid.json) it constructs a Slack message which can be 'approved' or 'rejected'. When an action is selected the result is sent to Slask.
Slask then updates the message in the channel with the outcome of the action.
Slask fires the assigned webhook - we use a webtask.
The Webtask takes an action according to which button was pushed. If 'reject' was selected then a new Slack message is sent to our #security-alerts channel.

Installation

Follow the instructions to install Gynoid and its dependencies.

The Audit-Droid extension requires some extra configuration keys in the gynoid.config.json. Here is an example:


eys": {
"gynoid": {
  "SLASK_TOKEN": "<SLASK_TOKEN>",
  "SLASK_CB": "<SLASK_CALL_BACK_ID>"
},
"GITHUB_TOKEN": "<GITHUB_TOKEN>",
"GYNOID_TOKEN": "<SLACK_TOKEN>"

roids": {
"gynoid": {
  "token": "<SLACK_TOKEN>",
  "extensions": [
    "gynoid-droid",
    "audit-droid"
  ]
}

After you have Gynoid up and running then extend its functionality from this repository:

tname extend gynoid from auth0/audit-droid

Notes

You can lock Gynoid down to specific channels by setting a channel acl:

tname secure $your_channel_name

Review the droid.json file and change the acl for the channel you want to monitor.
Github docs for their webhooks can be found here

Issue Reporting

If you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.

For Auth0 related questions or support please use the Support Center.

Author

Auth0

License

This project is licensed under the MIT license.

This work is supported by the National Institutes of Health's National Center for Advancing Translational Sciences, Grant Number U24TR002306. This work is solely the responsibility of the creators and does not necessarily represent the official views of the National Institutes of Health.