JHUAPL/icsfeedparser
1
0
Fork 0
mirror of https://github.com/JHUAPL/icsfeedparser.git synced 2026-01-09 12:47:59 -05:00
Code Issues Packages Projects Releases Wiki Activity
1 Commit 1 Branch 0 Tags
60c92e638d786ee52f78b939eec89301855cd1db
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Charles Frick 60c92e638d Initial Upload of project
2022-09-13 10:06:10 -04:00
email_template.html
Initial Upload of project
2022-09-13 10:06:10 -04:00
icsfeedparser.py
Initial Upload of project
2022-09-13 10:06:10 -04:00
LICENSE
Initial Upload of project
2022-09-13 10:06:10 -04:00
README.md
Initial Upload of project
2022-09-13 10:06:10 -04:00
requirements.txt
Initial Upload of project
2022-09-13 10:06:10 -04:00

README.md

ICSFeedParser

Description

This is a simple feed meant to monitor the CISA ICS alert feed RSS stream, investigate the alerts and their reference pages, and then query against a keyword list of vendors/products of interest to a particular community. The initial use case is to have this run automatically at an ISAC/ISAO in order to reduce the manual workload of monitoring the feed.

Getting started

  1. python3 -m pip install -r requirements.txt
  2. Run icsfeedparser.py to generate config.ini, vendors.txt, equipment.txt and notification_recipients.txt.
  3. Adjust config.ini based on the labels inside. See below for more details on each configuration value.
  4. Add the vendors to monitor to vendors.txt, with one vendor on each line. Do the same with the equipment/model numbers to monitor for in equipment.txt and the email addresses of who to notify upon a discovered vulnerability to notification_recipients.txt.
  5. Run icsfeedparser.py to receive notifications (such as a cronjob).

Configuring ICSFeedParser

When initially running ICSFeedParser, it will create a config.ini with many settings that can be edited. These settings are as follows:

Mail Settings

use email notifications - Whether to send out emails when a vulnerability is found. Set this to "True" if you would like to send emails, and "False" if you do not.

mail server - The mail server to use for sending notification emails.

mail server port - The port to communicate to the mail server with for sending notification emails.

mail uses ssl encryption - Set to "True" if the mail server uses SSL encryption. This is generally the case when the mail server port is 465.

smtp username - The username for logging into the mail server. Make this blank if there is no authentication needed.

smtp password - The password for logging into the mail server. Make this blank if there is no authentication needed.

notification from email address - The email address notifications should come from.

Slack Settings

use slack notifications - Whether to send out a Slack message when a vulnerability is found. "True" if you would like to use Slack, "False" if you do not.

slack webhook url - The webhook URL for ICSFeedParser to talk to Slack with. See this guide for how to get this URL.

Notifier Settings

days back to check - The number of days backwards that should be checked when running this script to check for vulnerabilities. For example, if this is set to "3", this script will notify users for every vulnerability from the past 3 days that is applicable your vendors and/or equipment.

License

Apache 2.0

Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme Apache-2.0 114 KiB
Languages
Python 94.3%
HTML 5.7%