Picture by VictorOps
So today is a good day .. played around with some familiar technology and some new ones, but at the end of the day a SecBot was born. A combination of Slack, Hubot and Powershell, customized with security in mind, made me the happiest person in the world and here is how.
There are times you may be working on a project and you are bombarded with questions or requests from various sources, alternately you may just want to empower users to query updated security information data such as Policies , Guidelines , Knowledge Base content etc. or even the ability to see what they have access to in a given environment dynamically. This was my plight, so I decided to add another member to our team without having to engage HR, heck we don't even have to pay the dude or dudette.
The plans for my little friend ( our new team member) makes me super excited... I created custom powershell cmdlets which I will leverage to gain some useful security insight for the engineering team. Yes! I am leveraging powershell from my bot in Slack. I got a great start from Matthew Hodgkins, here you can find the DSC resource and documentation I used to get my hubot up and running. It is a great walk through and allowed me to concentrate on gelling my cmdlets with CoffeeScript to obtain the desired output in Slack.
Here are some of the ideas where I found it would be useful to use secbot and the work load I am making for myself :)
Provide engineers with a links to key Security guidelines when deploying servers
Allow engineers to query what permissions or roles they have in a given environment
Provide server / security groups relationships dynamically
Allow specific users to kick off automated task like Windows Updates
Receive Security Alerts from various Security Solutions via APIs or Scripts.
Now the question you might ask yourself :
"Am I disclosing too much in the slack channel?"
This will vary from company to company and a skim over your Security Polices might be on the horizon. Also if you are using the Slack Platform, make sure you have the correct subscription plan to ensure your company remains compliant to any regulatory obligations, regardless of if you are using bots or not.
One of the things I will strive to achieve is a Bot in a private channel for my team so we have access to more elevated information or task. This is great for new actual getting paid to come in the office team members who needs to quickly "get the lay of the land", also allows our informative and really cool SecBot to serve as that really efficient KB agent on behalf of the security team.
"Long live the hubot and long live automation."