bright-cli
bright-cli copied to clipboard
Add option to feed findings to a local Syslog/Siem systems
- Add tag to CLI which enables feeding "found issues" directly to TCP/UDP syslog server
- Also add TLS option for TCP
- The issue data should be converted into 1 of 2 formats: CEF (https://www.npmjs.com/package/cef) and standard syslog When running the command
nexploit-cli logfeed
you will have more options like:-
--syslog-host
: address to syslog server -
--port
: port of syslog host, default to syslog default -
--protocol
: UDP or TCP/TLS, should default to UDP -
--format
: cef or format-string (i.e {DATE} {SEVERITY} {DETIALS} {LINK}), default to cef -
--severity-map
: cef has severity levels from 0 to 10, we should be able to allow mapping our severity against specified cef numbers, defaults are low=6 medium=8 high=10
-
- all the relevant auth parameters
- The CLI needs to actively pull new findings from nexploit.app via api
- The back-end should tag which issues have been pulled by the feeder already and the CLI should skip them when polling