Naxsi Rules/Alerts posted to Asana or Slack or anything

[ja...@paay.co]

I am looking for a way to help the developers respond faster to some of the Naxsi alerts.  Right now no one but the DevOPs has the ability to see the logs and export them for the developers.  Are there any tools or scripts that would allow me to post a rule that was tripped into Asana or Slack? 

James

[mex]

there is no "natural" way to do it, unfortunately. if it's about the core_rules
then you might point your devs to
https://github.com/nbs-system/naxsi/blob/master/naxsi_config/naxsi_core.rules

i once build a naxsi-rules-dashboard
http://blog.dorvakt.org/2013/08/dx-console-central-interface-to.html

with exactly that feature (display alerts and view rules)
http://3.bp.blogspot.com/-nG5i0pRW6-8/UgeXo116WGI/AAAAAAAAAEY/JFfkimtdO4M/s1600/known_sigs.png

but this is obsolete and will be replaced by a kibana-dashboard i'm working on
atm.


if you use a set of custom-rules you could use something like
spike, a naxsi rules builder, to maintain and create your rules.

http://spike.nginx-goodies.com/rules/view/42000393
http://spike.nginx-goodies.com/rules/




cheers,


mex

> --
> You received this message because you are subscribed to the Google Groups
> "naxsi-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to naxsi-discus...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

[James Ruffer]

Thank you, Mex.  How can I contribute to your Kibana-Dashboard?

Or do you know anyone that would like to get paid to make project management plugins for Nginx to do display alerts and view rules into things like Asana.com, 37signals.com and trello.com

James

You received this message because you are subscribed to a topic in the Google Groups "naxsi-discuss" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/naxsi-discuss/3zpVHGiNDhU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to naxsi-discus...@googlegroups.com.

[mex]

we could do this, but it's not an nginx-issue. we already developed
mysql- and mongodb - connectors to get naxsi-alerts into databases so
extending this to access remote apis doesnt seems like a big problem.

but do you really would like to have naxsi-alerts in your
project-mgmt-software?

[James Ruffer]

I would like the developers to be more aware of what the tool is alerting them realtime instead of going through the logs later.  After we push to the server a new patch it would be amazing to see 15 alerts by the end of the day that are all the same XSS or whatever.

It is more about the process flow and holding developers accountable for their code. That is the name of the game for us going forward.

Thoughts?