Giter Club home page Giter Club logo

nightfall's Introduction

Nightfall

Nightfall Sales Engineering Take Home Assignment

Intro:

This package will help you upload and scan a file to Nightfall's servers, retrieve the findings and display them.

Step by Step:

  1. Follow Nightfall documentation to create a new detection rule using either a custom detector or one of Nightfall’s pre-built detectors.

    • For my included script, I created a detection rule called “Kevin's First Detection Rule” which returns a positive finding if the string ‘kevin’ is found. (regex: 'kevin')
    • Test to make sure your detection rule is behaving correctly using the Nightfall AI Playground

  2. Open script named ‘scan_file.py’ and update with

    • API Key
    • Signing Secret
    • Webhook Url
    • The detection rule UUID you want to apply

  3. Open flask app app.py and update

    • JSON_OUTPUT_FOLDER with the absolute path of this package.
      • If using Pycharm, this can be found by right-clicking the project folder -> Copy Path/Reference -> Absolute Path

Make sure to not hardcode the api keys or the signing key and to use environment variables instead.

  1. Set up a webhook that will receive the Nightfall response once the file is finished scanning by Nightfall.

    1. When Nightfall prepares a file scan operation, it will issue a challenge to the webhook server to verify its legitimacy. Nightfall will send a JSON payload with a single field 'challenge' containing randomly-generated bytes when a scan request is made. When the webhook server receives the request, it must return the value of the challenge key in plaintext.
    2. To test locally, you can use a tool such as ngrok that allows you expose a web server running on your local machine to the internet. Additional resource on webhooks with Nightfall.

  2. Once you have:

    1. Updated all environ variables with your information in the scan_file.py file and app.py file
    2. Set up the webhook and ngrok

  3. We're ready to start our flask application!

flask run

Warning: If you are running into port already in use error and killing the PID does not work, you might have a listening agent (such as Datadog) continuously consuming that port. You will need to deactivate the agent in order to reclaim the port.

  1. Let's send the scan_file request to Nightfall
python3 scan_file.py absolute_path_filename.txt
  1. Results will be printed in the logs of the flask server. Check “Findings results:”. Use the json beautify url to view the json data in a more readable format.

Results Logging Example

Results JSON Output Data Beautified

nightfall's People

Contributors

defkevin avatar

Watchers

James Cloos avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.