Nightfall Sales Engineering Take Home Assignment
This package will help you upload and scan a file to Nightfall's servers, retrieve the findings and display them.
-
Follow Nightfall documentation to create a new detection rule using either a custom detector or one of Nightfall’s pre-built detectors.
- For my included script, I created a detection rule called “Kevin's First Detection Rule” which returns a positive finding if the string ‘kevin’ is found. (regex: 'kevin')
- Test to make sure your detection rule is behaving correctly using the Nightfall AI Playground
-
Open script named ‘scan_file.py’ and update with
- API Key
- Signing Secret
- Webhook Url
- The detection rule UUID you want to apply
-
Open flask app app.py and update
- JSON_OUTPUT_FOLDER with the absolute path of this package.
- If using Pycharm, this can be found by right-clicking the project folder -> Copy Path/Reference -> Absolute Path
- JSON_OUTPUT_FOLDER with the absolute path of this package.
Make sure to not hardcode the api keys or the signing key and to use environment variables instead.
-
Set up a webhook that will receive the Nightfall response once the file is finished scanning by Nightfall.
- When Nightfall prepares a file scan operation, it will issue a challenge to the webhook server to verify its legitimacy. Nightfall will send a JSON payload with a single field 'challenge' containing randomly-generated bytes when a scan request is made. When the webhook server receives the request, it must return the value of the challenge key in plaintext.
- To test locally, you can use a tool such as ngrok that allows you expose a web server running on your local machine to the internet. Additional resource on webhooks with Nightfall.
-
Once you have:
- Updated all environ variables with your information in the scan_file.py file and app.py file
- Set up the webhook and ngrok
-
We're ready to start our flask application!
flask run
Warning: If you are running into port already in use error and killing the PID does not work, you might have a listening agent (such as Datadog) continuously consuming that port. You will need to deactivate the agent in order to reclaim the port.
- Let's send the scan_file request to Nightfall
python3 scan_file.py absolute_path_filename.txt
- Results will be printed in the logs of the flask server. Check “Findings results:”. Use the json beautify url to view the json data in a more readable format.