CVE Notifier - Monitoring and Alert System for Vulnerabilities

Table of Contents

• Introduction
• Purpose
• Features
• Getting Started
  • Cron Job
• Configuration
• Alert Messages
• Upcoming Features
• Contribution Guidelines
• License

Introduction

The CVE Notifier is a robust monitoring and alert system designed to track new Common Vulnerabilities and Exposures (CVEs). It automatically monitors specified vendors/products for newly discovered CVEs and sends alerts to a designated Slack channel, ensuring your team stays informed about potential security risks.

Purpose

The primary objectives of the CVE Notifier are to:

• Monitor: Continuously track CVE databases for updates related to predefined vendors/products.
• Notify: Send timely alerts to your team via Slack regarding new CVEs.
• Facilitate: Enable proactive measures to address identified vulnerabilities promptly.

Features

• Automatic Monitoring: Fetches new and modified CVEs from the Shodan CVE database based on the last check times.

It also maintains a JSON file (last-date.json) This file stores the timestamps of the last checked CVEs to ensure that the tool only processes new and modified CVEs since the last run.

• Slack Alerts: Sends detailed alerts to a Slack channel, ensuring your team receives immediate updates on security risks.

• Configurable: Easily modify the configuration file to monitor various products and vendors.

Configuration

Modifying Monitored Vendors/Products

To modify or add to the monitored vendors/products list, access the configuration file located at:

/config/our-products.yaml

The our-products.yaml file should contain a structured list of vendors and products that the bot continuously monitors for potential CVEs. The format may look like this:

products:
  - "grafana"
  - "jenkins"
  - "suricata"
  - "chrome"
  - "ivanti"

To add your correct path and Slack_Webhook, modify the cve_fetcher.py file at line 6-9.

Getting Started

To get started, clone the repository from GitHub:

git clone https://github.com/0xd3vil/CVE-Notifier.git
cd CVE-Notifier
pip install -r requirements.txt
python3 run.py

Cron Job

You can schedule a cron job to run the CVE Notifier at specified intervals. This ensures that your system continuously checks for new vulnerabilities without manual intervention.

Alert Messages

When a new CVE is detected, the alert message sent to Slack includes the following details:

• CVE ID: Unique identifier for the vulnerability.
• Summary/Details: Brief description of the vulnerability.
• CVSS Score: Severity rating of the vulnerability.
• Published Date: Date when the CVE was published.
• Proposed Action: Suggested steps for addressing the vulnerability.
• Ransomware Campaign: Information about any related ransomware campaigns.
• Reference Links: Additional links for more information.

Upcoming Features

• Wazuh Integration
• JumpCloud Integration

Contribution Guidelines

Contributions to the CVE Notifier project are welcome! If you have suggestions for improvements or new features, please follow these steps:

1. Fork the repository.
2. Create a new branch for your feature or bug fix.
3. Make your changes and commit them.
4. Push to your forked repository.
5. Submit a pull request to the main repository.

License

This project is licensed under the MIT License.

I hope this tool empowers you and your team to proactively manage vulnerabilities. If you have any questions or feedback, feel free to reach out. Together, we can make the digital world a safer place!

Cheers! @0xd3vil