search

Shuffle / python-apps

Apps to be used for Shuffle automation. Most of Shuffle's apps (2500+) are generated from APIs, and available in the search engine below:
https://shuffler.io/search
MIT License
102 stars 107 forks source link

Syslog and other log management protocol output #299

Open asmodianx opened 2 years ago

asmodianx commented 2 years ago

Is your feature request related to a problem? Please describe. Shuffle at the moment is limited to custom snipits of code or bash command which are limited by lack of a full tool chain. In a SOC the conclusion of an automation needs some form of output and audit logging.

Describe the solution you'd like By modifying the shuffle Tools to include Syslog and or filebeat compatible logging where data can be sent to a log management system processed data can be saved for reporting. Also automations can include audit logging to track API usage and other critical automation statistics.

Describe alternatives you've considered Graylogs API doesnt include log ingestion. I have tried using linux bash using the /dev filesystem to initiate tcp 514 connections and the net cat command with no success. I have also tried to add this functionality with python with no success. Plausibly the http app could be used to post to a remote webserver where simply sending syslog or logstash or gelf or CEF logs to a log server would be a much better solution.

frikky commented 2 years ago

Hey! I think I get what you mean, and I don't see a reason it should be too hard to do, especially over tcp/514 with user controlled messages in an app.

@dhaval055 what do you think? Should we try having Bhavik or Jaydeep try this one?

@asmodianx if it's built, could you help us test it?

asmodianx commented 2 years ago

I would be glad to assist, let me know what kinds of testing tasks you need done.

dhaval055 commented 2 years ago

Hey! I think I get what you mean, and I don't see a reason it should be too hard to do, especially over tcp/514 with user controlled messages in an app.

@dhaval055 what do you think? Should we try having Bhavik or Jaydeep try this one?

@asmodianx if it's built, could you help us test it?

Hey! I think I get what you mean, and I don't see a reason it should be too hard to do, especially over tcp/514 with user controlled messages in an app.

@dhaval055 what do you think? Should we try having Bhavik or Jaydeep try this one?

@asmodianx if it's built, could you help us test it?

I think we definitely should. good idea :)