[PFR] New Output & Shodan business logic
jonrau1 opened this issue · comments
Story
As the maintainer of ElectricEye, I want to update all outputs to use the TOML so that I can support modular output configurations and reduce superfulous exception handling
Definition of Done
Current Output architecture loads all Outputs within Pluginbase, so when using env vars with os.environ[""] manual KeyError exception handling needs to be implemented which isnt ideal. There are probably memory leaks too because of this? Not sure.
Outputs need an update to offload vars to TOML and only load when absolutely required. New defaults for files need to be set and better docs need to be written. Ideally more outputs can be supported as well without hopefully increasing the amount of external libs that need to be installed
- Default output to JSON instead of SecHub
- Update TOML to include new output values per output plugin
- Update TOML to include Shodan cred location & expand Shodan auditor for GCP
- New separate
/docs/outputs.MD
to record improved instructions, examples - especially for outputs shared across self-managed & cloud versions (e.g., AWS DocDB and MongoDB) - Update
outputs/
to migrate totomli
fromos
for values, do not load them until needed - move non-core lib imports into functions from global space - Update
controller.py
with new defaults for file-based outputs and clear options - Update & clean up Architecture diagram to remove duplicative services (e.g., showing RDS & Postgresql)
Nice to Have
Consider supporting new outputs, preference on locations where existing libraries can be used
- MySQL
- ServiceNow SecOps and/or GRC
- Jira
- Slack
- Teams
- Snowflake
- Cloud NoSQL: DynamoDB, AlloyDB, Cosmos?
Stage support for asset management
Shodan revamp will need to move to another Issue. None of the Nice to Haves were completed...