Netflix open sources tools for detecting planned attacks
Making good on their word to open source many of their internally developed tools and libraries, Netflix has released three new tools that allow security teams to keep an eye out for Internet-based discussions regarding potential attacks against their organization’s infrastructure, whether it’s DDoS attacks or any other kind.
The tools are named Scumblr, Sketchy and Workflowable.
Scumblr is an app that trawls the Web for posts and discussions that mention attacks or any other content of interest.
“Scumblr includes a set of built-in libraries that allow creating searches for common sites like Google, Facebook, and Twitter. For other sites, it is easy to create plugins to perform targeted searches and return results,” Andy Hoernecke and Scott Behrens of the Netflix Cloud Security Team shared on Monday. “Once you have Scumblr setup, you can run the searches manually or automatically on a recurring basis.”
Scumblr uses Workflowable to set up workflows triggered by the different nature of search results, automating – at least in part – the defenders’ reaction.
Sketchy can also be integrated with Scumblr. Its purpose is to automatically make screenshots of the found conversations and statements, scrape the text, and save HTML so that even it all of it gets removed in time, the screenshots remain as evidence, and security analysts can preview Scumblr results without having to visit the potentially malicious sites directly.
For more details about the tools and links to the download sites, check out the Netflix team’s post.