PatrowlEngines v1.5.10 releases: Open Source, Free and Scalable Security Operations Orchestration Platform
PatrOwl
PatrOwl is a scalable, free and open-source solution for orchestrating Security Operations.
PatrowlEngines is the engine framework and the supported list of engines performing the operations (scans, searches, API calls, …) in due time. The engines are managed by one or several instances of PatrowlManager.
PatrOwl is an advanced platform for orchestrating Security Operations like Penetration Testing, Vulnerability Assessment, Code review, Compliance checks, Cyber-Threat Intelligence / Hunting and SOC & DFIR Operations.
Fully-Developed in Python (Django for the backend and Flask for the engines). It remains incredibly easy to customize all components. Asynchronous tasks and engine scalability are supported by RabbitMQ and Celery.
Architecture
Use
Assets
Add a new Asset
- Go to the creation form using the header menu bar or go directly to the URL /assets/add.
- The following form will be available:
Some tips:
| Parameters | Description | Examples |
|---|---|---|
| Value | Value of the asset | 8.8.8.8, patrowl.io, myorg.local, https://app.patrowl.io |
| Name | Quick title of the asset | MyCORP DNS A, Corporate Website |
| Type | Type of the asset. Available scan policies will be filtered on this value | IP, FQDN, DOMAIN, URL, KEYWORD, PATH or PERSON |
| Description | Free text area for describing the asset | Corporate website based on Drupal 7.3 and exposed on Internet |
| Criticity | Business criticity of the asset. Global risk scoring will depend on this value | Low, Medium or High |
| Categories | List of tags to quickly describe the asset. Custom values could be added. | Windows, Database, Corporate Website |
- Click to the button “Create a new asset” to confirm the creation. You will be redirected to the assets list.
Engines
Add a new Engine
- Go to the creation form using the header menu bar or go directly to the URL /engines/add.
- The following form will be available:
| Parameters | Description | Examples |
|---|---|---|
| Engine | Type of the engine | NMAP, VIRUSTOTAL, ARACHNI, CORTEX, OWL_LEAKS |
| Name | Name of the engine | nmap-001, vt-001, arachni-docker-001, cortex-001, oleaks-001 |
| Api url | URL address of the engine | http://localhost:5001/engines/nmap/, http://external-server:5012/engines/owl_leaks/ |
| Enable | Choose if you want to enable the engine once created | n/a. |
| Authentication method | Select the authentication method to access to the engine from the PatrowlManager host (Only ‘None’ is available for the moment) | None, HTTPBasic, APIKey |
- Click to the button “Create a new engine” to confirm the creation. You will be redirected to the engines list.
Scans
Add a new Scan
- Go to the creation form using the header menu bar or go directly to the URL /scans/defs/add.
- The following form will be available:
| Parameters | Description | Examples |
|---|---|---|
| Title | Title of the scan | “List open ports on Internet-faced assets”, “Scan XSS on corporate website”, “Search technical leaks on GitHub and Twitter” |
| Description | Description of the scan | “Here a long description of the scan purposes” |
| Scan type | Scans could be started once or periodically | “On-Demand” or Periodical |
| Start scan | Select the moment to start the scan(s): Later (not now, just create the scan definition), Now or Scheduled at a precise datetime | “Later”, Periodical, Scheduled at |
| Search asset(s) | Search and select asset(s) targeted by the scan. Search criteria are asset value, name, description and categories | “8.8.8 +Enter “, DNS +Enter |
| Filter by Engine and Or, Filter by Category | Search the scan policy using the Engine or the Category filter | n/a |
| Select Policy | Select the scan policy | n/a |
| Select Engine | Select the scan engine which will perform the scan each times. It could be Random and the first available engine will perform the scan | n/a |
- Click to the button “Create a new scan” to confirm the creation. You will be redirected to the scans list.
Changelog v1.5.10
- 1.5.9-1 hotfix dependencies by @sebastien-powl in #266
- Bump urllib3 from 1.24.3 to 1.26.5 in /engines/nmap by @dependabot in #257
- Bump certifi from 2022.9.24 to 2022.12.7 in /engines/nmap by @dependabot in #252
- [Snyk] Fix for 3 vulnerabilities by @MaKyOtOx in #264
- 1.5.9-2 hotfix II by @sebastien-powl in #267
- build(deps): bump cryptography from 3.3.2 to 39.0.1 in /engines/censys by @dependabot in #276
- build(deps): bump future from 0.18.2 to 0.18.3 in /engines/owl_dns by @dependabot in #269
- build(deps): bump certifi from 2022.9.24 to 2022.12.7 in /engines/apivoid by @dependabot in #268
- [Snyk] Security upgrade certifi from 2022.9.24 to 2022.12.7 by @MaKyOtOx in #253
- Bump jinja2 from 2.10.1 to 2.11.3 in /engines/censys by @dependabot in #258
- Bump certifi from 2022.9.24 to 2022.12.7 in /engines/ssllabs by @dependabot in #255
- [Snyk] Security upgrade certifi from 2022.9.24 to 2022.12.7 by @MaKyOtOx in #263
- [Snyk] Fix for 3 vulnerabilities by @MaKyOtOx in #262
- [Snyk] Security upgrade urllib3 from 1.25 to 1.26.5 by @MaKyOtOx in #260
- Bump urllib3 from 1.25 to 1.26.5 in /engines/arachni by @dependabot in #256
- Bump urllib3 from 1.25 to 1.26.5 in /engines/censys by @dependabot in #254
- Bump urllib3 from 1.24.2 to 1.26.5 in /engines/apivoid by @dependabot in #251
- [Snyk] Security upgrade future from 0.18.2 to 0.18.3 by @snyk-bot in #274
- [Snyk] Security upgrade cryptography from 3.3.2 to 39.0.1 by @snyk-bot in #278
- [Snyk] Security upgrade cryptography from 3.3.2 to 39.0.1 by @MaKyOtOx in #281
- [Snyk] Security upgrade setuptools from 39.0.1 to 65.5.1 by @MaKyOtOx in #289
- Multiple CPE on service with CPE #270 by @pascal-sun in #271
- Add CPE for OS detection #272 by @pascal-sun in #273
- Fix #279 owl_dns: support ’email’ as asset datatype by @MaKyOtOx in #280
- create finding for each spf dns entry by @YohanGastoud in #275
- Fix #295: Check CDN, WAF and Cloud provider by @MaKyOtOx in #296
- Nmap opti by @YohanGastoud in #277
- MCS Spring ’23 by @sebastien-powl in #297
- Update 1.5.10 by @sebastien-powl in #298
Install
Copyright (C) 2018-2021 Nicolas MATTIOCCO (@MaKyOtOx – nicolas@patrowl.io)
