BitNinja Alerts on Slack or Discord with Make Integration

In the first article, we will learn how to keep track of DoS, WAF, or Malware Incidents and send alerts to Slack or Discord using an excellent automation tool called Make (previously called Integromat). The benefit of this is being updated on any attacks almost instantly.

Creating the Make automation

1. Register an account on Make.com (free works too)
2. Create a new scenario
3. Look for Webhooks

4. Choose Custom Webhook

5. Name the Webhook, such as "BitNinja Incident Alerts."

6. Once done, you should have a Webhook URL created.

7. Click on the "Copy address to clipboard" below as the screenshot indicates.

8. Do NOT close the browser tab yet. We will need this to connect to your internal communications.

Setup the Webhook in BitNinja

1. Login to your BitNinja Dashboard
2. Go to "Alerts" under the "Account" menu in the right corner or visit directly using this URL.
3. Paste the URL to each of the warning/alert types. (DoS, WAF, Malware)
4. Adjust the Threshold and Time Window to your needs (Threshold is the number of incidents that must be reached to trigger the alert and the Time Window is the amount of time that needs to be reached before the following alert will be sent, even if the Threshold already met)

// Our Recommendations

• DoS Detection - Threshold: 3
• DoS Detection - Time Window: 120 Minutes
• WAF Warning - Threshold: 15
• WAF Warning - Time Window: 60 Minutes
• Malware Warning - Threshold: 5
• Malware Warning- Time Window: 60 Minutes

Remember, of course; this has to be fine-tuned to the size of your server. If you host more than 50 websites, you will likely need to increase the thresholds not to spam your communication channels.

Threshold

1. Enable the Toggle next to the warning types you want to receive alerts for.

Slack

We will set the alerts in case you or your team use Slack for internal communications.

Please go ahead and return to the Make Scenario tab in your browser and add a new one as shown in the screenshot.

1. Create a new connection, and I recommend choosing "bots" to make this less confusing. Authorize your Slack team access.
2. Below "Enter a channel ID or name", choose "Select a channel from the list" and click on the channel to which you want to send the alert. (If you use a private channel, you must add the bot to the channel first.)
3. Customize the test accordingly, but I recommend using the "Blocks" as they look more automated and notification-like than just standard text.
4. Please look for an actual BitNinja example here for the Blocks.
5. You can also use the Flow Control -> Router to send the message to Slack dynamically. *I have also pasted the BluePrint for this scenario*
6. You can Import this using the burger menu (...) from the bottom of the scenario.
7. Enjoy the Alerts on Slack.

Discord

Finally, we will set this for Discord which is getting popular in the business area aside from gaming. The whole thing is very similar.

1. Add a new destination and look for "Discord".
2. Choose "Send a Message".
3. If you want to go simple, add the text you wish to send in, such as the one below.

*Malware Alert** The threshold ({{1.threshold}}) has been reached in the last {{1.timeWindowMinutes}} minutes on server: {{1.serverName}}        

4. If you are looking for a more appealing type, toggle the "Show Advanced Settings."

5. Customize it to your needs. Unfortunately, the buttons are not added by Make.com itself; therefore, I haven't added them in the Discord example, but you can achieve the same with HTTP calls. (You will need your bot though).

Alternatively of course you can add the links to the message.

6. Enjoy the alerts!

Also, if you have any questions or issues with BitNinja or the tutorial above itself, please don't hesitate to let me know.

See you next week when we learn how to integrate this with Zapier!

#discord #slack #cybersecurity #security #bitninja #make #zapier