Create custom push notifications

Though I love ShadowTrackr push notifications on my phone for keyword hits on pastebin or security problems on important servers, I was not happy with late night push messages for no so relevant trouble on not so relevant machines. The obvious solution was more granular control over push messages and email alerts and I just released it to production.

You can set general event traps for bad ports opening, certificates that expire, website security headers that are removed. If you are a small business with a few host, the best option is likely to set them on “all” your hosts and websites. This also is the default settings for new accounts.

When you have hundreds or thousands of host, the messages can get annoying and you likely better of sending the security events to your SIEM (you do have on don’t you?). In this case, event traps are very handy for follow up or incident response.

Say one day you learn that one of your servers is under attack, or even already pwnd. I’d want to know anything that changes on that specific host the moment it happens. I’ve had some occasions where I really could have used this but had no way to quickly set it up. Now I just set an event trap on that host or website that fires for any change that is detected and have a push message send to my iPhone. Immediate alerts, finally. I can now switch to instant panic mode wherever I am.

Hopefully your boxes are never pwnd and you just use it for follow up. Every now and then you’ll find things that shouldn’t be: admin opens Elastic search on internet facing box, SSL certificate got a lower grade, etc. You notify the person responsible and are then doomed to regularly checking if they fixed it. With the new event traps, you can just set an event on port 9200 closing on that specific ip and receive a push message or alert when it happens. No more boring periodic checks.

If you have any specific events that you like to have in ShadowTrackr, please let me know and I’ll see what I can do.