{"id":22620100,"url":"https://github.com/cms-enterprise/batcave-wt-sdl-reporting","last_synced_at":"2026-03-19T23:15:58.646Z","repository":{"id":213165050,"uuid":"729282438","full_name":"CMS-Enterprise/batcave-wt-sdl-reporting","owner":"CMS-Enterprise","description":"batCAVE Security Data Lake daily reporting automation","archived":false,"fork":false,"pushed_at":"2024-05-01T15:08:34.000Z","size":159,"stargazers_count":0,"open_issues_count":1,"forks_count":2,"subscribers_count":7,"default_branch":"main","last_synced_at":"2024-05-02T12:33:12.137Z","etag":null,"topics":["aws-guardduty","aws-inspector","aws-security-hub","batcave","cisa-kev","epss","nessus","sdl"],"latest_commit_sha":null,"homepage":"https://cloud.cms.gov/batcave-platform-service","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CMS-Enterprise.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-12-08T19:56:33.000Z","updated_at":"2024-05-01T15:08:38.000Z","dependencies_parsed_at":"2023-12-19T02:31:51.388Z","dependency_job_id":"48465aba-c0e6-47f9-8b65-e928f1be05a2","html_url":"https://github.com/CMS-Enterprise/batcave-wt-sdl-reporting","commit_stats":null,"previous_names":["cms-enterprise/batcave-wt-sdl-reporting"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CMS-Enterprise%2Fbatcave-wt-sdl-reporting","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CMS-Enterprise%2Fbatcave-wt-sdl-reporting/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CMS-Enterprise%2Fbatcave-wt-sdl-reporting/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CMS-Enterprise%2Fbatcave-wt-sdl-reporting/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CMS-Enterprise","download_url":"https://codeload.github.com/CMS-Enterprise/batcave-wt-sdl-reporting/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":228799853,"owners_count":17973968,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws-guardduty","aws-inspector","aws-security-hub","batcave","cisa-kev","epss","nessus","sdl"],"created_at":"2024-12-08T22:12:00.321Z","updated_at":"2026-03-19T23:15:58.534Z","avatar_url":"https://github.com/CMS-Enterprise.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# BatCAVE SDL Daily Reporting\n\nThis repo contains the code for the BatCAVE Security Data Lake daily reporting automation.\n\n## Overview\n\nThe BatCAVE SDL reporting automation allows for the BatCAVE security team to get daily analytics from the CMS Security Data Lake and post them into the #BatCAVE-Security-Alerts slack channel for ease of use. Current data reported:\n-  Latest SecurityHub Issues (excluding Nessus, GuardDuty, and Inspector) across BatCAVE environments in the last 24 hours\n- Vulnerabilities from Nessus present in the CISA KEV list\n- Vulnerabilities from Nessus above a preconfigured EPSS threshold (set with EPSS_THRESHOLD Lambda environment variable)\n\n## Architecture\n![Architecture Diagrams](batcave_sdl_reporting_automation.png)\n\n1. AWS EventBridge Cron Rule triggers the Reporting Lambda daily\n2. Reporting Lambda retrieves slack webhook and snowflake credentials from secrets manager\n3. Reporting Lambda retrieves EPSS and KEV list from respective URLs into a Pandas dataframe\n4. Reporting Lambda executes queries against the SDL to retrieve Nessus and SecurityHub data\n5. Report is formatted into slack blocks, and post payload to BatCAVESecurityHubFindings slack app incoming webhook\n\n## Deployment and Maintenance \n\nLambda is deployed as a [container image](code/reporter/Dockerfile) deployment package by the CDK template\n\nAssuming the account is bootstrapped:\n\n`cdk deploy -r arn:aws:iam::863306670509:role/delegatedadmin/developer/cdk-hnb659fds-cfn-exec-role-863306670509-us-east-1`\n\nGenerate arch diagram (with [mingrammer](https://diagrams.mingrammer.com) and graphviz installed):\n\n`python diagram.py`\n\nTeardown:\n\n`cdk destroy -r arn:aws:iam::863306670509:role/delegatedadmin/developer/cdk-hnb659fds-cfn-exec-role-863306670509-us-east-1`\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcms-enterprise%2Fbatcave-wt-sdl-reporting","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcms-enterprise%2Fbatcave-wt-sdl-reporting","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcms-enterprise%2Fbatcave-wt-sdl-reporting/lists"}