{"id":35150689,"url":"https://github.com/nis2shield/django-nis2-shield","last_synced_at":"2026-04-29T03:06:23.635Z","repository":{"id":330614403,"uuid":"1122853611","full_name":"nis2shield/django-nis2-shield","owner":"nis2shield","description":"🛡️ Security-First Middleware for Django NIS2 Compliance","archived":false,"fork":false,"pushed_at":"2026-01-05T17:18:46.000Z","size":115,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-01-07T01:50:33.865Z","etag":null,"topics":["compliance","django","forensic","gdpr","logging","middleware","nis2","python","security"],"latest_commit_sha":null,"homepage":"https://nis2shield.com","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nis2shield.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-12-25T16:57:04.000Z","updated_at":"2026-01-06T19:18:45.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/nis2shield/django-nis2-shield","commit_stats":null,"previous_names":["nis2shield/django-nis2-shield"],"tags_count":12,"template":false,"template_full_name":null,"purl":"pkg:github/nis2shield/django-nis2-shield","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nis2shield%2Fdjango-nis2-shield","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nis2shield%2Fdjango-nis2-shield/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nis2shield%2Fdjango-nis2-shield/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nis2shield%2Fdjango-nis2-shield/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nis2shield","download_url":"https://codeload.github.com/nis2shield/django-nis2-shield/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nis2shield%2Fdjango-nis2-shield/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32408450,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-29T02:37:21.628Z","status":"ssl_error","status_checked_at":"2026-04-29T02:36:50.947Z","response_time":110,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["compliance","django","forensic","gdpr","logging","middleware","nis2","python","security"],"created_at":"2025-12-28T15:34:29.213Z","updated_at":"2026-04-29T03:06:23.630Z","avatar_url":"https://github.com/nis2shield.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Django NIS2 Shield\n\n[![PyPI version](https://badge.fury.io/py/django-nis2-shield.svg)](https://badge.fury.io/py/django-nis2-shield)\n[![Python](https://img.shields.io/pypi/pyversions/django-nis2-shield.svg)](https://pypi.org/project/django-nis2-shield/)\n[![Django](https://img.shields.io/badge/django-3.2%20%7C%204.x%20%7C%205.x-blue.svg)](https://www.djangoproject.com/)\n[![Safety: Passing](https://pyup.io/repos/github/nis2shield/django-nis2-shield/shield.svg)](https://pyup.io/repos/github/nis2shield/django-nis2-shield/)\n[![PiWheels](https://img.shields.io/badge/piwheels-available-orange.svg)](https://piwheels.org/project/django-nis2-shield/)\n[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)\n\n### The \"Security-First\" Middleware for NIS2 Compliance.\n\nCompanies subject to NIS2 Directive need **demonstrable compliance**. This middleware provides:\n\n1.  **Forensic logging** with HMAC-SHA256 integrity and PII encryption (Art. 21.2.h)\n2.  **Rate limiting** to prevent DoS/Brute Force attacks (Art. 21.2.e)\n3.  **Session Guard** to detect hijacking via IP/User-Agent validation (Art. 21.2.a)\n4.  **MFA Gatekeeper** for sensitive routes (Art. 21.2.j)\n5.  **Multi-SIEM Presets**: Ready-to-use configs for Splunk, Datadog, QRadar.\n\n\u003e **Part of the NIS2 Shield Ecosystem**: Use with [`@nis2shield/react-guard`](https://github.com/nis2shield/react-guard), [`@nis2shield/angular-guard`](https://github.com/nis2shield/angular-guard), or [`@nis2shield/vue-guard`](https://github.com/nis2shield/vue-guard) for client-side protection and [`nis2shield/infrastructure`](https://github.com/nis2shield/infrastructure) for a full-stack implementation.\n\n```\n┌─────────────────────────────────────────────────────────────┐\n│                        Frontend                              │\n│  @nis2shield/{react,angular,vue}-guard                      │\n│  ├── SessionWatchdog (idle detection)                       │\n│  ├── AuditBoundary (crash reports)                         │\n│  └── → POST /api/nis2/telemetry/                           │\n└─────────────────────────────────────────────────────────────┘\n                            │\n                            ▼\n┌─────────────────────────────────────────────────────────────┐\n│                  Backend (NIS2 Adapter)                      │\n│  Supported: Django, Express, Spring Boot, .NET            │\n│  ├── ForensicLogger (HMAC signed logs)                     │\n│  ├── RateLimiter, SessionGuard, TorBlocker                 │\n│  └── → SIEM (Elasticsearch, Splunk, QRadar, etc.)          │\n└─────────────────────────────────────────────────────────────┘\n                            │\n                            ▼\n┌─────────────────────────────────────────────────────────────┐\n│                    Infrastructure                            │\n│  nis2shield/infrastructure                                  │\n│  ├── Centralized Logging (ELK/Splunk)                       │\n│  └── Audited Deployment (Terraform/Helm)                    │\n└─────────────────────────────────────────────────────────────┘\n```\n\n## ✨ Key Features\n\n### 🔒 Forensic Logger\n- Standardized logs (`NIS2-JSON-SCHEMA v1.0`) signed with HMAC-SHA256\n- Automatic PII field encryption (GDPR compliant)\n- Configurable IP anonymization\n\n### 🛡️ Active Defense\n- **Rate Limiting**: Protection against application-level DoS attacks (sliding window algorithm)\n- **Session Guard**: Session hijacking prevention with mobile network tolerance\n- **Tor Blocker**: Automatic blocking of Tor exit nodes\n- **MFA Gatekeeper**: 2FA redirect for sensitive paths\n\n### 📊 Compliance \u0026 Reporting\n- `check_nis2` command for configuration auditing\n- Incident report generation for CSIRT (24h deadline)\n- SIEM presets for Elasticsearch, Splunk, QRadar, Graylog, Sumo Logic, and Datadog\n\n### 🔔 Real-time Alerting (v0.3.0+)\n- Webhook notifications for security events\n- Supports Slack, Microsoft Teams, Discord, and generic HTTP\n\n## 📦 Installation\n\n```bash\npip install django-nis2-shield\n```\n\nFor development:\n```bash\npip install django-nis2-shield[dev]\n```\n\n## ⚙️ Configuration\n\n### settings.py\n\n```python\nINSTALLED_APPS = [\n    ...,\n    'django_nis2_shield',\n]\n\nMIDDLEWARE = [\n    ...,\n    # Add after SessionMiddleware and before CommonMiddleware\n    'django_nis2_shield.middleware.Nis2GuardMiddleware', \n    ...,\n]\n\n# NIS2 Shield Configuration\nNIS2_SHIELD = {\n    # Security Keys\n    'INTEGRITY_KEY': 'change-me-to-a-secure-secret',\n    'ENCRYPTION_KEY': b'your-32-byte-fernet-key-here=',  # Fernet.generate_key()\n    \n    # Privacy (GDPR)\n    'ANONYMIZE_IPS': True,\n    'ENCRYPT_PII': True,\n    'PII_FIELDS': ['user_id', 'email', 'ip', 'user_agent'],\n    \n    # Active Defense\n    'ENABLE_RATE_LIMIT': True,\n    'RATE_LIMIT_THRESHOLD': 100,  # requests per window\n    'RATE_LIMIT_WINDOW': 60,  # seconds\n    'RATE_LIMIT_ALGORITHM': 'sliding_window',  # or 'fixed_window'\n    'ENABLE_SESSION_GUARD': True,\n    'SESSION_IP_TOLERANCE': 'subnet',  # 'exact', 'subnet', 'none'\n    'BLOCK_TOR_EXIT_NODES': True,\n    \n    # MFA\n    'ENFORCE_MFA_ROUTES': ['/admin/', '/finance/'],\n    'MFA_SESSION_FLAG': 'is_verified_mfa',\n    'MFA_REDIRECT_URL': '/accounts/login/mfa/',\n    \n    # Webhooks (v0.3.0+)\n    'ENABLE_WEBHOOKS': True,\n    'WEBHOOKS': [\n        {'url': 'https://hooks.slack.com/...', 'format': 'slack'},\n    ]\n}\n```\n\n### Log Format: CEF (Enterprise SIEM)\n\nFor CEF output instead of JSON:\n\n```python\nfrom django_nis2_shield.cef_formatter import get_cef_logging_config\n\nLOGGING = get_cef_logging_config('/var/log/django_nis2.cef')\n```\n\n## 🚀 Usage\n\n### Configuration Audit\n```bash\npython manage.py check_nis2\n```\n\n### Threat Intelligence Update\n```bash\npython manage.py update_threat_list\n```\n\n### Incident Report Generation\n```bash\npython manage.py generate_incident_report --hours=24 --output=incident.json\n```\n\n## 📈 Dashboard Monitoring\n\nThe project includes a Docker stack for log visualization:\n\n```bash\ncd dashboard\ndocker compose up -d\n\n# Access:\n# - Kibana: http://localhost:5601\n# - Grafana: http://localhost:3000 (admin/admin)\n```\n\nSee [dashboard/README.md](dashboard/README.md) for details.\n\n## 🧪 Testing\n\n```bash\n# With pytest\npip install pytest pytest-django\nPYTHONPATH=. pytest tests/ -v\n```\n\n## 📖 Recipes\n\n### Banking App with MFA \u0026 Rate Limiting\n\n```python\n# settings.py\nNIS2_SHIELD = {\n    'INTEGRITY_KEY': os.environ['NIS2_HMAC_KEY'],\n    'ENCRYPTION_KEY': os.environ['NIS2_AES_KEY'],\n    \n    # Rate Limit: 50 requests per minute\n    'ENABLE_RATE_LIMIT': True,\n    'RATE_LIMIT_THRESHOLD': 50,\n    'RATE_LIMIT_WINDOW': 60,\n    \n    # MFA for admin and finance\n    'ENFORCE_MFA_ROUTES': ['/admin/', '/finance/', '/transfers/'],\n    'MFA_REDIRECT_URL': '/accounts/mfa/verify/',\n}\n```\n\n### E-commerce with Splunk SIEM\n\n```python\n# settings.py\nimport os\n\nNIS2_SHIELD = {\n    'INTEGRITY_KEY': os.environ['NIS2_HMAC_KEY'],\n    'ANONYMIZE_IPS': True,\n    'ENCRYPT_PII': True,\n    \n    # Webhooks for real-time alerts\n    'ENABLE_WEBHOOKS': True,\n    'WEBHOOKS': [\n        {'url': 'https://hooks.slack.com/...', 'format': 'slack'},\n    ]\n}\n\n# Splunk SIEM Output\nfrom django_nis2_shield.siem import get_splunk_logging_config\nLOGGING = get_splunk_logging_config(\n    splunk_url='https://splunk.example.com:8088',\n    token=os.environ['SPLUNK_HEC_TOKEN']\n)\n```\n\n### Healthcare API with Session Guard\n\n```python\n# Block session hijacking attempts with IP tolerance for mobile networks\nNIS2_SHIELD = {\n    'ENABLE_SESSION_GUARD': True,\n    'SESSION_IP_TOLERANCE': 'subnet',  # 'exact', 'subnet', or 'none'\n    'BLOCK_TOR_EXIT_NODES': True,\n}\n```\n\n## 📄 License\n\nMIT License - see [LICENSE](LICENSE) for details.\n\n## 🛡️ Security \u0026 Updates\n\n**Subscribe to our [Security Mailing List](https://buttondown.email/nis2shield)** to receive immediate alerts about:\n- Critical vulnerabilities (CVEs)\n- NIS2/DORA regulatory logic updates\n- Major breaking changes\n\nFor reporting vulnerabilities, see [SECURITY.md](SECURITY.md).\n\n## 🤝 Contributing\n\nContributions are welcome! Open an issue or PR on GitHub.\n\n---\n\n**[Documentation](https://nis2shield.com)** · **[PyPI](https://pypi.org/project/django-nis2-shield/)** · **[Changelog](CHANGELOG.md)**\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnis2shield%2Fdjango-nis2-shield","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnis2shield%2Fdjango-nis2-shield","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnis2shield%2Fdjango-nis2-shield/lists"}