Detection of Sensitive Data:
- Passwords/Certificates/Secrets: detected using regex expressions that are executed on the user-entered text. Google's re2 module was used to improve performance.
- User uploaded Attachments
- URL in text messages
User Commands:
- $view: Let an admin view more information(tokenized version) about that particular incident using the skyflow_id which is displayed in the private channel for admins. If an admin is from the same department as the user who sent the message/attachment, he can view the detokenized version of the message in their DM.
- $scan: Lets admins scan a particular URL or attachment using VirusTotal APIs and integrate it with Skyflow using outbound connections. This generates a report for the admin to examine before approving or denying the incident.
- $approve: Lets the admin of the same department as the sender approve their message/attachment, thereby making it a non-sensitive file. The Data is now posted back in the corresponding channel along with the user who posted it and the complete message(as it was before being removed by bot).
Skyflow Integrations:
- Vault: Used Vault to store all the required information for storing a message, and then tokenizing the sensitive part of the data like attachment CDN URL or the message. I used 2 different tables, 1 for storing attachment/URL-related information and another for messages with sensitive information(certificates, etc).
- Connection; I used an outbound connection to interact with VirusTotal APIs to scan and generate reports about the attachments to find anything malicious. This helps the admin before making the final decision to approve. The connection detokenizes the URL token before passing it on to VirusTotal, this way the sensitive information remains confidential to the users even the admins who are not part of the department.
Built With
- discord
- python
- skyflow
- virustotal
Log in or sign up for Devpost to join the conversation.