This post was originally published here by Ash Wilson.
There’s a new tool in the Halo Toolbox and it’s called Don-Bot, and it has nothing to do with the Futurama character. This Don-Bot is named after our mascot, Don T. Daemon. Don-Bot is a Slack bot that allows you to interactively query CloudPassage Halo and receive alerts without opening Yet-Another-Browser-Window, or putting Yet-Another-Single-Pane-of-Glass on your wall or octopus of display arms.
Don-Bot came out of some recent frustration I’ve had with having to have too many damn tabs open in my browsers. I run multiple browsers and keep specific sites open in each one. Like map-reduce for interacting with ${ALL_THE_THINGS}, with none of the benefits. And as much as I love the new CloudPassage Halo UI, most of what I need to do can be accomplished using the Python shell and our SDK. But that shell is another window that I don’t want to fool around with unless I absolutely need to. One window we all (arguably) can’t do without is Slack.
So it got me thinking. What if I could use “that which can’t be done without” to perform other useful tricks— like talking to Halo? Slack has an SDK and Halo has an SDK, and it only took me a day or so to have a good working version of Don-Bot. It would have taken much, much longer if I had to write a bunch of RESTful interaction code. With the SDKs, it was pretty straightforward. I even had time to write a few unit tests.
Best of all, you can interact with it just as if it’s another user. It won’t laugh at your jokes, but other people usually don’t do that anyway. Where can you get this thing? Go to https://github.com/cloudpassage/don-bot and check out the readme… TL;DR: Start the container with your Halo and Slack API creds as environment variables.
Once the bot is up and running, a good place to start is ‘donbot help’:
Don-Bot will regurgitate a list of commands it recognizes. From there you can request a listing of all server groups, a description of a particular group (with policies applied, etc), or a quick report on the status of a specific server.
Don-Bot can also be configured to monitor your Halo events so that when a critical event fires, it will notify you in-channel. That will give you a second or two of latency, which may be faster than waiting for your SIEM to pick it up, depending on your SIEM event processing backlog. And does your SIEM send you messages in Slack? Probably not. Probably sends you emails or opens up tickets. Probably requires the opening of more browser windows. So here’s an integration that sucks a little less, and maybe it’ll keep you from thrashing between browser windows.
How fun is it to use a web browser on your phone to interact with anything? Love that MFA/SMS/PasswordManager/Browser app-switching dance? How much information can you squeeze onto that little screen without making your eyeballs bleed? Now when you have trouble sleeping you can grab your phone off the nightstand and ask Don-Bot about your Halo-protected environment. And if you’re having a happy hour beer (probably not just one, let’s be honest) at Trader Vic’s and you want to see what’s up in Halo but the still, small voice tells you that you have no business logging into anything with admin privileges, you can ask Don-Bot. Don-Bot doesn’t need admin-level API keys so you can still be *that person* at happy hour worrying about everything, but with a streamlined workflow.
For more information, read the press release here.
