Security Analysts today have a whole host of tools they use to gather threat intelligence. Why can't there be 1 tool that integrates multiple 3rd party services into 1, clean interface that allows you to search all of them at once?
What it does
This chatbot was used as a proof of concept. You can submit credentials (Only once) to the chatbot that allow you to access the IBM X-Force Exchange API. Then search for an IP address and it will show you all relevant information
How I built it
I used Python to create a host of functions that submit the provided credentials and IP address to the XForce API. It then presents all the information back to user.
How to get API Key for X-Force Exchange by IBM
Sign up for an IBM ID at https://exchange.xforce.ibmcloud.com/. Once you have done this, login to your account and click on your account settings in top right corner. (See Picture "XForce Login"). Then click on settings. You will then see a link on the right to API Access. These are your credentials. (See Picture "API Access")
Challenges I ran into
Developing lambda functions that could be invoked by Amazon Lex and handles the way events are sent to it proved difficult. Also returning events that fit the Amazon Lex format was difficult.
Accomplishments that I'm proud of
Allows you to query the site and maintain a history. Both of these mark an improvement compared to opening a tab to visit the website each time you need to search. This also allows you to maintain a history of what you have searched for, which can prove useful when determining the maliciousness of an event on your network.
What I learned
Amazon Lex and Boto3 make this process relatively easy to do. The capabilities of Amazon Lex are truly quite advanced.
What's next for InfoSec Chatbot
I want to integrate the ability to query more services at once. Create more customizable output and build in more failsafes so that basic things that it is not expecting can still be handled easily and without problems.