William Zujkowski williamzujkowski
williamzujkowski
/ vulnerability-scan-comparison.py
Created
November 1, 2025 15:48
Python script for vulnerability scan comparison and alerting
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| """ | |
| Vulnerability Scan Comparison Tool | |
| Source: https://williamzujkowski.github.io/posts/2025-10-06-automated-security-scanning-pipeline/ | |
| Purpose: Compare security scan results to identify new and fixed vulnerabilities | |
| Usage: python compare-scans.py --current scan1.json --baseline scan2.json --alert-on-new | |
| """ | |
| import json | |
| import sys |
williamzujkowski
/ wazuh-vulnerability-ingestion.sh
Created
November 1, 2025 15:48
Bash script for Wazuh vulnerability ingestion via syslog
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Wazuh Vulnerability Ingestion Script | |
| # Source: https://williamzujkowski.github.io/posts/2025-10-06-automated-security-scanning-pipeline/ | |
| # Purpose: Send vulnerability scan results to Wazuh SIEM via syslog | |
| # Usage: ./send-scans-to-wazuh.sh | |
| WAZUH_MANAGER="10.0.10.5" | |
| WAZUH_PORT="1514" | |
| # Scan with Grype |
williamzujkowski
/ security-scan-slack-notification.yml
Created
November 1, 2025 15:48
Slack webhook payload with formatted blocks and repository details
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Slack Notification for Security Scan Failures | |
| # Source: https://williamzujkowski.github.io/posts/2025-10-06-automated-security-scanning-pipeline/ | |
| # Purpose: Send formatted Slack alerts when security scans fail | |
| # Usage: Add to security-gate job in GitHub Actions workflow | |
| - name: Send Slack notification | |
| if: failure() | |
| uses: slackapi/slack-github-action@v1.24.0 | |
| with: | |
| payload: | |
williamzujkowski
/ wazuh-vulnerability-rules.xml
Created
November 1, 2025 15:48
Wazuh detection rules for vulnerability scanning
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!-- Wazuh Custom Rules for Vulnerability Detection --> | |
| <!-- Source: https://williamzujkowski.github.io/posts/2025-10-06-automated-security-scanning-pipeline/ --> | |
| <!-- Purpose: Define Wazuh rules for vulnerability alerting --> | |
| <!-- Usage: Add to /var/ossec/etc/rules/local_rules.xml --> | |
| <group name="vulnerability,"> | |
| <rule id="100100" level="7"> | |
| <decoded_as>json</decoded_as> | |
| <field name="vulnerability_id">\.+</field> | |
| <description>Vulnerability detected in container image</description> |
williamzujkowski
/ vscode-security-scan-tasks.json
Created
November 1, 2025 15:49
VS Code tasks.json with Grype, OSV, and combined scan tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // VS Code Security Scanning Tasks | |
| // Source: https://williamzujkowski.github.io/posts/2025-10-06-automated-security-scanning-pipeline/ | |
| // Purpose: Run security scans directly from VS Code | |
| // Usage: Save as .vscode/tasks.json and run via Command Palette (Ctrl+Shift+P > "Tasks: Run Task") | |
| { | |
| "version": "2.0.0", | |
| "tasks": [ | |
| { | |
| "label": "Security Scan: Grype", |
williamzujkowski
/ vulnerability-metrics.sql
Created
November 1, 2025 15:49
PostgreSQL analytics for vulnerability metrics and trends
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -- Vulnerability Tracking Metrics Queries | |
| -- Source: https://williamzujkowski.github.io/posts/2025-10-06-automated-security-scanning-pipeline/ | |
| -- Purpose: PostgreSQL queries for tracking vulnerability trends and metrics | |
| -- Usage: Run against vulnerability tracking database | |
| -- Total vulnerabilities by severity over last 30 days | |
| SELECT | |
| severity, | |
| COUNT(*) as count, | |
| DATE(scan_date) as date |
williamzujkowski
/ dashboard-core.py
Created
November 1, 2025 15:49
Main ThreatIntelligenceDashboard class with Flask backend
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| MITRE ATT&CK Threat Intelligence Dashboard - Core Module | |
| Source: https://williamzujkowski.github.io/posts/threat-intelligence-mitre-attack-dashboard/ | |
| Purpose: Main ThreatIntelligenceDashboard class with async initialization and threat feed aggregation | |
| Prerequisites: Python 3.8+, aiohttp, stix2 | |
| Usage: | |
| dashboard = ThreatIntelligenceDashboard() | |
| await dashboard.initialize() |
williamzujkowski
/ attack-data-loader.py
Created
November 1, 2025 15:49
ATTACKDataLoader with STIX processing and technique extraction
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| MITRE ATT&CK Data Loader with STIX Processing | |
| Source: https://williamzujkowski.github.io/posts/threat-intelligence-mitre-attack-dashboard/ | |
| Purpose: Fetches and processes MITRE ATT&CK Enterprise matrix data from GitHub | |
| Prerequisites: requests, stix2 | |
| Usage: | |
| loader = ATTACKDataLoader() | |
| technique_map = loader.load_attack_data() |
williamzujkowski
/ alienvault-collector.py
Created
November 1, 2025 15:49
AlienVault OTX pulse integration with IoC extraction
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| AlienVault OTX Pulse Integration | |
| Source: https://williamzujkowski.github.io/posts/threat-intelligence-mitre-attack-dashboard/ | |
| Purpose: Collects threat intelligence pulses from AlienVault OTX and extracts ATT&CK technique mappings | |
| Prerequisites: OTXv2 Python library | |
| Usage: | |
| collector = AlienVaultCollector(api_key='YOUR_API_KEY') | |
| pulses = collector.get_recent_pulses(days_back=7) |
williamzujkowski
/ cisa-alert-mapper.py
Created
November 1, 2025 15:49
CISA Known Exploited Vulnerabilities mapper linking CVEs to MITRE techniques
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| CISA Known Exploited Vulnerabilities Mapper | |
| Source: https://williamzujkowski.github.io/posts/threat-intelligence-mitre-attack-dashboard/ | |
| Purpose: Maps CISA KEV alerts to MITRE ATT&CK techniques based on vulnerability characteristics | |
| Prerequisites: aiohttp | |
| Usage: | |
| mapper = CISAAlertMapper() | |
| alerts = await mapper.get_cisa_alerts() |