PingCastle Notify is a tool that will monitor your PingCastle reports ! You will be notified every time a change between a scan and a previous scan is made.
How it works ? PingCastle-Notify is a PS1 script that will run a PingCastle scan, compare the difference between a previous scan, highlight the diff and send the result into a Slack / Teams channel or a log file !
The slack/teams/log message will notify you regarding the different states: correction, recession etc
⚠️ If you don't want to use Slack or Teams set the variable$teamsand$slackto 0 inside the ps1 script. Skip the step "Create a BOT" and check the log file inside the Reports folder.
▶️ First scan
| Slack | Teams |
|---|---|
 |
 |
▶️ No new vulnerability but some rules have been updated
▶️ New vulnerabilty
| Slack | Teams |
|---|---|
 |
 |
▶️ Some vulnerability have been removed
| Slack | Teams |
|---|---|
 |
 |
▶️ No new vulnerability
No result in slack since reports are the same
🔰 Adding the result of the current scan
Set the variable $print_current_result to 1 in the script, the rules flagged on the current scan will be added as a thread into Slack or after the rule diff on Teams.
| Slack | Teams |
|---|---|
 |
 |
SECU-TOOL-SCAN/
- PingCastle-Notify.ps1
- PingCastle/
- Reports/
- domain.local.xml
- domain.local.html
- scan.logs <-- contains the logs of the scan (diff scan)
- Pingcastle.exe
- ...
- Download PingCastle
- Unzip the archive
- Create a "Reports" folder inside the PingCastle folder
- Download and add the file
PingCastle-Notify.ps1on the parent directory
▶️ Slack BOT
- In Slack create an application https://api.slack.com/apps
- Add the following rights
- Click on "Add features and functionality" -> Bots (configure the name)
- Click on "Add features and functionality" -> Permissions (add the following permissions)
- Generate a "Bot User OAuth Token" on the Permissions tab
- Get your token add it to the PingCastle-Notify.ps1 script
- Create a slack channel and add your bot user to the channel
- You can test your bot using https://api.slack.com/methods/chat.postMessage/test
- Add the channel to the script
- Run the script to test using this command:
powershell.exe -exec bypass C:\YOUR_PATH\SECU-TOOL-SCAN\PingCastle-Notify.ps1
▶️ Teams BOT
- Create a channel pingcastle-scan
- Click on the "..." dots and select "Connectors"
- Search for Webhook
- Add the webhook
- Re-click on the connectors button and on the webhook click "configure"
- Add a title and a logo and click Create, copy the wehbook URL
- Add the url on the variable
$teamsUri - Set the variable
$teamsto 1 and$slackto 0
On your Windows Server go to
- Create a service account that will run the PS1 script every night (no need to set the service account as domain admin)
- Give privileges to the service account on the folder "Reports"
- Run taskschd.msc to open the Scheduler Task
- Create a Task and use the service account you just created
- In Actions tab set "Start a program" -> "Script":
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe-> "Arguments" ->-exec bypass -f C:\PINGCASTLE\Pingcastle-Notify.ps1 - Give the permission "Log on as Batch Job" to service account https://danblee.com/log-on-as-batch-job-rights-for-task-scheduler/
- Run the scheduled task to test the result
- Enjoy :)
- Vincent Le Toux - https://twitter.com/mysmartlogon
- Romain Tiennot - https://github.com/aikiox
- Lilian Arago - https://github.com/NahisWayard
- Romain Bourgue - https://github.com/raomin
MIT License