This repository has been archived by the owner on Jun 10, 2021. It is now read-only.
Non-zero Exit on IOC's Discovered in Non-interactive Mode #31
Labels
improvement
This issue or pull request will add new or improve existing functionality
馃挕 Summary
Use non-zero exit when IOC's are discovered in non-interactive mode to enhance automatic workflows.
Motivation and context
Common tooling in automatic workflows involves using non-zero exit codes to enable decision making after process completion. Using additional exit codes would enhance CISA CHIRP's ability to be used within these contexts.
Implementation notes
CISA CHIRP would run plugins to completion and use reports to determine whether IOC's discovered is greater than 0. If any IOC's were discovered from the reports, we'd exit with a non-zero
sys.exit(1)
(see below).Use the following exit codes for status indications (i.e.
sys.exit(number)
):Avoiding specifics about IOC's detected in logs may be beneficial (as otherwise public- or near-public display of this information may be a vulnerability or liability). Propose using generic log message (or no log message at all, solely relying on exit code) to indicate IOC's were discovered but remove specific mention of which ones. Open to thoughts or suggestions here!
Acceptance criteria
The text was updated successfully, but these errors were encountered: