KEV Bot periodically checks the CISA Known Exploited Vulnerabilities catalog for new entries. When KEV Bot detects a new entry to the catalog, KEV Bot slacks an announcement of the new entry.

Event Bridge
DynamoDB
Lambda
SSM
S3 (if using github actions)

1. AWS Account and Github OIDC configured
2. Fork this repo

1. ROLE_TO_ASSUME - From AWS account KEV Bot will be deployed
2. SLACK_WEBHOOK_URL - Slack incoming webhook URL to send notifications

Configure provider.tf to point to a s3 bucket in your aws account

Push requests approved to the main branch will trigger GitHub actions and deploy KEV bot to your AWS account.

1. Terraform installed and configured with an AWS account
2. Python 3 installed
3. pip installed and in path
4. delete provider.tf from KEV Files
5. Slack app configured with an incoming webhook

terraform init
terraform plan -input=false -var="slack_webhook_url=$SLACK_WEBHOOK_URL"
terraform apply -input=false -var="slack_webhook_url=$SLACK_WEBHOOK_URL"

terraform init
terraform plan -input=false -var="slack_webhook_url=%SLACK_WEBHOOK_URL%"
terraform apply -input=false -var="slack_webhook_url=%SLACK_WEBHOOK_URL%"