securenow 8.0.3 → 8.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/NPM_README.md +11 -1
- package/SKILL-CLI.md +237 -229
- package/cli/security.js +467 -374
- package/cli.js +430 -418
- package/package.json +1 -1
package/NPM_README.md
CHANGED
|
@@ -260,7 +260,15 @@ npx securenow notifications read-all
|
|
|
260
260
|
### Alerting
|
|
261
261
|
|
|
262
262
|
```bash
|
|
263
|
-
#
|
|
263
|
+
# Create a custom detection rule from your own SQL (new in 8.1)
|
|
264
|
+
npx securenow alerts rules create \
|
|
265
|
+
--name "Auth: magic-link brute force" \
|
|
266
|
+
--sql @rule.sql \
|
|
267
|
+
--apps <app-key> \
|
|
268
|
+
--severity high \
|
|
269
|
+
--nlp "single IP flooding /api/auth/signin or /api/auth/callback"
|
|
270
|
+
|
|
271
|
+
# View / manage alert rules, channels, and history
|
|
264
272
|
npx securenow alerts rules
|
|
265
273
|
npx securenow alerts rules show <rule-id>
|
|
266
274
|
npx securenow alerts rules update <rule-id> --applications-all
|
|
@@ -271,6 +279,8 @@ npx securenow alerts channels
|
|
|
271
279
|
npx securenow alerts history --limit 20
|
|
272
280
|
```
|
|
273
281
|
|
|
282
|
+
Your detection SQL scopes app keys with the `__USER_APP_KEYS__` placeholder and selects an `ip` column for per-IP aggregation and remediation. SecureNow stores the query, runs it on the rule's schedule (default every 15 min), and routes matches to your in-app channel (override with `--channel <id>`). Requires an API key with `alerts:write`.
|
|
283
|
+
|
|
274
284
|
### IP Intelligence & Blocklist
|
|
275
285
|
|
|
276
286
|
```bash
|