Prefect Security Automation Worker

A comprehensive Prefect 3.x workflow orchestration project for security automation, asset management, and vulnerability assessment. This repository contains production-ready flows for integrating with various security tools and platforms.

🚀 Features

Security Tool Integrations

• FortiGate - Firewall device configuration export and management
• Tenable/Nessus - Vulnerability scan results synchronization
• DefectDojo - Vulnerability management and risk acceptance workflows
• Azure Entra ID - User and group management automation
• LDAP - Directory services integration with proxy support
• Citrix - Load balancer and application delivery controller management

Core Capabilities

• Database Operations - Automated table initialization and data synchronization
• Asset Management - Comprehensive company asset discovery and tracking
• DNS Management - Internal DNS record management and synchronization
• Risk Management - Automated risk acceptance and severity updates
• Data Export - Excel and Nessus format exports with progress tracking

📋 Prerequisites

• Python 3.9 or higher
• Prefect 3.4.3+
• PostgreSQL database
• Access to security tools and APIs

🛠️ Installation

1. Clone the repository

   git clone <repository-url>
   cd prefect-worker

2. Create and activate virtual environment

   python -m venv venv
   source venv/bin/activate  # On Windows: venv\Scripts\activate

3. Install dependencies

   pip install -r requirements.txt

4. Configure Prefect blocks and variables

   prefect block register --file .\lib\block\file.py

🔧 Configuration

Required Prefect Blocks

This project requires several Prefect blocks to be configured:

Database

• SqlAlchemyConnector - PostgreSQL connection for data storage

Cloud Storage

• MinIOCredentials - S3-compatible storage for artifacts
• S3Bucket - Storage bucket configuration

Security Tool Credentials

• TenableHostCredentials - Nessus scanner access
• FortigateCredentials - FortiGate device management
• DefectDojoCredentials - DefectDojo API access
• AzureAppCredentials - Microsoft Entra ID integration
• LDAPCredentials - Directory services access
• NitroCredentials - Citrix NetScaler management

Prefect Variables

Configure the following Prefect variables for your deployments:

company_assets

{
  "ldap_list": [
    "ldap-example",
    "ldap-test"
  ],
  "azure_creds": "entra-app",
  "socks_filter": {
    "host": "127.0.0.1",
    "port": "9999",
    "domains": [
      "example.local",
      "test.local"
    ]
  }
}

defectdojo_info

{
  "credentials": "defectdojo-info",
  "product_name": "Nerdy",
  "invicti_eng_id": 57
}

finding_severity

{
  "engagements": [
    58,
    60,
    61
  ],
  "accepted_vuln_ids": [
    {
      "name": "ssl_medium_strength_cipher_suites_supported",
      "plugin_id": 42873,
      "new_severity": "Medium",
      "old_severity": "High"
    },
    {
      "name": "ssl_version_2_and_3_protocol_detection",
      "plugin_id": 20007,
      "new_severity": "Medium",
      "old_severity": "Critical"
    }
  ]
}

fortigate_devices

{
  "devices": [
    "fortigate-test",
    "fortigate-example"
  ]
}

lb_devices

{
  "devices": [
    "citrix-test",
    "citrix-example"
  ]
}

nessus_list

{
  "timediff": 7,
  "scan_type": "Tenable Scan",
  "scanner_list": [
    "secops-test",
    "secops-example"
  ],
  "tenablesc_info": "secops-tenable-sc"
}

risk_acceptances

{
  "engagements": [
    58,
    60,
    61
  ],
  "accepted_vuln_ids": {
    "ssl_self-signed_certificate": 57582,
    "hsts_missing_from_https_server": 142960,
    "ssl_certificate_cannot_be_trusted": 51192,
    "ssl_certificate_with_wrong_hostname": 45411,
    "ssl_certificate_signed_using_weak_hashing_algorithm": 35291,
    "web_application_potentially_vulnerable_to_clickjacking": 85582
  }
}

🚀 Usage

Running Flows Locally

1. Start Prefect server

   prefect server start

2. Run individual flows

   # Database initialization
   python main.py db_init
   
   # Export FortiGate devices
   python main.py export_fortigate_devices_flow
   
   # Sync Nessus results
   python main.py export_nessus_results_flow

Deploying Flows

Use the provided prefect.yaml configuration:

# Deploy all flows
prefect deploy

# Deploy specific flow
prefect deploy --name export_fortigate_devices

Available Deployments

Deployment	Description	Tags
export_fortigate_devices	Export FortiGate device configurations	fortigate, postgres, export
export_nessus_results	Sync Nessus scan results to DefectDojo	appsec, defectdojo, nessus
export_company_assets	Export LDAP & Entra ID data	audit, ldap, entra
export_citrix_devices	Export Citrix device configurations	audit, citrix, loadbalancer
export_internal_dns_records	Export internal DNS records	audit, dns, intranet
dd_risk_acceptance	DefectDojo risk acceptance automation	appsec, defectdojo, risk
dd_update_finding_severity	Update finding severity levels	appsec, defectdojo, severity
dd_update_invicti_titles	Update Invicti test titles	appsec, defectdojo, invicti

📁 Project Structure

prefect-worker/
├── main.py                 # Main flow definitions
├── prefect.yaml           # Deployment configuration
├── requirements.txt       # Python dependencies
├── lib/
│   ├── block/            # Prefect block definitions
│   │   ├── azure.py      # Azure Entra ID integration
│   │   ├── defectdojo.py # DefectDojo API client
│   │   ├── fortigate.py  # FortiGate API client
│   │   ├── ldap.py       # LDAP directory services
│   │   ├── nitro.py      # Citrix NetScaler API
│   │   └── tenable.py    # Tenable/Nessus integration
│   ├── model/            # Data models and business logic
│   │   ├── fortigate.py  # FortiGate data models
│   │   └── nessus.py     # Nessus scan models
│   ├── deployments/      # Deployment utilities
│   └── utils.py          # Common utilities
└── static/               # Static assets (logos)

🔄 Workflow Examples

FortiGate Device Export

from main import export_fortigate_devices_flow

# Export device configurations
devices = {
    "devices": [
        {"name": "fw-primary", "host": "192.168.1.1"},
        {"name": "fw-secondary", "host": "192.168.1.2"}
    ]
}

export_fortigate_devices_flow(devices)

Nessus Results Synchronization

from main import export_nessus_results_flow

# Sync scan results to DefectDojo
defectdojo_info = {
    "credentials": "defectdojo-prod",
    "product_name": "Web Application",
    "invicti_eng_id": 123
}

nessus_list = {
    "scanner_list": ["nessus-scanner-1", "nessus-scanner-2"],
    "tenablesc_info": "tenablesc-prod",
    "scan_type": "Nessus Scan",
    "timediff": 24
}

export_nessus_results_flow(defectdojo_info, nessus_list)

📊 Monitoring and Observability

• Progress Tracking - Real-time progress artifacts for long-running operations
• Link Artifacts - Direct links to exported files and reports
• Structured Logging - Comprehensive logging with Prefect's built-in observability
• Flow Monitoring - Monitor flow runs through Prefect UI or Cloud

🤝 Contributing

1. Fork the repository
2. Create a feature branch (git checkout -b feature/amazing-feature)
3. Commit your changes (git commit -m 'Add amazing feature')
4. Push to the branch (git push origin feature/amazing-feature)
5. Open a Pull Request

📝 License

This project is licensed under the MIT License - see the LICENSE file for details.

🔗 Related Links

• Prefect Documentation
• Prefect GitHub Repository
• DefectDojo Documentation
• FortiGate API Documentation
• Tenable API Documentation

🆘 Support

For support and questions:

• Open an issue in this repository
• Check the Prefect Community
• Review the Prefect Documentation

---

Built with ❤️ using Prefect