Enterprise Integrations

Connect ASNSPY to your existing security infrastructure

SIEM Platforms

Real-time event streaming to security operations centers

Supported Platforms

Splunk

--siem splunk --siem-host splunk.company.com:8088 \
--siem-token YOUR_HEC_TOKEN --siem-index security

Format: HTTP Event Collector (HEC) with JSON payloads

Elasticsearch

--siem elasticsearch --siem-host elastic.company.com:9200 \
--siem-token YOUR_API_KEY --siem-index asnspy

Format: ECS (Elastic Common Schema) compliant events

QRadar / ArcSight

--siem qradar --siem-host siem.company.com:514 \
--siem-protocol tcp

Format: CEF (Common Event Format) via syslog

Also Supported

  • Graylog: GELF format over HTTP/UDP
  • Sumo Logic: HTTP collector endpoint
  • Generic Syslog: RFC 5424/3164 compliant

Event Types Streamed

  • vulnerability: CVE detection with severity and details
  • credential_leak: Exposed configs and credentials
  • certificate_issue: TLS cert problems and expiry
  • scan_complete: Scan summary with statistics
  • diff_critical_findings: New critical vulnerabilities

Webhook Notifications

Instant alerts to team communication platforms

Slack

--webhook https://hooks.slack.com/services/YOUR/WEBHOOK/URL \
--webhook-type slack \
--webhook-events critical_finding,scan_complete

Rich attachments with color-coded severity and structured fields

Discord

--webhook YOUR_DISCORD_WEBHOOK_URL \
--webhook-type discord \
--webhook-severity CRITICAL

Embedded messages with icons and formatted content

Microsoft Teams

--webhook YOUR_TEAMS_WEBHOOK \
--webhook-type teams

MessageCard format with actionable insights

PagerDuty

--webhook YOUR_INTEGRATION_KEY \
--webhook-type pagerduty \
--webhook-events critical_finding

Creates incidents for CRITICAL findings with automatic deduplication

Event Filters

  • scan_start: Triggered when scan begins
  • scan_complete: Full scan summary with findings count
  • critical_finding: Each CRITICAL vulnerability/leak
  • error: Scan failures and issues

Severity Thresholds

--webhook-severity CRITICAL # Only critical
--webhook-severity HIGH # High and critical
--webhook-severity MEDIUM # Medium, high, critical
--webhook-severity LOW # All findings

Database Storage

Persistent history, trending, and diff capabilities

Supported Databases

SQLite (Default)

--database # Uses asnspy.db in scan directory

Zero configuration, perfect for single-user workstations and testing

PostgreSQL

--database --db-type postgresql \
--db-host db.company.com --db-port 5432 \
--db-user scanner --db-pass $DB_PASS --db-name asnspy

Enterprise multi-user with ACID compliance

MySQL/MariaDB

--database --db-type mysql \
--db-host mysql.company.com --db-port 3306 \
--db-user scanner --db-pass $DB_PASS --db-name asnspy

Widely deployed, excellent performance

Database Schema

Automatically creates and maintains tables for:

  • scans: Scan metadata, timing, statistics
  • findings: All vulnerabilities with severity
  • assets: IP inventory with cloud provider
  • vulnerabilities: CVE master list
  • certificates: TLS certificate tracking

Query Examples

# Recent scan history
SELECT scan_id, start_time, findings_critical, findings_high
FROM scans ORDER BY start_time DESC LIMIT 10;

# Persistent vulnerabilities
SELECT cve_id, COUNT(*) as appearances
FROM findings WHERE finding_type='vulnerability'
GROUP BY cve_id HAVING COUNT(*) > 3;

Integrate with Your Security Stack

ASNSPY fits seamlessly into existing enterprise infrastructure.

Request Early Access " '