Netflix has open-sourced three tools it uses to internally monitor threats. Scumblr, sketchy, and Workflowable are available under open-source licenses from Github.
Scumblr is a Ruby web application that uses site-specific “Search Provider” plugins to enable scheduled or manual searches. Netflix uses it to find tips about attacks or other malicious activities on social media sites, forums, or wherever hackers might brag about their attempts.
Workflowable is a Ruby gem for managing search results, like those generated by Scumblr, which is what Netflix built it for. Its plug-in architecture allows for custom actions to be automated, according to Netflix.
“One of the features we wanted to see in Scumblr was the ability to collect screenshots and text content from potentially malicious sites – this allows security analysts to preview Scumblr results without the risk of visiting the site directly,” wrote Andy Hoernecke and Scott Behrens of Netflix Cloud Security Team.
Netflix, which continues its international expansion by launching in France this fall, also open-sourced its Security Monkey AWS risk monitoring tool in July, and is now up to 42 programs on its Github page.