// the find
dropbox/securitybot
Distributed alerting for the masses!
Securitybot is a Slack bot from Dropbox that routes security alerts to the employees who triggered them, asking them to confirm or deny the action via Duo 2FA push. The idea is to offload alert triage from the security team to the individual — if you deployed code at 2am from an unusual location, you confirm it; if you didn't, the team gets paged. It's a solid pattern, but this specific repo has been abandoned since 2018.
The architecture is genuinely well-structured for extensibility: Chat, Auth, and Tasker are all abstract base classes, so swapping Slack for Teams or Duo for TOTP is a subclassing exercise rather than a rewrite. The state machine for user alert flow is explicit and easy to follow. The Splunk plugin ships as a real Splunk app with alert actions, not just a webhook — that's more integration work than most OSS security tools bother with. Alert deduplication via SHA-256 of the event means the same event doesn't spam the user repeatedly.
Dead project — last commit was November 2018, Python 2-era code, and the Slack API it uses (RTM) has been deprecated and then killed by Slack in favor of the Events API. You cannot run this against a modern Slack workspace without porting it. MySQL is hardcoded as the only database option with root/no-password defaults baked into the setup instructions, which is not a great signal for security software. No tests for the actual alert routing or Slack integration — only unit tests for the state machine and utilities, so the most important paths are untested.