A Security Digest Using Zapier to Send Discord Channel Messages from New RSS Items in Multiple Feeds

At a former company, a coworker of mine had integrated Zapier with Slack to create a security digest from RSS items in multiple feeds to be sent to a Slack channel. This was something that I was not too sure whether it was done because it was a requirement as listed in a surveillance audit, or simply my former coworker's desire to keep up to date with the latest in security news while at work. Regardless I remember the day when my former coworker announced to those on the infrastructure team which was the team I worked on that the channel had been created and for all those who were interested in joining to join, I right away joined myself. Over time the channel grew with more people even those who worked on different teams, and I even saw the CTO join the channel! However for various months, I saw nobody else join the channel which was something that irked me. The reason I got annoyed was because some people expressed that they were too busy with work or that they felt they did not need to be part of the channel because their line of work does not touch anything security related. I was dumbfounded to hear such responses coming from people who handled sensitive data, and also those who were Engineers themselves. A similar feeling I had was when I was an undergrad. The BS in Information Technology degree I was pursuing at the time, requires every IT major to take a course in Computer Security. However if you're a Computer Science or CS major, this course is optional and is listed as an elective. Fast forward three years later, and the course is now listed as a core requirement! What I am trying to get at out of all of this is how we all need to firmly accept that learning about security is crucial in today's day and age regardless of our stance on it. More importantly is how are we all informing ourselves when so much information exists out there. This blog post will serve as a guide in using Zapier with Discord to automate a digest of RSS items from various security feeds to be sent to a channel.

Zapier Setup

Head to this page and under popular RSS by Zapier + Discord workflows, click on the try it button for the workflow "Send Discord channel messages from new RSS items in multiple feeds". Zapier is the product that we will use to integrate with Discord so we can automate the RSS items from various feeds of our choosing so they can be sent to a discord channel.

You will need to sign up for Zapier if you do not have an account. Do not worry if you do not have a work email, that is just placeholder text. You can still sign up with an ordinary email!

NOTE: The workflow shown here is for Post new RSS items to Discord Channels, make sure the workflow is instead Send Discord channel messages from new RSS items in multiple feeds if you wish to receive channel messages from various RSS items in multiple feeds.

Once you sign up you will be at the name your zap screen as shown here. Name your zap anything you want by clicking on the pencil icon. I named mine RSS Feed Digest.

NOTE: Again make sure that you chose the workflow Send Discord channel messages from new RSS items in multiple feeds and that the trigger as shown here says instead New Items in Multiple Feeds

Choose the feed URLs containing the RSS items you want that will trigger the event which channel messages are sent to a Discord channel. If you are not sure of which feed URLs to choose, you can use this "Top 45 Cyber Security News RSS Feeds" as a starting point. Once you have chosen the feed URLs, click continue.

Discord Setup

If you're new to Discord like me but you used Slack before, then this setup should relatively be easy for you. If you have not yet downloaded Discord, you can download it here for your specific platform. Once you downloaded Discord go ahead and install it. For those unfamiliar with Discord, it is a VoIP instant messaging platform used by people around the world to collaborate and or share information within communities called servers. Once you installed Discord go ahead and sign in or register for an account if this is your first time. Once done go ahead and add a server by clicking on the + icon that says add a server as shown here.

Create your own server by following the wizard. You can name your server anything you want. I named mine brianfajardoinfosecit. Then go ahead and also create a text channel or if you want you can also rename the #general default channel to anything you want like I did calling it world-cyber-security-digest.

Don't Mind the Owl Pictures :)

Back to Zapier

In the Zapier zap screen workflow editor you will need to be signed in to Discord to continue setting up the zap so you can select the server and channel in which you want the multiple channel messages to be sent to from the RSS items in multiple feeds.

In the next screen you will see a lot of checkboxes asking if you wish to allow Zapier more specifically it's bot with the following permissions. Unselect all the checkboxes and only allow the Manage Webhooks and Send Messages permissions.

Back to Discord

You can edit the Zapier role and it's associated permissions anytime by clicking on your server name, server settings, and then clicking on Roles and the pencil icon for edit as shown below.

Zapier Again

Continue on and for "Action Event" select "Send Channel Message". If you're still signed in to Discord, you should see your Discord account with the name of your server.

In the set up action section select your channel and leave everything else as is. Lastly for test action you should see a new channel message in the channel you specified for the RSS items from multiple feeds to be sent to.

Growing a Security Culture

This was a very fun task I had in mind for quite some time and I am glad I was able to complete it relatively easily. Not only is it helpful as one time it helped me assist the InfoSec team patch a critical vulnerability that affected systems I managed that not even my team was aware of, but it also allows for more eyes or visibility into what is out there in terms of news on security. I hope that one day I can grow this channel so it can reach more people and with that allow for growing a security culture that allows everyone regardless of their background and knowledge to stay informed to stay secure.