A Security-First Middleware for Django to ensure NIS2 compliance with forensic logging, active defense, and SIEM integration.

These details have not been verified by PyPI

Project description

Django NIS2 Shield

Il Middleware "Security-First" per la conformità NIS2.

django-nis2-shield è una libreria plug-and-play progettata per aiutare le applicazioni Django a soddisfare i requisiti tecnici della Direttiva NIS2 (Network and Information Security 2), con un focus su Logging Forense, Active Defense e SIEM Integration.

✨ Caratteristiche Principali

🔒 Forensic Logger

Log strutturati (JSON o CEF) firmati con HMAC-SHA256
Cifratura automatica dei campi PII (GDPR compliant)
IP Anonymization configurabile

🛡️ Active Defense

Rate Limiting: Protezione contro attacchi DoS applicativi
Session Guard: Prevenzione Session Hijacking con tolleranza mobile
Tor Blocker: Blocco automatico dei nodi di uscita Tor
MFA Gatekeeper: Reindirizzamento 2FA per path sensibili

📊 Compliance & Reporting

Comando check_nis2 per audit della configurazione
Generazione report incidenti per CSIRT (deadline 24h)
Preset SIEM per Elasticsearch, Splunk, e altri

📦 Installazione

pip install django-nis2-shield

Per lo sviluppo:

pip install django-nis2-shield[dev]

⚙️ Configurazione

settings.py

INSTALLED_APPS = [
    ...,
    'django_nis2_shield',
]

MIDDLEWARE = [
    ...,
    # Inserire dopo SessionMiddleware e prima di CommonMiddleware
    'django_nis2_shield.middleware.Nis2GuardMiddleware', 
    ...,
]

# Configurazione NIS2
NIS2_SHIELD = {
    # Security Keys
    'INTEGRITY_KEY': 'change-me-to-a-secure-secret',
    'ENCRYPTION_KEY': b'your-32-byte-fernet-key-here=',  # Fernet.generate_key()
    
    # Privacy (GDPR)
    'ANONYMIZE_IPS': True,
    'ENCRYPT_PII': True,
    'PII_FIELDS': ['user_id', 'email', 'ip', 'user_agent'],
    
    # Active Defense
    'ENABLE_RATE_LIMIT': True,
    'RATE_LIMIT_THRESHOLD': 100,  # requests/minute
    'ENABLE_SESSION_GUARD': True,
    'SESSION_IP_TOLERANCE': 'subnet',  # 'exact', 'subnet', 'none'
    'BLOCK_TOR_EXIT_NODES': True,
    
    # MFA
    'ENFORCE_MFA_ROUTES': ['/admin/', '/finance/'],
    'MFA_SESSION_FLAG': 'is_verified_mfa',
    'MFA_REDIRECT_URL': '/accounts/login/mfa/',
}

Formato Log: CEF (Enterprise SIEM)

Per output in formato CEF invece di JSON:

from django_nis2_shield.cef_formatter import get_cef_logging_config

LOGGING = get_cef_logging_config('/var/log/django_nis2.cef')

🚀 Utilizzo

Audit della Configurazione

python manage.py check_nis2

Aggiornamento Threat Intelligence

python manage.py update_threat_list

Generazione Report Incidenti

python manage.py generate_incident_report --hours=24 --output=incident.json

📈 Dashboard Monitoring

Il progetto include uno stack Docker per visualizzare i log:

cd dashboard
docker compose up -d

# Accesso:
# - Kibana: http://localhost:5601
# - Grafana: http://localhost:3000 (admin/admin)

Vedi dashboard/README.md per dettagli.

🧪 Testing

# Con gli script esistenti
PYTHONPATH=. python tests/test_basic.py

# Con pytest
pip install pytest pytest-django
PYTHONPATH=. pytest tests/ -v

📄 Licenza

MIT License - vedi LICENSE per dettagli.

🤝 Contributing

Le contribuzioni sono benvenute! Apri una issue o una PR su GitHub.

Project details

These details have not been verified by PyPI

Release history Release notifications | RSS feed

1.1.1

Jan 3, 2026

0.3.7

Jan 2, 2026

0.3.6

Jan 1, 2026

0.3.5

Jan 1, 2026

0.3.2

Dec 31, 2025

0.3.1

Dec 30, 2025

0.3.0

Dec 26, 2025

This version

0.2.0

Dec 25, 2025

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django_nis2_shield-0.2.0.tar.gz (19.2 kB view details)

Uploaded Dec 25, 2025 Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

The dropdown lists show the available interpreters, ABIs, and platforms. Enable javascript to be able to filter the list of wheel files.

django_nis2_shield-0.2.0-py3-none-any.whl (15.9 kB view details)

Uploaded Dec 25, 2025 Python 3

File details

Details for the file django_nis2_shield-0.2.0.tar.gz.

File metadata

Download URL: django_nis2_shield-0.2.0.tar.gz
Upload date: Dec 25, 2025
Size: 19.2 kB
Tags: Source
Uploaded using Trusted Publishing? Yes
Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for django_nis2_shield-0.2.0.tar.gz
Algorithm	Hash digest
SHA256	`fba70e4bcf35c951266646d5be900910356b4a6441c1a420ea698506eb59c944`
MD5	`4c1046e3ede46e640ef00d66758bb08f`
BLAKE2b-256	`9eacbd9a8e1631900877160c0097cb6262b281e3908cc30a84e84e00ee1c703e`

See more details on using hashes here.

Provenance

The following attestation bundles were made for django_nis2_shield-0.2.0.tar.gz:

Publisher: publish.yml on nis2shield/django-nis2-shield

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Statement:
- Statement type: https://in-toto.io/Statement/v1
- Predicate type: https://docs.pypi.org/attestations/publish/v1
- Subject name: django_nis2_shield-0.2.0.tar.gz
- Subject digest: fba70e4bcf35c951266646d5be900910356b4a6441c1a420ea698506eb59c944
- Sigstore transparency entry: 779605581
- Sigstore integration time: Dec 25, 2025
Source repository:
- Permalink: nis2shield/django-nis2-shield@4428c3cb7c66a68a3514a3c09eabc5acbfa95043
- Branch / Tag: refs/tags/v0.2.0
- Owner: https://github.com/nis2shield
- Access: public
Publication detail:
- Token Issuer: https://token.actions.githubusercontent.com
- Runner Environment: github-hosted
- Publication workflow: publish.yml@4428c3cb7c66a68a3514a3c09eabc5acbfa95043
- Trigger Event: release

File details

Details for the file django_nis2_shield-0.2.0-py3-none-any.whl.

File metadata

Download URL: django_nis2_shield-0.2.0-py3-none-any.whl
Upload date: Dec 25, 2025
Size: 15.9 kB
Tags: Python 3
Uploaded using Trusted Publishing? Yes
Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for django_nis2_shield-0.2.0-py3-none-any.whl
Algorithm	Hash digest
SHA256	`73960279f8bca9a7e753bf5e7bae8eb35eccc1e69c7029a42306b589224dd500`
MD5	`c2ba690066733aa332b61f961f6c388b`
BLAKE2b-256	`9675b40f8589ccaf82dfde3de0c643fd75e4c202c65d0e9ed7154b4c6b49edb3`

See more details on using hashes here.

Provenance

The following attestation bundles were made for django_nis2_shield-0.2.0-py3-none-any.whl:

Publisher: publish.yml on nis2shield/django-nis2-shield

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Statement:
- Statement type: https://in-toto.io/Statement/v1
- Predicate type: https://docs.pypi.org/attestations/publish/v1
- Subject name: django_nis2_shield-0.2.0-py3-none-any.whl
- Subject digest: 73960279f8bca9a7e753bf5e7bae8eb35eccc1e69c7029a42306b589224dd500
- Sigstore transparency entry: 779605582
- Sigstore integration time: Dec 25, 2025
Source repository:
- Permalink: nis2shield/django-nis2-shield@4428c3cb7c66a68a3514a3c09eabc5acbfa95043
- Branch / Tag: refs/tags/v0.2.0
- Owner: https://github.com/nis2shield
- Access: public
Publication detail:
- Token Issuer: https://token.actions.githubusercontent.com
- Runner Environment: github-hosted
- Publication workflow: publish.yml@4428c3cb7c66a68a3514a3c09eabc5acbfa95043
- Trigger Event: release

django-nis2-shield 0.2.0

Navigation

Verified details

Project links

GitHub Statistics

Maintainers

Unverified details

Meta

Classifiers

Project description

Django NIS2 Shield

✨ Caratteristiche Principali

🔒 Forensic Logger

🛡️ Active Defense

📊 Compliance & Reporting

📦 Installazione

⚙️ Configurazione

settings.py

Formato Log: CEF (Enterprise SIEM)

🚀 Utilizzo

Audit della Configurazione

Aggiornamento Threat Intelligence

Generazione Report Incidenti

📈 Dashboard Monitoring

🧪 Testing

📄 Licenza

🤝 Contributing

Project details

Verified details

Project links

GitHub Statistics

Maintainers

Unverified details

Meta

Classifiers

Release history Release notifications | RSS feed

Download files

Source Distribution

Built Distribution

File details

File metadata

File hashes

Provenance

File details

File metadata

File hashes

Provenance