#!/usr/bin/env bash
# Test Wazuh-style alert → Ligbox Ops ingress
set -euo pipefail
OPS="${OPS_URL:-http://10.10.10.122:8080}"
SECRET="${WAZUH_WEBHOOK_SECRET:-ligbox-wazuh-dev-secret}"

curl -sf -X POST "$OPS/api/v1/webhooks/ingress/wazuh" \
  -H "Content-Type: application/json" \
  -H "X-Webhook-Secret: $SECRET" \
  -d '{
    "id": "test-wazuh-'$(date +%s)'",
    "rule": {"id": 5710, "level": 12, "description": "SSH brute force attempt detected"},
    "agent": {"name": "ops-hub", "ip": "10.10.10.103"},
    "data": {"srcip": "203.0.113.99"}
  }' | python3 -m json.tool

echo "--- tickets wazuh ---"
curl -sf "$OPS/api/v1/desk/tickets?source=wazuh" | python3 -m json.tool | head -25