36 lines
1.2 KiB
Bash
Executable file
36 lines
1.2 KiB
Bash
Executable file
#!/usr/bin/env bash
|
|
# Test Wazuh-style alert → Ligbox Ops ingress
|
|
set -euo pipefail
|
|
ENV_FILE="${ENV_FILE:-/opt/ligbox-ops-platform/.env}"
|
|
if [[ -f "$ENV_FILE" ]]; then
|
|
set -a
|
|
# shellcheck disable=SC1090
|
|
source "$ENV_FILE"
|
|
set +a
|
|
fi
|
|
|
|
OPS="${OPS_URL:-http://10.10.10.122:8080}"
|
|
SECRET="${WAZUH_WEBHOOK_SECRET:-ligbox-wazuh-dev-secret}"
|
|
|
|
curl -sf -X POST "$OPS/api/v1/webhooks/ingress/wazuh" \
|
|
-H "Content-Type: application/json" \
|
|
-H "X-Webhook-Secret: $SECRET" \
|
|
-d '{
|
|
"id": "test-wazuh-'$(date +%s)'",
|
|
"rule": {"id": 5710, "level": 12, "description": "SSH brute force attempt detected"},
|
|
"agent": {"name": "ops-hub", "ip": "10.10.10.103"},
|
|
"data": {"srcip": "203.0.113.99"}
|
|
}' | python3 -m json.tool
|
|
|
|
echo "--- tickets wazuh (auth required) ---"
|
|
DESK_PASS="${DESK_BOOTSTRAP_PASSWORD:-805353}"
|
|
sleep 2
|
|
TOKEN=$(curl -s -X POST "$OPS/api/v1/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"username\":\"root\",\"password\":\"$DESK_PASS\"}" \
|
|
| python3 -c "import sys,json; d=json.load(sys.stdin); print(d.get('access_token',''))")
|
|
if [[ -z "$TOKEN" ]]; then
|
|
echo "FAIL: could not obtain auth token"
|
|
exit 1
|
|
fi
|
|
curl -sf -H "Authorization: Bearer $TOKEN" "$OPS/api/v1/desk/tickets?source=wazuh" | python3 -m json.tool | head -25
|