title="Sat, 16 Sep 2023 07:03:00 UTC">2 anos atrás supports-preserve-symlinks-flag 30f7226d9a first commit 2 anos atrás tailwind-color-palette 30f7226d9a first commit 2 anos atrás tailwindcss 30f7226d9a first commit 2 anos atrás thenify 30f7226d9a first commit 2 anos atrás thenify-all 30f7226d9a first commit 2 anos atrás to-regex-range 30f7226d9a first commit 2 anos atrás tr46 30f7226d9a first commit 2 anos atrás ts-interface-checker 30f7226d9a first commit 2 anos atrás uglify-js 30f7226d9a first commit 2 anos atrás underscore 30f7226d9a first commit 2 anos atrás upper-case 30f7226d9a first commit 2 anos atrás util-deprecate 30f7226d9a first commit 2 anos atrás valid-data-url 30f7226d9a first commit 2 anos atrás web-resource-inliner 30f7226d9a first commit 2 anos atrás webidl-conversions 30f7226d9a first commit 2 anos atrás whatwg-url 30f7226d9a first commit 2 anos atrás wrap-ansi 30f7226d9a first commit 2 anos atrás wrappy 30f7226d9a first commit 2 anos atrás y18n 30f7226d9a first commit 2 anos atrás yallist 30f7226d9a first commit 2 anos atrás yaml 30f7226d9a first commit 2 anos atrás yargs 30f7226d9a first commit 2 anos atrás yargs-parser 30f7226d9a first commit 2 anos atrás .yarn-integrity 30f7226d9a first commit 2 anos atrás tum/soc - Gogs: Simplico Git Service
Ana Sayfa Keşfet Yardım
Giriş Yap
tum
/
soc
İzle 1
Yıldızla 0
Çatalla 0
Kod Sorunlar 0 Değişiklik İstekleri 0 İşlemeler 14 Sürümler 0 Wiki

Açıklama Yok

Ağaç: 1d73c93084
Dallar Biçim İmleri
soc
/
scripts
tum 51a7d8f87f workflow api 1 ay önce
..
events 51a7d8f87f workflow api 1 ay önce
README.md 51a7d8f87f workflow api 1 ay önce
create-shuffle-mvp-workflows.sh 51a7d8f87f workflow api 1 ay önce
send-wazuh-cisco-test-events.sh 51a7d8f87f workflow api 1 ay önce
send-wazuh-test-events.sh 51a7d8f87f workflow api 1 ay önce
trigger-shuffle-workflow.sh 51a7d8f87f workflow api 1 ay önce

README.md

Test Event Scripts

Send Wazuh test events

Use this to inject synthetic SOC events via syslog UDP into Wazuh manager.

scripts/send-wazuh-test-events.sh [scenario] [count] [delay_seconds]

Scenarios:

  • ioc_dns
  • ioc_ips
  • vpn_outside_th
  • windows_auth_fail
  • all

Examples:

scripts/send-wazuh-test-events.sh all
scripts/send-wazuh-test-events.sh vpn_outside_th 5 0.2
WAZUH_SYSLOG_HOST=127.0.0.1 WAZUH_SYSLOG_PORT=514 scripts/send-wazuh-test-events.sh ioc_ips

Environment overrides:

  • WAZUH_SYSLOG_HOST (default 127.0.0.1)
  • WAZUH_SYSLOG_PORT (default 514)
  • WAZUH_TEST_SRC_IP
  • WAZUH_TEST_DOMAIN
  • WAZUH_TEST_USER

Transport notes:

  • Uses nc if available.
  • Falls back to Bash UDP redirection (/dev/udp/host/port) when nc is unavailable.

Send Cisco device test events

Use this to inject Cisco-style syslog events (ASA/IOS) into Wazuh manager.

scripts/send-wazuh-cisco-test-events.sh [scenario] [count] [delay_seconds]

Scenarios:

  • asa_acl_deny
  • asa_vpn_auth_fail
  • ios_login_fail
  • ios_config_change
  • all

Examples:

scripts/send-wazuh-cisco-test-events.sh all
scripts/send-wazuh-cisco-test-events.sh asa_acl_deny 5 0.2
CISCO_DEVICE_HOST=edge-fw-01 scripts/send-wazuh-cisco-test-events.sh ios_login_fail

Environment overrides:

  • WAZUH_SYSLOG_HOST (default 127.0.0.1)
  • WAZUH_SYSLOG_PORT (default 514)
  • CISCO_DEVICE_HOST
  • CISCO_SRC_IP
  • CISCO_DST_IP
  • CISCO_VPN_USER
  • CISCO_ADMIN_USER

Shuffle sample workflow helpers

Sample playbook design for Shuffle:

  • shuffle-workflows/sample-ioc-playbook.md

Sample execution payload:

  • scripts/events/shuffle-sample-execution.json

Trigger an existing Shuffle workflow from CLI:

scripts/trigger-shuffle-workflow.sh <workflow_id> [ioc_type] [ioc_value]

Create MVP workflows in Shuffle (from proposal mapping):

SHUFFLE_API_KEY=<your_key> scripts/create-shuffle-mvp-workflows.sh

This creates:

  • MVP - IOC Enrichment and Case Routing
  • MVP - VPN Geo Anomaly Triage