Главная Обзор Помощь
Войти
tum
/
soc
Следить 1
В избранное 0
Ответвить 0
Код Обсуждения 0 Запросы на слияние 0 Коммиты 27 Релизы 0 Вики

Нет описания

Дерево: ff2ca5400a
Ветки Метки
soc
/
scripts
tum 922e61ec37 wazuh iris дней назад: 6
..
events fc2cceda21 codex wazuh sim log 1 неделя назад
README.md fc2cceda21 codex wazuh sim log 1 неделя назад
create-shuffle-mvp-workflows.sh 51a7d8f87f workflow api недель назад: 4
import-wazuh-dashboard.sh 1028963fde before claude code недель назад: 2
seed-iris-demo-data.sh 0de071e7c9 soc update недель назад: 3
seed-kpi-test-data.py 922e61ec37 wazuh iris дней назад: 6
send-wazuh-sim-logs.sh fc2cceda21 codex wazuh sim log 1 неделя назад
trigger-shuffle-workflow.sh 51a7d8f87f workflow api недель назад: 4
update-shuffle-workflow-from-template.sh 0de071e7c9 soc update недель назад: 3

README.md

Scripts

Combined Wazuh simulator

Use one script for all Appendix A/B/C simulation log replay.

scripts/send-wazuh-sim-logs.sh [selector] [count] [delay_seconds] [--forever] [--dry-run]

Examples:

scripts/send-wazuh-sim-logs.sh all 1 0.2
scripts/send-wazuh-sim-logs.sh a2 1 0
scripts/send-wazuh-sim-logs.sh B3-06 1 0
scripts/send-wazuh-sim-logs.sh c1 1 2 --forever
scripts/send-wazuh-sim-logs.sh all 1 0 --dry-run

Environment variables:

  • WAZUH_SYSLOG_HOST (default 127.0.0.1)
  • WAZUH_SYSLOG_PORT (default 514)
  • DRY_RUN=1 (alternative to --dry-run)

Selector support:

  • Global: all
  • Appendix: a, b, c, appendix-a, appendix-b, appendix-c
  • Section: a1, a2, a3, a4, b1, b2, b3, c1, c2, c3
  • Use-case ID: A1-01 ... C3-04

Sample sources:

  • samples/appendix-a-production-samples.log
  • samples/appendix-b-production-samples.log
  • samples/appendix-c-production-samples.log

Dashboard import

Import Wazuh dashboards (NDJSON):

scripts/import-wazuh-dashboard.sh <path-to-ndjson>

Examples:

scripts/import-wazuh-dashboard.sh scripts/events/wazuh-proposal-required-dashboard.ndjson
scripts/import-wazuh-dashboard.sh scripts/events/wazuh-proposal-appendix-ab-dashboard.ndjson
scripts/import-wazuh-dashboard.sh scripts/events/wazuh-proposal-appendix-c-dashboard.ndjson
scripts/import-wazuh-dashboard.sh scripts/events/wazuh-client-agents-dashboard.ndjson

Other helpers

  • seed-iris-demo-data.sh: seed IRIS demo cases/tasks via API.
  • create-shuffle-mvp-workflows.sh: create Shuffle MVP workflows from templates.
  • trigger-shuffle-workflow.sh: trigger a Shuffle workflow by ID.
  • update-shuffle-workflow-from-template.sh: update existing Shuffle workflow JSON from template.

Notes

  • Legacy send-wazuh-* simulator scripts were removed and replaced by send-wazuh-sim-logs.sh.
  • If you add new sample events, keep comments tagged with use-case IDs (for example # A2-01 ...) so selector filtering keeps working.