Initial commit: Bot Detector Dashboard for SOC Incident Response

🛡️ Dashboard complet pour l'analyse et la classification des menaces

Fonctionnalités principales:
- Visualisation des détections en temps réel (24h)
- Investigation multi-entités (IP, JA4, ASN, Host, User-Agent)
- Analyse de corrélation pour classification SOC
- Clustering automatique par subnet/JA4/UA
- Export des classifications pour ML

Composants:
- Backend: FastAPI (Python) + ClickHouse
- Frontend: React + TypeScript + TailwindCSS
- 6 routes API: metrics, detections, variability, attributes, analysis, entities
- 7 types d'entités investigables

Documentation ajoutée:
- NAVIGATION_GRAPH.md: Graph complet de navigation
- SOC_OPTIMIZATION_PROPOSAL.md: Proposition d'optimisation pour SOC
  • Réduction de 7 à 2 clics pour classification
  • Nouvelle vue /incidents clusterisée
  • Panel latéral d'investigation
  • Quick Search (Cmd+K)
  • Timeline interactive
  • Graph de corrélations

Sécurité:
- .gitignore configuré (exclut .env, secrets, node_modules)
- Credentials dans .env (à ne pas committer)

⚠️ Audit sécurité réalisé - Voir recommandations dans SOC_OPTIMIZATION_PROPOSAL.md

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>

test_dashboard.sh

@@ -0,0 +1,136 @@
+#!/bin/bash
+echo "╔════════════════════════════════════════════════════════════╗"
+echo "║         Dashboard Bot Detector - Test Complet            ║"
+echo "╚════════════════════════════════════════════════════════════╝"
+echo ""
+
+TESTS_PASSED=0
+TESTS_FAILED=0
+
+# Test 1: Health check
+echo "🧪 Test 1: Health check..."
+HEALTH=$(curl -s http://localhost:3000/health | jq -r '.status')
+if [ "$HEALTH" = "healthy" ]; then
+    echo "✅ Health check: $HEALTH"
+    TESTS_PASSED=$((TESTS_PASSED+1))
+else
+    echo "❌ Health check failed"
+    TESTS_FAILED=$((TESTS_FAILED+1))
+fi
+
+# Test 2: API detections endpoint
+echo "🧪 Test 2: API detections endpoint..."
+DETECTIONS=$(curl -s "http://localhost:3000/api/detections?page=1&page_size=5" | jq '.total')
+if [ "$DETECTIONS" != "null" ] && [ "$DETECTIONS" -gt 0 ]; then
+    echo "✅ Detections API: $DETECTIONS détections"
+    TESTS_PASSED=$((TESTS_PASSED+1))
+else
+    echo "❌ Detections API failed"
+    TESTS_FAILED=$((TESTS_FAILED+1))
+fi
+
+# Test 3: Tri par score par défaut
+echo "🧪 Test 3: Tri par score par défaut..."
+FIRST_SCORE=$(curl -s "http://localhost:3000/api/detections?page=1&page_size=1&sort_by=anomaly_score&sort_order=asc" | jq '.items[0].anomaly_score')
+if [ "$FIRST_SCORE" != "null" ]; then
+    echo "✅ Tri par score: $FIRST_SCORE (scores négatifs en premier)"
+    TESTS_PASSED=$((TESTS_PASSED+1))
+else
+    echo "❌ Tri par score failed"
+    TESTS_FAILED=$((TESTS_FAILED+1))
+fi
+
+# Test 4: Endpoint variability IP
+echo "🧪 Test 4: Endpoint variability IP..."
+VAR_IP=$(curl -s "http://localhost:3000/api/variability/ip/116.179.33.143" | jq '.total_detections')
+if [ "$VAR_IP" != "null" ]; then
+    echo "✅ Variability IP: $VAR_IP détections"
+    TESTS_PASSED=$((TESTS_PASSED+1))
+else
+    echo "❌ Variability IP failed"
+    TESTS_FAILED=$((TESTS_FAILED+1))
+fi
+
+# Test 5: Endpoint IPs associées
+echo "🧪 Test 5: Endpoint IPs associées..."
+IPS=$(curl -s "http://localhost:3000/api/variability/country/CN/ips?limit=5" | jq '.total')
+if [ "$IPS" != "null" ] && [ "$IPS" -gt 0 ]; then
+    echo "✅ IPs associées: $IPS IPs totales"
+    TESTS_PASSED=$((TESTS_PASSED+1))
+else
+    echo "❌ IPs associées failed"
+    TESTS_FAILED=$((TESTS_FAILED+1))
+fi
+
+# Test 6: Endpoint user_agents
+echo "🧪 Test 6: Endpoint user_agents..."
+UA=$(curl -s "http://localhost:3000/api/variability/ip/116.179.33.143/user_agents?limit=5" | jq '.total')
+if [ "$UA" != "null" ]; then
+    echo "✅ User-Agents: $UA user-agents"
+    TESTS_PASSED=$((TESTS_PASSED+1))
+else
+    echo "❌ User-Agents failed"
+    TESTS_FAILED=$((TESTS_FAILED+1))
+fi
+
+# Test 7: Endpoint analysis subnet
+echo "🧪 Test 7: Endpoint analysis subnet..."
+SUBNET=$(curl -s "http://localhost:3000/api/analysis/116.179.33.143/subnet" | jq '.total_in_subnet')
+if [ "$SUBNET" != "null" ]; then
+    echo "✅ Analysis Subnet: $SUBNET IPs"
+    TESTS_PASSED=$((TESTS_PASSED+1))
+else
+    echo "❌ Analysis Subnet failed"
+    TESTS_FAILED=$((TESTS_FAILED+1))
+fi
+
+# Test 8: Endpoint analysis country
+echo "🧪 Test 8: Endpoint analysis country..."
+COUNTRY=$(curl -s "http://localhost:3000/api/analysis/116.179.33.143/country" | jq '.ip_country.code')
+if [ "$COUNTRY" != "null" ]; then
+    echo "✅ Analysis Country: $COUNTRY"
+    TESTS_PASSED=$((TESTS_PASSED+1))
+else
+    echo "❌ Analysis Country failed"
+    TESTS_FAILED=$((TESTS_FAILED+1))
+fi
+
+# Test 9: Endpoint classifications
+echo "🧪 Test 9: Endpoint classifications..."
+CLASSIF=$(curl -s "http://localhost:3000/api/analysis/classifications?limit=5" | jq '.total')
+if [ "$CLASSIF" != "null" ]; then
+    echo "✅ Classifications: $CLASSIF classifications"
+    TESTS_PASSED=$((TESTS_PASSED+1))
+else
+    echo "❌ Classifications failed"
+    TESTS_FAILED=$((TESTS_FAILED+1))
+fi
+
+# Test 10: Frontend accessible
+echo "🧪 Test 10: Frontend accessible..."
+FRONTEND=$(curl -s http://localhost:3000/ | grep -c "Bot Detector Dashboard")
+if [ "$FRONTEND" -gt 0 ]; then
+    echo "✅ Frontend: Dashboard accessible"
+    TESTS_PASSED=$((TESTS_PASSED+1))
+else
+    echo "❌ Frontend failed"
+    TESTS_FAILED=$((TESTS_FAILED+1))
+fi
+
+echo ""
+echo "════════════════════════════════════════════════════════════"
+echo "  Tests passés:  $TESTS_PASSED"
+echo "  Tests échoués: $TESTS_FAILED"
+echo "════════════════════════════════════════════════════════════"
+
+if [ "$TESTS_FAILED" -eq 0 ]; then
+    echo ""
+    echo "✅ Tous les tests sont passés avec succès ! 🎉"
+    echo ""
+    exit 0
+else
+    echo ""
+    echo "❌ Certains tests ont échoué."
+    echo ""
+    exit 1
+fi