a61828d1e7
🛡️ Dashboard complet pour l'analyse et la classification des menaces Fonctionnalités principales: - Visualisation des détections en temps réel (24h) - Investigation multi-entités (IP, JA4, ASN, Host, User-Agent) - Analyse de corrélation pour classification SOC - Clustering automatique par subnet/JA4/UA - Export des classifications pour ML Composants: - Backend: FastAPI (Python) + ClickHouse - Frontend: React + TypeScript + TailwindCSS - 6 routes API: metrics, detections, variability, attributes, analysis, entities - 7 types d'entités investigables Documentation ajoutée: - NAVIGATION_GRAPH.md: Graph complet de navigation - SOC_OPTIMIZATION_PROPOSAL.md: Proposition d'optimisation pour SOC • Réduction de 7 à 2 clics pour classification • Nouvelle vue /incidents clusterisée • Panel latéral d'investigation • Quick Search (Cmd+K) • Timeline interactive • Graph de corrélations Sécurité: - .gitignore configuré (exclut .env, secrets, node_modules) - Credentials dans .env (à ne pas committer) ⚠️ Audit sécurité réalisé - Voir recommandations dans SOC_OPTIMIZATION_PROPOSAL.md Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
151 lines
5.7 KiB
Bash
Executable File
151 lines
5.7 KiB
Bash
Executable File
#!/bin/bash
|
|
# Rapport de tests API - Bot Detector Dashboard
|
|
|
|
BASE_URL="http://localhost:3000"
|
|
PASS=0
|
|
FAIL=0
|
|
|
|
test_endpoint() {
|
|
local name=$1
|
|
local endpoint=$2
|
|
local expected=$3
|
|
local check=$4
|
|
|
|
response=$(curl -s "$BASE_URL$endpoint")
|
|
|
|
if [ "$check" = "status" ]; then
|
|
result=$(echo "$response" | jq -r '.status' 2>/dev/null)
|
|
elif [ "$check" = "keys" ]; then
|
|
result=$(echo "$response" | jq 'keys | length' 2>/dev/null)
|
|
elif [ "$check" = "items_length" ]; then
|
|
result=$(echo "$response" | jq '.items | length' 2>/dev/null)
|
|
elif [ "$check" = "exists" ]; then
|
|
result=$(echo "$response" | jq -r "$check" 2>/dev/null)
|
|
else
|
|
result=$(echo "$response" | jq -r "$check" 2>/dev/null)
|
|
fi
|
|
|
|
if [ "$result" != "null" ] && [ -n "$result" ]; then
|
|
echo "✅ PASS: $name"
|
|
((PASS++))
|
|
else
|
|
echo "❌ FAIL: $name (endpoint: $endpoint)"
|
|
((FAIL++))
|
|
fi
|
|
}
|
|
|
|
echo "=========================================="
|
|
echo "📊 RAPPORT DE TESTS API"
|
|
echo "=========================================="
|
|
echo ""
|
|
echo "Date: $(date)"
|
|
echo "Base URL: $BASE_URL"
|
|
echo ""
|
|
echo "------------------------------------------"
|
|
echo "HEALTH CHECK"
|
|
echo "------------------------------------------"
|
|
test_endpoint "Health check status" "/health" "healthy" ".status"
|
|
test_endpoint "Health check ClickHouse" "/health" "connected" ".clickhouse"
|
|
|
|
echo ""
|
|
echo "------------------------------------------"
|
|
echo "METRICS"
|
|
echo "------------------------------------------"
|
|
test_endpoint "Metrics summary" "/api/metrics" "total_detections" ".summary.total_detections"
|
|
test_endpoint "Metrics timeseries" "/api/metrics" "timeseries" ".timeseries | length"
|
|
test_endpoint "Threat distribution" "/api/metrics/threats" "items" ".items | length"
|
|
|
|
echo ""
|
|
echo "------------------------------------------"
|
|
echo "DETECTIONS"
|
|
echo "------------------------------------------"
|
|
test_endpoint "Detections list" "/api/detections?page=1&page_size=10" "items" ".items | length"
|
|
test_endpoint "Detections pagination" "/api/detections?page=1&page_size=5" "5" ".items | length"
|
|
test_endpoint "Detection by IP" "/api/detections/116.179.33.143" "src_ip" ".src_ip"
|
|
test_endpoint "Detections filter threat_level" "/api/detections?threat_level=MEDIUM" "items" ".items | length"
|
|
test_endpoint "Detections sort" "/api/detections?sort_by=anomaly_score&sort_order=asc" "items" ".items | length"
|
|
|
|
echo ""
|
|
echo "------------------------------------------"
|
|
echo "VARIABILITY"
|
|
echo "------------------------------------------"
|
|
test_endpoint "Variability IP" "/api/variability/ip/116.179.33.143" "total_detections" ".total_detections"
|
|
test_endpoint "Variability country IPs" "/api/variability/country/CN/ips?limit=5" "ips" ".ips | length"
|
|
test_endpoint "Variability user_agents" "/api/variability/ip/116.179.33.143/user_agents?limit=5" "user_agents" ".user_agents | length"
|
|
|
|
echo ""
|
|
echo "------------------------------------------"
|
|
echo "ANALYSIS"
|
|
echo "------------------------------------------"
|
|
test_endpoint "Analysis subnet" "/api/analysis/116.179.33.143/subnet" "subnet" ".subnet"
|
|
test_endpoint "Analysis country" "/api/analysis/116.179.33.143/country" "ip_country" ".ip_country.code"
|
|
test_endpoint "Analysis JA4" "/api/analysis/116.179.33.143/ja4" "ja4" ".ja4"
|
|
test_endpoint "Analysis user-agents" "/api/analysis/116.179.33.143/user-agents" "ip_user_agents" ".ip_user_agents | length"
|
|
test_endpoint "Analysis recommendation" "/api/analysis/116.179.33.143/recommendation" "label" ".label"
|
|
test_endpoint "Analysis top country" "/api/analysis/country" "top_countries" ".top_countries | length"
|
|
|
|
echo ""
|
|
echo "------------------------------------------"
|
|
echo "ENTITIES"
|
|
echo "------------------------------------------"
|
|
test_endpoint "Entities IP" "/api/entities/ip/116.179.33.143" "stats" ".stats.entity_type"
|
|
test_endpoint "Entities related" "/api/entities/ip/116.179.33.143/related" "related" ".related | keys | length"
|
|
test_endpoint "Entities types" "/api/entities/types" "entity_types" ".entity_types | length"
|
|
|
|
echo ""
|
|
echo "------------------------------------------"
|
|
echo "ATTRIBUTES"
|
|
echo "------------------------------------------"
|
|
test_endpoint "Attributes IP" "/api/attributes/ip?limit=5" "items" ".items | length"
|
|
test_endpoint "Attributes JA4" "/api/attributes/ja4?limit=5" "items" ".items | length"
|
|
test_endpoint "Attributes country" "/api/attributes/country?limit=5" "items" ".items | length"
|
|
|
|
echo ""
|
|
echo "------------------------------------------"
|
|
echo "FRONTEND"
|
|
echo "------------------------------------------"
|
|
response=$(curl -s "$BASE_URL/")
|
|
if echo "$response" | grep -q "Bot Detector Dashboard"; then
|
|
echo "✅ PASS: Frontend HTML served"
|
|
((PASS++))
|
|
else
|
|
echo "❌ FAIL: Frontend HTML not served"
|
|
((FAIL++))
|
|
fi
|
|
|
|
if echo "$response" | grep -q "assets/"; then
|
|
echo "✅ PASS: Frontend assets referenced"
|
|
((PASS++))
|
|
else
|
|
echo "❌ FAIL: Frontend assets not referenced"
|
|
((FAIL++))
|
|
fi
|
|
|
|
css_status=$(curl -s -o /dev/null -w "%{http_code}" "$BASE_URL/assets/index-04JQmLnn.css")
|
|
if [ "$css_status" = "200" ]; then
|
|
echo "✅ PASS: CSS asset accessible"
|
|
((PASS++))
|
|
else
|
|
echo "❌ FAIL: CSS asset not accessible"
|
|
((FAIL++))
|
|
fi
|
|
|
|
js_status=$(curl -s -o /dev/null -w "%{http_code}" "$BASE_URL/assets/index-CRGscVYE.js")
|
|
if [ "$js_status" = "200" ]; then
|
|
echo "✅ PASS: JS asset accessible"
|
|
((PASS++))
|
|
else
|
|
echo "❌ FAIL: JS asset not accessible"
|
|
((FAIL++))
|
|
fi
|
|
|
|
echo ""
|
|
echo "=========================================="
|
|
echo "📈 RÉSULTATS"
|
|
echo "=========================================="
|
|
echo "✅ PASS: $PASS"
|
|
echo "❌ FAIL: $FAIL"
|
|
echo "Total: $((PASS + FAIL))"
|
|
echo "Taux de succès: $(echo "scale=2; $PASS * 100 / ($PASS + $FAIL)" | bc)%"
|
|
echo "=========================================="
|