code_public/dashboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f6d4027e556196bdcf2f29b8f5ce61e7e68ad7e1
dashboard/test_dashboard.sh
SOC Analyst a61828d1e7 Initial commit: Bot Detector Dashboard for SOC Incident Response 
🛡️ Dashboard complet pour l'analyse et la classification des menaces

Fonctionnalités principales:
- Visualisation des détections en temps réel (24h)
- Investigation multi-entités (IP, JA4, ASN, Host, User-Agent)
- Analyse de corrélation pour classification SOC
- Clustering automatique par subnet/JA4/UA
- Export des classifications pour ML

Composants:
- Backend: FastAPI (Python) + ClickHouse
- Frontend: React + TypeScript + TailwindCSS
- 6 routes API: metrics, detections, variability, attributes, analysis, entities
- 7 types d'entités investigables

Documentation ajoutée:
- NAVIGATION_GRAPH.md: Graph complet de navigation
- SOC_OPTIMIZATION_PROPOSAL.md: Proposition d'optimisation pour SOC
  • Réduction de 7 à 2 clics pour classification
  • Nouvelle vue /incidents clusterisée
  • Panel latéral d'investigation
  • Quick Search (Cmd+K)
  • Timeline interactive
  • Graph de corrélations

Sécurité:
- .gitignore configuré (exclut .env, secrets, node_modules)
- Credentials dans .env (à ne pas committer)

⚠️ Audit sécurité réalisé - Voir recommandations dans SOC_OPTIMIZATION_PROPOSAL.md

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
2026-03-14 21:33:55 +01:00

137 lines
4.9 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
echo "╔════════════════════════════════════════════════════════════╗"
echo "║ Dashboard Bot Detector - Test Complet ║"
echo "╚════════════════════════════════════════════════════════════╝"
echo ""
TESTS_PASSED=0
TESTS_FAILED=0
# Test 1: Health check
echo "🧪 Test 1: Health check..."
HEALTH=$(curl -s http://localhost:3000/health | jq -r '.status')
if [ "$HEALTH" = "healthy" ]; then
echo "✅ Health check: $HEALTH"
TESTS_PASSED=$((TESTS_PASSED+1))
else
echo "❌ Health check failed"
TESTS_FAILED=$((TESTS_FAILED+1))
fi
# Test 2: API detections endpoint
echo "🧪 Test 2: API detections endpoint..."
DETECTIONS=$(curl -s "http://localhost:3000/api/detections?page=1&page_size=5" | jq '.total')
if [ "$DETECTIONS" != "null" ] && [ "$DETECTIONS" -gt 0 ]; then
echo "✅ Detections API: $DETECTIONS détections"
TESTS_PASSED=$((TESTS_PASSED+1))
else
echo "❌ Detections API failed"
TESTS_FAILED=$((TESTS_FAILED+1))
fi
# Test 3: Tri par score par défaut
echo "🧪 Test 3: Tri par score par défaut..."
FIRST_SCORE=$(curl -s "http://localhost:3000/api/detections?page=1&page_size=1&sort_by=anomaly_score&sort_order=asc" | jq '.items[0].anomaly_score')
if [ "$FIRST_SCORE" != "null" ]; then
echo "✅ Tri par score: $FIRST_SCORE (scores négatifs en premier)"
TESTS_PASSED=$((TESTS_PASSED+1))
else
echo "❌ Tri par score failed"
TESTS_FAILED=$((TESTS_FAILED+1))
fi
# Test 4: Endpoint variability IP
echo "🧪 Test 4: Endpoint variability IP..."
VAR_IP=$(curl -s "http://localhost:3000/api/variability/ip/116.179.33.143" | jq '.total_detections')
if [ "$VAR_IP" != "null" ]; then
echo "✅ Variability IP: $VAR_IP détections"
TESTS_PASSED=$((TESTS_PASSED+1))
else
echo "❌ Variability IP failed"
TESTS_FAILED=$((TESTS_FAILED+1))
fi
# Test 5: Endpoint IPs associées
echo "🧪 Test 5: Endpoint IPs associées..."
IPS=$(curl -s "http://localhost:3000/api/variability/country/CN/ips?limit=5" | jq '.total')
if [ "$IPS" != "null" ] && [ "$IPS" -gt 0 ]; then
echo "✅ IPs associées: $IPS IPs totales"
TESTS_PASSED=$((TESTS_PASSED+1))
else
echo "❌ IPs associées failed"
TESTS_FAILED=$((TESTS_FAILED+1))
fi
# Test 6: Endpoint user_agents
echo "🧪 Test 6: Endpoint user_agents..."
UA=$(curl -s "http://localhost:3000/api/variability/ip/116.179.33.143/user_agents?limit=5" | jq '.total')
if [ "$UA" != "null" ]; then
echo "✅ User-Agents: $UA user-agents"
TESTS_PASSED=$((TESTS_PASSED+1))
else
echo "❌ User-Agents failed"
TESTS_FAILED=$((TESTS_FAILED+1))
fi
# Test 7: Endpoint analysis subnet
echo "🧪 Test 7: Endpoint analysis subnet..."
SUBNET=$(curl -s "http://localhost:3000/api/analysis/116.179.33.143/subnet" | jq '.total_in_subnet')
if [ "$SUBNET" != "null" ]; then
echo "✅ Analysis Subnet: $SUBNET IPs"
TESTS_PASSED=$((TESTS_PASSED+1))
else
echo "❌ Analysis Subnet failed"
TESTS_FAILED=$((TESTS_FAILED+1))
fi
# Test 8: Endpoint analysis country
echo "🧪 Test 8: Endpoint analysis country..."
COUNTRY=$(curl -s "http://localhost:3000/api/analysis/116.179.33.143/country" | jq '.ip_country.code')
if [ "$COUNTRY" != "null" ]; then
echo "✅ Analysis Country: $COUNTRY"
TESTS_PASSED=$((TESTS_PASSED+1))
else
echo "❌ Analysis Country failed"
TESTS_FAILED=$((TESTS_FAILED+1))
fi
# Test 9: Endpoint classifications
echo "🧪 Test 9: Endpoint classifications..."
CLASSIF=$(curl -s "http://localhost:3000/api/analysis/classifications?limit=5" | jq '.total')
if [ "$CLASSIF" != "null" ]; then
echo "✅ Classifications: $CLASSIF classifications"
TESTS_PASSED=$((TESTS_PASSED+1))
else
echo "❌ Classifications failed"
TESTS_FAILED=$((TESTS_FAILED+1))
fi
# Test 10: Frontend accessible
echo "🧪 Test 10: Frontend accessible..."
FRONTEND=$(curl -s http://localhost:3000/ | grep -c "Bot Detector Dashboard")
if [ "$FRONTEND" -gt 0 ]; then
echo "✅ Frontend: Dashboard accessible"
TESTS_PASSED=$((TESTS_PASSED+1))
else
echo "❌ Frontend failed"
TESTS_FAILED=$((TESTS_FAILED+1))
fi
echo ""
echo "════════════════════════════════════════════════════════════"
echo " Tests passés: $TESTS_PASSED"
echo " Tests échoués: $TESTS_FAILED"
echo "════════════════════════════════════════════════════════════"
if [ "$TESTS_FAILED" -eq 0 ]; then
echo ""
echo "✅ Tous les tests sont passés avec succès ! 🎉"
echo ""
exit 0
else
echo ""
echo "❌ Certains tests ont échoué."
echo ""
exit 1
fi
Reference in New Issue View Git Blame Copy Permalink