From dd0502453d172948b741fd93211323a442b1ec45 Mon Sep 17 00:00:00 2001 From: hcornet Date: Tue, 3 Jun 2025 09:41:27 +0200 Subject: [PATCH] First sync --- GCP/GCP - PubSUB.ps1 | 34 +++++++++++++++++ GCP/GCP-Publish.ps1 | 73 +++++++++++++++++++++++++++++++++++++ GCP/Publish-PubSub.ps1 | 30 +++++++++++++++ GCP/Pull-PubSub.ps1 | 50 +++++++++++++++++++++++++ GCP/pub-Sub.ps1 | 81 +++++++++++++++++++++++++++++++++++++++++ TheHive/API-TheHive.ps1 | 41 +++++++++++++++++++++ 6 files changed, 309 insertions(+) create mode 100644 GCP/GCP - PubSUB.ps1 create mode 100644 GCP/GCP-Publish.ps1 create mode 100644 GCP/Publish-PubSub.ps1 create mode 100644 GCP/Pull-PubSub.ps1 create mode 100644 GCP/pub-Sub.ps1 create mode 100644 TheHive/API-TheHive.ps1 diff --git a/GCP/GCP - PubSUB.ps1 b/GCP/GCP - PubSUB.ps1 new file mode 100644 index 0000000..bf9efc8 --- /dev/null +++ b/GCP/GCP - PubSUB.ps1 @@ -0,0 +1,34 @@ +# Définir les variables de configuration +$jsonKeyFile = "C:\Users\hcornet\Downloads\ari-prj-np-mdf-001-d6cd222549da.json" # Modifier le chemin vers votre fichier JSON d'authentification +$projectId = "ari-prj-np-mdf-001" # Remplacez par l'ID de votre projet GCP +$subscriptionName = "alerte:pull" # Remplacez par le nom de la subscription Pub/Sub +$APIUrl = "https://pubsub.googleapis.com/v1" + +# Activer le compte de service avec le fichier JSON +Write-Output "Activation du compte de service..." +gcloud auth activate-service-account --key-file $jsonKeyFile + +# Récupérer le token d'accès +Write-Output "Récupération du token d'accès..." +$accessToken = gcloud auth print-access-token + +# Définir l'URL de l'API Pub/Sub pour une opération de pull (récupération de messages) +$uri = "$APIUrl/projects/$projectId/subscriptions/$subscriptionName" + +$Headers = @{ + Authorization = "Bearer $accessToken" + "accept" = "application/json" + "Content-Type" = "application/json" +} + +# Préparer le corps de la requête (ici, on demande jusqu'à 10 messages) +$payloadPull = @{ + maxMessages = 10 +} | ConvertTo-Json -Depth 10 + +Write-Output "Interrogation de l'API Pub/Sub..." +# Appeler l'API Pub/Sub avec une requête POST +$responsePull = Invoke-RestMethod -Uri $uri -Method POST -Headers $Headers -Body $payloadPull + +# Afficher la réponse +Write-Output "Réponse de l'API :" $responsePull | ConvertTo-Json -Depth 10 diff --git a/GCP/GCP-Publish.ps1 b/GCP/GCP-Publish.ps1 new file mode 100644 index 0000000..aadffee --- /dev/null +++ b/GCP/GCP-Publish.ps1 @@ -0,0 +1,73 @@ +# Définir les variables de configuration +#$jsonKeyFile = "C:\Users\hcornet\Downloads\ari-prj-np-mdf-001-d6cd222549da.json" # Modifier le chemin vers votre fichier JSON d'authentification +$jsonKeyFile = "C:\Users\hcornet\Downloads\ari-prj-mdf-001-e24a11fe72e5.json" +#$projectId = "ari-prj-np-mdf-001" +$projectId = "ari-prj-mdf-001" +$Topic = "MindFlow:publish" +$subscription = "Alerte:pull" +$APIUrl = "https://pubsub.googleapis.com/v1" +$subject = "Azure Activity" +$Message = "Message Lundi 26 Mai Test en directe à 15:40" + +$data = $null +$responsePublish = $null +$responsePull = $null + +# Activer le compte de service avec le fichier JSON +Write-Output "Activation du compte de service..." +gcloud auth activate-service-account --key-file $jsonKeyFile + +# Récupérer le token d'accès +Write-Output "Récupération du token d'accès..." +$accessToken = gcloud auth print-access-token + +# Définir l'URL de l'API Pub/Sub pour une opération de pull (récupération de messages) +$PublishUrl = "$APIUrl/projects/$projectId/topics/$topic" +$PullUrl = "$APIUrl/projects/$projectId/subscriptions/$subscription" + +# Publier le message sur le topic Pub/Sub +#$base64Message = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($Message)) + +$Headers = @{ + Authorization = "Bearer $accessToken" + "accept" = "application/json" + "Content-Type" = "application/json" +} + +# Préparer le corps de la requête (ici, on demande jusqu'à 10 messages) +$payloadPublish = @{ + messages = @( + @{ + data = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($Message)) + attributes = @{ + subject = $subject + } + } + ) +} | ConvertTo-Json -Depth 10 + +Write-Output "Utilisation de l'API Pub/Sub..." +# Appeler l'API Pub/Sub avec une requête POST +$responsePublish = Invoke-RestMethod -Method POST -Uri $PublishUrl -Headers $Headers -Body $payloadPublish + +# Afficher la réponse +Write-Output "Réponse de l'API :" $responsePublish | ConvertTo-Json -Depth 10 + +# Préparer le corps de la requête (ici, on demande jusqu'à 10 messages) +$payloadPull = @{ + maxMessages = 10 +} | ConvertTo-Json -Depth 10 + +Write-Output "Interrogation de l'API Pub/Sub..." +# Appeler l'API Pub/Sub avec une requête POST +$responsePull = Invoke-RestMethod -Method Post -Uri $pullUrl -Headers $headers -Body $payloadPull # -ContentType "application/json" + +# Afficher la réponse +If ($responsePull.receivedMessages) { + Write-Host "Message tiré. Réponse : " $responsePull.receivedMessages + Foreach ($message in $responsePull.receivedMessages) { + $data = [System.Text.Encoding]::UTF8.GetString([Convert]::FromBase64String($message.message.data)) + Write-Host "Received message: $data" + + } +} diff --git a/GCP/Publish-PubSub.ps1 b/GCP/Publish-PubSub.ps1 new file mode 100644 index 0000000..013f61a --- /dev/null +++ b/GCP/Publish-PubSub.ps1 @@ -0,0 +1,30 @@ +$ProjectId = "ari-prj-np-mdf-001" +$TopicName = "MindFlow:publish" +$Message = "Vendredi 23 mai à 12:00" +$AccessToken = "ya29.a0AW4Xtxhb0o5hP7lkY1kH6ZplZy2hUlfLP1l7QDQlv8th758tD2T-GSL3fKw65zQGr1ilrBBpgn9lM3B4ZhZTmebQgwPykr6gW_MbhLDr7RWmY5mBZXY3EPz9hYjaWa4qEbJDyp1NHsSCKeYWQ-9n24jMNRjeqzxPH50qQIBV2wH7lgaCgYKAToSARESFQHGX2MiqPoqBQZYeAWTQqbEYyLehA0181" +$apiUrl = "https://pubsub.googleapis.com/v1/projects/$ProjectId/topics/$TopicName" +$response = $null + +$headers = @{ + "Authorization" = "Bearer $AccessToken" + "accept" = "application/json" + "Content-Type" = "application/json" +} + +# Define the request body (if needed) +$body = @{ + messages= @( + @{ + data = [Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes($message)) + attributes = @{ + subject = "ARI_202209_029" + } + } + ) +} | ConvertTo-Json -Depth 10 + +# Make the API call using Invoke-RestMethod +$response = Invoke-RestMethod -Uri $apiUrl -Method Post -Headers $headers -Body $body + +# Output the response +$response \ No newline at end of file diff --git a/GCP/Pull-PubSub.ps1 b/GCP/Pull-PubSub.ps1 new file mode 100644 index 0000000..568786d --- /dev/null +++ b/GCP/Pull-PubSub.ps1 @@ -0,0 +1,50 @@ +$projectId = "ari-prj-mdf-001" +$subscriptionName = "Alerte:pull" +$Acknowledge = "Alerte:acknowledge" +$AccessToken = "ya29.a0AW4Xtxhr8rj3E7RdTI8EFlWlaEUYXosHFFW3ZmqC4suDspyzi5WdEkNK6xGafJxzmkan6obZjRNuV1rKNyi1MBJAVhz0HQIdjd1B2nH10pq0N9WkQNMVOQM-9SDtsI1_ubVgww1uv7lZI16MvjDOyVmHeD92KtLhb4bQJEmtQsrpEm0aCgYKAUYSARESFQHGX2MiZux4MfqHTzFxi-5xR0k_Ww0182" + +$response = $Null + +$apiUrl = "https://pubsub.googleapis.com/v1/projects/$projectId/subscriptions/$subscriptionName" + +$headers = @{ + "Authorization" = "Bearer $AccessToken" + "accept" = "application/json" + "Content-Type" = "application/json" +} + +$body = @{ + maxMessages = 100 +} | ConvertTo-Json -Depth 10 + +$response = Invoke-RestMethod -Uri $apiUrl -Method Post -Headers $headers -Body $body + +#Write-Host "Message tiré. Réponse : " $response.receivedMessages + +# Afficher les messages +If ($response.receivedMessages) { + Foreach ($message in $response.receivedMessages) { + $data = [System.Text.Encoding]::UTF8.GetString([Convert]::FromBase64String($message.message.data)) + Write-host "*******************************" + Write-Host "Received message: $data" + $message.message.messageId + #$message.message.publishTime + #$message.message.attributes.subject + Write-host "*******************************" + +# $ackIds = $response.receivedMessages | ForEach-Object { $_.ackId } + + # Accuser réception du message +# $ackId = $message.message.messageId +# $ackUrl = "https://pubsub.googleapis.com/v1/projects/$projectId/subscriptions/$Acknowledge" + +# $ackBody = @{ +# ackIds = @($ackId) +# } | ConvertTo-Json + +# Invoke-RestMethod -Uri $ackUrl -Method Post -Headers $headers -Body $ackBody + } +} +Else { + Write-Host "No messages received." +} diff --git a/GCP/pub-Sub.ps1 b/GCP/pub-Sub.ps1 new file mode 100644 index 0000000..4d88f10 --- /dev/null +++ b/GCP/pub-Sub.ps1 @@ -0,0 +1,81 @@ +# Variables à configurer +$Project = "ari-prj-np-mdf-001" +$Topic = "MindFlow:publish" +$Subscription = "Alerte:pull" +$Acknowledge = "Alerte:acknowledge" +$subject = "Test subject" +$Message = "Message lundi 26 mai Test en direct" +$APIUrl = "https://pubsub.googleapis.com/v1" + +$PublishUrl = "$apiUrl/projects/$project/topics/$topic" +$PullUrl = "$APIUrl/projects/$project/subscriptions/$subscription" + +# Récupérer un jeton d'accès via gcloud (assurez-vous que gcloud est installé et configuré) +$AccessToken = "ya29.a0AW4XtxiaBCPy6Wp2dTnjTi-W0g-tMFwMNHv_aYNzChaFOg9yH7mYliW0WDOnisy99HLwHTTEI-eV7qbkCP_oea-d1rc1SNovVPAe1fLged__1xFN0hKYtk4ZlVMUnT_fNoC7DcG88I_PdYbc0SgSgBKvoM0szcGumHlBspJYUvxcGQaCgYKAWcSARESFQHGX2MiG1rXkcIBkOLbcXfDncySPw0181" + +If (-not $accessToken) { + Write-Error "Impossible d'obtenir un jeton d'accès. Vérifiez votre configuration gcloud." + exit +} + +$Headers = @{ + Authorization = "Bearer $AccessToken" + "accept" = "application/json" + "Content-Type" = "application/json" +} + +# Publier le message sur le topic Pub/Sub +#$base64Message = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($Message)) + +$payloadPublish = @{ + messages = @( + @{ + data = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($Message)) + attributes = @{ + subject = $subject + } + } + ) +} | ConvertTo-Json -Depth 10 + +$responsePublish = Invoke-RestMethod -Method Post -Uri $publishUrl -Headers $headers -Body $payloadPublish # -ContentType "application/json" +Write-Host "Message publié. Réponse :" $responsePublish.messageIds + +######################################################################################## + +# Lire (pull) le message depuis la subscription Pub/Sub + +cls + +$payloadPull = @{ + maxMessages = 10 +} | ConvertTo-Json -Depth 10 + +$responsePull = Invoke-RestMethod -Method Post -Uri $pullUrl -Headers $headers -Body $payloadPull # -ContentType "application/json" + +If ($responsePull.receivedMessages) { + Write-Host "Message tiré. Réponse : " $responsePull.receivedMessages + Foreach ($message in $responsePull.receivedMessages) { + $data = [System.Text.Encoding]::UTF8.GetString([Convert]::FromBase64String($message.message.data)) + Write-Host "Received message: $data" + + } +} + +######################################################################################## + +# Acquitter le message si présent +If ($responsePull.receivedMessages) { + $ackIds = $responsePull.receivedMessages | ForEach-Object { $_.ackId } + + $ackUrl = "https://pubsub.googleapis.com/v1/projects/$project/subscriptions/$acknowledge" + $payloadAck = @{ + ackIds = $ackIds + } | ConvertTo-Json + + Invoke-RestMethod -Method Post -Uri $ackUrl -Headers $headers -Body $payloadAck -ContentType "application/json" + Write-Host "Message(s) acquitté(s)." +} +Else { + Write-Host "Aucun message reçu." +} \ No newline at end of file diff --git a/TheHive/API-TheHive.ps1 b/TheHive/API-TheHive.ps1 new file mode 100644 index 0000000..5c7e7a1 --- /dev/null +++ b/TheHive/API-TheHive.ps1 @@ -0,0 +1,41 @@ +# Define the API endpoint and headers +$apiUrl = "https://thcp19.aws.thehive-cloud.io/9dd3b3a0-f662-4fda-9202-06d13ba6dc90/thehive/api/v1/alert" + +$headers = @{ + "Authorization" = "Bearer HcWe0tq3s6m+/wRJcJmyR93W17Ave5lb" + "accept" = "application/json" + "Content-Type" = "application/json" +} + +# Define the request body (if needed) +$body = @{ + "type"= "Tentative d'intrusion" + "source"= "Firewall" + "sourceRef"= "11" + "title"= "Tentative d'intrusion" + "description"= "Je fais un test un peu plus détaillé" + "severity"= 4 + "tags" = @( + "Firewall" + ) + "observables" = @( + @{ + "dataType"= "url" + "data"= "https://www.tips-of-mine.com" + }, + @{ + "dataType"= "mail" + "data"= "admin@tips-of-mine.fr" + } + @{ + "dataType"= "ip" + "data"= "82.66.77.254" + } + ) +} | ConvertTo-Json -Depth 10 + +# Make the API call using Invoke-RestMethod +$response = Invoke-RestMethod -Uri $apiUrl -Method Post -Headers $headers -Body $body + +# Output the response +$response \ No newline at end of file