First sync

GCP/GCP - PubSUB.ps1

@@ -0,0 +1,34 @@
+# Définir les variables de configuration
+$jsonKeyFile      = "C:\Users\hcornet\Downloads\ari-prj-np-mdf-001-d6cd222549da.json"   # Modifier le chemin vers votre fichier JSON d'authentification
+$projectId        = "ari-prj-np-mdf-001"                         # Remplacez par l'ID de votre projet GCP
+$subscriptionName = "alerte:pull"                # Remplacez par le nom de la subscription Pub/Sub
+$APIUrl           = "https://pubsub.googleapis.com/v1"
+
+# Activer le compte de service avec le fichier JSON
+Write-Output "Activation du compte de service..."
+gcloud auth activate-service-account --key-file $jsonKeyFile
+
+# Récupérer le token d'accès
+Write-Output "Récupération du token d'accès..."
+$accessToken = gcloud auth print-access-token
+
+# Définir l'URL de l'API Pub/Sub pour une opération de pull (récupération de messages)
+$uri = "$APIUrl/projects/$projectId/subscriptions/$subscriptionName"
+
+$Headers = @{
+    Authorization = "Bearer $accessToken"
+    "accept"         = "application/json"
+    "Content-Type"   = "application/json"
+}
+
+# Préparer le corps de la requête (ici, on demande jusqu'à 10 messages)
+$payloadPull = @{
+     maxMessages = 10
+} | ConvertTo-Json -Depth 10
+
+Write-Output "Interrogation de l'API Pub/Sub..."
+# Appeler l'API Pub/Sub avec une requête POST
+$responsePull = Invoke-RestMethod -Uri $uri -Method POST -Headers $Headers -Body $payloadPull
+
+# Afficher la réponse
+Write-Output "Réponse de l'API :" $responsePull | ConvertTo-Json -Depth 10

GCP/GCP-Publish.ps1

@@ -0,0 +1,73 @@
+# Définir les variables de configuration
+#$jsonKeyFile  = "C:\Users\hcornet\Downloads\ari-prj-np-mdf-001-d6cd222549da.json"   # Modifier le chemin vers votre fichier JSON d'authentification
+$jsonKeyFile  = "C:\Users\hcornet\Downloads\ari-prj-mdf-001-e24a11fe72e5.json"
+#$projectId    = "ari-prj-np-mdf-001"
+$projectId    = "ari-prj-mdf-001"
+$Topic        = "MindFlow:publish"
+$subscription = "Alerte:pull"
+$APIUrl       = "https://pubsub.googleapis.com/v1"
+$subject      = "Azure Activity"
+$Message      = "Message Lundi 26 Mai Test en directe à 15:40"
+
+$data            = $null
+$responsePublish = $null
+$responsePull    = $null
+
+# Activer le compte de service avec le fichier JSON
+Write-Output "Activation du compte de service..."
+gcloud auth activate-service-account --key-file $jsonKeyFile
+
+# Récupérer le token d'accès
+Write-Output "Récupération du token d'accès..."
+$accessToken = gcloud auth print-access-token
+
+# Définir l'URL de l'API Pub/Sub pour une opération de pull (récupération de messages)
+$PublishUrl = "$APIUrl/projects/$projectId/topics/$topic"
+$PullUrl    = "$APIUrl/projects/$projectId/subscriptions/$subscription"
+
+# Publier le message sur le topic Pub/Sub
+#$base64Message = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($Message))
+
+$Headers = @{
+    Authorization  = "Bearer $accessToken"
+    "accept"       = "application/json"
+    "Content-Type" = "application/json"
+}
+
+# Préparer le corps de la requête (ici, on demande jusqu'à 10 messages)
+$payloadPublish = @{
+    messages = @(
+        @{
+            data = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($Message))
+            attributes = @{
+                subject = $subject
+            }
+        }
+    )
+} | ConvertTo-Json -Depth 10
+
+Write-Output "Utilisation de l'API Pub/Sub..."
+# Appeler l'API Pub/Sub avec une requête POST
+$responsePublish = Invoke-RestMethod -Method POST -Uri $PublishUrl -Headers $Headers -Body $payloadPublish
+
+# Afficher la réponse
+Write-Output "Réponse de l'API :" $responsePublish | ConvertTo-Json -Depth 10
+
+# Préparer le corps de la requête (ici, on demande jusqu'à 10 messages)
+$payloadPull = @{
+    maxMessages = 10
+} | ConvertTo-Json -Depth 10
+
+Write-Output "Interrogation de l'API Pub/Sub..."
+# Appeler l'API Pub/Sub avec une requête POST
+$responsePull = Invoke-RestMethod -Method Post -Uri $pullUrl -Headers $headers -Body $payloadPull # -ContentType "application/json"
+
+# Afficher la réponse
+If ($responsePull.receivedMessages) {
+    Write-Host "Message tiré. Réponse : " $responsePull.receivedMessages
+    Foreach ($message in $responsePull.receivedMessages) {
+        $data = [System.Text.Encoding]::UTF8.GetString([Convert]::FromBase64String($message.message.data))
+        Write-Host "Received message: $data"
+
+    }
+}

GCP/Publish-PubSub.ps1

@@ -0,0 +1,30 @@
+$ProjectId   = "ari-prj-np-mdf-001"
+$TopicName   = "MindFlow:publish"
+$Message     = "Vendredi 23 mai à 12:00"
+$AccessToken = "ya29.a0AW4Xtxhb0o5hP7lkY1kH6ZplZy2hUlfLP1l7QDQlv8th758tD2T-GSL3fKw65zQGr1ilrBBpgn9lM3B4ZhZTmebQgwPykr6gW_MbhLDr7RWmY5mBZXY3EPz9hYjaWa4qEbJDyp1NHsSCKeYWQ-9n24jMNRjeqzxPH50qQIBV2wH7lgaCgYKAToSARESFQHGX2MiqPoqBQZYeAWTQqbEYyLehA0181"
+$apiUrl      = "https://pubsub.googleapis.com/v1/projects/$ProjectId/topics/$TopicName"
+$response    = $null
+
+$headers = @{
+    "Authorization"  = "Bearer $AccessToken"
+    "accept"         = "application/json"
+    "Content-Type"   = "application/json"
+}
+
+# Define the request body (if needed)
+$body = @{
+     messages= @(
+       @{
+         data = [Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes($message))
+         attributes = @{
+            subject = "ARI_202209_029"
+         }
+       }
+     )
+} | ConvertTo-Json -Depth 10
+
+# Make the API call using Invoke-RestMethod
+$response = Invoke-RestMethod -Uri $apiUrl -Method Post -Headers $headers -Body $body
+
+# Output the response
+$response

GCP/Pull-PubSub.ps1

@@ -0,0 +1,50 @@
+$projectId        = "ari-prj-mdf-001"
+$subscriptionName = "Alerte:pull"
+$Acknowledge      = "Alerte:acknowledge"
+$AccessToken      = "ya29.a0AW4Xtxhr8rj3E7RdTI8EFlWlaEUYXosHFFW3ZmqC4suDspyzi5WdEkNK6xGafJxzmkan6obZjRNuV1rKNyi1MBJAVhz0HQIdjd1B2nH10pq0N9WkQNMVOQM-9SDtsI1_ubVgww1uv7lZI16MvjDOyVmHeD92KtLhb4bQJEmtQsrpEm0aCgYKAUYSARESFQHGX2MiZux4MfqHTzFxi-5xR0k_Ww0182"
+
+$response = $Null
+
+$apiUrl = "https://pubsub.googleapis.com/v1/projects/$projectId/subscriptions/$subscriptionName"
+
+$headers = @{
+    "Authorization"  = "Bearer $AccessToken"
+    "accept"         = "application/json"
+    "Content-Type"   = "application/json"
+}
+
+$body = @{
+     maxMessages = 100
+} | ConvertTo-Json -Depth 10
+
+$response = Invoke-RestMethod -Uri $apiUrl -Method Post -Headers $headers -Body $body
+
+#Write-Host "Message tiré. Réponse : " $response.receivedMessages
+
+# Afficher les messages
+If ($response.receivedMessages) {
+    Foreach ($message in $response.receivedMessages) {
+        $data = [System.Text.Encoding]::UTF8.GetString([Convert]::FromBase64String($message.message.data))
+        Write-host "*******************************"
+        Write-Host "Received message: $data"
+        $message.message.messageId
+        #$message.message.publishTime
+        #$message.message.attributes.subject
+        Write-host "*******************************"
+
+#        $ackIds = $response.receivedMessages | ForEach-Object { $_.ackId }
+
+        # Accuser réception du message
+#        $ackId = $message.message.messageId
+#        $ackUrl = "https://pubsub.googleapis.com/v1/projects/$projectId/subscriptions/$Acknowledge"
+
+#        $ackBody = @{
+#            ackIds = @($ackId)
+#        } | ConvertTo-Json
+
+#        Invoke-RestMethod -Uri $ackUrl -Method Post -Headers $headers -Body $ackBody
+    }
+}
+Else {
+     Write-Host "No messages received."
+}

GCP/pub-Sub.ps1

@@ -0,0 +1,81 @@
+# Variables à configurer
+$Project = "ari-prj-np-mdf-001"
+$Topic = "MindFlow:publish"
+$Subscription = "Alerte:pull"
+$Acknowledge = "Alerte:acknowledge"
+$subject     = "Test subject"
+$Message     = "Message lundi 26 mai Test en direct"
+$APIUrl = "https://pubsub.googleapis.com/v1"
+
+$PublishUrl = "$apiUrl/projects/$project/topics/$topic"
+$PullUrl    = "$APIUrl/projects/$project/subscriptions/$subscription"
+
+# Récupérer un jeton d'accès via gcloud (assurez-vous que gcloud est installé et configuré)
+$AccessToken = "ya29.a0AW4XtxiaBCPy6Wp2dTnjTi-W0g-tMFwMNHv_aYNzChaFOg9yH7mYliW0WDOnisy99HLwHTTEI-eV7qbkCP_oea-d1rc1SNovVPAe1fLged__1xFN0hKYtk4ZlVMUnT_fNoC7DcG88I_PdYbc0SgSgBKvoM0szcGumHlBspJYUvxcGQaCgYKAWcSARESFQHGX2MiG1rXkcIBkOLbcXfDncySPw0181"
+
+If (-not $accessToken) {
+    Write-Error "Impossible d'obtenir un jeton d'accès. Vérifiez votre configuration gcloud."
+    exit
+}
+
+$Headers = @{
+    Authorization = "Bearer $AccessToken"
+    "accept"         = "application/json"
+    "Content-Type"   = "application/json"
+}
+
+# Publier le message sur le topic Pub/Sub
+#$base64Message = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($Message))
+
+$payloadPublish = @{
+    messages = @(
+        @{
+            data = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($Message))
+            attributes = @{
+                subject = $subject
+            }
+        }
+    )
+} | ConvertTo-Json -Depth 10
+
+$responsePublish = Invoke-RestMethod -Method Post -Uri $publishUrl -Headers $headers -Body $payloadPublish # -ContentType "application/json"
+Write-Host "Message publié. Réponse :" $responsePublish.messageIds
+
+########################################################################################
+
+# Lire (pull) le message depuis la subscription Pub/Sub
+
+cls
+
+$payloadPull = @{
+    maxMessages = 10
+} | ConvertTo-Json -Depth 10
+
+$responsePull = Invoke-RestMethod -Method Post -Uri $pullUrl -Headers $headers -Body $payloadPull # -ContentType "application/json"
+
+If ($responsePull.receivedMessages) {
+    Write-Host "Message tiré. Réponse : " $responsePull.receivedMessages
+    Foreach ($message in $responsePull.receivedMessages) {
+        $data = [System.Text.Encoding]::UTF8.GetString([Convert]::FromBase64String($message.message.data))
+        Write-Host "Received message: $data"
+
+    }
+}
+
+########################################################################################
+
+# Acquitter le message si présent
+If ($responsePull.receivedMessages) {
+     $ackIds = $responsePull.receivedMessages | ForEach-Object { $_.ackId }
+
+     $ackUrl = "https://pubsub.googleapis.com/v1/projects/$project/subscriptions/$acknowledge"
+     $payloadAck = @{
+         ackIds = $ackIds
+     } | ConvertTo-Json
+
+     Invoke-RestMethod -Method Post -Uri $ackUrl -Headers $headers -Body $payloadAck -ContentType "application/json"
+     Write-Host "Message(s) acquitté(s)."
+}
+Else {
+     Write-Host "Aucun message reçu."
+}

TheHive/API-TheHive.ps1

@@ -0,0 +1,41 @@
+# Define the API endpoint and headers
+$apiUrl = "https://thcp19.aws.thehive-cloud.io/9dd3b3a0-f662-4fda-9202-06d13ba6dc90/thehive/api/v1/alert"
+
+$headers = @{
+    "Authorization"  = "Bearer HcWe0tq3s6m+/wRJcJmyR93W17Ave5lb"
+    "accept"         = "application/json"
+    "Content-Type"   = "application/json"
+}
+
+# Define the request body (if needed)
+$body = @{
+  "type"= "Tentative d'intrusion"
+  "source"= "Firewall"
+  "sourceRef"= "11"
+  "title"= "Tentative d'intrusion"
+  "description"= "Je fais un test un peu plus détaillé"
+  "severity"= 4
+  "tags" = @(
+        "Firewall"
+    )
+  "observables" = @(
+    @{
+        "dataType"= "url"
+        "data"= "https://www.tips-of-mine.com"
+    },
+    @{
+        "dataType"= "mail"
+        "data"= "admin@tips-of-mine.fr"
+    }
+    @{
+        "dataType"= "ip"
+        "data"= "82.66.77.254"
+    }
+  )
+} | ConvertTo-Json -Depth 10
+
+# Make the API call using Invoke-RestMethod
+$response = Invoke-RestMethod -Uri $apiUrl -Method Post -Headers $headers -Body $body
+
+# Output the response
+$response