mirror of
https://github.com/marcredhat/SIEM-toolkit-patched
synced 2026-06-11 05:41:19 +00:00
Add Stormshield ingest verifier
End-to-end regression test for the SDL Stormshield parser: - test.py single upload + 150s polling verifier - send_burst.py 4 varied events (different users, IPs, actions) with current timestamps - verify_query.py query last 15 min of stormshield events - run_and_verify.sh burst + 40s wait + verify - config.example.json template (config.json is gitignored) - README.md setup, run, behaviour-quirks docs Use against a real SDL tenant after deploying parsers/stormshield. Confirms parser='stormshield', dataSource.name='Stormshield', and the 5 OCSF rewrites (src_endpoint.ip/port, dst_endpoint.ip/port, actor.user.name).
This commit is contained in:
marc
Executable
+11
@@ -0,0 +1,11 @@
|
||||
#!/usr/bin/env bash
|
||||
set -e
|
||||
cd /tmp/stormshield-verify
|
||||
echo "============ STEP 1: send burst ============"
|
||||
python3 send_burst.py
|
||||
echo
|
||||
echo "============ STEP 2: wait 40s for ingest ============"
|
||||
sleep 40
|
||||
echo
|
||||
echo "============ STEP 3: query SDL ============"
|
||||
python3 verify_query.py
|
||||
Reference in New Issue
Block a user