gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9c4d8dcdfd
secubox-openwrt/package/secubox/secubox-mcp-server/files/usr/lib/secubox-mcp/tools/crowdsec.sh
CyberMind-FR 0e0749ed08 feat: Add threat-analyst, dns-guard, mcp-server and DNS provider DynDNS 
New packages:
- secubox-threat-analyst: AI-powered threat analysis with CrowdSec integration
- luci-app-threat-analyst: LuCI dashboard for threat intelligence
- secubox-dns-guard: DNS security monitoring and blocking
- secubox-mcp-server: Model Context Protocol server for AI assistant integration

Enhancements:
- dns-provider: Add DynDNS support (dyndns, get, update, domains commands)
- gandi.sh: Full DynDNS with WAN IP detection and record updates
- luci-app-dnsguard: Upgrade to v1.1.0 with improved dashboard

Infrastructure:
- BIND9 DNS setup for secubox.in with CAA records
- Wildcard SSL certificates via DNS-01 challenge
- HAProxy config fixes for secubox.in subdomains
- Mail server setup with Roundcube webmail

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-05 08:30:28 +01:00

89 lines
2.1 KiB
Bash
Raw Blame History

# SecuBox MCP Tool: CrowdSec Threat Intelligence
# Provides alerts, decisions, and threat analysis
tool_crowdsec_alerts() {
local args="$1"
local limit=$(echo "$args" | jsonfilter -e '@.limit' 2>/dev/null)
[ -z "$limit" ] && limit=50
# Check if cscli is available
if ! command -v cscli >/dev/null 2>&1; then
echo '{"error":"CrowdSec CLI not installed","alerts":[]}'
return 1
fi
# Get alerts in JSON format
local alerts=$(cscli alerts list -o json --limit "$limit" 2>/dev/null)
if [ -z "$alerts" ] || [ "$alerts" = "null" ]; then
echo '{"alerts":[],"count":0}'
return 0
fi
# Count alerts
local count=$(echo "$alerts" | jsonfilter -e '@[*]' 2>/dev/null | wc -l)
printf '{"alerts":%s,"count":%d}' "$alerts" "$count"
}
tool_crowdsec_decisions() {
local args="$1"
local limit=$(echo "$args" | jsonfilter -e '@.limit' 2>/dev/null)
[ -z "$limit" ] && limit=50
# Check if cscli is available
if ! command -v cscli >/dev/null 2>&1; then
echo '{"error":"CrowdSec CLI not installed","decisions":[]}'
return 1
fi
# Get decisions in JSON format
local decisions=$(cscli decisions list -o json 2>/dev/null | head -c 100000)
if [ -z "$decisions" ] || [ "$decisions" = "null" ]; then
echo '{"decisions":[],"count":0}'
return 0
fi
# Count decisions
local count=$(echo "$decisions" | jsonfilter -e '@[*]' 2>/dev/null | wc -l)
printf '{"decisions":%s,"count":%d}' "$decisions" "$count"
}
# Additional tool: Get CrowdSec metrics/stats
tool_crowdsec_metrics() {
if ! command -v cscli >/dev/null 2>&1; then
echo '{"error":"CrowdSec CLI not installed"}'
return 1
fi
# Get metrics
local metrics=$(cscli metrics -o json 2>/dev/null)
if [ -z "$metrics" ]; then
echo '{"error":"Could not retrieve metrics"}'
return 1
fi
echo "$metrics"
}
# Additional tool: Get installed scenarios (detection rules)
tool_crowdsec_scenarios() {
if ! command -v cscli >/dev/null 2>&1; then
echo '{"error":"CrowdSec CLI not installed"}'
return 1
fi
# Get installed scenarios
local scenarios=$(cscli scenarios list -o json 2>/dev/null)
if [ -z "$scenarios" ]; then
echo '{"scenarios":[]}'
return 0
fi
printf '{"scenarios":%s}' "$scenarios"
}
Reference in New Issue View Git Blame Copy Permalink