CyberMind-FR
1652b39137
Share CrowdSec bans and mitmproxy detections between mesh nodes using the existing blockchain chain + gossip sync. Received IOCs from trusted peers are auto-applied as CrowdSec decisions based on a three-tier trust model (direct/transitive/unknown). Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
35 lines
893 B
Bash
Executable File
35 lines
893 B
Bash
Executable File
#!/bin/sh
|
|
# Threat Intel API - Publish IOCs to chain
|
|
# POST: Triggers collection and publishing of local IOCs
|
|
|
|
echo "Content-Type: application/json"
|
|
echo "Access-Control-Allow-Origin: *"
|
|
echo "Access-Control-Allow-Methods: POST, OPTIONS"
|
|
echo "Access-Control-Allow-Headers: Content-Type"
|
|
echo ""
|
|
|
|
# Handle CORS preflight
|
|
if [ "$REQUEST_METHOD" = "OPTIONS" ]; then
|
|
exit 0
|
|
fi
|
|
|
|
if [ "$REQUEST_METHOD" != "POST" ]; then
|
|
echo '{"success":false,"error":"method_not_allowed","message":"Use POST to trigger publish"}'
|
|
exit 0
|
|
fi
|
|
|
|
. /usr/lib/secubox/threat-intel.sh 2>/dev/null
|
|
|
|
ti_init
|
|
|
|
# Collect fresh IOCs then publish
|
|
ti_collect_all >/dev/null 2>&1
|
|
result=$(ti_publish_iocs 2>/dev/null)
|
|
|
|
if [ -n "$result" ]; then
|
|
published=$(echo "$result" | jsonfilter -e '@.published' 2>/dev/null || echo "0")
|
|
echo "{\"success\":true,\"published\":$published}"
|
|
else
|
|
echo '{"success":true,"published":0}'
|
|
fi
|