Tomas Kracmar
b35cac42e0
Some checks failed
CI / lint-and-test (push) Has been cancelled
- Migrate frontend to Alpine.js for reactive state management
- Add source health dashboard in UI and /api/source-health endpoint
- Add event tagging (PATCH /api/events/{id}/tags) and commenting (POST /api/events/{id}/comments)
- Add CSV/JSON export from the UI
- Add rule-based alerting engine (rules.py) with CRUD endpoints (/api/rules)
- Add SIEM export via webhook (siem.py)
- Add AOC audit trail middleware logging all mutations to aoc_audit collection
- Update config with SIEM_ENABLED, SIEM_WEBHOOK_URL, ALERTS_ENABLED
- Add tests for rules engine, tags, comments, and source health
18 lines
568 B
Python
18 lines
568 B
Python
import requests
|
|
import structlog
|
|
from config import SIEM_ENABLED, SIEM_WEBHOOK_URL
|
|
|
|
logger = structlog.get_logger("aoc.siem")
|
|
|
|
|
|
def forward_event(event: dict):
|
|
"""Forward a normalized event to the configured SIEM webhook."""
|
|
if not SIEM_ENABLED or not SIEM_WEBHOOK_URL:
|
|
return
|
|
try:
|
|
res = requests.post(SIEM_WEBHOOK_URL, json=event, timeout=10)
|
|
res.raise_for_status()
|
|
logger.debug("Event forwarded to SIEM", event_id=event.get("id"))
|
|
except Exception as exc:
|
|
logger.warning("SIEM forward failed", error=str(exc))
|