daniel.g/intesa_splunk_main
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3 Commits 2 Branches 0 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE

README.md

Intesa Logs Local Docker Setup (Azure bits left empty)

This repo runs a local pipeline that mimics production end-to-end, but without any active Azure dependencies.
All “Azure things” are left as placeholders so this same repo can later be deployed to Azure.

What runs locally (currently)

  1. Splunk (container) receives events via HEC.
  2. Poller (splunk_poller.py) queries Splunk and writes newline-delimited JSON chunks to a shared volume.
  3. Agent API (flask_app.py) reads chunks and produces a concise compliance/ops report (optionally emails it via Mailtrap).

Local mode uses SINK=file and a shared Docker volume. No Azure Storage or Queues are used in this mode.

What runs on Azure (currently)

  1. Queue-worker
  2. Agent API

Quick start (TL;DR)

# 1) Create a .env (see sample below)
# 2) Make sure compose.yaml has SINK=file for the poller
# 3) Start the stack
docker compose up -d

# 4) Check health
curl -sS http://localhost:8080/health

# 5) Send test events to Splunk HEC
for i in {1..5}; do
  curl -k https://localhost:8088/services/collector/event \
    -H "Authorization: Splunk dev-0123456789abcdef" \
    -H "Content-Type: application/json" \
    -d '{"event":{"event_type":"bonifico","step":"esito","status":"accepted","importo": '"$((RANDOM%5000+50))"',"divisa":"EUR","transaction_id":"TX-'$RANDOM'"},"sourcetype":"intesa:bonifico","index":"intesa_payments"}' >/dev/null 2>&1
done

# 6) Add a couple of anomalies to exercise the analyzer
curl -k https://localhost:8088/services/collector/event \
  -H "Authorization: Splunk dev-0123456789abcdef" \
  -H "Content-Type: application/json" \
  -d '{"event":{"event_type":"bonifico","step":"esito","status":"rejected","importo":12500,"divisa":"EUR","vop_check":"no_match","iban_origin_masked":"IT1998*2*4*6*8*10*12*14*16*9375","iban_dest_masked":"IT1171*2*4*6*8*10*12*14*16*0000","bic_swift":"TESTBICX"},"sourcetype":"intesa:bonifico","index":"intesa_payments"}'

# 7) Ask the Agent API to analyze the latest local chunks
curl -sS -X POST http://localhost:8080/analyze \
  -H 'Content-Type: application/json' \
  -d '{"question":"Scan latest chunks. Flag rejected EUR >= 10000, vop_no_match, invalid IBAN/BIC.","email":{"send":false}}' | jq .
Description
No description provided
Readme 73 KiB
Languages
Python 96.6%
Dockerfile 3.4%