From 2e7d87fb7705302317782e804b60d22807961034 Mon Sep 17 00:00:00 2001
From: Orien Vandenbergh <orien.vandenbergh@guidepointsecurity.com>
Date: Tue, 29 Jul 2025 16:41:39 -0400
Subject: [PATCH] adding my hec_test-er

---
 scripts/hec_test | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)
 create mode 100755 scripts/hec_test

diff --git a/scripts/hec_test b/scripts/hec_test
new file mode 100755
index 0000000..9780867
--- /dev/null
+++ b/scripts/hec_test
@@ -0,0 +1,48 @@
+#!/usr/bin/env python3
+
+import argparse
+from datetime import datetime
+import subprocess
+import json
+
+def build_json(field,path):
+    return json.dumps({field:f"This is a sample json event sent to {path}","hecTest":"yes"})
+
+def build_raw(path):
+    return f"{datetime.now().strftime('%Y-%m-%dT%H:%M:%S.%fZ')} nowhere This is a sample raw event sent to {path} hecTest=yes"
+
+def test_hec(baseurl,path,data):
+    url   = baseurl+path
+    cmd   = ['curl','-k',url,'-H',f"Authorization: {args.token}",'-d',data]
+
+    print(f"Running command:")
+    print(f">\t{cmd[0]} {cmd[1]} {cmd[2]} \\")
+    print(f"\t{cmd[3]} {cmd[4]} \\")
+    print(f"\t{cmd[5]} '{cmd[6]}'")
+    print()
+    result = subprocess.run(cmd,capture_output=True,text=True)
+    #print("stderr")
+    #print(result.stderr)
+    print(f"\033[0;32mResult\033[0m: {result.stdout}")
+    print("")
+
+parser = argparse.ArgumentParser(
+        prog='hectest',
+        description='Send a test HEC message to a receiver')
+
+parser.add_argument('-t', '--token', required=True, help='token to use')
+parser.add_argument('url', help="base url to send to, example: https://host.com:10080/services/collector/event")
+
+args = parser.parse_args()
+
+# Run an array of hec tests
+test_hec(args.url,             '/cribl/_bulk', build_json( '_raw',             '/cribl/_bulk'))
+test_hec(args.url,      '/services/collector', build_json('event',      '/services/collector'))
+test_hec(args.url,  '/services/collector/raw', build_json('event',  '/services/collector/raw'))
+test_hec(args.url,'/services/collector/event', build_json('event','/services/collector/event'))
+
+# Run an array of raw tests
+test_hec(args.url,  '/services/collector/raw', build_raw(           '/services/collector/raw'))
+
+# Can't send raw to /services/collector
+# test_hec(args.url,      '/services/collector', build_raw(               '/services/collector'))