patch(HarfangLab):re-managed repo.

README.md

@@ -1,3 +1,9 @@
 # harfanglab-research
 
 Research about the EDR HarfangLab.
+
+- All edr agent
+- One linux compiled x64 agent for reverse
+- Sigma, Yara, Correlation_rules, driverBlocklist export
+- Documentation export
+- API Swagger

harfang_export/export.sh

@@ -0,0 +1,40 @@
+#!/bin/bash
+
+BASE_URL="https://2ee66321e45741fa.hurukai.io:8443"
+COOKIE="hlab_token=a0fdeaebc1de7a5a7e27ee39bffe684f99270280; hlab_front=\"\"; sessionid=gp9c7k3j67gjdwy3q41ai1z0jsbxjc1v"
+limit=50
+offset=0
+total=0
+
+while true; do
+  echo "Fetching offset=$offset..."
+
+  response=$(curl -s -X GET \
+    "$BASE_URL/api/data/threat_intelligence/CorrelationRule/?limit=$limit&offset=$offset" \
+    -H "accept: application/json" \
+    -H "Cookie: $COOKIE")
+
+  # Vérifie si la réponse est valide
+  count=$(echo "$response" | jq -r '.count')
+  if [ "$count" == "null" ] || [ -z "$count" ]; then
+    echo "Erreur ou réponse invalide :"
+    echo "$response" | head -c 500
+    break
+  fi
+
+  echo "Total disponible : $count"
+
+  # Sauvegarde les résultats
+  echo "$response" | jq '.results[]' >> resultats.json
+
+  total=$((total + $(echo "$response" | jq '.results | length')))
+  echo "Récupérés jusqu'ici : $total"
+
+  next=$(echo "$response" | jq -r '.next')
+  if [ "$next" == "null" ]; then
+    echo "Terminé ! $total résultats récupérés."
+    break
+  fi
+
+  offset=$((offset + limit))
+done