#!/bin/bash
# =========================================================
# CRON DETECTION - Rilevamento anomalie automatico
# =========================================================
# Esegue detection ogni 5 minuti con blocco automatico IP critici
# =========================================================

# Logging
LOG_FILE="/var/log/ids/detection.log"
mkdir -p /var/log/ids
exec >> "$LOG_FILE" 2>&1

echo "========================================="
echo "🔍 [$(date)] DETECTION AUTOMATICA AVVIATA"
echo "========================================="

# Esegue detection via API con auto-block
curl -X POST http://localhost:8000/detect \
  -H "Content-Type: application/json" \
  -d '{
    "max_records": 50000,
    "hours_back": 1,
    "risk_threshold": 75,
    "auto_block": true
  }' \
  --max-time 120

EXIT_CODE=$?

if [ $EXIT_CODE -eq 0 ]; then
    echo "✅ [$(date)] Detection completata con successo"
else
    echo "❌ [$(date)] Detection fallita (exit code: $EXIT_CODE)"
fi

echo ""