5ecdce7d47
- public/integrazioniext.html: pagina pubblica con 4 tab (Services API, Guida lg231, Webhook, Quick Start) — link in sidebar - docs/integration/lg231-nis2-integration.md: spec tecnica completa per agente Claude lg231 (provider-config, Nis2Client, widget, escalation OdV) - common.js: voce sidebar → integrazioniext.html Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
553 lines
25 KiB
HTML
553 lines
25 KiB
HTML
<!doctype html>
|
|
<html lang="it">
|
|
<head>
|
|
<meta charset="UTF-8">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1">
|
|
<title>NIS2 Agile — Integrazioni Esterne</title>
|
|
<link rel="stylesheet" href="css/style.css">
|
|
<style>
|
|
/* ── Page-specific overrides ── */
|
|
.integ-hero {
|
|
background: linear-gradient(135deg, rgba(6,182,212,.08) 0%, rgba(99,102,241,.06) 100%);
|
|
border: 1px solid rgba(6,182,212,.2);
|
|
border-radius: 12px;
|
|
padding: 2rem;
|
|
margin-bottom: 2rem;
|
|
}
|
|
.integ-hero h1 { font-size: 1.6rem; color: var(--primary); margin-bottom: .5rem; }
|
|
.integ-hero p { color: var(--text-secondary); max-width: 680px; line-height: 1.6; }
|
|
|
|
.provider-grid {
|
|
display: grid;
|
|
grid-template-columns: repeat(auto-fill, minmax(300px, 1fr));
|
|
gap: 1.25rem;
|
|
margin-bottom: 2rem;
|
|
}
|
|
.provider-card {
|
|
background: var(--bg-card);
|
|
border: 1px solid var(--border);
|
|
border-radius: 10px;
|
|
padding: 1.25rem;
|
|
transition: border-color .2s, transform .2s;
|
|
}
|
|
.provider-card:hover { border-color: var(--primary); transform: translateY(-2px); }
|
|
.provider-card .badge {
|
|
display: inline-block;
|
|
font-size: .65rem; font-weight: 700;
|
|
padding: .2rem .5rem; border-radius: 4px;
|
|
margin-bottom: .75rem;
|
|
}
|
|
.badge-available { background: rgba(34,197,94,.15); color: #22c55e; }
|
|
.badge-planned { background: rgba(234,179,8,.15); color: #eab308; }
|
|
.provider-card h3 { font-size: .95rem; margin-bottom: .4rem; }
|
|
.provider-card p { font-size: .82rem; color: var(--text-secondary); line-height: 1.5; }
|
|
|
|
.section-title {
|
|
font-size: 1.1rem; font-weight: 700;
|
|
color: var(--text-primary);
|
|
margin: 2rem 0 1rem;
|
|
padding-bottom: .5rem;
|
|
border-bottom: 1px solid var(--border);
|
|
}
|
|
|
|
.api-table { width: 100%; border-collapse: collapse; font-size: .83rem; margin-bottom: 1.5rem; }
|
|
.api-table th {
|
|
background: rgba(255,255,255,.04);
|
|
color: var(--text-secondary);
|
|
font-weight: 600; text-align: left;
|
|
padding: .6rem .75rem;
|
|
border-bottom: 1px solid var(--border);
|
|
}
|
|
.api-table td {
|
|
padding: .55rem .75rem;
|
|
border-bottom: 1px solid rgba(255,255,255,.04);
|
|
vertical-align: top;
|
|
}
|
|
.api-table tr:hover td { background: rgba(255,255,255,.02); }
|
|
.api-table code {
|
|
background: rgba(6,182,212,.1);
|
|
color: var(--primary);
|
|
padding: .15rem .4rem;
|
|
border-radius: 3px;
|
|
font-size: .78rem;
|
|
}
|
|
.method-get {
|
|
display: inline-block;
|
|
background: rgba(34,197,94,.15); color: #22c55e;
|
|
font-size: .65rem; font-weight: 700;
|
|
padding: .15rem .4rem; border-radius: 3px;
|
|
font-family: monospace;
|
|
}
|
|
.method-post {
|
|
display: inline-block;
|
|
background: rgba(249,115,22,.15); color: #f97316;
|
|
font-size: .65rem; font-weight: 700;
|
|
padding: .15rem .4rem; border-radius: 3px;
|
|
font-family: monospace;
|
|
}
|
|
|
|
.code-block {
|
|
background: #0f172a;
|
|
border: 1px solid var(--border);
|
|
border-radius: 8px;
|
|
padding: 1rem 1.25rem;
|
|
font-family: 'JetBrains Mono', 'Fira Code', monospace;
|
|
font-size: .78rem;
|
|
line-height: 1.6;
|
|
color: #cbd5e1;
|
|
overflow-x: auto;
|
|
margin: .75rem 0 1.25rem;
|
|
white-space: pre;
|
|
}
|
|
.code-block .kw { color: #818cf8; }
|
|
.code-block .str { color: #86efac; }
|
|
.code-block .key { color: #67e8f9; }
|
|
.code-block .cmt { color: #475569; }
|
|
|
|
.steps-list {
|
|
list-style: none;
|
|
counter-reset: steps;
|
|
margin-bottom: 1.5rem;
|
|
}
|
|
.steps-list li {
|
|
counter-increment: steps;
|
|
display: flex; align-items: flex-start; gap: .75rem;
|
|
padding: .65rem 0;
|
|
border-bottom: 1px solid rgba(255,255,255,.04);
|
|
font-size: .85rem;
|
|
color: var(--text-secondary);
|
|
line-height: 1.5;
|
|
}
|
|
.steps-list li::before {
|
|
content: counter(steps);
|
|
flex-shrink: 0;
|
|
width: 24px; height: 24px;
|
|
background: rgba(6,182,212,.15);
|
|
color: var(--primary);
|
|
border-radius: 50%;
|
|
display: flex; align-items: center; justify-content: center;
|
|
font-size: .75rem; font-weight: 700;
|
|
}
|
|
|
|
.checklist { list-style: none; margin-bottom: 1.5rem; }
|
|
.checklist li {
|
|
display: flex; align-items: flex-start; gap: .6rem;
|
|
padding: .4rem 0;
|
|
font-size: .84rem;
|
|
color: var(--text-secondary);
|
|
}
|
|
.checklist li::before {
|
|
content: '□';
|
|
color: var(--primary);
|
|
font-size: 1rem;
|
|
line-height: 1;
|
|
flex-shrink: 0;
|
|
}
|
|
|
|
.callout {
|
|
border-left: 3px solid var(--primary);
|
|
background: rgba(6,182,212,.05);
|
|
padding: .75rem 1rem;
|
|
border-radius: 0 6px 6px 0;
|
|
font-size: .83rem;
|
|
color: var(--text-secondary);
|
|
margin-bottom: 1.25rem;
|
|
line-height: 1.5;
|
|
}
|
|
.callout strong { color: var(--primary); }
|
|
|
|
.event-list { display: flex; flex-direction: column; gap: .5rem; margin-bottom: 1.5rem; }
|
|
.event-row {
|
|
display: flex; align-items: center; gap: .75rem;
|
|
background: rgba(255,255,255,.03);
|
|
border: 1px solid var(--border);
|
|
border-radius: 6px;
|
|
padding: .6rem .9rem;
|
|
font-size: .82rem;
|
|
}
|
|
.event-name {
|
|
font-family: monospace;
|
|
color: #f97316;
|
|
font-size: .78rem;
|
|
min-width: 230px;
|
|
}
|
|
.event-desc { color: var(--text-secondary); }
|
|
.event-lg231 {
|
|
margin-left: auto;
|
|
font-size: .7rem;
|
|
background: rgba(99,102,241,.12);
|
|
color: #818cf8;
|
|
padding: .15rem .5rem;
|
|
border-radius: 4px;
|
|
white-space: nowrap;
|
|
}
|
|
|
|
.tab-nav { display: flex; gap: 0; border-bottom: 1px solid var(--border); margin-bottom: 1.5rem; }
|
|
.tab-btn {
|
|
padding: .55rem 1.1rem;
|
|
font-size: .82rem; font-weight: 600;
|
|
color: var(--text-secondary);
|
|
background: none; border: none;
|
|
border-bottom: 2px solid transparent;
|
|
cursor: pointer; transition: .15s;
|
|
}
|
|
.tab-btn.active { color: var(--primary); border-color: var(--primary); }
|
|
.tab-pane { display: none; }
|
|
.tab-pane.active { display: block; }
|
|
</style>
|
|
</head>
|
|
<body>
|
|
|
|
<div id="sidebar-placeholder"></div>
|
|
|
|
<main class="main-content">
|
|
<div class="page-header">
|
|
<h1>Integrazioni Esterne</h1>
|
|
<p>API, webhook e connettori per sistemi GRC di terze parti</p>
|
|
</div>
|
|
|
|
<!-- Hero -->
|
|
<div class="integ-hero">
|
|
<h1>NIS2 Agile come Provider di Compliance</h1>
|
|
<p>NIS2 Agile espone una <strong>Services API REST</strong> che permette a sistemi esterni di leggere
|
|
score di conformità, rischi, incidenti e controlli in tempo reale. Auth via API Key dedicata,
|
|
rate limiting 100 req/ora, firma HMAC-SHA256 per webhook outbound.</p>
|
|
</div>
|
|
|
|
<!-- Provider cards -->
|
|
<div class="section-title">Provider Disponibili</div>
|
|
<div class="provider-grid">
|
|
<div class="provider-card">
|
|
<span class="badge badge-available">Disponibile</span>
|
|
<h3>231 Agile (lg231)</h3>
|
|
<p>Integrazione compliance D.Lgs. 231/2001 + NIS2. Incidenti cyber → OdV,
|
|
rischi IT → registro 231, score NIS2 nel dashboard aziendale.</p>
|
|
<a href="#lg231" style="color:var(--primary);font-size:.8rem;text-decoration:none">Guida integrazione →</a>
|
|
</div>
|
|
<div class="provider-card">
|
|
<span class="badge badge-planned">Pianificato</span>
|
|
<h3>AllRisk Agile</h3>
|
|
<p>Feed rischi cyber per piattaforma ERM unificata. Risk score NIS2
|
|
mappato su categorie ISO 31000.</p>
|
|
</div>
|
|
<div class="provider-card">
|
|
<span class="badge badge-planned">Pianificato</span>
|
|
<h3>SustainAI Agile</h3>
|
|
<p>Cybersecurity come pillar ESG. Score NIS2 nel report di sostenibilità
|
|
(CSRD, GRI 418).</p>
|
|
</div>
|
|
<div class="provider-card">
|
|
<span class="badge badge-available">Disponibile</span>
|
|
<h3>SIEM / SOC Esterni</h3>
|
|
<p>Webhook su <code>incident.created</code> e <code>risk.created_high</code>
|
|
verso qualsiasi endpoint HTTPS (Splunk, Elastic, PagerDuty…).</p>
|
|
</div>
|
|
</div>
|
|
|
|
<!-- Tabs -->
|
|
<div class="tab-nav">
|
|
<button class="tab-btn active" onclick="showTab('api')">Services API</button>
|
|
<button class="tab-btn" onclick="showTab('lg231')">Guida lg231</button>
|
|
<button class="tab-btn" onclick="showTab('webhook')">Webhook</button>
|
|
<button class="tab-btn" onclick="showTab('quickstart')">Quick Start</button>
|
|
</div>
|
|
|
|
<!-- TAB: Services API -->
|
|
<div id="tab-api" class="tab-pane active">
|
|
<div class="section-title">Endpoint disponibili</div>
|
|
<div class="callout">
|
|
<strong>Base URL:</strong> <code>https://nis2.agile.software/api/services</code><br>
|
|
<strong>Auth:</strong> Header <code>X-API-Key: nis2_xxxx</code> — oppure <code>Authorization: Bearer nis2_xxxx</code>
|
|
</div>
|
|
<table class="api-table">
|
|
<thead>
|
|
<tr><th>Metodo</th><th>Endpoint</th><th>Scope</th><th>Descrizione</th></tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr><td><span class="method-get">GET</span></td><td><code>/status</code></td><td>—</td><td>Health check piattaforma, versione, DB. Nessuna auth.</td></tr>
|
|
<tr><td><span class="method-get">GET</span></td><td><code>/compliance-summary</code></td><td>read:compliance</td><td>Score NIS2 aggregato (0-100), domain scores Art.21, rischi aperti, incidenti</td></tr>
|
|
<tr><td><span class="method-get">GET</span></td><td><code>/risks/feed</code></td><td>read:risks</td><td>Registro rischi con livello ISO 27005, status, area. Filtri: <code>?level=high,critical&status=open</code></td></tr>
|
|
<tr><td><span class="method-get">GET</span></td><td><code>/incidents/feed</code></td><td>read:incidents</td><td>Incidenti Art.23: severity, status, notifiche CSIRT, deadline 72h, overdue</td></tr>
|
|
<tr><td><span class="method-get">GET</span></td><td><code>/controls/status</code></td><td>read:compliance</td><td>Stato controlli per dominio: implemented / partial / missing</td></tr>
|
|
<tr><td><span class="method-get">GET</span></td><td><code>/assets/critical</code></td><td>read:assets</td><td>Asset critici con tipo, criticità, dipendenze mappate</td></tr>
|
|
<tr><td><span class="method-get">GET</span></td><td><code>/suppliers/risk</code></td><td>read:suppliers</td><td>Fornitori: risk_level, ultimo assessment, is_flagged</td></tr>
|
|
<tr><td><span class="method-get">GET</span></td><td><code>/policies/approved</code></td><td>read:policies</td><td>Policy approvate: titolo, area, data, versione</td></tr>
|
|
<tr><td><span class="method-get">GET</span></td><td><code>/openapi.json</code></td><td>—</td><td>Specifica OpenAPI 3.0 in JSON</td></tr>
|
|
</tbody>
|
|
</table>
|
|
|
|
<div class="section-title">Esempio risposta /compliance-summary</div>
|
|
<div class="code-block"><span class="cmt">// GET /api/services/compliance-summary</span>
|
|
<span class="cmt">// X-API-Key: nis2_Abc123...</span>
|
|
{
|
|
<span class="key">"success"</span>: <span class="kw">true</span>,
|
|
<span class="key">"data"</span>: {
|
|
<span class="key">"organization"</span>: { <span class="key">"id"</span>: 5, <span class="key">"name"</span>: <span class="str">"Azienda XYZ"</span>, <span class="key">"sector"</span>: <span class="str">"energia"</span>, <span class="key">"nis2_entity_type"</span>: <span class="str">"essential"</span> },
|
|
<span class="key">"compliance"</span>: {
|
|
<span class="key">"overall_score"</span>: 73,
|
|
<span class="key">"label"</span>: <span class="str">"Parziale"</span>,
|
|
<span class="key">"domain_scores"</span>: [
|
|
{ <span class="key">"domain"</span>: <span class="str">"Gestione del rischio"</span>, <span class="key">"score"</span>: 80, <span class="key">"status"</span>: <span class="str">"compliant"</span> },
|
|
{ <span class="key">"domain"</span>: <span class="str">"Sicurezza supply chain"</span>, <span class="key">"score"</span>: 45, <span class="key">"status"</span>: <span class="str">"partial"</span> }
|
|
]
|
|
},
|
|
<span class="key">"risks"</span>: { <span class="key">"total"</span>: 12, <span class="key">"open"</span>: 8, <span class="key">"high_critical"</span>: 3 },
|
|
<span class="key">"incidents"</span>: { <span class="key">"total"</span>: 2, <span class="key">"open"</span>: 1, <span class="key">"significant"</span>: 1, <span class="key">"overdue"</span>: 0 }
|
|
}
|
|
}</div>
|
|
|
|
<div class="section-title">Headers risposta</div>
|
|
<table class="api-table">
|
|
<thead><tr><th>Header</th><th>Valore</th></tr></thead>
|
|
<tbody>
|
|
<tr><td><code>X-NIS2-API-Version</code></td><td>1.0</td></tr>
|
|
<tr><td><code>X-NIS2-Org-Id</code></td><td>ID organizzazione (intero)</td></tr>
|
|
<tr><td><code>X-RateLimit-Limit</code></td><td>100 (req/ora per chiave)</td></tr>
|
|
<tr><td><code>X-RateLimit-Remaining</code></td><td>Richieste rimaste nella finestra</td></tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
|
|
<!-- TAB: Guida lg231 -->
|
|
<div id="tab-lg231" class="tab-pane">
|
|
<div class="callout">
|
|
<strong>Per l'agente Claude di lg231:</strong> questo tab descrive esattamente cosa implementare in lg231 Agile per consumare NIS2 come provider di compliance cybersecurity.
|
|
</div>
|
|
|
|
<div class="section-title">Perché integrare 231 con NIS2</div>
|
|
<table class="api-table" style="margin-bottom:1.5rem">
|
|
<thead><tr><th>Evento NIS2</th><th>Rilevanza D.Lgs. 231/2001</th></tr></thead>
|
|
<tbody>
|
|
<tr><td>Incidente cybersecurity (Art.23 NIS2)</td><td>Reato presupposto art.24-bis — criminalità informatica</td></tr>
|
|
<tr><td>Fornitore IT flaggato alto rischio</td><td>Rischio complicità in reati informatici via supply chain</td></tr>
|
|
<tr><td>Policy sicurezza non approvata</td><td>Gap nel MOG — Modello Organizzativo e di Gestione</td></tr>
|
|
<tr><td>Score NIS2 < 40%</td><td>Indicatore OdV: carenza controlli, escalation consigliata</td></tr>
|
|
<tr><td>Whistleblowing sicurezza</td><td>Potenziale escalation verso OdV 231</td></tr>
|
|
</tbody>
|
|
</table>
|
|
|
|
<div class="section-title">1. Aggiungere NIS2 al provider-config (company-ms)</div>
|
|
<p style="font-size:.83rem;color:var(--text-secondary);margin-bottom:.75rem">
|
|
File: <code>services/company-ms/public/index.php</code> — route <code>PATCH /companies/{id}/provider-config</code>
|
|
</p>
|
|
<div class="code-block"><span class="cmt">// Aggiungere ai $allowed:</span>
|
|
$allowed = [
|
|
<span class="str">'certisource_pat'</span>,
|
|
<span class="str">'anthropic_api_key'</span>,
|
|
<span class="str">'openai_api_key'</span>,
|
|
<span class="cmt">// ── Nuovo provider NIS2 ──</span>
|
|
<span class="str">'nis2_api_key'</span>, <span class="cmt">// chiave da NIS2 → Settings → API Keys</span>
|
|
<span class="str">'nis2_org_id'</span>, <span class="cmt">// ID org NIS2 (dal URL dashboard o /api/services/status)</span>
|
|
<span class="str">'nis2_enabled'</span>, <span class="cmt">// bool: abilitare pull automatico</span>
|
|
];</div>
|
|
|
|
<div class="section-title">2. NIS2Client (shared lib o inline)</div>
|
|
<div class="code-block"><span class="kw">class</span> <span class="key">Nis2Client</span>
|
|
{
|
|
<span class="kw">const</span> BASE_URL = <span class="str">'https://nis2.agile.software/api/services'</span>;
|
|
|
|
<span class="kw">public static function</span> <span class="key">get</span>(<span class="key">string</span> $endpoint, <span class="key">string</span> $apiKey, <span class="key">array</span> $query = []): array
|
|
{
|
|
$url = self::BASE_URL . $endpoint;
|
|
<span class="kw">if</span> ($query) $url .= <span class="str">'?'</span> . http_build_query($query);
|
|
|
|
$ch = curl_init($url);
|
|
curl_setopt_array($ch, [
|
|
CURLOPT_RETURNTRANSFER => <span class="kw">true</span>,
|
|
CURLOPT_TIMEOUT => 10,
|
|
CURLOPT_HTTPHEADER => [
|
|
<span class="str">'X-API-Key: '</span> . $apiKey,
|
|
<span class="str">'Accept: application/json'</span>,
|
|
<span class="str">'X-Caller: lg231-agile/1.0'</span>,
|
|
],
|
|
]);
|
|
$body = curl_exec($ch);
|
|
$code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
|
|
curl_close($ch);
|
|
|
|
<span class="kw">return</span> $code === 200 && $body
|
|
? [<span class="str">'success'</span> => <span class="kw">true</span>, <span class="str">'data'</span> => json_decode($body, <span class="kw">true</span>)]
|
|
: [<span class="str">'success'</span> => <span class="kw">false</span>, <span class="str">'http_code'</span> => $code];
|
|
}
|
|
}</div>
|
|
|
|
<div class="section-title">3. Widget score NIS2 nella company view</div>
|
|
<div class="code-block"><span class="cmt">// In company detail view PHP/JS:</span>
|
|
$nis2Key = $meta[<span class="str">'nis2_api_key'</span>] ?? <span class="kw">null</span>;
|
|
<span class="kw">if</span> ($nis2Key) {
|
|
$summary = Nis2Client::get(<span class="str">'/compliance-summary'</span>, $nis2Key);
|
|
<span class="cmt">// Mostrare gauge score + badge essential/important + rischi high</span>
|
|
<span class="cmt">// Link: https://nis2.agile.software/dashboard.html</span>
|
|
}</div>
|
|
|
|
<div class="section-title">4. Escalation incidenti → OdV (monitoring-ms)</div>
|
|
<div class="code-block"><span class="cmt">// Job periodico (cron o hook) nel monitoring-ms:</span>
|
|
$incidents = Nis2Client::get(<span class="str">'/incidents/feed'</span>, $apiKey,
|
|
[<span class="str">'significant'</span> => 1, <span class="str">'status'</span> => <span class="str">'open'</span>]);
|
|
|
|
<span class="kw">foreach</span> (($incidents[<span class="str">'data'</span>][<span class="str">'incidents'</span>] ?? []) <span class="kw">as</span> $inc) {
|
|
<span class="cmt">// Crea odv_activity:</span>
|
|
<span class="cmt">// type: 'cyber_incident_notifica'</span>
|
|
<span class="cmt">// description: 'Incidente NIS2 significativo: ' . $inc['title']</span>
|
|
<span class="cmt">// priority: $inc['overdue'] ? 'urgent' : 'high'</span>
|
|
<span class="cmt">// source: 'nis2_agile'</span>
|
|
<span class="cmt">// reference_id: $inc['id']</span>
|
|
}</div>
|
|
|
|
<div class="section-title">Checklist implementazione lg231</div>
|
|
<ul class="checklist">
|
|
<li>company-ms: aggiungere <code>nis2_api_key</code>, <code>nis2_org_id</code>, <code>nis2_enabled</code> a provider-config</li>
|
|
<li>shared: creare <code>Nis2Client</code> (curl wrapper leggero)</li>
|
|
<li>UI: widget NIS2 score nella company detail (gauge + badge + rischi high)</li>
|
|
<li>risk-ms: import rischi cyber durante assessment (categoria art.24-bis)</li>
|
|
<li>monitoring-ms: escalation incidenti significativi → odv_activity</li>
|
|
<li>monitoring-ms: policy NIS2 non approvate → alert OdV</li>
|
|
<li>(opz.) endpoint <code>POST /api/integrations/nis2-webhook</code> + subscription</li>
|
|
</ul>
|
|
|
|
<div class="callout">
|
|
<strong>Nota CORS:</strong> tutte le chiamate a NIS2 devono avvenire <strong>server-to-server</strong>
|
|
(PHP cURL), non da browser. NIS2 non accetta origini lg231 in CORS per sicurezza.
|
|
</div>
|
|
</div>
|
|
|
|
<!-- TAB: Webhook -->
|
|
<div id="tab-webhook" class="tab-pane">
|
|
<div class="callout">
|
|
NIS2 invia notifiche push su eventi tramite webhook HTTPS firmati HMAC-SHA256.
|
|
Il sistema esterno riceve la notifica in tempo reale senza polling.
|
|
</div>
|
|
|
|
<div class="section-title">Eventi disponibili</div>
|
|
<div class="event-list">
|
|
<div class="event-row">
|
|
<span class="event-name">incident.created</span>
|
|
<span class="event-desc">Nuovo incidente di sicurezza registrato</span>
|
|
<span class="event-lg231">→ odv_activity</span>
|
|
</div>
|
|
<div class="event-row">
|
|
<span class="event-name">incident.deadline_warning</span>
|
|
<span class="event-desc">Scadenza Art.23 (24h/72h) entro 4 ore</span>
|
|
<span class="event-lg231">→ alert urgente OdV</span>
|
|
</div>
|
|
<div class="event-row">
|
|
<span class="event-name">risk.created_high</span>
|
|
<span class="event-desc">Nuovo rischio HIGH o CRITICAL creato</span>
|
|
<span class="event-lg231">→ risk register 231</span>
|
|
</div>
|
|
<div class="event-row">
|
|
<span class="event-name">compliance.score_changed</span>
|
|
<span class="event-desc">Variazione score NIS2 > 5%</span>
|
|
<span class="event-lg231">→ aggiorna widget</span>
|
|
</div>
|
|
<div class="event-row">
|
|
<span class="event-name">policy.approved</span>
|
|
<span class="event-desc">Nuova policy di sicurezza approvata</span>
|
|
<span class="event-lg231">→ aggiorna MOG ref</span>
|
|
</div>
|
|
<div class="event-row">
|
|
<span class="event-name">supplier.risk_flagged</span>
|
|
<span class="event-desc">Fornitore IT flaggato alto rischio</span>
|
|
<span class="event-lg231">→ supply chain 231</span>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="section-title">Registrare una subscription</div>
|
|
<div class="code-block"><span class="method-post">POST</span> https://nis2.agile.software/api/webhooks/subscriptions
|
|
Authorization: Bearer {jwt_token}
|
|
Content-Type: application/json
|
|
|
|
{
|
|
<span class="key">"url"</span>: <span class="str">"https://lg231.agile.software/api/integrations/nis2-webhook"</span>,
|
|
<span class="key">"events"</span>: [<span class="str">"incident.created"</span>, <span class="str">"incident.deadline_warning"</span>, <span class="str">"risk.created_high"</span>],
|
|
<span class="key">"description"</span>: <span class="str">"lg231 Agile integration"</span>
|
|
}
|
|
|
|
<span class="cmt">// Risposta:</span>
|
|
{ <span class="key">"id"</span>: 1, <span class="key">"secret"</span>: <span class="str">"whsec_abc123..."</span> }
|
|
<span class="cmt">// Salvare il secret in companies.metadata.nis2_webhook_secret</span></div>
|
|
|
|
<div class="section-title">Verifica firma HMAC (endpoint ricevente)</div>
|
|
<div class="code-block">$secret = $meta[<span class="str">'nis2_webhook_secret'</span>];
|
|
$body = file_get_contents(<span class="str">'php://input'</span>);
|
|
$expected = <span class="str">'sha256='</span> . hash_hmac(<span class="str">'sha256'</span>, $body, $secret);
|
|
$received = $_SERVER[<span class="str">'HTTP_X_NIS2_SIGNATURE'</span>] ?? <span class="str">''</span>;
|
|
|
|
<span class="kw">if</span> (!hash_equals($expected, $received)) {
|
|
http_response_code(401);
|
|
<span class="kw">exit</span>;
|
|
}
|
|
|
|
$event = $_SERVER[<span class="str">'HTTP_X_NIS2_EVENT'</span>] ?? <span class="str">''</span>;
|
|
$payload = json_decode($body, <span class="kw">true</span>);
|
|
|
|
<span class="kw">switch</span> ($event) {
|
|
<span class="kw">case</span> <span class="str">'incident.created'</span>:
|
|
<span class="cmt">// crea odv_activity...</span>
|
|
<span class="kw">break</span>;
|
|
<span class="kw">case</span> <span class="str">'risk.created_high'</span>:
|
|
<span class="cmt">// aggiungi a risk register...</span>
|
|
<span class="kw">break</span>;
|
|
}</div>
|
|
</div>
|
|
|
|
<!-- TAB: Quick Start -->
|
|
<div id="tab-quickstart" class="tab-pane">
|
|
<div class="section-title">Creare la prima API Key</div>
|
|
<ol class="steps-list">
|
|
<li>Login su <strong>NIS2 Agile</strong> con ruolo <code>org_admin</code> o superiore</li>
|
|
<li>Vai su <strong>Settings → API Keys</strong> (sezione Integrazioni)</li>
|
|
<li>Click <strong>"Nuova API Key"</strong> → nome descrittivo (es: "lg231 Integration") → scope: <code>read:all</code></li>
|
|
<li>Copia la chiave — formato <code>nis2_XXXX...</code> — visibile una sola volta</li>
|
|
<li>Nota l'<strong>Organization ID</strong> dal URL del dashboard (es: <code>/dashboard.html</code> dopo login)</li>
|
|
<li>In lg231: salva via <code>PATCH /companies/{id}/provider-config</code> con <code>nis2_api_key</code> e <code>nis2_org_id</code></li>
|
|
</ol>
|
|
|
|
<div class="section-title">Test rapido (curl)</div>
|
|
<div class="code-block"><span class="cmt"># 1. Verifica senza auth</span>
|
|
curl https://nis2.agile.software/api/services/status
|
|
|
|
<span class="cmt"># 2. Compliance summary</span>
|
|
curl -H <span class="str">"X-API-Key: nis2_TUA_CHIAVE"</span> \
|
|
https://nis2.agile.software/api/services/compliance-summary | python3 -m json.tool
|
|
|
|
<span class="cmt"># 3. Incidenti significativi aperti</span>
|
|
curl -H <span class="str">"X-API-Key: nis2_TUA_CHIAVE"</span> \
|
|
"https://nis2.agile.software/api/services/incidents/feed?significant=1&status=open"
|
|
|
|
<span class="cmt"># 4. Rischi high/critical</span>
|
|
curl -H <span class="str">"X-API-Key: nis2_TUA_CHIAVE"</span> \
|
|
"https://nis2.agile.software/api/services/risks/feed?level=high,critical"</div>
|
|
|
|
<div class="section-title">Contatti e riferimenti</div>
|
|
<table class="api-table">
|
|
<tbody>
|
|
<tr><td>App NIS2 Agile</td><td><a href="https://nis2.agile.software" style="color:var(--primary)">https://nis2.agile.software</a></td></tr>
|
|
<tr><td>Specifiche OpenAPI</td><td><code>GET /api/services/openapi.json</code></td></tr>
|
|
<tr><td>Test Runner</td><td><a href="/test-runner.php?t=Nis2Test2026" style="color:var(--primary)">test-runner.php</a></td></tr>
|
|
<tr><td>Amministratore</td><td>cristiano.benassati@gmail.com</td></tr>
|
|
<tr><td>Documento tecnico lg231</td><td><code>docs/integration/lg231-nis2-integration.md</code></td></tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
|
|
</main>
|
|
|
|
<script src="js/common.js"></script>
|
|
<script src="js/i18n.js"></script>
|
|
<script>
|
|
function showTab(id) {
|
|
document.querySelectorAll('.tab-btn').forEach((b, i) => {
|
|
const ids = ['api', 'lg231', 'webhook', 'quickstart'];
|
|
b.classList.toggle('active', ids[i] === id);
|
|
});
|
|
document.querySelectorAll('.tab-pane').forEach(p => {
|
|
p.classList.toggle('active', p.id === 'tab-' + id);
|
|
});
|
|
// scroll to tabs
|
|
document.querySelector('.tab-nav').scrollIntoView({ behavior: 'smooth', block: 'start' });
|
|
}
|
|
</script>
|
|
</body>
|
|
</html>
|