PowerShell heartbeat (HMAC-signed) powershell

Download heartbeat-signed.ps1

Same as the basic heartbeat but signs each request with HMAC-SHA256, so the receiving capture endpoint can reject anything that lacks the signing secret. Use this when allow_unsigned is OFF on the endpoint.

Placeholders only. Before running, replace YOUR_URL with your capture endpoint's POST URL and YOUR_SECRET with the signing secret. (Open this page from your capture object to have these auto-filled.)

# heartbeat-signed.ps1 — site1.erralert.com HMAC-signed check-in.

$Url    = "YOUR_URL/heartbeat"
$Secret = "YOUR_SECRET"
$Body   = (@{ hostname = $env:COMPUTERNAME }) | ConvertTo-Json -Compress
$Ts     = [DateTimeOffset]::UtcNow.ToUnixTimeSeconds().ToString()

$Hmac      = New-Object System.Security.Cryptography.HMACSHA256
$Hmac.Key  = [Text.Encoding]::UTF8.GetBytes($Secret)
$Signature = ($Hmac.ComputeHash([Text.Encoding]::UTF8.GetBytes("$Ts`n$Body")) `
              | ForEach-Object { $_.ToString("x2") }) -join ""

try {
  Invoke-RestMethod -Uri $Url -Method Post -Body $Body `
    -ContentType "application/json" -TimeoutSec 15 `
    -Headers @{ "X-Timestamp" = $Ts; "X-Signature" = $Signature } | Out-Null
  exit 0
} catch {
  Write-Error $_
  exit 1
}

Recommended pairing

Add a capture.freshness check to this capture object.
Set allow_unsigned = false on the capture endpoint so unsigned requests are rejected.

What is the filename?

heartbeat-signed.ps1 — this is the suggested name for the downloaded file. Rename freely if you prefer.