Description
Spider API allows you to:
- search and browse the ressources created while parsing the networks communications
- upload new communications (import)
- configure your system (teams, users, whisperers)
- and even write a new client to send packets and Tcp sessions
You may search through Packets, Tcp Sessions and Http Communications, download them, analyse them with ElasticSearch power, rebuild the content...
These are the services behind the GUI. In fact, all Spider processing is done using these APIs.
- Start by authenticating with
POST /customer/v1/sessions
to get your JWT token to use in all further calls. - In Swagger UI, click 'Authorize' button to register your token.
- Then use any customers authorized API. Ex:
POST /web-read/v1/http-com/_search
to search for HTTP communicationsGET /web-read/v1/http-com/{id}/res/body/
to get the response body of a communication
- When using a team, you may have to get the team token to access its whisperers
GET /teams/v1/teams/{id}/user-token/
Get micro service info
Description
Give basic info, can be used for healthcheck of service
Access
- No identification
path Parameters
service required | string (ServiceNames) Enum: "alert" "capture-status-poller" "ciphers" "ciphers-status" "ciphers-status-poller" "ciphers-raw-status-poller" "ciphers-status-agg" "controls" "customer" "gui-logs" "gui-settings" "hosts" "hosts-agg" "hosts-poller" "job" "link" "mail-sender" "maintenance" "pack-poller" "pack-read" "pack-write" "pack-update" "parsing-status-tcpsession-poller" "parsing-status-httppers-poller" "plugins" "session" "stats-collector" "status-poller" "tcp-poller" "tcp-read" "tcp-write" "tcp-update" "teams" "tls-keys" "tls-keys-linker" "web-httpcom-poller" "web-httpcom-content-poller" "web-httppers-poller" "web-read" "web-upload" "web-write" "whisp" "whisp-status-poller" "whisps-status" "whisps-status-agg" Service name |
Responses
Response samples
- 200
Spider Customer
Get Api stats
Description
Give metrics informations for HTTP Api of this service
Access
- Admin
- Application
- Customer
Authorizations:
path Parameters
service required | string (ServiceNames) Enum: "alert" "capture-status-poller" "ciphers" "ciphers-status" "ciphers-status-poller" "ciphers-raw-status-poller" "ciphers-status-agg" "controls" "customer" "gui-logs" "gui-settings" "hosts" "hosts-agg" "hosts-poller" "job" "link" "mail-sender" "maintenance" "pack-poller" "pack-read" "pack-write" "pack-update" "parsing-status-tcpsession-poller" "parsing-status-httppers-poller" "plugins" "session" "stats-collector" "status-poller" "tcp-poller" "tcp-read" "tcp-write" "tcp-update" "teams" "tls-keys" "tls-keys-linker" "web-httpcom-poller" "web-httpcom-content-poller" "web-httppers-poller" "web-read" "web-upload" "web-write" "whisp" "whisp-status-poller" "whisps-status" "whisps-status-agg" Micro service name |
Responses
Response samples
- 200
{- "application": "tcp-streams-update",
- "hostname": "traballand-Latitude-E7240",
- "instanceId": "c1033254c68f",
- "requests": 886,
- "successes": 886,
- "errors": 0,
- "errors4xx": 0,
- "errors5xx": 0,
- "duration": 2311,
- "api": {
- "POST /v1/parsing-jobs/:type": {
- "method": "POST",
- "endpoint": "/v1/parsing-jobs/:type",
- "requests": 213,
- "successes": 213,
- "errors": 0,
- "errors4xx": 0,
- "errors5xx": 0,
- "duration": 603,
- "percentiles": {
- "0": 1,
- "25": 1,
- "50": 1,
- "75": 2,
- "90": 4,
- "95": 4,
- "99": 4
}
}, - "GET /v1/waiting-stats": {
- "method": "GET",
- "endpoint": "/v1/waiting-stats",
- "requests": 180,
- "successes": 180,
- "errors": 0,
- "errors4xx": 0,
- "errors5xx": 0,
- "duration": 355,
- "percentiles": {
- "0": 1,
- "25": 1,
- "50": 1,
- "75": 2,
- "90": 2,
- "95": 2,
- "99": 2
}
}, - "PATCH /v1/tcp-sessions/": {
- "method": "PATCH",
- "endpoint": "/v1/tcp-sessions/",
- "requests": 70,
- "successes": 70,
- "errors": 0,
- "errors4xx": 0,
- "errors5xx": 0,
- "duration": 697,
- "percentiles": {
- "0": 4,
- "25": 4,
- "50": 5,
- "75": 5,
- "90": 5,
- "95": 5,
- "99": 5
}
}
}
}
Get circuit breakers stats
Description
Give circuit breakers informations for downstream connections of this service
Access
- Admin
- Application
- Customer
Authorizations:
path Parameters
service required | string (ServiceNames) Enum: "alert" "capture-status-poller" "ciphers" "ciphers-status" "ciphers-status-poller" "ciphers-raw-status-poller" "ciphers-status-agg" "controls" "customer" "gui-logs" "gui-settings" "hosts" "hosts-agg" "hosts-poller" "job" "link" "mail-sender" "maintenance" "pack-poller" "pack-read" "pack-write" "pack-update" "parsing-status-tcpsession-poller" "parsing-status-httppers-poller" "plugins" "session" "stats-collector" "status-poller" "tcp-poller" "tcp-read" "tcp-write" "tcp-update" "teams" "tls-keys" "tls-keys-linker" "web-httpcom-poller" "web-httpcom-content-poller" "web-httppers-poller" "web-read" "web-upload" "web-write" "whisp" "whisp-status-poller" "whisps-status" "whisps-status-agg" Micro service name |
Responses
Response samples
- 200
{- "application": "tcp-streams-write",
- "hostname": "spider4",
- "instanceId": "9300ef2cec06",
- "circuitBreakers": {
- "Redis": {
- "Save sessions": {
- "name": "Save sessions",
- "group": "Redis",
- "time": 1548884598363,
- "open": false,
- "circuitDuration": 15000,
- "threshold": 1,
- "waitThreshold": 100,
- "stats": {
- "failed": 0,
- "timedOut": 0,
- "total": 14,
- "shortCircuited": 0,
- "latencyMean": 6,
- "successful": 14,
- "percentiles": {
- "0": 2,
- "1": 15,
- "0.25": 2,
- "0.5": 3,
- "0.75": 8,
- "0.9": 12,
- "0.95": 15,
- "0.99": 15,
- "0.995": 15
}
}
}, - "Get sessions": {
- "name": "Get sessions",
- "group": "Redis",
- "time": 1548884598363,
- "open": false,
- "circuitDuration": 15000,
- "threshold": 1,
- "waitThreshold": 100,
- "stats": {
- "failed": 0,
- "timedOut": 0,
- "total": 14,
- "shortCircuited": 0,
- "latencyMean": 0,
- "successful": 14,
- "percentiles": {
- "0": 0,
- "1": 1,
- "0.25": 0,
- "0.5": 0,
- "0.75": 1,
- "0.9": 1,
- "0.95": 1,
- "0.99": 1,
- "0.995": 1
}
}
}
}, - "ES": {
- "Get sessions": {
- "name": "Get sessions",
- "group": "ES",
- "time": 1548884598363,
- "open": false,
- "circuitDuration": 30000,
- "threshold": 1,
- "waitThreshold": 100,
- "stats": {
- "failed": 0,
- "timedOut": 0,
- "total": 0,
- "shortCircuited": 0,
- "latencyMean": 0,
- "successful": 0,
- "percentiles": {
- "0": 0,
- "1": 0,
- "0.25": 0,
- "0.5": 0,
- "0.75": 0,
- "0.9": 0,
- "0.95": 0,
- "0.99": 0,
- "0.995": 0
}
}
}
}, - "PackUpdate": {
- "POST /pack-update/packets/parsed": {
- "name": "POST /pack-update/packets/parsed",
- "group": "PackUpdate",
- "time": 1548884598359,
- "open": false,
- "circuitDuration": 10000,
- "threshold": 1,
- "waitThreshold": 100,
- "stats": {
- "failed": 0,
- "timedOut": 0,
- "total": 1,
- "shortCircuited": 0,
- "latencyMean": 3,
- "successful": 1,
- "percentiles": {
- "0": 3,
- "1": 3,
- "0.25": 3,
- "0.5": 3,
- "0.75": 3,
- "0.9": 3,
- "0.95": 3,
- "0.99": 3,
- "0.995": 3
}
}
}
}
}
}
Get process stats
Description
Give process metrics for this service
Access
- Admin
- Application
- Customer
Authorizations:
path Parameters
service required | string (ServiceNames) Enum: "alert" "capture-status-poller" "ciphers" "ciphers-status" "ciphers-status-poller" "ciphers-raw-status-poller" "ciphers-status-agg" "controls" "customer" "gui-logs" "gui-settings" "hosts" "hosts-agg" "hosts-poller" "job" "link" "mail-sender" "maintenance" "pack-poller" "pack-read" "pack-write" "pack-update" "parsing-status-tcpsession-poller" "parsing-status-httppers-poller" "plugins" "session" "stats-collector" "status-poller" "tcp-poller" "tcp-read" "tcp-write" "tcp-update" "teams" "tls-keys" "tls-keys-linker" "web-httpcom-poller" "web-httpcom-content-poller" "web-httppers-poller" "web-read" "web-upload" "web-write" "whisp" "whisp-status-poller" "whisps-status" "whisps-status-agg" Micro service name |
Responses
Response samples
- 200
{- "application": "tcp-streams-write",
- "hostname": "spider7",
- "instanceId": "dd8ff8ac5565",
- "startTime": "2019-01-16T21:56:26.109Z",
- "upTime": 1209512.309,
- "cpu": {
- "overall": {
- "cores": 2,
- "idle": 62050469.2,
- "usage": 27683911.2,
- "total": 89734380.4
}, - "process": {
- "user": 14021.34,
- "system": 1117.168
}
}, - "memory": {
- "total": 8061386752,
- "free": 2321321984,
- "process": 113864704
}
}
Get parsing stats
Description
Give metrics informations for parsing
Access
- Admin
- Application
- Customer
Authorizations:
path Parameters
parser required | string (ParserNames) Enum: "web-write" "tls-keys-linker" Micro service name |
Responses
Response samples
- 200
{- "application": "web-streams-write",
- "hostname": "spider4",
- "instanceId": "cce9207215ae",
- "parsed": 13259,
- "created": 5005,
- "errors": 0,
- "completed": 856,
- "duration": 131623.869581,
- "started": 856,
- "delay": 8747139,
- "durationPercentiles": {
- "0": 51.69567,
- "25": 67.413543,
- "50": 83.969753,
- "75": 94.689424,
- "90": 145.061248,
- "95": 1009.291372,
- "99": 1050.284597,
- "100": 1059.290069
}, - "delayPercentiles": {
- "0": 10012,
- "25": 10187,
- "50": 10297,
- "75": 10395,
- "90": 10425,
- "95": 10446,
- "99": 10458,
- "100": 10479
}
}
Response samples
- 200
{- "license": {
- "name": "MyCompany build factory",
- "expires": "2024-11-30"
}, - "probes": {
- "tooManyLogs": {
- "status": "INACTIVE",
- "statusSince": "2024-01-28T16:18:01.127Z",
- "lastChecked": "2024-01-28T21:39:02.365Z"
}, - "noNewStatus": {
- "status": "INACTIVE",
- "statusSince": "2024-01-28T16:18:01.128Z",
- "lastChecked": "2024-01-28T21:39:01.869Z"
}
}
}
Create a new Controller
Description
Create a new controller, and associate it to the owner customer.
Access
- Customer, with controllers creation rights
- Admin
Authorizations:
Request Body schema: application/jsonrequired
Controller creation request
customer required | string System Id of the customer. |
name required | string Name of the controller to create. |
Responses
Request samples
- Payload
{- "customer": "YOD66VZ54Jih",
- "name": "Upload"
}
Response samples
- 400
- 401
- 403
- 406
- 411
- 415
- 422
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Search for Controllers
Description
Search for controllers
Rules
If client is not admin, the search will be limited to the Controllers owned by this customer or shared with him, directly or by the team.
Access
- Admin
- Customer
Authorizations:
Request Body schema: application/jsonrequired
Search parameters
query | string Free query, using Elasticsearch query string DSL. |
aggs | object Aggregation request, using Elasticsearch aggregation DSL. |
Array of objects Sorting option. Sorting by @id is automaticaly added. | |
next | Array of strings Aggregation request, using Elasticsearch aggregation DSL. |
size required | integer Page size. |
avoidTotalHits | boolean Tells if response should include total hits count. |
includeETags | boolean Tells if response should include _eTags fields for update. |
Responses
Request samples
- Payload
{- "query": "string",
- "aggs": { },
- "sort": [
- {
- "key": "string",
- "order": "asc"
}
], - "next": [
- "string"
], - "size": 0,
- "avoidTotalHits": true,
- "includeETags": true
}
Response samples
- 200
- 400
- 401
- 403
- 406
- 411
- 415
- 422
{- "total": 0,
- "items": [
- {
- "@id": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "@type": "Packet",
- "version": "2.0",
- "commonId": "ROlrqlFhTY2ayXIxTV2uZA.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "name": "456285.172.16.102.72-43118-172.16.102.125-8080#5",
- "whisperer": "ROlrqlFhTY2ayXIxTV2uZA",
- "instanceId": "rd-srv508-bes",
- "tcpSession": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931",
- "timestamp": 1642625100.188968,
- "length": 229,
- "rawPacket": {
- "link_type": "LINKTYPE_LINUX_SLL",
- "buf": [ ],
- "header": [ ]
}, - "protocols": {
- "Linux SLL": {
- "src": "50:6b:8d:3a:97:undefined",
- "dst": null
}, - "IPv4": {
- "src": "172.16.102.125",
- "dst": "172.16.102.72"
}, - "TCP": {
- "src": "8080",
- "dst": "43118",
- "direction": "in",
- "packetLot": 1,
- "index": 5,
- "relativeSeq": 1,
- "relativeAck": 0,
- "hasData": true
}
}, - "date": "2022-01-19T20:45:00.188Z",
- "minute": "2022-01-19T20:45:00.000Z",
- "protocolsList": [
- "Linux SLL",
- "IPv4",
- "TCP"
]
}
], - "aggs": { },
- "nextPage": {
- "@type": "SearchAction",
- "query": { }
}, - "asyncResults": {
- "@type": "SearchAction",
- "query": { }
}
}
Get a Controller
Description
Get a controller's details.
Access
- Customer owning the controller
- The own controller
- Client being shared access to this controller
- Client of the team owning the controller with controllers right
- Customer application
- Admin
Authorizations:
path Parameters
id required | string Internal id of Controller |
Responses
Response samples
- 200
- 401
- 403
- 404
- 406
{- "@id": "string",
- "@type": "Controller",
- "version": "string",
- "name": "string",
- "customer": "string",
- "apikey": "string",
- "config": {
- "@id": "string",
- "@type": "ControllerConfig",
- "version": "string",
- "creator": "string",
- "dateCreated": "2019-08-24",
- "editor": "string",
- "dateModified": "2019-08-24",
- "attachments": [
- {
- "@id": "string",
- "@type": "Attachment",
- "controller": "string",
- "whisperer": "string",
- "item": "string",
- "namespace": "string",
- "collection": "string",
- "status": "ATTACHMENT_REQUESTED",
- "expires": "2019-08-24",
- "creator": "string",
- "dateCreated": "2019-08-24",
- "editor": "string",
- "dateModified": "2019-08-24"
}
]
}, - "users": [
- {
- "@id": "string",
- "email": "string",
- "rights": {
- "share": true,
- "config": true,
- "install": true,
- "delete": true
}, - "namespaces": {
- "*": true,
- "namespace-name": true
}
}
], - "teams": [
- {
- "@id": "string",
- "name": "string",
- "namespaces": {
- "*": true,
- "namespace-name": true
}
}
], - "status": {
- "linked": true,
- "connected": "2019-08-24",
- "subscriptions": 0,
- "last": { }
}, - "creator": "string",
- "dateCreated": "2019-08-24",
- "editor": "string",
- "dateModified": "2019-08-24"
}
Change controller's name or shared users
Description
Updates a customer. You can:
- Update controller's name
- Change sharing settings: teams, users and users rights on this controller
Rules
- Can do any change:
- Admin
- Client owning the controller
- Client being shared access to this controller with share rights can:
- Add or remove users from the sharing settings
- Client being shared access to this controller with rights change rights can:
- Change rights of users in the sharing settings
Access
- Customer owning the controller
- Client of a team having shared access to the controller
- Client being shared access to this controller with config, share or rights modification rights
- Admin
Authorizations:
path Parameters
id required | string Internal id of Controller |
header Parameters
If-Match required | string eTag of previous state of the controller |
Request Body schema: application/json-patch+jsonrequired
Json patch with the changes
op required | string Enum: "test" "remove" "add" "replace" "move" "copy" |
path required | string |
value | string |
from | string |
Responses
Request samples
- Payload
[- {
- "op": "test",
- "path": "string",
- "value": "string",
- "from": "string"
}
]
Response samples
- 401
- 403
- 404
- 406
- 411
- 412
- 415
- 422
- 428
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Delete a Controller
Description
Delete a controller.
- Put it to technicalStatus DELETED.
Access
- Customer owning the controller
- Client being shared access to this controller and with delete right
- Admin
Authorizations:
path Parameters
id required | string Internal id of Controller |
Responses
Response samples
- 401
- 403
- 404
- 406
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Create/Replace the controller API key
Description
Create/Replace the controller API key used for controller connection to Spider.
The API key is a public/private key pair.
- The public key is stored in controller's settings.
- The private key is sent in response to this call.
Any call to this API (if authorized) will overwrite the previous API key, and the controller will not be able to use the previous one. A connected controller will be disconnected when its current JWT token will expire. The API key is taken as a configuration AT START of controllers, and need a restart to be changed.
Output
The API can supports two outputs:
- application/json:
- Provides a file with the private key, Spider's URL, and the controller's id This file is the only expected configuration file at controller start.
- application/x-pem-file
- Provides only the private key as a PEM file
Access
- Customer owning the controller
- Admin
Authorizations:
path Parameters
id required | string System id of Controller |
Responses
Response samples
- 201
- 401
- 403
- 404
- 406
{- "controller": "abcdefghijklmnopqrstuv",
- "privatePem": "-----BEGIN RSA PRIVATE KEY-----\nline1\nline2\nline3\n...\n-----END RSA PRIVATE KEY-----\n"
}
Generate an API key signature with the private key of the controller
Description
This endpoint is for testing purposes only:
- It allows testing the API key or the controllers API without a controller
- It generates a valid signature for the controller to call the configuration endpoint
- However, IT REQUIRES YOUR PRIVATE KEY IN INPUT
- After testing, please, reset your API key
Output
- The signature for this controller, timestamp and private API key
- A validation of this signature with the controller registered public API key
Access
- Customer owning the controller
- Admin
Authorizations:
path Parameters
id required | string System id of Controller |
query Parameters
timeStamp required | string <date-time> Timestamp to use in signature |
instanceId required | string InstanceId to use in signature |
Request Body schema: application/x-pem-file
The controller RSA private key, as a PEM
Responses
Response samples
- 400
- 401
- 403
- 404
- 406
- 411
- 415
- 422
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Get Controller configuration
Description
Get the configuration of this Controller Usages:
- Called by controller at start (or before token expiration) with their API key
- Called by controllers regularly to check for configuration change
- Called by UI to get configuration
API key
The first call from controllers is made by:
- building a json payload with current time and controller id,
- then signing it with SHA256 algorithm using controller's private key
const timeStamp = moment().toISOString();
const info = {
timeStamp,
controllerId
};
const privKey = new NodeRSA(privatePem);
const signature = privKey.sign(Buffer.from(JSON.stringify(info)), 'base64');
- and then calling this API with specific headers:
Spider-TimeStamp: timeStamp
Spider-Signature: signature //base 64 encoded
Output
- The configuration
- A JWT token to use on further calls in Spider-Token header
- If no token provided, or if called from a Customer
- A Customer may call to get the configuration of one of its controllers and use the generated token to upload data (as on the UI)
Access
- The own controller
- Customer owning the controller
- Client being shared access to this controller
- Client of the team being shared access to this controller
- Admin
Authorizations:
path Parameters
id required | string System id of Controller |
header Parameters
Spider-Signature | string <base64> Signature of the call by the Controller, with its API key |
Spider-Timestamp | string <date-time> Provided with API key in first Controller call to get its JWT token with the config |
Responses
Response samples
- 400
- 401
- 403
- 404
- 406
- 500
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Get namespaces of the cluster where the Controller is
Description
Get the list of namespaces names from the cluster.
Output
- An array of string
Returns 404 if the controller is not connected.
Access
- Customer owning the controller
- Client being shared access to this controller
- Client of the team being shared access to this controller
- Admin
Authorizations:
path Parameters
id required | string System id of Controller |
Responses
Response samples
- 200
- 401
- 403
- 404
- 406
[- "string"
]
Get list of objects of the requested namespace and collection from the cluster
Description
Get the list of objects from the cluster.
Output
- An array of items
Returns 404 if the controller is not connected.
Access
- Customer owning the controller
- Client being shared access to this controller
- Client of the team being shared access to this controller
- Admin
Authorizations:
path Parameters
id required | string System id of Controller |
namespace required | string Name of the namespace we want the object from |
collection required | string Enum: "pods" "statefulsets" "deployments" "cronjobs" Collection we are interested in |
Responses
Response samples
- 200
- 401
- 403
- 404
- 406
[- {
- "name": "alert",
- "children": [
- {
- "objectType": "replicasets",
- "name": "alert-855f6f6548",
- "children": [
- {
- "objectType": "pods",
- "name": "alert-855f6f6548-vbsfp"
}
]
}
]
}, - {
- "name": "capture-status-poller",
- "children": [
- {
- "objectType": "replicasets",
- "name": "capture-status-poller-5695d8487c",
- "children": [
- {
- "objectType": "pods",
- "name": "capture-status-poller-5695d8487c-cflqp"
}
]
}
]
}
]
Create a new attachment
Description
Create a new attachment, asking, by it, to spawn a Whisperer to each linked Pod
- The attachment is first saved in DB, and it will be fetched by the Controller next time with its configuration.
- Then, an attachment request is sent to the Controller for an immediate attachment (if Controller is connected)
Access
- Customer owning the controller
- Client being shared access to this controller
- Client of the team being shared access to this controller
- Admin
Authorizations:
path Parameters
id required | string System id of Controller |
Request Body schema: application/jsonrequired
Attachment creation request
whisperer required | string Whisperer Id to attach. |
namespace required | string Namespace where the workload is. |
collection required | string Enum: "pods" "statefulsets" "daemonsets" "deployments" "cronjobs" Collection of the workload. |
item required | string Name of the workload. |
agent | string Enum: "whisperer" "gossiper" Agent to attach. |
Responses
Request samples
- Payload
{- "whisperer": "string",
- "namespace": "string",
- "collection": "pods",
- "item": "string",
- "agent": "whisperer"
}
Response samples
- 400
- 401
- 403
- 406
- 411
- 415
- 422
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Get last logs of the attached Whisperer
Description
Get last logs of the attached Whisperer.
Access
- Customer owning the controller
- Client being shared access to this controller
- Client of the team being shared access to this controller
- Admin
Authorizations:
path Parameters
id required | string System id of Controller |
attachment required | string System id of the Attachment |
container required | string Container id of the Whisperer |
Responses
Response samples
- 200
- 401
- 403
- 404
- 406
[- {
- "time": "2024-12-01T09:52:51.791Z",
- "level": 30,
- "msg": "Gossiper starting.",
- "module": "main",
- "version": "7.2.1"
}
]
Detach the attachment
Description
Ask for the attachment to be terminated.
The Whisperers connected to the worload linked to this attachment will terminate the next time they check their status.
Access
- Customer owning the controller
- Client being shared access to this controller
- Client of the team being shared access to this controller
- Admin
Authorizations:
path Parameters
id required | string System id of Controller |
attachment required | string System id of the Attachment |
Responses
Response samples
- 401
- 403
- 404
- 406
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Get the Whisperers managed by this Controller
Description
Returns the list of Whisperers that the Controller knows and manages.
Access
- Customer owning the controller
- Client being shared access to this controller
- Client of the team being shared access to this controller
- Admin
Authorizations:
path Parameters
id required | string System id of Controller |
Responses
Response samples
- 200
- 401
- 403
- 404
- 406
[- {
- "name": "spider-whisperer-qcc4tpvythic6fvayf2vtw-1693774449",
- "namespace": "spider-system",
- "pod": "job-688b6ddc85-swnx9",
- "attachment": {
- "@id": "MGO-9NowQzay09lPEytyFg",
- "@type": "Attachment",
- "controller": "local-controller",
- "whisperer": "qCC4TpvyThic6FVAYf2VTw",
- "item": "job",
- "namespace": "spider-system",
- "collection": "deployments",
- "status": "ATTACHED",
- "creator": "ILWAjWPGQLm3Qf2eSPCAUA",
- "dateCreated": "2023-09-03T20:54:09.116Z",
- "expires": "2023-09-03T22:54:09.116Z",
- "editor": "local-controller",
- "dateModified": "2023-09-03T20:54:10.491Z"
}, - "whisperer": "qCC4TpvyThic6FVAYf2VTw",
- "state": {
- "running": {
- "startedAt": "2023-09-03T20:54:09Z"
}
}
}
]
Get the Whisperers deployed as Sidecars seen by this Controller
Description
Returns the list of Sidecar Whisperers that the Controller knows.
Access
- Customer owning the controller
- Client being shared access to this controller
- Client of the team being shared access to this controller
- Admin
Authorizations:
path Parameters
id required | string System id of Controller |
Responses
Response samples
- 200
- 401
- 403
- 404
- 406
[- {
- "@id": "spider-system.deployments.hosts.qCC4TpvyThic6FVAYf2VTw",
- "namespace": "spider-system",
- "kind": "deployments",
- "name": "hosts",
- "whisperer": "qCC4TpvyThic6FVAYf2VTw",
- "agent": "Gossiper",
- "instances": [
- {
- "@id": "spider-system.hosts-649c985c8f-9shvn.hosts-whisperer",
- "pod": "hosts-649c985c8f-9shvn",
- "container": "hosts-whisperer",
- "node": "192.168.1.56",
- "status": {
- "state": "running",
- "startedAt": "2024-11-30T22:54:18Z"
}
}
]
}
]
Get the last logs as Sidecar Whisperer
Description
Returns the last logs of the Sidecar Whisperer
Access
- Customer owning the controller
- Client being shared access to this controller
- Client of the team being shared access to this controller
- Admin
Authorizations:
path Parameters
id required | string System id of Controller |
key required | string @id of the sidecar whisperer container as returned by GET /whisperers/sidecars |
Responses
Response samples
- 200
- 401
- 403
- 404
- 406
[- {
- "time": "2024-12-01T12:45:11.363Z",
- "level": 30,
- "msg": "Gossiper starting.",
- "module": "main",
- "version": "7.2.1"
}
]
Get the Gociphers known by this Controller
Description
Returns the list of Gociphers that the Controller knows.
Access
- Customer owning the controller
- Client being shared access to this controller
- Client of the team being shared access to this controller
- Admin
Authorizations:
path Parameters
id required | string System id of Controller |
Responses
Response samples
- 200
- 401
- 403
- 404
- 406
[- {
- "@id": "spider-system.local-gocipher",
- "namespace": "spider-system",
- "kind": "daemonsets",
- "gocipher": "local-gocipher",
- "controller": "local-controller",
- "instances": [
- {
- "@id": "spider-system.local-gocipher-wv6f6",
- "pod": "local-gocipher-wv6f6",
- "container": "local-gocipher",
- "node": "192.168.1.56",
- "status": {
- "state": "running",
- "startedAt": "2024-12-01T12:42:28Z"
}
}
]
}
]
Get the last logs of the Gociphers
Description
Returns the last Logs of the Gocipher.
Access
- Customer owning the controller
- Client being shared access to this controller
- Client of the team being shared access to this controller
- Admin
Authorizations:
path Parameters
id required | string System id of Controller |
key required | string @id of the Gocipher container as returned by GET /gociphers |
Responses
Response samples
- 200
- 401
- 403
- 404
- 406
[- {
- "time": "2024-12-01T12:42:28.398Z",
- "level": 30,
- "msg": "Gocipher starting.",
- "module": "main",
- "version": "1.3.2",
- "linuxKernel": "6.8.12",
- "code": "GCPH-MAIN-001"
}
]
Get the Attachments associated to this Whisperer, from all know attachments
Description
Returns the list of Attachments linked to a Whisperer.
The service will calls all referenced and connected Controllers to get the status of the Whisperers.
Access
- Customer owning the controller
- Client being shared access to this controller
- Client of the team being shared access to this controller
- Admin
Authorizations:
path Parameters
id required | string System id of a Whisperer |
Responses
Response samples
- 200
- 401
- 403
- 404
- 406
[- {
- "@id": "MGO-9NowQzay09lPEytyFg",
- "@type": "Attachment",
- "controller": "local-controller",
- "whisperer": "qCC4TpvyThic6FVAYf2VTw",
- "item": "job",
- "namespace": "spider-system",
- "collection": "deployments",
- "status": "ATTACHED",
- "creator": "ILWAjWPGQLm3Qf2eSPCAUA",
- "dateCreated": "2023-09-03T20:54:09.116Z",
- "expires": "2023-09-03T22:54:09.116Z",
- "editor": "local-controller",
- "dateModified": "2023-09-03T20:54:10.491Z",
- "whisperers": [
- {
- "name": "spider-whisperer-qcc4tpvythic6fvayf2vtw-1693774449",
- "namespace": "spider-system",
- "pod": "job-688b6ddc85-swnx9",
- "whisperer": "qCC4TpvyThic6FVAYf2VTw",
- "state": {
- "running": {
- "startedAt": "2023-09-03T20:54:09Z"
}
}
}
]
}
]
Get the last logs of the Controller
Description
Returns the last logs of the Controller.
Access
- Customer owning the controller
- Client being shared access to this controller
- Client of the team being shared access to this controller
- Admin
Authorizations:
path Parameters
id required | string System id of a Controller |
Responses
Response samples
- 200
- 401
- 403
- 404
- 406
[- {
- "name": "controller",
- "hostname": "local-controller-57f9559cfd-vbldj",
- "pid": 1,
- "level": 30,
- "msg": "Controller local-controller starting. Version: 1.6.0.",
- "time": "2024-12-01T12:42:16.553Z",
- "v": 0
}
]
Connect a customer
Description
Connects a customer and returns a JWT token
Rules
- After many unsuccessful attempts, the email will be blocked for some time.
Access
- No identification required
Request Body schema: application/jsonrequired
The email/password for connection
email required | string |
password required | string <password> Password |
Responses
Request samples
- Payload
{- "email": "string",
- "password": "pa$$word"
}
Response samples
- 201
- 400
- 401
- 403
- 404
- 406
- 411
- 415
- 422
{- "customer": "string",
- "token": "string"
}
Connect a customer using OIDC code flow
Description
Connects a customer using OIDC and returns a JWT token.
Takes in input the code
provided by the Identity Provider
and the name
of the IP, as set in configuration.
Access
- No identification required
Request Body schema: application/jsonrequired
The code and IP to get the tokens from
code required | string Code received from the authorization_endpoint |
provider | string Identity provider name set in configuration |
Responses
Request samples
- Payload
{- "code": "string",
- "provider": "string"
}
Response samples
- 201
- 400
- 401
- 403
- 404
- 406
- 411
- 415
- 422
{- "customer": "string",
- "token": "string"
}
Create a new customer
Description
Create a new customer.
Rules
- If a customer with same email already exists, creation is cancelled.
- Depending on system settings, a self created customer (no token) will be:
- Created as Draft but checked for all fields when admin activation is required
- Created as Active when no activation is required
Draft customer
All fields are optional at start, but checked for correctness.
- It then creates a DRAFT resource.
- To update it to ACTIVE
- Some fields are required.
- Use PATCH.
Active customer
To create an ACTIVE customer, all mandatory fields must be set. Status must be set as ACTIVE.
Access
Either:
- Self creation and no identification is required
- Creation by someone else:
- An admin user or user with users creation rights
- Only a user with rights modification rights can create a user with rights
- Only an admin can create an admin
- Creation by a userTrainer, with trainee rights set.
Authorizations:
Request Body schema: application/jsonrequired
The customers details
email required | string Customer's email. |
_password required | string >= 6 characters Customer's password. |
_admin | boolean True if user is an administrator. |
required | object |
birthDate | string <date> Date of birth. |
honorificPrefix | string An honorific prefix preceding a name such as Dr/Mrs/Mr. |
givenName required | string The given name, the first name. |
familyName required | string The family name, the last name. |
nationality required | string Nationality. |
jobTitle | string The job title (for example, Financial Manager). |
worksFor | string Organizations'name that the person works for. |
Responses
Request samples
- Payload
{- "email": "example@gmail.com",
- "_password": "YGIUHIdzzf!/85F",
- "_admin": true,
- "givenName": "John",
- "familyName": "Doe",
- "nationality": "American",
- "address": {
- "addressCountry": "France"
}, - "technicalStatus": "DRAFT"
}
Response samples
- 400
- 401
- 403
- 406
- 409
- 411
- 415
- 422
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Search for Customers
Description
Search for customers.
Also available by GET method on the collection
Access
- Admin
- User with user management rights
- userTrainer (but may only search on HIS trainees)
Authorizations:
Request Body schema: application/jsonrequired
Search parameters
query | string Free query, using Elasticsearch query string DSL. |
aggs | object Aggregation request, using Elasticsearch aggregation DSL. |
Array of objects Sorting option. Sorting by @id is automaticaly added. | |
next | Array of strings Aggregation request, using Elasticsearch aggregation DSL. |
size required | integer Page size. |
avoidTotalHits | boolean Tells if response should include total hits count. |
includeETags | boolean Tells if response should include _eTags fields for update. |
Responses
Request samples
- Payload
{- "query": "string",
- "aggs": { },
- "sort": [
- {
- "key": "string",
- "order": "asc"
}
], - "next": [
- "string"
], - "size": 0,
- "avoidTotalHits": true,
- "includeETags": true
}
Response samples
- 200
- 400
- 401
- 403
- 406
- 411
- 415
- 422
{- "total": 0,
- "items": [
- {
- "@id": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "@type": "Packet",
- "version": "2.0",
- "commonId": "ROlrqlFhTY2ayXIxTV2uZA.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "name": "456285.172.16.102.72-43118-172.16.102.125-8080#5",
- "whisperer": "ROlrqlFhTY2ayXIxTV2uZA",
- "instanceId": "rd-srv508-bes",
- "tcpSession": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931",
- "timestamp": 1642625100.188968,
- "length": 229,
- "rawPacket": {
- "link_type": "LINKTYPE_LINUX_SLL",
- "buf": [ ],
- "header": [ ]
}, - "protocols": {
- "Linux SLL": {
- "src": "50:6b:8d:3a:97:undefined",
- "dst": null
}, - "IPv4": {
- "src": "172.16.102.125",
- "dst": "172.16.102.72"
}, - "TCP": {
- "src": "8080",
- "dst": "43118",
- "direction": "in",
- "packetLot": 1,
- "index": 5,
- "relativeSeq": 1,
- "relativeAck": 0,
- "hasData": true
}
}, - "date": "2022-01-19T20:45:00.188Z",
- "minute": "2022-01-19T20:45:00.000Z",
- "protocolsList": [
- "Linux SLL",
- "IPv4",
- "TCP"
]
}
], - "aggs": { },
- "nextPage": {
- "@type": "SearchAction",
- "query": { }
}, - "asyncResults": {
- "@type": "SearchAction",
- "query": { }
}
}
Get a customer's details
Description
Get a customer's details.
_password
field is always stripped out.- Deleted customers are only visible by admins.
- Depending on access rights, returns diverse representations.
Clients getting full details
- The own client
- Admins
- Clients with users administration rights
Response is:
- Full content
- Minus _* fields (password, admin...)
Clients getting system details
- Whisp application (to update linked whisperers)
Response is limited to:
- @id
- rights
- whisperers
Clients getting shortened info
- Any other client
Response is limited to:
- @id
Access
- Customer, expect when using public links
- Admin
- User with users management right
- User impersonating the user to open
- User with userTrainer rights opening one of its trainee
- Whisp application (to update linked whisperers)
Authorizations:
path Parameters
id required | string Customer internal @id |
Responses
Response samples
- 200
- 401
- 403
- 404
- 406
{- "@id": "Jz6lxOiuQYaIZNNouiyt6w",
- "@type": "Person",
- "version": "0.1",
- "technicalStatus": "ACTIVE",
- "creator": "AWUb00luIXCLtCIFlzoO",
- "dateCreated": "2018-12-21T10:00:00.837Z",
- "editor": "Jz6lxOiuQYaIZNNouiyt6w",
- "dateModified": "2018-12-21T16:15:18.978Z",
- "givenName": "John",
- "familyName": "Doe",
- "nationality": "American",
- "email": "example@gmail.com",
- "address": {
- "addressCountry": "France"
}, - "rights": {
- "whisperers": {
- "monitor": true
}
}, - "whisperers": [
- {
- "@id": "Gu0ManDYSXGr8Sxi3s-sxg",
- "name": "WhispTest"
}, - {
- "@id": "rSSa3P5gQ-2S037OBIp6NA",
- "name": "Private Whisp"
}
], - "_eTag": "\"d7-+6EM6pRmKNKDSTtAgeIK5g\""
}
Update customer's details
Description
Updates a customer. You can:
- Update customer details
- Change password
- Set new rights (and admin flag)
- Change Whisperer names (for synchro)
- Change its state from DRAFT to ACTIVE
Rules
Patch must be done with resource previous eTag
- eTag must be given in ifMatch header (* not authorized)
- eTag must match current eTag
Technical fields are protected (@id, creator, dateCreated, @type)
For a customer to change its password or email, patch operations must include previous password value inside a test operation
{ "op":"test", "path":"_password", "value":"xxx" }
When customer changes email:
- If a customer with same email already exists, operation is cancelled.
- A confirmation email challenge is sent. The account is blocked at connection until the mail is confirmed.
- A mail is sent to old email
When customer changes password:
- A confirmation mail is sent
When a customer changes from Draft to Active
- A information mail is sent
Customer cannot change its own Whisperers list
Admins can:
- Update a customer's details ONLY when DRAFT
- Also clients with creation right
- Update rights
- Also clients with rights admin right
- Reinit password without providing old one
- Also clients with password admin right
- Set a customer as admin
- Change a DELETED user back to ACTIVE
- Update a customer's details ONLY when DRAFT
Customer details, once in ACTIVE state, can only be modified by own customer
Whisp & Maintenance services can:
- Update associated whisperers
_password and _admin field cannot be removed, copied or moved
email field cannot be removed or moved
Access
- Admin
- Own customer
- Whisp service (to update linked whisperers)
- Client with rights administration right
- Client with user creation right
- Client with password change/reinit right
Authorizations:
path Parameters
id required | string Customer internal @id |
header Parameters
If-Match required | string eTag of previous state of the customer |
Request Body schema: application/json-patch+jsonrequired
Json patch with the changes
op required | string Enum: "test" "remove" "add" "replace" "move" "copy" |
path required | string |
value | string |
from | string |
Responses
Request samples
- Payload
[- {
- "op": "test",
- "path": "string",
- "value": "string",
- "from": "string"
}
]
Response samples
- 401
- 403
- 404
- 406
- 411
- 412
- 415
- 422
- 428
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Delete a customer
Description
Set a customer to DELETED status. When the customer has one to many own Whisperers of UPLOAD type, they are also deleted.
Access
- Admin
- Clients with delete customer right
- User with userTrainer right deleting on of its trainee account
Authorizations:
path Parameters
id required | string Customer internal @id |
Responses
Response samples
- 401
- 403
- 404
- 406
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Get a customer info by its email
Description
Same as GET /customer/v1/customers/{id}
Authorizations:
path Parameters
email required | string Customer email |
Responses
Response samples
- 200
- 401
- 403
- 404
- 406
{- "@id": "Jz6lxOiuQYaIZNNouiyt6w",
- "@type": "Person",
- "version": "0.1",
- "technicalStatus": "ACTIVE",
- "creator": "AWUb00luIXCLtCIFlzoO",
- "dateCreated": "2018-12-21T10:00:00.837Z",
- "editor": "Jz6lxOiuQYaIZNNouiyt6w",
- "dateModified": "2018-12-21T16:15:18.978Z",
- "givenName": "John",
- "familyName": "Doe",
- "nationality": "American",
- "email": "example@gmail.com",
- "address": {
- "addressCountry": "France"
}, - "rights": {
- "whisperers": {
- "monitor": true
}
}, - "whisperers": [
- {
- "@id": "Gu0ManDYSXGr8Sxi3s-sxg",
- "name": "WhispTest"
}, - {
- "@id": "rSSa3P5gQ-2S037OBIp6NA",
- "name": "Private Whisp"
}
], - "_eTag": "\"d7-+6EM6pRmKNKDSTtAgeIK5g\""
}
Get user token to impersonate this customer
Description
Generates a token for a user to be able to use another user whisperers and rights.
Rules
- Customer must not be deleted
- Only an administrator may impersonate another administrator
Output
- Generate a new token with
- The requested customer id in
impersonated
field. - The customer's whisperers
- The customers rights (if
useUserRights
is 'true')
- The requested customer id in
- The token can be used to call any API
- The services will behave as if the customer was calling, except that all traces and audit fields will be valued with the original caller's id.
Access
- Customer with impersonate right
- Customer with userTrainer right impersonating one of its trainee
- Admin
Authorizations:
path Parameters
id required | string Customer internal @id |
query Parameters
useUserRights | boolean Ask to use user's right in the token. Keep caller's right if false. |
Responses
Response samples
- 200
- 401
- 403
- 404
- 406
{- "token": "string"
}
Create a password challenge
Description
Create a password challenge to reinitialize a password. A token is created and sent by mail with a redirection link to the user. The redirection link:
- launches an UI presenting a form to enter a new password
- contains a unique token, valid once and a limited time
Rules
- Account with this email must exist and not be deleted
Access
- No identification required
Request Body schema: application/jsonrequired
The email of the account
email required | string |
redirectUrl required | string Base Url to construct the redirection link. Expected: Login UI endpoint. |
Responses
Request samples
- Payload
{- "email": "string",
- "redirectUrl": "string"
}
Response samples
- 400
- 404
- 406
- 411
- 415
- 422
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Set a password after a password challenge
Description
Set a new password to a user with:
- The challenge token
- The user email
- The password (plain)
An email is sent to the user to inform him of password change. Connections error count is reset ;)
Rules
- Account with this email must exist and not be deleted
- Token must still exists (not used, not too old)
- Token must be associated to right email and user
Access
- No identification required
Request Body schema: application/jsonrequired
The new password of the account
email required | string |
token required | string Token sent in challenge |
password required | string Password choosen by the user |
Responses
Request samples
- Payload
{- "email": "string",
- "token": "string",
- "password": "string"
}
Response samples
- 400
- 404
- 406
- 411
- 415
- 422
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Confirm user email
Description
Used in mails sent to users to confirm their email addresses. This is why it is a GET, not a POST.
Rules
- User must exist and not be deleted
- The account confirmation token must exist
- The token is linked to the right email and account
- If user is in Draft status, an email is sent to admins for account activation
- Confirmation page is shown
Access
- No identification required
Authorizations:
query Parameters
email required | string |
token required | string Mail confirmation token |
Responses
Response samples
- 404
- 406
- 422
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Create a new Team
Description
Creates a new team and add the owner as the first full rights customer.
Rules
- A team with the same name must not exist
Access
- Customer with team create right
- Customer with userTrainer right creating a training team
- Admin
Authorizations:
Request Body schema: application/jsonrequired
The team to create
name required | string Team's name. |
description | string Team's description. |
required | object Owner of the team. |
Responses
Request samples
- Payload
{- "name": "string",
- "description": "string",
- "owner": {
- "@id": "string",
- "email": "string"
}
}
Response samples
- 400
- 401
- 403
- 406
- 409
- 411
- 415
- 422
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Get a team's details
Description
Get a team's details.
- Depending on access rights, returns diverse representations.
Clients getting full details
- Admins
- Customers from the team
- Customers using this team
Response is:
- Full content
Clients getting system details
- Whisp application (to update linked whisperers)
Response is limited to:
- @id
- name
- whisperers
Clients getting shortened info
- Any other client
Response is limited to:
- @id
- name
Access
- Customer
- Admin
- Whisp application (to update linked whisperers)
Authorizations:
path Parameters
id required | string Team internal @id |
Responses
Response samples
- 200
- 401
- 403
- 404
- 406
{- "@id": "AnaRheQISOmLu8bKiQv11w",
- "@type": "Team",
- "version": "0.1",
- "name": "First team",
- "description": "Short team description.",
- "dateCreated": "2021-03-07T14:43:35.152Z",
- "creator": "hfQ1rsfcRKWslHwWAPJ9bg",
- "customers": [
- {
- "@id": "hfQ1rsfcRKWslHwWAPJ9bg",
- "email": "owner@gmail.com",
- "rights": {
- "share": true,
- "rights": true,
- "whisperers": true,
- "settings": true,
- "update": true
}
}, - {
- "@id": "FExgyFYtQdmskfNGpnKVBQ",
- "email": "test@gmail.com",
- "rights": {
- "rights": true,
- "whisperers": true,
- "share": false
}
}
], - "whisperers": [
- "dR6Gujz4RC2QyoAOyfDnWA",
- "H_rczKsfRXSJbkgQMk-ZYQ",
- "x7jxYx5PQb2wPEYa7D4Kgw",
- "M_OhNqT8TWGEEdVWVBOmiQ",
- "xGFWIX7zQMungzHcGz0YOw",
- "qCC4TpvyThic6FVAYf2VTw"
], - "settings": {
- "mergePattern": "^spiderdev_([^.]+).?",
- "clientsIdsCompactingPattern": "^http://spider.io/((?:apps|whisperers|customers)/.*)$"
}, - "technicalStatus": "ACTIVE",
- "dateModified": "2021-03-18T22:15:39.345Z",
- "token": "7p8i66dCQsynmFNULKdnjA",
- "editor": "hfQ1rsfcRKWslHwWAPJ9bg"
}
Update team's details
Description
Updates a team. You can:
- Update team's details
- Add/remove customers
- Set new customers rights
- Add/remove whisperer names (for synchro)
- Change team's settings
Rules
Patch must be done with resource previous eTag
- eTag must be given in ifMatch header (* not authorized)
- eTag must match current eTag
Patch cannot be done on DELETED team
Technical fields are protected (@id, creator, dateCreated, @type)
Customers with share right can update customers list and access filters
Customers with settings right can update team settings
Customers with update right can update name, description
Whisp and Maintenance services can:
- Update associated whisperers
Token cannot be changed with patch
A mail is sent to team administrators with changes made
After update,
- Whisperers list for customers and access filters are cleaned from any removed whisperer from the team
- Users list for access filters are cleaned from any removed user from the team
Access
- Admin
- Whisp service (to update linked whisperers)
- Client with rights on team: share, whisperers, settings, update, rights
Authorizations:
path Parameters
id required | string Team internal @id |
header Parameters
If-Match required | string eTag of previous state of the team |
Request Body schema: application/json-patch+jsonrequired
Json patch with the changes
op required | string Enum: "test" "remove" "add" "replace" "move" "copy" |
path required | string |
value | string |
from | string |
Responses
Request samples
- Payload
[- {
- "op": "test",
- "path": "string",
- "value": "string",
- "from": "string"
}
]
Response samples
- 401
- 403
- 404
- 406
- 411
- 412
- 415
- 422
- 428
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Delete a team
Description
Set a team to DELETED status.
If the team is a training team, its own whisperers are deleted.
Access
- Admin
- Clients with update team right
Authorizations:
path Parameters
id required | string Team internal @id |
Responses
Response samples
- 401
- 403
- 404
- 406
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Join a team
Description
Join a user to a team with:
- The join token
- The user @id
- The user email
An email is sent to the team admin to tell them about new user.
Rules
- The join token must belong to a team
- Team must still be active
- User must not be part of the team
Access
- Admin
- Customer whose @id is in body
Authorizations:
Request Body schema: application/jsonrequired
The new password of the account
email required | string |
token required | string Token sent in challenge |
password required | string Password choosen by the user |
Responses
Request samples
- Payload
{- "email": "string",
- "token": "string",
- "password": "string"
}
Response samples
- 400
- 401
- 403
- 406
- 409
- 411
- 415
- 422
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Get user token for this team
Description
Generates a token for the user to be able to use team's whisperers and rights.
Rules
- Team must not be deleted
Access
- Customer being part of the team
- Admin
Authorizations:
path Parameters
id required | string Team internal @id |
Responses
Response samples
- 200
- 401
- 403
- 404
- 406
{- "token": "string"
}
Get a team info by its name
Description
Same as GET /teams/v1/teams/{id}
Authorizations:
path Parameters
name required | string Team name |
Responses
Response samples
- 200
- 401
- 403
- 404
- 406
{- "@id": "AnaRheQISOmLu8bKiQv11w",
- "@type": "Team",
- "version": "0.1",
- "name": "First team",
- "description": "Short team description.",
- "dateCreated": "2021-03-07T14:43:35.152Z",
- "creator": "hfQ1rsfcRKWslHwWAPJ9bg",
- "customers": [
- {
- "@id": "hfQ1rsfcRKWslHwWAPJ9bg",
- "email": "owner@gmail.com",
- "rights": {
- "share": true,
- "rights": true,
- "whisperers": true,
- "settings": true,
- "update": true
}
}, - {
- "@id": "FExgyFYtQdmskfNGpnKVBQ",
- "email": "test@gmail.com",
- "rights": {
- "rights": true,
- "whisperers": true,
- "share": false
}
}
], - "whisperers": [
- "dR6Gujz4RC2QyoAOyfDnWA",
- "H_rczKsfRXSJbkgQMk-ZYQ",
- "x7jxYx5PQb2wPEYa7D4Kgw",
- "M_OhNqT8TWGEEdVWVBOmiQ",
- "xGFWIX7zQMungzHcGz0YOw",
- "qCC4TpvyThic6FVAYf2VTw"
], - "settings": {
- "mergePattern": "^spiderdev_([^.]+).?",
- "clientsIdsCompactingPattern": "^http://spider.io/((?:apps|whisperers|customers)/.*)$"
}, - "technicalStatus": "ACTIVE",
- "dateModified": "2021-03-18T22:15:39.345Z",
- "token": "7p8i66dCQsynmFNULKdnjA",
- "editor": "hfQ1rsfcRKWslHwWAPJ9bg"
}
Search for Teams
Description
Search for teams.
Also available by GET method on the collection
Rules
- When not called by admin, will limit to teams of which the user belongs.
Access
- Admin
- User of the team
Authorizations:
Request Body schema: application/jsonrequired
Search parameters
query | string Free query, using Elasticsearch query string DSL. |
aggs | object Aggregation request, using Elasticsearch aggregation DSL. |
Array of objects Sorting option. Sorting by @id is automaticaly added. | |
next | Array of strings Aggregation request, using Elasticsearch aggregation DSL. |
size required | integer Page size. |
avoidTotalHits | boolean Tells if response should include total hits count. |
includeETags | boolean Tells if response should include _eTags fields for update. |
Responses
Request samples
- Payload
{- "query": "string",
- "aggs": { },
- "sort": [
- {
- "key": "string",
- "order": "asc"
}
], - "next": [
- "string"
], - "size": 0,
- "avoidTotalHits": true,
- "includeETags": true
}
Response samples
- 200
- 400
- 401
- 403
- 406
- 411
- 415
- 422
{- "total": 0,
- "items": [
- {
- "@id": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "@type": "Packet",
- "version": "2.0",
- "commonId": "ROlrqlFhTY2ayXIxTV2uZA.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "name": "456285.172.16.102.72-43118-172.16.102.125-8080#5",
- "whisperer": "ROlrqlFhTY2ayXIxTV2uZA",
- "instanceId": "rd-srv508-bes",
- "tcpSession": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931",
- "timestamp": 1642625100.188968,
- "length": 229,
- "rawPacket": {
- "link_type": "LINKTYPE_LINUX_SLL",
- "buf": [ ],
- "header": [ ]
}, - "protocols": {
- "Linux SLL": {
- "src": "50:6b:8d:3a:97:undefined",
- "dst": null
}, - "IPv4": {
- "src": "172.16.102.125",
- "dst": "172.16.102.72"
}, - "TCP": {
- "src": "8080",
- "dst": "43118",
- "direction": "in",
- "packetLot": 1,
- "index": 5,
- "relativeSeq": 1,
- "relativeAck": 0,
- "hasData": true
}
}, - "date": "2022-01-19T20:45:00.188Z",
- "minute": "2022-01-19T20:45:00.000Z",
- "protocolsList": [
- "Linux SLL",
- "IPv4",
- "TCP"
]
}
], - "aggs": { },
- "nextPage": {
- "@type": "SearchAction",
- "query": { }
}, - "asyncResults": {
- "@type": "SearchAction",
- "query": { }
}
}
Push packets
Description
Process a json payload of packets and:
- Make them ready for parsing.
- Save them (optional).
Checks
- Spider packets structure
Access
- Whisperers
Authorizations:
Request Body schema: application/jsonrequired
Json payload with packets to analyse by Spider.
@id | string Unique id of the packet in the system. |
@type | string Value: "Packet" |
version | string Value: "2.0" Version of the schema. |
name | string Name of the packet (for display). |
whisperer | string Whisperer that captured the packet |
instanceId | string Instance id of the whisperer |
tcpSession | string Id of the Tcp session the packet is in |
timestamp | number <double> Unix timestamp of capture, with microseconds |
length | integer Size of the packet (size of rawPacket.buf buffer) |
object List of protocols used by this packet, keys are protocols name: TCP, UDP, IPv4... | |
object |
Responses
Request samples
- Payload
{- "@id": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "@type": "Packet",
- "version": "2.0",
- "commonId": "ROlrqlFhTY2ayXIxTV2uZA.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "name": "456285.172.16.102.72-43118-172.16.102.125-8080#5",
- "whisperer": "ROlrqlFhTY2ayXIxTV2uZA",
- "instanceId": "rd-srv508-bes",
- "tcpSession": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931",
- "timestamp": 1642625100.188968,
- "length": 229,
- "protocols": {
- "Linux SLL": {
- "src": "50:6b:8d:3a:97:undefined",
- "dst": null
}, - "IPv4": {
- "src": "172.16.102.125",
- "dst": "172.16.102.72"
}, - "TCP": {
- "src": "8080",
- "dst": "43118",
- "direction": "in",
- "packetLot": 1,
- "index": 5,
- "relativeSeq": 1,
- "relativeAck": 0,
- "hasData": true
}
}, - "rawPacket": {
- "link_type": "LINKTYPE_LINUX_SLL",
- "buf": "",
- "header": ""
}
}
Response samples
- 400
- 401
- 403
- 406
- 411
- 415
- 422
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Search for packets
Description
Searches or aggregation analysis on packets
Also available by GET method on the collection
Rules
Admin may search without specifying a whisperer
Access
- Admin or client
- Customer
- Limited access to the whisperers it has access to
- Taking into account access filters
- Taking into account time range for public links
Authorizations:
Request Body schema: application/jsonrequired
Search parameters
whisperers | Array of strings List of whisperers to search on. |
startTime | number <double> Start unix timestamp of search window. Up to 6 decimals for microseconds. |
stopTime | number <double> Stop unix timestamp of search window. Up to 6 decimals for microseconds. |
startDate | string <date-time> Start date of search window (can replace startTime). |
stopDate | string <date-time> Stop date of search window (can replace stopTime). |
query | string Free query, using Elasticsearch query string DSL. |
aggs | object Aggregation request, using Elasticsearch aggregation DSL. |
Array of objects Sorting option. Sorting by @id is automaticaly added. | |
next | Array of strings Ids of the last resource already fetched to get next ones. |
size | integer Page size. |
withContent | boolean True if you want to embed content in the result items (only for HTTP coms) |
avoidTotalHits | boolean Tells if response should include total hits count. |
async | boolean Ask for an async search (when supported). |
asyncDelayMs | number <integer> How long (in milliseconds) server should wait for an answer before answering with a partial answer (when async). |
asyncId | string Id of previous async answer from server (to get follow up). Included in hypermedia answer from server when async answer. |
asyncKeepAliveS | number <integer> How long (in seconds) the async answer is allowed to search before being killed. |
Responses
Request samples
- Payload
{- "size": 20,
- "whisperers": [
- "KxZOoCLxSM6cVee7xq6iPw",
- "Km77Vs-SS4yRDXwivW8nlA"
], - "startTime": 1547789298.676,
- "stopTime": 1547805717.362,
- "query": "!req.uri:contexts AND !req.uri:version AND !req.query:afterUpdate*",
- "sort": [
- {
- "key": "req.start",
- "order": "asc"
}
]
}
Response samples
- 200
- 400
- 401
- 403
- 406
- 411
- 415
- 422
{- "total": 0,
- "items": [
- {
- "@id": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "@type": "Packet",
- "version": "2.0",
- "commonId": "ROlrqlFhTY2ayXIxTV2uZA.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "name": "456285.172.16.102.72-43118-172.16.102.125-8080#5",
- "whisperer": "ROlrqlFhTY2ayXIxTV2uZA",
- "instanceId": "rd-srv508-bes",
- "tcpSession": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931",
- "timestamp": 1642625100.188968,
- "length": 229,
- "rawPacket": {
- "link_type": "LINKTYPE_LINUX_SLL",
- "buf": [ ],
- "header": [ ]
}, - "protocols": {
- "Linux SLL": {
- "src": "50:6b:8d:3a:97:undefined",
- "dst": null
}, - "IPv4": {
- "src": "172.16.102.125",
- "dst": "172.16.102.72"
}, - "TCP": {
- "src": "8080",
- "dst": "43118",
- "direction": "in",
- "packetLot": 1,
- "index": 5,
- "relativeSeq": 1,
- "relativeAck": 0,
- "hasData": true
}
}, - "date": "2022-01-19T20:45:00.188Z",
- "minute": "2022-01-19T20:45:00.000Z",
- "protocolsList": [
- "Linux SLL",
- "IPv4",
- "TCP"
]
}
], - "aggs": { },
- "nextPage": {
- "@type": "SearchAction",
- "query": { }
}, - "asyncResults": {
- "@type": "SearchAction",
- "query": { }
}
}
Get a packet
Description
Get a packet
Access
- Admin
- Customer
- Limited access to the whisperers it has access to
- Taking into account access filters
- Taking into account time range for public links
Authorizations:
path Parameters
id required | string Internal id of packet |
Responses
Response samples
- 200
- 401
- 403
- 404
- 406
{- "@id": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "@type": "Packet",
- "version": "2.0",
- "commonId": "ROlrqlFhTY2ayXIxTV2uZA.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "name": "456285.172.16.102.72-43118-172.16.102.125-8080#5",
- "whisperer": "ROlrqlFhTY2ayXIxTV2uZA",
- "instanceId": "rd-srv508-bes",
- "tcpSession": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931",
- "timestamp": 1642625100.188968,
- "length": 229,
- "rawPacket": {
- "link_type": "LINKTYPE_LINUX_SLL",
- "buf": [ ],
- "header": [ ]
}, - "protocols": {
- "Linux SLL": {
- "src": "50:6b:8d:3a:97:undefined",
- "dst": null
}, - "IPv4": {
- "src": "172.16.102.125",
- "dst": "172.16.102.72"
}, - "TCP": {
- "src": "8080",
- "dst": "43118",
- "direction": "in",
- "packetLot": 1,
- "index": 5,
- "relativeSeq": 1,
- "relativeAck": 0,
- "hasData": true
}
}, - "date": "2022-01-19T20:45:00.188Z",
- "minute": "2022-01-19T20:45:00.000Z",
- "protocolsList": [
- "Linux SLL",
- "IPv4",
- "TCP"
]
}
Aggregate TCP payload for provided packets (fallback)
Description
Build the tcp payload of the packets listed in input.
Also available by GET method
Access
- Admin
- Customer
- Limited access to the whisperers it has access to
- Taking into account access filters
- Taking into account time range for public links
Authorizations:
Request Body schema: application/jsonrequired
List of packets identifiers
System id of packet
Responses
Request samples
- Payload
[- "string"
]
Response samples
- 400
- 401
- 403
- 406
- 411
- 415
- 422
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Get a collection of packets (fallback)
Description
Get the packets listed in input (by id).
Also available by GET method
Access
- Admin
- Application (another service)
- Customer
- Limited access to the whisperers it has access to
- Taking into account access filters
- Taking into account time range for public links
Authorizations:
Request Body schema: application/jsonrequired
List of packets identifiers
System id of packet
Responses
Request samples
- Payload
[- "string"
]
Response samples
- 200
- 400
- 401
- 403
- 406
- 411
- 415
- 422
[- { }
]
Get a packets of a Tcp Session between two indices (or from a index to the end)
Description
Get the packets of the {tcpSession} in input, from {indexStart} to {indexEnd} (opt).
Access
- Admin
- Application (another service)
- Customer
- Limited access to the whisperers it has access to
- Taking into account access filters
- Taking into account time range for public links
Authorizations:
Request Body schema: application/jsonrequired
Range of packets to receive
tcpSession | string Id of the Tcp session the packet is in |
indexStart | integer Index above which the first packet to send must be (exclusive) |
indexEnd | string Index before which the last packet to send must be (inclusive), optional |
Responses
Request samples
- Payload
{- "tcpSession": "string",
- "indexStart": 0,
- "indexEnd": "string"
}
Response samples
- 200
- 400
- 401
- 403
- 406
- 411
- 415
- 422
[- { }
]
Aggregate TCP payload for several group of packets
Description
Build the tcp payload of the list of packets groups listed in input.
Also available by GET method
Access
- Admin
- Customer
- Limited access to the whisperers it has access to
- Taking into account access filters
- Taking into account time range for public links
Authorizations:
Request Body schema: application/jsonrequired
List of packets groups
requestId | string Id of group of packets, internal to client |
packetIds | Array of strings |
Responses
Request samples
- Payload
[- {
- "requestId": "string",
- "packetIds": [
- "string"
]
}
]
Response samples
- 200
- 400
- 401
- 403
- 406
- 411
- 415
- 422
[- {
- "requestId": "string",
- "packetIds": [
- "string"
], - "data": [
- 0
], - "errorCode": "string",
- "errorMessage": "string"
}
]
Set packets as parsed
Description
Set the packets of {tcpSession} before {maxIndex} as parsed. When parsed, they are removed from working memory in Redis. Depending of whisperer settings to save Packets:
- Poller may synchronize them to ES, then remove them from Redis.
- Poller may plainly remove them from Redis.
- Pack Update may directly remove them from Redis, if already processed by Poller.
This API is used in real time processing of packets to optimise Redis usage and speed of processing.
Access
- Admin
- Application (another service)
Authorizations:
Request Body schema: application/jsonrequired
tcpSession | string System id of the TCP session owning the packets |
maxIndex | integer Maximum index that has been parsed (inclusive) |
Responses
Request samples
- Payload
[- {
- "tcpSession": "string",
- "maxIndex": 0
}
]
Response samples
- 401
- 403
- 406
- 411
- 415
- 422
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Purge packets
Description
Create a asynchronous purging job of packets.
Access
- Admin
- Client asking to purge only on whisperers it owns of with purge right
Authorizations:
Request Body schema: application/jsonrequired
List of packets identifiers
whisperers | Array of strings |
from | number <double> Start unix timestamp of purge window. Up to 6 decimals for microseconds. |
to | number <double> Stop unix timestamp of purge window. Up to 6 decimals for microseconds. |
Responses
Request samples
- Payload
{- "whisperers": [
- "string"
], - "from": 0.1,
- "to": 0.1
}
Response samples
- 401
- 403
- 406
- 411
- 415
- 422
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Get purge packets progress
Description
Get purge progress
Access
- Admin
- Customer
Authorizations:
path Parameters
job required | string Internal id of job |
Responses
Response samples
- 200
- 401
- 403
- 406
- 411
- 415
- 422
{- "completed": true,
- "total": 0,
- "deleted": 0,
- "failures": [
- { }
], - "durationMs": 0
}
TCP sessions: consistent stateful communication of packets between 2 hosts. Can contain any kind of exchanges. ANSI layer 4.
Push Tcp sessions
Description
Stores TCP sessions and trigger parsing of payload according to Whisperers parsing configuration.
Access
- Whisperers
Authorizations:
Request Body schema: application/jsonrequired
Tcp Session with packets id to analyse by Spider.
@id | string System id of TCP session |
name | string |
object Client host | |
object Server host | |
state | string Enum: "SYN_SENT" "SYN_RECEIVED" "ESTABLISHED" "CLOSE_WAIT" "LAST_ACK" "CLOSED" State of TCP session lifecycle |
packetsCount | integer Count of packets in the sessions |
synTimestamp | number <double> Timestamp of SYN packet |
missedSyn | boolean If whisperer missed SYN |
connectTimestamp | number <double> Timestamp when connection was established |
firstTimestamp | number <double> Timestamp of first packet (different from SYN when missedSyn) |
lastTimestamp | number <double> Timestamp of last packet |
object Out packets (responses from server) | |
object In packets (responses from server) |
Responses
Request samples
- Payload
[- {
- "@id": "OOX8KrBXTaKpLHhy1is0ng==.1457182652.130872.1",
- "whisperer": "OOX8KrBXTaKpLHhy1is0ng==",
- "name": "1457182652.130872.1",
- "state": "ESTABLISHED",
- "src": {
- "ip": "192.168.1.22",
- "port": 47566,
- "name": "web-write"
}, - "dst": {
- "ip": "5.135.41.230",
- "port": 80
}, - "in": {
- "ip": 2480,
- "tcp": 3976,
- "payload": 168567,
- "initialSeq": 237657365354
}, - "out": {
- "ip": 1400,
- "tcp": 2376,
- "payload": 4506,
- "initialSeq": 237657365354
}, - "minInSeq": 1341521279,
- "minOutSeq": 1877837644,
- "packetsCount": 5,
- "firstTimestamp": 1457182652.130872,
- "synTimestamp": 1457182652.130872,
- "connectTimestamp": 1457182653.1638,
- "lastTimestamp": 1457182654.871751,
- "missedSyn": false
}
]
Response samples
- 400
- 401
- 403
- 406
- 411
- 415
- 422
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Get a TCP session
Description
Get a TCP session
Access
- Admin
- Customer
- Limited access to the whisperers it has access to
- Taking into account access filters
- Taking into account time range for public links
Authorizations:
path Parameters
id required | string Internal id of TCP session |
Responses
Response samples
- 200
- 401
- 403
- 404
- 406
{- "@id": "string",
- "@type": "Tcp session",
- "version": "string",
- "name": "string",
- "whisperer": "string",
- "instanceId": "string",
- "src": {
- "ip": "192.168.0.1",
- "port": 0,
- "socket": "string",
- "name": "string"
}, - "dst": {
- "ip": "192.168.0.1",
- "port": 0,
- "socket": "string",
- "name": "string"
}, - "state": "SYN_SENT",
- "packetsCount": 0,
- "syn": 0.1,
- "missedSyn": true,
- "connect": 0.1,
- "first": 0.1,
- "firstDate": "2019-08-24",
- "last": 0.1,
- "lastDate": "2019-08-24",
- "duration": 0.1,
- "timespan": {
- "gte": "2019-08-24",
- "lte": 0
}, - "latency": 0.1,
- "out": {
- "ip": 0,
- "tcp": 0,
- "payload": 0,
- "initialSeq": 0
}, - "in": {
- "ip": 0,
- "tcp": 0,
- "payload": 0,
- "initialSeq": 0
}, - "parsers": {
- "http": {
- "status": "PARSING_COMPLETED",
- "lastParsing": "2019-08-24",
- "httpPers": "string",
- "itemsCount": 0,
- "lastPacketLotComplete": 0,
- "lastPacketParsedIndex": 0
}
}, - "dateModified": "2019-08-24"
}
Search for TCP sessions (fallback)
Description
Searches or aggregation analysis on TCP sessions
Also available by GET method on the collection
Rules
May ask for an aggregation, with size:0 and no whisperers defined:
- Admin
- Client with admin monitoring right
Access
- Admin
- Customer
- Limited access to the whisperers it has access to
- Taking into account access filters
- Taking into account time range for public links
Authorizations:
Request Body schema: application/jsonrequired
Search parameters
whisperers | Array of strings List of whisperers to search on. |
startTime | number <double> Start unix timestamp of search window. Up to 6 decimals for microseconds. |
stopTime | number <double> Stop unix timestamp of search window. Up to 6 decimals for microseconds. |
startDate | string <date-time> Start date of search window (can replace startTime). |
stopDate | string <date-time> Stop date of search window (can replace stopTime). |
query | string Free query, using Elasticsearch query string DSL. |
aggs | object Aggregation request, using Elasticsearch aggregation DSL. |
Array of objects Sorting option. Sorting by @id is automaticaly added. | |
next | Array of strings Ids of the last resource already fetched to get next ones. |
size | integer Page size. |
withContent | boolean True if you want to embed content in the result items (only for HTTP coms) |
avoidTotalHits | boolean Tells if response should include total hits count. |
async | boolean Ask for an async search (when supported). |
asyncDelayMs | number <integer> How long (in milliseconds) server should wait for an answer before answering with a partial answer (when async). |
asyncId | string Id of previous async answer from server (to get follow up). Included in hypermedia answer from server when async answer. |
asyncKeepAliveS | number <integer> How long (in seconds) the async answer is allowed to search before being killed. |
Responses
Request samples
- Payload
{- "size": 20,
- "whisperers": [
- "KxZOoCLxSM6cVee7xq6iPw",
- "Km77Vs-SS4yRDXwivW8nlA"
], - "startTime": 1547789298.676,
- "stopTime": 1547805717.362,
- "query": "!req.uri:contexts AND !req.uri:version AND !req.query:afterUpdate*",
- "sort": [
- {
- "key": "req.start",
- "order": "asc"
}
]
}
Response samples
- 200
- 400
- 401
- 403
- 406
- 411
- 415
- 422
{- "total": 0,
- "items": [
- {
- "@id": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "@type": "Packet",
- "version": "2.0",
- "commonId": "ROlrqlFhTY2ayXIxTV2uZA.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "name": "456285.172.16.102.72-43118-172.16.102.125-8080#5",
- "whisperer": "ROlrqlFhTY2ayXIxTV2uZA",
- "instanceId": "rd-srv508-bes",
- "tcpSession": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931",
- "timestamp": 1642625100.188968,
- "length": 229,
- "rawPacket": {
- "link_type": "LINKTYPE_LINUX_SLL",
- "buf": [ ],
- "header": [ ]
}, - "protocols": {
- "Linux SLL": {
- "src": "50:6b:8d:3a:97:undefined",
- "dst": null
}, - "IPv4": {
- "src": "172.16.102.125",
- "dst": "172.16.102.72"
}, - "TCP": {
- "src": "8080",
- "dst": "43118",
- "direction": "in",
- "packetLot": 1,
- "index": 5,
- "relativeSeq": 1,
- "relativeAck": 0,
- "hasData": true
}
}, - "date": "2022-01-19T20:45:00.188Z",
- "minute": "2022-01-19T20:45:00.000Z",
- "protocolsList": [
- "Linux SLL",
- "IPv4",
- "TCP"
]
}
], - "aggs": { },
- "nextPage": {
- "@type": "SearchAction",
- "query": { }
}, - "asyncResults": {
- "@type": "SearchAction",
- "query": { }
}
}
Preaggregated search for parsing status histogram
Description
Histogram aggregation analysis on TCP sessions
Rules
Size:0, no next, no sort.
- Admin
- Client with admin monitoring right
Access
- Admin
- Customer
- Limited access to the whisperers it has access to
Authorizations:
Request Body schema: application/jsonrequired
Search parameters
whisperers | Array of strings List of whisperers to search on. |
startTime | number <double> Start unix timestamp of search window. Up to 6 decimals for microseconds. |
stopTime | number <double> Stop unix timestamp of search window. Up to 6 decimals for microseconds. |
startDate | string <date-time> Start date of search window (can replace startTime). |
stopDate | string <date-time> Stop date of search window (can replace stopTime). |
query | string Free query, using Elasticsearch query string DSL. |
aggs | object Aggregation request, using Elasticsearch aggregation DSL. |
Array of objects Sorting option. Sorting by @id is automaticaly added. | |
next | Array of strings Ids of the last resource already fetched to get next ones. |
size | integer Page size. |
withContent | boolean True if you want to embed content in the result items (only for HTTP coms) |
avoidTotalHits | boolean Tells if response should include total hits count. |
async | boolean Ask for an async search (when supported). |
asyncDelayMs | number <integer> How long (in milliseconds) server should wait for an answer before answering with a partial answer (when async). |
asyncId | string Id of previous async answer from server (to get follow up). Included in hypermedia answer from server when async answer. |
asyncKeepAliveS | number <integer> How long (in seconds) the async answer is allowed to search before being killed. |
Responses
Request samples
- Payload
{- "size": 20,
- "whisperers": [
- "KxZOoCLxSM6cVee7xq6iPw",
- "Km77Vs-SS4yRDXwivW8nlA"
], - "startTime": 1547789298.676,
- "stopTime": 1547805717.362,
- "query": "!req.uri:contexts AND !req.uri:version AND !req.query:afterUpdate*",
- "sort": [
- {
- "key": "req.start",
- "order": "asc"
}
]
}
Response samples
- 200
- 400
- 401
- 403
- 406
- 411
- 415
- 422
{- "total": 0,
- "items": [
- {
- "@id": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "@type": "Packet",
- "version": "2.0",
- "commonId": "ROlrqlFhTY2ayXIxTV2uZA.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "name": "456285.172.16.102.72-43118-172.16.102.125-8080#5",
- "whisperer": "ROlrqlFhTY2ayXIxTV2uZA",
- "instanceId": "rd-srv508-bes",
- "tcpSession": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931",
- "timestamp": 1642625100.188968,
- "length": 229,
- "rawPacket": {
- "link_type": "LINKTYPE_LINUX_SLL",
- "buf": [ ],
- "header": [ ]
}, - "protocols": {
- "Linux SLL": {
- "src": "50:6b:8d:3a:97:undefined",
- "dst": null
}, - "IPv4": {
- "src": "172.16.102.125",
- "dst": "172.16.102.72"
}, - "TCP": {
- "src": "8080",
- "dst": "43118",
- "direction": "in",
- "packetLot": 1,
- "index": 5,
- "relativeSeq": 1,
- "relativeAck": 0,
- "hasData": true
}
}, - "date": "2022-01-19T20:45:00.188Z",
- "minute": "2022-01-19T20:45:00.000Z",
- "protocolsList": [
- "Linux SLL",
- "IPv4",
- "TCP"
]
}
], - "aggs": { },
- "nextPage": {
- "@type": "SearchAction",
- "query": { }
}, - "asyncResults": {
- "@type": "SearchAction",
- "query": { }
}
}
Modify the parsing result of a TCP session
Description
Update the Tcp session once the parsing is done.
Rules
- Only /parsers block can be updated
Access
- Admin
- Application
- Whisperer
- Limited access to the whisperer linked to the Tcp session
Authorizations:
path Parameters
id required | string Internal id of TCP session |
header Parameters
If-Match required | string eTag of previous state of the TCP session |
Request Body schema: application/json-patch+jsonrequired
Json patch with the changes
op required | string Enum: "test" "remove" "add" "replace" "move" "copy" |
path required | string |
value | string |
from | string |
Responses
Request samples
- Payload
[- {
- "op": "replace",
- "path": "/parsers/http/status",
- "value": "PARSED"
}, - {
- "op": "replace",
- "path": "/parsers/http/lastParsing",
- "value": "2017-01-08T20:34:30.013Z"
}
]
Response samples
- 401
- 403
- 404
- 406
- 411
- 412
- 415
- 422
- 428
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Modify the parsing result of TCP sessions, in bulk
Description
Update Tcp sessions once the parsing is done.
Rules
- Only /parsers block can be updated
Access
- Admin
- Application
Authorizations:
Request Body schema: application/jsonrequired
Array of Patches to TcpSessions
@id | string System Id of the Tcp session to update |
_eTag | string eTag of the Tcp session to update |
Array of objects (JsonPatch) |
Responses
Request samples
- Payload
[- {
- "@id": "OOX8KrBXTaKpLHhy1is0ng==.1457182652.130872.1",
- "_eTag": "\"43-E6FGZXDbp5+5MDzDUKD0RNz6ApA\"",
- "patch": [
- {
- "op": "replace",
- "path": "/parsers/http/status",
- "value": "PARSED"
}, - {
- "op": "replace",
- "path": "/parsers/http/lastParsing",
- "value": "2017-01-08T20:34:30.013Z"
}, - {
- "op": "replace",
- "path": "/parsers/http/itemsCount",
- "value": 3
}, - {
- "op": "replace",
- "path": "/parsers/http/lastPacketLotComplete",
- "value": 6
}, - {
- "op": "replace",
- "path": "/parsers/http/lastPacketParsedIndex",
- "value": 24
}
]
}
]
Response samples
- 200
- 401
- 403
- 406
- 411
- 415
- 422
{- "successes": [
- {
- "@id": "string"
}
], - "failures": [
- {
- "@id": "string",
- "code": "ETAG_MISMATCH",
- "reason": "string"
}
]
}
Get a set of TCP sessions with Tls by their client random
Description
Get a set of TCP session from a list of client ranndoms.
Access
- Admin
- Tls keys linker application
Authorizations:
Request Body schema: application/jsonrequired
Array of Whisperer+ClientRandom
whisperer | string Whisperer Id of Whisperer having captured the TcpSession |
clientRandom | string Client random found in the TLS handshake |
Responses
Request samples
- Payload
[- {
- "whisperer": "OOX8KrBXTaKpLHhy1is0ng",
- "clientRandom": "1fa2b42654f4deede463f394406ece35c2a3aee704a65f0d700d1bb3ca2be7a7"
}
]
Response samples
- 200
- 401
- 403
- 404
- 406
[- { }
]
Ask for Tcp sessions to parse by {type} parser
Description
Get Tcp sessions that needs parsing by {type} parser
- Returns a collection of Tcp sessions to parse
Access
- Admin
- Application
Authorizations:
path Parameters
type required | string Value: "HTTP" Type of parsing |
Request Body schema: application/jsonrequired
Polling parameters
before | string <date-time> Date before which to get sessions to parse. Safety delay. |
Responses
Request samples
- Payload
{- "before": "2019-08-24T14:15:22Z"
}
Response samples
- 201
- 401
- 403
- 404
- 406
{- "total": 0,
- "items": [
- { }
]
}
Ask for Tcp sessions in Warning status to parse by {type} parser
Description
Get Tcp sessions that have already been parsed by {type} parser, but that ended in WARNING parsing status. Indeed, most often the WARNING status means that the TCP session could not be parsed do to missing packets. We retry a bit ater once packets should be there.
- Returns a collection of Tcp sessions to parse
Access
- Admin
- Application
Authorizations:
path Parameters
type required | string Value: "HTTP" Type of parsing |
Request Body schema: application/jsonrequired
Polling parameters
before | string <date-time> Date before which to get sessions to parse. Safety delay. |
Responses
Request samples
- Payload
{- "before": "2019-08-24T14:15:22Z"
}
Response samples
- 201
- 401
- 403
- 404
- 406
{- "total": 0,
- "items": [
- { }
]
}
Purge TCP sessions
Description
Create a asynchronous purging job of TCP sessions.
Access
- Admin
- Client asking to purge only on whisperers it owns of with purge right
Authorizations:
Request Body schema: application/jsonrequired
List of TCP sessions identifiers
whisperers | Array of strings |
from | number <double> Start unix timestamp of purge window. Up to 6 decimals for microseconds. |
to | number <double> Stop unix timestamp of purge window. Up to 6 decimals for microseconds. |
Responses
Request samples
- Payload
{- "whisperers": [
- "string"
], - "from": 0.1,
- "to": 0.1
}
Response samples
- 401
- 403
- 406
- 411
- 415
- 422
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Get purge TCP sessions progress
Description
Get purge progress
Access
- Admin
- Customer
Authorizations:
path Parameters
job required | string Internal id of job |
Responses
Response samples
- 200
- 401
- 403
- 406
- 411
- 415
- 422
{- "completed": true,
- "total": 0,
- "deleted": 0,
- "failures": [
- { }
], - "durationMs": 0
}
Purge HTTP communications
Description
Create a asynchronous purging job of HTTP communications.
Access
- Admin
- Client asking to purge only on whisperers it owns of with purge right
Authorizations:
Request Body schema: application/jsonrequired
List of HTTP communications identifiers
whisperers | Array of strings |
from | number <double> Start unix timestamp of purge window. Up to 6 decimals for microseconds. |
to | number <double> Stop unix timestamp of purge window. Up to 6 decimals for microseconds. |
Responses
Request samples
- Payload
{- "whisperers": [
- "string"
], - "from": 0.1,
- "to": 0.1
}
Response samples
- 401
- 403
- 406
- 411
- 415
- 422
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Get purge Http communications progress
Description
Get purge progress
Access
- Admin
- Customer
Authorizations:
path Parameters
job required | string Internal id of job |
Responses
Response samples
- 200
- 401
- 403
- 406
- 411
- 415
- 422
{- "completed": true,
- "total": 0,
- "deleted": 0,
- "failures": [
- { }
], - "durationMs": 0
}
Purge HTTP parsing logs
Description
Create a asynchronous purging job of HTTP parsing logs.
Access
- Admin
- Client asking to purge only on whisperers it owns of with purge right
Authorizations:
Request Body schema: application/jsonrequired
List of HTTP parsing logs identifiers
whisperers | Array of strings |
from | number <double> Start unix timestamp of purge window. Up to 6 decimals for microseconds. |
to | number <double> Stop unix timestamp of purge window. Up to 6 decimals for microseconds. |
Responses
Request samples
- Payload
{- "whisperers": [
- "string"
], - "from": 0.1,
- "to": 0.1
}
Response samples
- 401
- 403
- 406
- 411
- 415
- 422
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Get purge Http parsing logs progress
Description
Get purge progress
Access
- Admin
- Customer
Authorizations:
path Parameters
job required | string Internal id of job |
Responses
Response samples
- 200
- 401
- 403
- 406
- 411
- 415
- 422
{- "completed": true,
- "total": 0,
- "deleted": 0,
- "failures": [
- { }
], - "durationMs": 0
}
Import Http communications
Description
Import a collection of Http communications
Access
- Admin
- Whisperer
- Only Httpcoms on this Whisperer can be created
Authorizations:
Request Body schema: application/json
@type | string Value: "HttpComDownload" |
user | string |
totalItems | integer Count of Http communications to import |
Array of objects (HttpCommunication) Array of Http communications |
Responses
Request samples
- Payload
{- "@type": "HttpComDownload",
- "user": "string",
- "totalItems": 0,
- "items": [
- {
- "@id": "string",
- "@type": "string",
- "version": "string",
- "name": "string",
- "tcpSession": "string",
- "httpPers": "string",
- "whisperer": "string",
- "instanceId": "string",
- "uploaded": true,
- "stats": {
- "statusCode": "string",
- "statusText": 0,
- "duration": 0.1,
- "timespan": {
- "gte": "2019-08-24",
- "lte": 0
}, - "src": {
- "ip": "192.168.0.1",
- "port": 0,
- "socket": "string",
- "name": "string",
- "origin": "192.168.0.1",
- "identification": "string"
}, - "dst": {
- "ip": "192.168.0.1",
- "port": 0,
- "socket": "string",
- "name": "string"
}, - "prox": [
- "string"
]
}, - "req": {
- "status": "COMPLETE",
- "method": "string",
- "httpVersion": "string",
- "uri": "string",
- "query": "string",
- "hash": "string",
- "template": "string",
- "start": 0.1,
- "startDate": "2019-08-24",
- "end": 0.1,
- "size": 0.1,
- "packets": [
- "string"
], - "headers": { },
- "rawHeaders": {
- "size": 0,
- "filtered": true,
- "content": "string"
}, - "body": {
- "contentType": "string",
- "embedded": true,
- "filtered": true,
- "length": 0,
- "size": 0,
- "content": "string"
}, - "tags": { }
}, - "res": {
- "status": "COMPLETE",
- "httpVersion": "string",
- "start": 0.1,
- "end": 0.1,
- "endDate": "2019-08-24",
- "size": 0.1,
- "packets": [
- "string"
], - "headers": { },
- "rawHeaders": {
- "size": 0,
- "filtered": true,
- "content": "string"
}, - "body": {
- "contentType": "string",
- "embedded": null,
- "filtered": true,
- "length": 0,
- "size": 0,
- "content": "string"
}, - "tags": { }
}
}
]
}
Response samples
- 400
- 401
- 403
- 406
- 411
- 415
- 422
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Get an HTTP communication
Description
Get an Http communication by its Id
Access
- Admin
- Customer
- Limited access to the whisperers it has access to
- Taking into account access filters
- Taking into account time range for public links
Authorizations:
path Parameters
id required | string System id of HTTP Communication |
Responses
Response samples
- 200
- 401
- 403
- 404
- 406
{- "@id": "string",
- "@type": "string",
- "version": "string",
- "name": "string",
- "tcpSession": "string",
- "httpPers": "string",
- "whisperer": "string",
- "instanceId": "string",
- "uploaded": true,
- "stats": {
- "statusCode": "string",
- "statusText": 0,
- "duration": 0.1,
- "timespan": {
- "gte": "2019-08-24",
- "lte": 0
}, - "src": {
- "ip": "192.168.0.1",
- "port": 0,
- "socket": "string",
- "name": "string",
- "origin": "192.168.0.1",
- "identification": "string"
}, - "dst": {
- "ip": "192.168.0.1",
- "port": 0,
- "socket": "string",
- "name": "string"
}, - "prox": [
- "string"
]
}, - "req": {
- "status": "COMPLETE",
- "method": "string",
- "httpVersion": "string",
- "uri": "string",
- "query": "string",
- "hash": "string",
- "template": "string",
- "start": 0.1,
- "startDate": "2019-08-24",
- "end": 0.1,
- "size": 0.1,
- "packets": [
- "string"
], - "headers": { },
- "rawHeaders": {
- "size": 0,
- "filtered": true,
- "content": "string"
}, - "body": {
- "contentType": "string",
- "embedded": true,
- "filtered": true,
- "length": 0,
- "size": 0,
- "content": "string"
}, - "tags": { }
}, - "res": {
- "status": "COMPLETE",
- "httpVersion": "string",
- "start": 0.1,
- "end": 0.1,
- "endDate": "2019-08-24",
- "size": 0.1,
- "packets": [
- "string"
], - "headers": { },
- "rawHeaders": {
- "size": 0,
- "filtered": true,
- "content": "string"
}, - "body": {
- "contentType": "string",
- "embedded": null,
- "filtered": true,
- "length": 0,
- "size": 0,
- "content": "string"
}, - "tags": { }
}
}
Get the headers part of an HTTP communication (request or response)
Description
Get the HTTP headers of an Http communication by its Id
Access
- Admin
- Customer
- Limited access to the whisperers it has access to
- Taking into account access filters
- Taking into account time range for public links
Authorizations:
path Parameters
id required | string System id of HTTP Communication |
part required | string Enum: "req" "res" Request or Response |
Responses
Response samples
- 400
- 401
- 403
- 404
- 406
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Get the body part of an HTTP communication (request or response)
Description
Get the payload body of an Http communication by its Id
Output
The output can be in 4 types, based on view parameter:
- [not defined]: Get the payload inline with original content type and content encoding, and with filename {id}.{extension based on mime type}
- raw: Get the payload as text with original encoding, inline, and with filename {id}.{extension based on mime type}
- download: Get the payload with original content-type and encoding, in an attachement file {id}.{extension based on mime type}
- octet-stream: Get the payload as captured on the network, in a binary attachement {id}.a
Access
- Admin
- Customer
- Limited access to the whisperers it has access to
- Taking into account access filters
- Taking into account time range for public links
Authorizations:
path Parameters
id required | string System id of HTTP Communication |
part required | string Enum: "req" "res" Request or Response |
query Parameters
view required | string Enum: "raw" "download" "octet-stream" Format of output |
Responses
Response samples
- 401
- 403
- 404
- 406
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Get an HTTP parsing log
Description
Get an Http parsing log by its Id
Access
- Admin
- Customer
- Limited access to the whisperers it has access to
- Taking into account time range for public links
Authorizations:
path Parameters
id required | string System id of HTTP Persistent Connection |
Responses
Response samples
- 200
- 401
- 403
- 404
- 406
{- "@id": "string",
- "@type": "string",
- "version": "string",
- "name": "string",
- "tcpSession": "string",
- "whisperer": "string",
- "instanceId": "string",
- "first": 0.1,
- "last": 0.1,
- "lastPacketLotComplete": 0,
- "lastPacketParsedIndex": 0,
- "parsingCount": 0,
- "itemsFound": 0,
- "packetLots": [
- {
- "@id": "string",
- "@type": "string",
- "index": 0,
- "dir": "in",
- "fetched": [
- {
- "date": "string"
}
], - "packets": [
- { }
], - "status": "PENDING",
- "error": {
- "code": "string",
- "message": "string"
}
}
]
}
Search for Http communications
Description
Searches or aggregation analysis on Http communications
Also available by GET method on the collection
Rules
May ask for an aggregation, with size:0 and no whisperers defined:
- Admin
- Client with admin monitoring right
Access
- Admin
- Customer
- Limited access to the whisperers it has access to
- Taking into account access filters
- Taking into account time range for public links
Authorizations:
Request Body schema: application/jsonrequired
Search parameters
whisperers | Array of strings List of whisperers to search on. |
startTime | number <double> Start unix timestamp of search window. Up to 6 decimals for microseconds. |
stopTime | number <double> Stop unix timestamp of search window. Up to 6 decimals for microseconds. |
startDate | string <date-time> Start date of search window (can replace startTime). |
stopDate | string <date-time> Stop date of search window (can replace stopTime). |
query | string Free query, using Elasticsearch query string DSL. |
aggs | object Aggregation request, using Elasticsearch aggregation DSL. |
Array of objects Sorting option. Sorting by @id is automaticaly added. | |
next | Array of strings Ids of the last resource already fetched to get next ones. |
size | integer Page size. |
withContent | boolean True if you want to embed content in the result items (only for HTTP coms) |
avoidTotalHits | boolean Tells if response should include total hits count. |
async | boolean Ask for an async search (when supported). |
asyncDelayMs | number <integer> How long (in milliseconds) server should wait for an answer before answering with a partial answer (when async). |
asyncId | string Id of previous async answer from server (to get follow up). Included in hypermedia answer from server when async answer. |
asyncKeepAliveS | number <integer> How long (in seconds) the async answer is allowed to search before being killed. |
Responses
Request samples
- Payload
{- "size": 20,
- "whisperers": [
- "KxZOoCLxSM6cVee7xq6iPw",
- "Km77Vs-SS4yRDXwivW8nlA"
], - "startTime": 1547789298.676,
- "stopTime": 1547805717.362,
- "query": "!req.uri:contexts AND !req.uri:version AND !req.query:afterUpdate*",
- "sort": [
- {
- "key": "req.start",
- "order": "asc"
}
]
}
Response samples
- 200
- 400
- 401
- 403
- 406
- 411
- 415
- 422
{- "total": 0,
- "items": [
- {
- "@id": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "@type": "Packet",
- "version": "2.0",
- "commonId": "ROlrqlFhTY2ayXIxTV2uZA.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "name": "456285.172.16.102.72-43118-172.16.102.125-8080#5",
- "whisperer": "ROlrqlFhTY2ayXIxTV2uZA",
- "instanceId": "rd-srv508-bes",
- "tcpSession": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931",
- "timestamp": 1642625100.188968,
- "length": 229,
- "rawPacket": {
- "link_type": "LINKTYPE_LINUX_SLL",
- "buf": [ ],
- "header": [ ]
}, - "protocols": {
- "Linux SLL": {
- "src": "50:6b:8d:3a:97:undefined",
- "dst": null
}, - "IPv4": {
- "src": "172.16.102.125",
- "dst": "172.16.102.72"
}, - "TCP": {
- "src": "8080",
- "dst": "43118",
- "direction": "in",
- "packetLot": 1,
- "index": 5,
- "relativeSeq": 1,
- "relativeAck": 0,
- "hasData": true
}
}, - "date": "2022-01-19T20:45:00.188Z",
- "minute": "2022-01-19T20:45:00.000Z",
- "protocolsList": [
- "Linux SLL",
- "IPv4",
- "TCP"
]
}
], - "aggs": { },
- "nextPage": {
- "@type": "SearchAction",
- "query": { }
}, - "asyncResults": {
- "@type": "SearchAction",
- "query": { }
}
}
Preaggregated search for parsing status histogram
Description
Histogram aggregation analysis on Http communications
Access
- Admin
- Customer
- Limited access to the whisperers it has access to
Authorizations:
Request Body schema: application/jsonrequired
Search parameters
whisperers | Array of strings List of whisperers to search on. |
startTime | number <double> Start unix timestamp of search window. Up to 6 decimals for microseconds. |
stopTime | number <double> Stop unix timestamp of search window. Up to 6 decimals for microseconds. |
startDate | string <date-time> Start date of search window (can replace startTime). |
stopDate | string <date-time> Stop date of search window (can replace stopTime). |
query | string Free query, using Elasticsearch query string DSL. |
aggs | object Aggregation request, using Elasticsearch aggregation DSL. |
Array of objects Sorting option. Sorting by @id is automaticaly added. | |
next | Array of strings Ids of the last resource already fetched to get next ones. |
size | integer Page size. |
withContent | boolean True if you want to embed content in the result items (only for HTTP coms) |
avoidTotalHits | boolean Tells if response should include total hits count. |
async | boolean Ask for an async search (when supported). |
asyncDelayMs | number <integer> How long (in milliseconds) server should wait for an answer before answering with a partial answer (when async). |
asyncId | string Id of previous async answer from server (to get follow up). Included in hypermedia answer from server when async answer. |
asyncKeepAliveS | number <integer> How long (in seconds) the async answer is allowed to search before being killed. |
Responses
Request samples
- Payload
{- "size": 20,
- "whisperers": [
- "KxZOoCLxSM6cVee7xq6iPw",
- "Km77Vs-SS4yRDXwivW8nlA"
], - "startTime": 1547789298.676,
- "stopTime": 1547805717.362,
- "query": "!req.uri:contexts AND !req.uri:version AND !req.query:afterUpdate*",
- "sort": [
- {
- "key": "req.start",
- "order": "asc"
}
]
}
Response samples
- 200
- 400
- 401
- 403
- 406
- 411
- 415
- 422
{- "total": 0,
- "items": [
- {
- "@id": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "@type": "Packet",
- "version": "2.0",
- "commonId": "ROlrqlFhTY2ayXIxTV2uZA.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "name": "456285.172.16.102.72-43118-172.16.102.125-8080#5",
- "whisperer": "ROlrqlFhTY2ayXIxTV2uZA",
- "instanceId": "rd-srv508-bes",
- "tcpSession": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931",
- "timestamp": 1642625100.188968,
- "length": 229,
- "rawPacket": {
- "link_type": "LINKTYPE_LINUX_SLL",
- "buf": [ ],
- "header": [ ]
}, - "protocols": {
- "Linux SLL": {
- "src": "50:6b:8d:3a:97:undefined",
- "dst": null
}, - "IPv4": {
- "src": "172.16.102.125",
- "dst": "172.16.102.72"
}, - "TCP": {
- "src": "8080",
- "dst": "43118",
- "direction": "in",
- "packetLot": 1,
- "index": 5,
- "relativeSeq": 1,
- "relativeAck": 0,
- "hasData": true
}
}, - "date": "2022-01-19T20:45:00.188Z",
- "minute": "2022-01-19T20:45:00.000Z",
- "protocolsList": [
- "Linux SLL",
- "IPv4",
- "TCP"
]
}
], - "aggs": { },
- "nextPage": {
- "@type": "SearchAction",
- "query": { }
}, - "asyncResults": {
- "@type": "SearchAction",
- "query": { }
}
}
Push Tls keys
Description
Stores Tls keys and trigger parsing of to link them to TCP sessions.
Access
- Gociphers
- Whisperers
- Admin
Authorizations:
Request Body schema: application/jsonrequired
Tls Keys to store.
Responses
Request samples
- Payload
[- {
- "@id": "baf9dE5LRBC7Ok-wk9Fgfg-1fa2b42654f4deede463f394406ece35c2a3aee704a65f0d700d1bb3ca2be7a7",
- "@type": "TlsKey",
- "gocipher": "local-gocipher",
- "instanceId": "local-gocipher-bwfbk",
- "captureDate": "2024-10-15T04:22:12.613262368Z",
- "whisperer": "baf9dE5LRBC7Ok-wk9Fgfg",
- "tlsVersion": "TLS 1.3",
- "clientRandom": "1fa2b42654f4deede463f394406ece35c2a3aee704a65f0d700d1bb3ca2be7a7",
- "serverRandom": "088dc4da39e951395a7a006e62b7f2f9e9e205ba26ce23e09d4175a84064e963",
- "masterKey": "",
- "cipher": {
- "name": "TLS_AES_256_GCM_SHA384",
- "version": 3
}, - "handshakeSecret": "090e4cbb3fa81bd4bf613b45f785db6d5734153c045a077f45d082e4437156b7099441a493f45972802b09440d88fbce",
- "handshakeTrafficHash": "99d196bff2813190fe8779f638d490cec246b54eea5047e33e48a2dd33daafdf6cb38b82fb17b877da38677513bc1fc7",
- "clientHandshakeTrafficSecret": "98c38930cb0a4276f22ccad85eb714f0a2260aabed3b58cfdc3bdda2d313dee54855fc650fbaf6711af61a70ecb1f63e",
- "serverHandshakeTrafficSecret": "20be12139df9ccbd5c4e61d9fee02e20d4a92276bfa56036086076752291cb13ef65946d78302a38303ae333781558a2",
- "clientAppTrafficSecret": "a19b4986e0b8acc6dee38363e77da9dce6f414a3d8280bc273df82939ed052a43f2f9d8ebc53287271565d1f2c5d2232",
- "serverAppTrafficSecret": "b1f7cbb2e73411993fe1a394cdcf00ab6a7da7d8319ce37aedf204480f344a76a8a8c5a0b3abec779d4a9302f585ef75",
- "exporterMasterSecret": "340f2570571bbffb682f9977b0465fbfafbfe4a06be2ddfb8af7d6351ff183ae87fb16e0def4cba554c93297c2cffe29"
}
]
Response samples
- 400
- 401
- 403
- 406
- 411
- 415
- 422
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Ask for new Tls keys to link to TCP sessions
Description
Get Tls keys that needs linking
- Returns a collection of Tls keys to link
Access
- Admin
- Application
Authorizations:
Request Body schema: application/jsonrequired
Polling parameters
before | string <date-time> Date before which to get tls keys to parse. Safety delay. |
Responses
Request samples
- Payload
{- "before": "2019-08-24T14:15:22Z"
}
Response samples
- 201
- 401
- 403
- 404
- 406
{- "total": 0,
- "items": [
- { }
]
}
Create a new Gocipher
Description
Create a new Gocipher, and associate it to the owner customer.
Access
- Customer, with Gociphers creation rights
- Admin
Authorizations:
Request Body schema: application/jsonrequired
Gocipher creation request
customer required | string System Id of the customer. |
name required | string Name of the Gocipher to create. |
Responses
Request samples
- Payload
{- "customer": "YOD66VZ54Jih",
- "name": "Dev cluster"
}
Response samples
- 400
- 401
- 403
- 406
- 409
- 411
- 415
- 422
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Search for Gociphers
Description
Search for Gociphers
Also available by GET method on the collection
Rules
If client is not admin, the search will be limited to the Gociphers owned by this customer or shared with him.
Access
- Admin
- Customer
Authorizations:
Request Body schema: application/jsonrequired
Search parameters
query | string Free query, using Elasticsearch query string DSL. |
aggs | object Aggregation request, using Elasticsearch aggregation DSL. |
Array of objects Sorting option. Sorting by @id is automaticaly added. | |
next | Array of strings Aggregation request, using Elasticsearch aggregation DSL. |
size required | integer Page size. |
avoidTotalHits | boolean Tells if response should include total hits count. |
includeETags | boolean Tells if response should include _eTags fields for update. |
Responses
Request samples
- Payload
{- "query": "string",
- "aggs": { },
- "sort": [
- {
- "key": "string",
- "order": "asc"
}
], - "next": [
- "string"
], - "size": 0,
- "avoidTotalHits": true,
- "includeETags": true
}
Response samples
- 200
- 400
- 401
- 403
- 406
- 411
- 415
- 422
{- "total": 0,
- "items": [
- {
- "@id": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "@type": "Packet",
- "version": "2.0",
- "commonId": "ROlrqlFhTY2ayXIxTV2uZA.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "name": "456285.172.16.102.72-43118-172.16.102.125-8080#5",
- "whisperer": "ROlrqlFhTY2ayXIxTV2uZA",
- "instanceId": "rd-srv508-bes",
- "tcpSession": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931",
- "timestamp": 1642625100.188968,
- "length": 229,
- "rawPacket": {
- "link_type": "LINKTYPE_LINUX_SLL",
- "buf": [ ],
- "header": [ ]
}, - "protocols": {
- "Linux SLL": {
- "src": "50:6b:8d:3a:97:undefined",
- "dst": null
}, - "IPv4": {
- "src": "172.16.102.125",
- "dst": "172.16.102.72"
}, - "TCP": {
- "src": "8080",
- "dst": "43118",
- "direction": "in",
- "packetLot": 1,
- "index": 5,
- "relativeSeq": 1,
- "relativeAck": 0,
- "hasData": true
}
}, - "date": "2022-01-19T20:45:00.188Z",
- "minute": "2022-01-19T20:45:00.000Z",
- "protocolsList": [
- "Linux SLL",
- "IPv4",
- "TCP"
]
}
], - "aggs": { },
- "nextPage": {
- "@type": "SearchAction",
- "query": { }
}, - "asyncResults": {
- "@type": "SearchAction",
- "query": { }
}
}
Get a Gocipher
Description
Get a Gocipher's details.
Rules
Only admins can see DELETED Gociphers.
Access
- Customer owning the Gocipher
- The own Gocipher
- Customer being shared access to this Gocipher
- Customer of a Team having access to this Gocipher
- Admin
Authorizations:
path Parameters
id required | string Internal id of Gocipher |
Responses
Response samples
- 200
- 401
- 403
- 404
- 406
{- "@id": "string",
- "@type": "Gocipher",
- "version": "string",
- "name": "string",
- "customer": "string",
- "apikey": "string",
- "config": {
- "@id": "string",
- "@type": "ControllerConfig",
- "version": "string",
- "creator": "string",
- "dateCreated": "2019-08-24",
- "editor": "string",
- "dateModified": "2019-08-24"
}, - "users": [
- {
- "@id": "string",
- "email": "string",
- "rights": {
- "share": true,
- "config": true,
- "install": true,
- "delete": true
}
}
], - "teams": [
- {
- "@id": "string",
- "name": "string"
}
], - "creator": "string",
- "dateCreated": "2019-08-24",
- "editor": "string",
- "dateModified": "2019-08-24"
}
Change Gocipher's name or shared users/teams
Description
Updates a customer. You can:
- Update Gocipher's name
- Change sharing settings: users and users rights on this Gocipher
Rules
- Can do any change:
- Admin
- Client owning the Gocipher
- Client of the team owning the Gocipher with Gociphers right
- Client being shared access to this Gocipher with config rights can:
- Change the name
- Client being shared access to this Gocipher with share rights can:
- Add or remove users from the sharing settings
- Client being shared access to this Gocipher with rights change rights can:
- Change rights of users in the sharing settings
Access
- Customer owning the Gocipher
- Client being shared access to this Gocipher with config, share or rights modification rights
- Admin
Authorizations:
path Parameters
id required | string Internal id of Gocipher |
header Parameters
If-Match required | string eTag of previous state of the Gocipher |
Request Body schema: application/json-patch+jsonrequired
Json patch with the changes
op required | string Enum: "test" "remove" "add" "replace" "move" "copy" |
path required | string |
value | string |
from | string |
Responses
Request samples
- Payload
[- {
- "op": "test",
- "path": "string",
- "value": "string",
- "from": "string"
}
]
Response samples
- 401
- 403
- 404
- 406
- 411
- 412
- 415
- 422
- 428
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Delete a Gocipher
Description
Delete a Gocipher.
- Put it to technicalStatus DELETED.
Access
- Customer owning the Gocipher
- Client being shared access to this Gocipher and with delete right
- Customer application
- Admin
Authorizations:
path Parameters
id required | string Internal id of Gocipher |
Responses
Response samples
- 401
- 403
- 404
- 406
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Create/Replace the Gocipher API key
Description
Create/Replace the Gocipher API key used for Gocipher connection to Spider.
The API key is a public/private key pair.
- The public key is stored in Gocipher's settings.
- The private key is sent in response to this call.
Any call to this API (if authorized) will overwrite the previous API key, and the Gocipher will not be able to use the previous one. A connected Gocipher will be disconnected when its current JWT token will expire. The API key is taken as a configuration AT START of Gociphers, and need a restart to be changed.
Output
The API can supports two outputs:
- application/json:
- Provides a file with the private key, Spider's URL, and the Gocipher's id This file is the only expected configuration file at Gocipher start.
- application/x-pem-file
- Provides only the private key as a PEM file
Access
- Customer owning the Gocipher
- Client of the team owning the Gocipher with Gociphers right
- Admin
Authorizations:
path Parameters
id required | string System id of Gocipher |
Responses
Response samples
- 201
- 401
- 403
- 404
- 406
{- "Gocipher": "abcdefghijklmnopqrstuv",
- "privatePem": "-----BEGIN RSA PRIVATE KEY-----\nline1\nline2\nline3\n...\n-----END RSA PRIVATE KEY-----\n"
}
Generate an API key signature with the private key of the Gocipher
Description
This endpoint is for testing purposes only:
- It allows testing the API key or the Gociphers API without a Gocipher
- It generates a valid signature for the Gocipher to call the configuration endpoint
- However, IT REQUIRES YOUR PRIVATE KEY IN INPUT
- After testing, please, reset your API key
Output
- The signature for this Gocipher, timestamp and private API key
- A validation of this signature with the Gocipher registered public API key
Access
- Customer owning the Gocipher
- Admin
Authorizations:
path Parameters
id required | string System id of Gocipher |
query Parameters
timeStamp required | string <date-time> Timestamp to use in signature |
instanceId required | string InstanceId to use in signature |
Request Body schema: application/x-pem-file
The Gocipher RSA private key, as a PEM
Responses
Response samples
- 400
- 401
- 403
- 404
- 406
- 411
- 415
- 422
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Get Gocipher configuration
Description
Get the configuration of this Gocipher Usages:
- Called by Gocipher at start (or before token expiration) with their API key
- Called by ephemeral Gocipher at start with the token given by the Controller
- Called by Gociphers regularly to check for configuration change
- Called by UI to get a Gocipher token to perform upload
- Called by UI to get configuration
- Called by services to get Gocipher configuration when parsing
API key
The first call from Gociphers is made by:
- building a json payload with current time and Gocipher id,
- then signing it with SHA256 algorithm using Gocipher's private key
const timeStamp = moment().toISOString();
const info = {
timeStamp,
GocipherId,
instanceId
};
const privKey = new NodeRSA(privatePem);
const signature = privKey.sign(Buffer.from(JSON.stringify(info)), 'base64');
- and then calling this API with specific headers:
Spider-TimeStamp: timeStamp
Spider-InstanceId: instanceId,
Spider-Signature: signature //base 64 encoded
Parameters
The view
parameter allows to modulate the output:
server
- Only server part (parsing) is sent
- Current configuration is merged with default configuration
client
- Only client part (parsing) is sent
- Current configuration is merged with default configuration
full
- Both client & server are sent
- Current configuration is merged with default configuration
null
- The raw configuration is sent (without merging with defaults)
- This view is used by UI to know what settings are specific, and what settings are defaults
Output
- The configuration
- A JWT token to use on further calls in Spider-Token header
- If no token provided
Access
- The own Gocipher
- Customer owning the Gocipher
- Client being shared access to this Gocipher
- Admin
Authorizations:
path Parameters
id required | string System id of Gocipher |
query Parameters
view | string Enum: "server" "client" "full" Type of configuration to get |
header Parameters
Spider-Signature | string <base64> Signature of the call by the Gocipher, with its API key |
Spider-Timestamp | string <date-time> Provided with API key in first Gocipher call to get its JWT token with the config |
Spider-InstanceId | string Provided with API key in first Gocipher call to get its JWT token with the config |
Responses
Response samples
- 400
- 401
- 403
- 404
- 406
- 500
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Send an hosts update for a whisperer
Description
An hosts list contains all hosts the whisperer has seen during its capture.
When processing the list, Spider can create a new entry of hosts for this Whisperer or update the nearest one.
Hosts lists can be sent in any order (to support upload).
Access
- Own whisperer
- Admin
Authorizations:
path Parameters
id required | string System id of Whisperer |
Request Body schema: application/json
ip required | string <ipv4> IP address of host |
name required | string FQDN of host as given by DNS |
type required | string Enum: "SERVER" "CLIENT" null Type of host |
firstSeen required | string <date-time> Date of first packet seen for this host |
lastSeen required | string <date-time> Date of last packet seen for this host |
lastUpdate required | string <date-time> Last time the DNS was queried to update the host name |
Responses
Request samples
- Payload
[- {
- "ip": "10.0.0.116",
- "name": "terminal_businessappsconfigs_service",
- "type": "SERVER",
- "lastSeen": "2019-01-27T13:43:44.260Z",
- "lastUpdate": "2019-01-27T13:43:16.092Z",
- "firstSeen": "2019-01-25T00:41:51.087Z"
}
]
Response samples
- 401
- 403
- 404
- 406
- 411
- 415
- 422
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Change the custom name of a Host.
Description
Update an Host:
- identified by an IP
- between two dates
- on one to many whisperers
The update:
- May change the customName of the host
- May update several hosts lists of the same whisperer
- May update several hosts lists of many whisperers
Access
- Admin
- Customer asking to update only on its whisperers (owned or shared)
Authorizations:
Request Body schema: application/jsonrequired
whisperers required | Array of strings non-empty List of whisperers on which to do the update |
ip required | string <ipv4> IP of the host for which to set custom name |
startTime required | number <double> Timestamp of period start for which to change |
stopTime required | number <double> Timestamp of period end for which to change |
customName | string The new name / optional - can be null |
Responses
Request samples
- Payload
{- "whisperers": [
- "YVWyUFNPRyCouvPBNmV9aw",
- "Y2GaZbDXRLq3cj-m8Zjviw",
- "GAf8TMCVRA-p8clfrxuduw"
], - "ip": "10.0.0.236",
- "startTime": 1548595820.545,
- "stopTime": 1548595882.677,
- "customName": "test-service"
}
Response samples
- 400
- 401
- 403
- 404
- 406
- 411
- 415
- 422
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Search for Hosts detected by a whisperer
Description
Search for hosts Returns a collection of HostsList
Rules
May ask searching without specifying a whisperer:
- Admin
- Client with admin monitoring rights
Access
- Admin
- Customer
- Limited access to the whisperers it has access to
- Taking into account time range for public links
Authorizations:
Request Body schema: application/jsonrequired
Search parameters
whisperers | Array of strings List of whisperers to search on. |
startTime | number <double> Start unix timestamp of search window. Up to 6 decimals for microseconds. |
stopTime | number <double> Stop unix timestamp of search window. Up to 6 decimals for microseconds. |
startDate | string <date-time> Start date of search window (can replace startTime). |
stopDate | string <date-time> Stop date of search window (can replace stopTime). |
query | string Free query, using Elasticsearch query string DSL. |
aggs | object Aggregation request, using Elasticsearch aggregation DSL. |
Array of objects Sorting option. Sorting by @id is automaticaly added. | |
next | Array of strings Ids of the last resource already fetched to get next ones. |
size | integer Page size. |
withContent | boolean True if you want to embed content in the result items (only for HTTP coms) |
avoidTotalHits | boolean Tells if response should include total hits count. |
async | boolean Ask for an async search (when supported). |
asyncDelayMs | number <integer> How long (in milliseconds) server should wait for an answer before answering with a partial answer (when async). |
asyncId | string Id of previous async answer from server (to get follow up). Included in hypermedia answer from server when async answer. |
asyncKeepAliveS | number <integer> How long (in seconds) the async answer is allowed to search before being killed. |
Responses
Request samples
- Payload
{- "size": 20,
- "whisperers": [
- "KxZOoCLxSM6cVee7xq6iPw",
- "Km77Vs-SS4yRDXwivW8nlA"
], - "startTime": 1547789298.676,
- "stopTime": 1547805717.362,
- "query": "!req.uri:contexts AND !req.uri:version AND !req.query:afterUpdate*",
- "sort": [
- {
- "key": "req.start",
- "order": "asc"
}
]
}
Response samples
- 200
- 400
- 401
- 403
- 406
- 411
- 415
- 422
{- "total": 0,
- "items": [
- {
- "@id": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "@type": "Packet",
- "version": "2.0",
- "commonId": "ROlrqlFhTY2ayXIxTV2uZA.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "name": "456285.172.16.102.72-43118-172.16.102.125-8080#5",
- "whisperer": "ROlrqlFhTY2ayXIxTV2uZA",
- "instanceId": "rd-srv508-bes",
- "tcpSession": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931",
- "timestamp": 1642625100.188968,
- "length": 229,
- "rawPacket": {
- "link_type": "LINKTYPE_LINUX_SLL",
- "buf": [ ],
- "header": [ ]
}, - "protocols": {
- "Linux SLL": {
- "src": "50:6b:8d:3a:97:undefined",
- "dst": null
}, - "IPv4": {
- "src": "172.16.102.125",
- "dst": "172.16.102.72"
}, - "TCP": {
- "src": "8080",
- "dst": "43118",
- "direction": "in",
- "packetLot": 1,
- "index": 5,
- "relativeSeq": 1,
- "relativeAck": 0,
- "hasData": true
}
}, - "date": "2022-01-19T20:45:00.188Z",
- "minute": "2022-01-19T20:45:00.000Z",
- "protocolsList": [
- "Linux SLL",
- "IPv4",
- "TCP"
]
}
], - "aggs": { },
- "nextPage": {
- "@type": "SearchAction",
- "query": { }
}, - "asyncResults": {
- "@type": "SearchAction",
- "query": { }
}
}
Send status information from a whisperer
Description
Whisperers are sending status every x seconds when started
Access
- Own whisperer
- Admin
Authorizations:
Request Body schema: application/json
time required | string <date-time> Time of status |
whisperer required | string System Id of whisperer |
instanceId required | string Instance id of the whisperer |
whispererName | string Name of whisperer - enriched by service |
hostname required | string FQDN of the host |
startTime required | string <date-time> Start time of the whisperer |
sessionStartTime | string Recording session start time |
upTime required | number Uptime of whisperer |
state required | string Enum: "STARTING" "RECORDING" "STOPPED" "SERVER_DOWN" "BREAK" "INTERNAL_ERROR" "INVALID_CONFIG" State of the whisperer |
object Statistics of REST API calls to the server, by API | |
required | object Total of metrics values since start of session |
object Metrics values since last send of status | |
Array of objects List of network interfaces of the host |
Responses
Request samples
- Payload
{- "@id": "Y2GaZbDXRLq3cj-m8Zjviw.1548595914874",
- "time": "2019-01-27T13:31:54.874Z",
- "whisperer": "Y2GaZbDXRLq3cj-m8Zjviw",
- "hostname": "node-3.streetsmart.sit3",
- "instanceId": "1a2aebcf734f",
- "startTime": "2019-01-16T14:40:19.843Z",
- "sessionStartTime": "2019-01-25T11:17:40.234Z",
- "upTime": 946295.88,
- "state": "RECORDING",
- "circuitBreakers": {
- "summary": {
- "totalCount": 20,
- "totalSuccessful": 20,
- "totalErrors": 0
}, - "Get whisperer config with API key": {
- "key": "Get whisperer config with API key",
- "open": false,
- "max90": 0,
- "latencyMean": 0,
- "successful": 0,
- "errors": 0,
- "shortCircuited": 0,
- "failed": 0,
- "timedOut": 0,
- "totalCount": 0
}, - "Post status": {
- "key": "Post status",
- "open": false,
- "max90": 27,
- "latencyMean": 27,
- "successful": 1,
- "errors": 0,
- "shortCircuited": 0,
- "failed": 0,
- "timedOut": 0,
- "totalCount": 1
}, - "Post packets": {
- "key": "Post packets",
- "open": false,
- "max90": 44,
- "latencyMean": 26,
- "successful": 9,
- "errors": 0,
- "shortCircuited": 0,
- "failed": 0,
- "timedOut": 0,
- "totalCount": 9
}, - "Post sessions": {
- "key": "Post sessions",
- "open": false,
- "max90": 17,
- "latencyMean": 12,
- "successful": 7,
- "errors": 0,
- "shortCircuited": 0,
- "failed": 0,
- "timedOut": 0,
- "totalCount": 7
}, - "Get whisperer config with token": {
- "key": "Get whisperer config with token",
- "open": false,
- "max90": 14,
- "latencyMean": 12,
- "successful": 2,
- "errors": 0,
- "shortCircuited": 0,
- "failed": 0,
- "timedOut": 0,
- "totalCount": 2
}, - "Post hosts": {
- "key": "Post hosts",
- "open": false,
- "max90": 18,
- "latencyMean": 18,
- "successful": 1,
- "errors": 0,
- "shortCircuited": 0,
- "failed": 0,
- "timedOut": 0,
- "totalCount": 1
}
}, - "total": {
- "cpuUsage": {
- "overall": 6080110.3,
- "process": 19450.72
}, - "memoryUsage": {
- "free": 162,
- "process": 132
}, - "pcapSession": {
- "received": 90041092,
- "dropped": 208,
- "ifDropped": 0
}, - "tcpSessions": 399033,
- "hosts": 43,
- "packets": {
- "count": 4067089,
- "size": 1677558858
}, - "queues": {
- "packets": {
- "length": 0,
- "overflow": 0
}, - "packetsVxlan": { },
- "tcpSessions": {
- "length": 0,
- "overflow": 0
}
}
}, - "new": {
- "cpuUsage": {
- "overall": 2.33,
- "process": 0.02
}, - "packets": {
- "count": 925,
- "size": 391289
}, - "queues": {
- "packets": {
- "overflow": 0
}, - "packetsVxlan": { },
- "tcpSessions": {
- "overflow": 0
}
}, - "pcapSession": {
- "received": 10516,
- "dropped": 0,
- "ifDropped": 0
}, - "tcpSessions": 89
}, - "interfaces": [
- {
- "interface": "lo",
- "address": "127.0.0.1",
- "netmask": "255.0.0.0",
- "family": "IPv4",
- "mac": "00:00:00:00:00:00",
- "internal": true,
- "cidr": "127.0.0.1/8"
}, - {
- "interface": "eth0",
- "address": "10.255.0.8",
- "netmask": "255.255.0.0",
- "family": "IPv4",
- "mac": "02:42:0a:ff:00:08",
- "internal": false,
- "cidr": "10.255.0.8/16"
}, - {
- "interface": "eth2",
- "address": "172.18.0.3",
- "netmask": "255.255.0.0",
- "family": "IPv4",
- "mac": "02:42:ac:12:00:03",
- "internal": false,
- "cidr": "172.18.0.3/16"
}, - {
- "interface": "eth1",
- "address": "10.0.0.7",
- "netmask": "255.255.255.0",
- "family": "IPv4",
- "mac": "02:42:0a:00:00:07",
- "internal": false,
- "cidr": "10.0.0.7/24"
}
]
}
Response samples
- 401
- 403
- 404
- 406
- 411
- 415
- 422
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Get a collection of current whisps status
Description
Get the statuses listed in input (by id).
Also available by GET method
Access
- Admin
- Customer
- Limited access to the whisperers it has access to
- Taking into account time range for public links
Authorizations:
Request Body schema: application/jsonrequired
List of whisperers identifiers
System id of whisperer
Responses
Request samples
- Payload
[- "string"
]
Response samples
- 200
- 401
- 403
- 406
- 411
- 415
- 422
[- { }
]
Search for raw status sent by a whisperer
Description
Search for raw status
Rules
May ask searching without specifying a whisperer:
- Admin
- Client with admin monitoring rights
Access
- Admin
- Customer, limited on search on its whisperers
Authorizations:
Request Body schema: application/jsonrequired
Search parameters
whisperers | Array of strings List of whisperers to search on. |
startTime | number <double> Start unix timestamp of search window. Up to 6 decimals for microseconds. |
stopTime | number <double> Stop unix timestamp of search window. Up to 6 decimals for microseconds. |
startDate | string <date-time> Start date of search window (can replace startTime). |
stopDate | string <date-time> Stop date of search window (can replace stopTime). |
query | string Free query, using Elasticsearch query string DSL. |
aggs | object Aggregation request, using Elasticsearch aggregation DSL. |
Array of objects Sorting option. Sorting by @id is automaticaly added. | |
next | Array of strings Ids of the last resource already fetched to get next ones. |
size | integer Page size. |
withContent | boolean True if you want to embed content in the result items (only for HTTP coms) |
avoidTotalHits | boolean Tells if response should include total hits count. |
async | boolean Ask for an async search (when supported). |
asyncDelayMs | number <integer> How long (in milliseconds) server should wait for an answer before answering with a partial answer (when async). |
asyncId | string Id of previous async answer from server (to get follow up). Included in hypermedia answer from server when async answer. |
asyncKeepAliveS | number <integer> How long (in seconds) the async answer is allowed to search before being killed. |
Responses
Request samples
- Payload
{- "size": 20,
- "whisperers": [
- "KxZOoCLxSM6cVee7xq6iPw",
- "Km77Vs-SS4yRDXwivW8nlA"
], - "startTime": 1547789298.676,
- "stopTime": 1547805717.362,
- "query": "!req.uri:contexts AND !req.uri:version AND !req.query:afterUpdate*",
- "sort": [
- {
- "key": "req.start",
- "order": "asc"
}
]
}
Response samples
- 200
- 400
- 401
- 403
- 406
- 411
- 415
- 422
{- "total": 0,
- "items": [
- {
- "@id": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "@type": "Packet",
- "version": "2.0",
- "commonId": "ROlrqlFhTY2ayXIxTV2uZA.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "name": "456285.172.16.102.72-43118-172.16.102.125-8080#5",
- "whisperer": "ROlrqlFhTY2ayXIxTV2uZA",
- "instanceId": "rd-srv508-bes",
- "tcpSession": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931",
- "timestamp": 1642625100.188968,
- "length": 229,
- "rawPacket": {
- "link_type": "LINKTYPE_LINUX_SLL",
- "buf": [ ],
- "header": [ ]
}, - "protocols": {
- "Linux SLL": {
- "src": "50:6b:8d:3a:97:undefined",
- "dst": null
}, - "IPv4": {
- "src": "172.16.102.125",
- "dst": "172.16.102.72"
}, - "TCP": {
- "src": "8080",
- "dst": "43118",
- "direction": "in",
- "packetLot": 1,
- "index": 5,
- "relativeSeq": 1,
- "relativeAck": 0,
- "hasData": true
}
}, - "date": "2022-01-19T20:45:00.188Z",
- "minute": "2022-01-19T20:45:00.000Z",
- "protocolsList": [
- "Linux SLL",
- "IPv4",
- "TCP"
]
}
], - "aggs": { },
- "nextPage": {
- "@type": "SearchAction",
- "query": { }
}, - "asyncResults": {
- "@type": "SearchAction",
- "query": { }
}
}
Preaggregated search for parsing status histogram
Description
Histogram aggregation analysis on Whisperers status
Access
- Admin
- Customer
- Limited access to the whisperers it has access to
- Taking into account time range for public links
Authorizations:
Request Body schema: application/jsonrequired
Search parameters
whisperers | Array of strings List of whisperers to search on. |
startTime | number <double> Start unix timestamp of search window. Up to 6 decimals for microseconds. |
stopTime | number <double> Stop unix timestamp of search window. Up to 6 decimals for microseconds. |
startDate | string <date-time> Start date of search window (can replace startTime). |
stopDate | string <date-time> Stop date of search window (can replace stopTime). |
query | string Free query, using Elasticsearch query string DSL. |
aggs | object Aggregation request, using Elasticsearch aggregation DSL. |
Array of objects Sorting option. Sorting by @id is automaticaly added. | |
next | Array of strings Ids of the last resource already fetched to get next ones. |
size | integer Page size. |
withContent | boolean True if you want to embed content in the result items (only for HTTP coms) |
avoidTotalHits | boolean Tells if response should include total hits count. |
async | boolean Ask for an async search (when supported). |
asyncDelayMs | number <integer> How long (in milliseconds) server should wait for an answer before answering with a partial answer (when async). |
asyncId | string Id of previous async answer from server (to get follow up). Included in hypermedia answer from server when async answer. |
asyncKeepAliveS | number <integer> How long (in seconds) the async answer is allowed to search before being killed. |
Responses
Request samples
- Payload
{- "size": 20,
- "whisperers": [
- "KxZOoCLxSM6cVee7xq6iPw",
- "Km77Vs-SS4yRDXwivW8nlA"
], - "startTime": 1547789298.676,
- "stopTime": 1547805717.362,
- "query": "!req.uri:contexts AND !req.uri:version AND !req.query:afterUpdate*",
- "sort": [
- {
- "key": "req.start",
- "order": "asc"
}
]
}
Response samples
- 200
- 400
- 401
- 403
- 406
- 411
- 415
- 422
{- "total": 0,
- "items": [
- {
- "@id": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "@type": "Packet",
- "version": "2.0",
- "commonId": "ROlrqlFhTY2ayXIxTV2uZA.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "name": "456285.172.16.102.72-43118-172.16.102.125-8080#5",
- "whisperer": "ROlrqlFhTY2ayXIxTV2uZA",
- "instanceId": "rd-srv508-bes",
- "tcpSession": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931",
- "timestamp": 1642625100.188968,
- "length": 229,
- "rawPacket": {
- "link_type": "LINKTYPE_LINUX_SLL",
- "buf": [ ],
- "header": [ ]
}, - "protocols": {
- "Linux SLL": {
- "src": "50:6b:8d:3a:97:undefined",
- "dst": null
}, - "IPv4": {
- "src": "172.16.102.125",
- "dst": "172.16.102.72"
}, - "TCP": {
- "src": "8080",
- "dst": "43118",
- "direction": "in",
- "packetLot": 1,
- "index": 5,
- "relativeSeq": 1,
- "relativeAck": 0,
- "hasData": true
}
}, - "date": "2022-01-19T20:45:00.188Z",
- "minute": "2022-01-19T20:45:00.000Z",
- "protocolsList": [
- "Linux SLL",
- "IPv4",
- "TCP"
]
}
], - "aggs": { },
- "nextPage": {
- "@type": "SearchAction",
- "query": { }
}, - "asyncResults": {
- "@type": "SearchAction",
- "query": { }
}
}
Search for current status of whisperers
Description
Search for current status of whisperers
Rules
May ask searching without specifying a whisperer:
- Admin
- Client with admin monitoring rights
Access
- Admin
- Customer, limited on search on its whisperers
Authorizations:
Request Body schema: application/jsonrequired
Search parameters
whisperers | Array of strings List of whisperers to search on. |
query | string Free query, using Elasticsearch query string DSL. |
aggs | object Aggregation request, using Elasticsearch aggregation DSL. |
Array of objects Sorting option. Sorting by @id is automaticaly added. | |
next | Array of strings Aggregation request, using Elasticsearch aggregation DSL. |
size required | integer Page size. |
avoidTotalHits | boolean Tells if response should include total hits count. |
Responses
Request samples
- Payload
{- "size": 20,
- "whisperers": [
- "KxZOoCLxSM6cVee7xq6iPw",
- "Km77Vs-SS4yRDXwivW8nlA"
], - "query": "",
- "sort": [
- {
- "key": "time",
- "order": "asc"
}
]
}
Response samples
- 200
- 400
- 401
- 403
- 406
- 411
- 415
- 422
{- "total": 0,
- "items": [
- {
- "@id": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "@type": "Packet",
- "version": "2.0",
- "commonId": "ROlrqlFhTY2ayXIxTV2uZA.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "name": "456285.172.16.102.72-43118-172.16.102.125-8080#5",
- "whisperer": "ROlrqlFhTY2ayXIxTV2uZA",
- "instanceId": "rd-srv508-bes",
- "tcpSession": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931",
- "timestamp": 1642625100.188968,
- "length": 229,
- "rawPacket": {
- "link_type": "LINKTYPE_LINUX_SLL",
- "buf": [ ],
- "header": [ ]
}, - "protocols": {
- "Linux SLL": {
- "src": "50:6b:8d:3a:97:undefined",
- "dst": null
}, - "IPv4": {
- "src": "172.16.102.125",
- "dst": "172.16.102.72"
}, - "TCP": {
- "src": "8080",
- "dst": "43118",
- "direction": "in",
- "packetLot": 1,
- "index": 5,
- "relativeSeq": 1,
- "relativeAck": 0,
- "hasData": true
}
}, - "date": "2022-01-19T20:45:00.188Z",
- "minute": "2022-01-19T20:45:00.000Z",
- "protocolsList": [
- "Linux SLL",
- "IPv4",
- "TCP"
]
}
], - "aggs": { },
- "nextPage": {
- "@type": "SearchAction",
- "query": { }
}, - "asyncResults": {
- "@type": "SearchAction",
- "query": { }
}
}
Send status information from a Gocipher
Description
Gociphers are sending status every x seconds when started
Access
- Own whisperer
- Admin
Authorizations:
Request Body schema: application/json
time required | string <date-time> Time of status |
whisperer required | string System Id of whisperer |
instanceId required | string Instance id of the whisperer |
whispererName | string Name of whisperer - enriched by service |
hostname required | string FQDN of the host |
startTime required | string <date-time> Start time of the whisperer |
sessionStartTime | string Recording session start time |
upTime required | number Uptime of whisperer |
state required | string Enum: "STARTING" "RECORDING" "STOPPED" "SERVER_DOWN" "BREAK" "INTERNAL_ERROR" "INVALID_CONFIG" State of the whisperer |
object Statistics of REST API calls to the server, by API | |
required | object Total of metrics values since start of session |
object Metrics values since last send of status | |
Array of objects List of network interfaces of the host |
Responses
Request samples
- Payload
{- "@id": "Y2GaZbDXRLq3cj-m8Zjviw.1548595914874",
- "time": "2019-01-27T13:31:54.874Z",
- "whisperer": "Y2GaZbDXRLq3cj-m8Zjviw",
- "hostname": "node-3.streetsmart.sit3",
- "instanceId": "1a2aebcf734f",
- "startTime": "2019-01-16T14:40:19.843Z",
- "sessionStartTime": "2019-01-25T11:17:40.234Z",
- "upTime": 946295.88,
- "state": "RECORDING",
- "circuitBreakers": {
- "summary": {
- "totalCount": 20,
- "totalSuccessful": 20,
- "totalErrors": 0
}, - "Get whisperer config with API key": {
- "key": "Get whisperer config with API key",
- "open": false,
- "max90": 0,
- "latencyMean": 0,
- "successful": 0,
- "errors": 0,
- "shortCircuited": 0,
- "failed": 0,
- "timedOut": 0,
- "totalCount": 0
}, - "Post status": {
- "key": "Post status",
- "open": false,
- "max90": 27,
- "latencyMean": 27,
- "successful": 1,
- "errors": 0,
- "shortCircuited": 0,
- "failed": 0,
- "timedOut": 0,
- "totalCount": 1
}, - "Post packets": {
- "key": "Post packets",
- "open": false,
- "max90": 44,
- "latencyMean": 26,
- "successful": 9,
- "errors": 0,
- "shortCircuited": 0,
- "failed": 0,
- "timedOut": 0,
- "totalCount": 9
}, - "Post sessions": {
- "key": "Post sessions",
- "open": false,
- "max90": 17,
- "latencyMean": 12,
- "successful": 7,
- "errors": 0,
- "shortCircuited": 0,
- "failed": 0,
- "timedOut": 0,
- "totalCount": 7
}, - "Get whisperer config with token": {
- "key": "Get whisperer config with token",
- "open": false,
- "max90": 14,
- "latencyMean": 12,
- "successful": 2,
- "errors": 0,
- "shortCircuited": 0,
- "failed": 0,
- "timedOut": 0,
- "totalCount": 2
}, - "Post hosts": {
- "key": "Post hosts",
- "open": false,
- "max90": 18,
- "latencyMean": 18,
- "successful": 1,
- "errors": 0,
- "shortCircuited": 0,
- "failed": 0,
- "timedOut": 0,
- "totalCount": 1
}
}, - "total": {
- "cpuUsage": {
- "overall": 6080110.3,
- "process": 19450.72
}, - "memoryUsage": {
- "free": 162,
- "process": 132
}, - "pcapSession": {
- "received": 90041092,
- "dropped": 208,
- "ifDropped": 0
}, - "tcpSessions": 399033,
- "hosts": 43,
- "packets": {
- "count": 4067089,
- "size": 1677558858
}, - "queues": {
- "packets": {
- "length": 0,
- "overflow": 0
}, - "packetsVxlan": { },
- "tcpSessions": {
- "length": 0,
- "overflow": 0
}
}
}, - "new": {
- "cpuUsage": {
- "overall": 2.33,
- "process": 0.02
}, - "packets": {
- "count": 925,
- "size": 391289
}, - "queues": {
- "packets": {
- "overflow": 0
}, - "packetsVxlan": { },
- "tcpSessions": {
- "overflow": 0
}
}, - "pcapSession": {
- "received": 10516,
- "dropped": 0,
- "ifDropped": 0
}, - "tcpSessions": 89
}, - "interfaces": [
- {
- "interface": "lo",
- "address": "127.0.0.1",
- "netmask": "255.0.0.0",
- "family": "IPv4",
- "mac": "00:00:00:00:00:00",
- "internal": true,
- "cidr": "127.0.0.1/8"
}, - {
- "interface": "eth0",
- "address": "10.255.0.8",
- "netmask": "255.255.0.0",
- "family": "IPv4",
- "mac": "02:42:0a:ff:00:08",
- "internal": false,
- "cidr": "10.255.0.8/16"
}, - {
- "interface": "eth2",
- "address": "172.18.0.3",
- "netmask": "255.255.0.0",
- "family": "IPv4",
- "mac": "02:42:ac:12:00:03",
- "internal": false,
- "cidr": "172.18.0.3/16"
}, - {
- "interface": "eth1",
- "address": "10.0.0.7",
- "netmask": "255.255.255.0",
- "family": "IPv4",
- "mac": "02:42:0a:00:00:07",
- "internal": false,
- "cidr": "10.0.0.7/24"
}
]
}
Response samples
- 401
- 403
- 404
- 406
- 411
- 415
- 422
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Get a collection of current Gociphers status
Description
Get the statuses listed in input (by id).
Also available by GET method
Access
- Admin
- Customer
- Limited access to the Gociphers it has access to
- Taking into account time range for public links
Authorizations:
Request Body schema: application/jsonrequired
List of Gociphers identifiers
System id of Gocipher
Responses
Request samples
- Payload
[- "string"
]
Response samples
- 200
- 401
- 403
- 406
- 411
- 415
- 422
[- { }
]
Search for raw status sent by a Gocipher
Description
Search for raw status
Rules
May ask searching without specifying a Gocipher:
- Admin
- Client with admin monitoring rights
Access
- Admin
- Customer, limited on search on its Gociphers
Authorizations:
Request Body schema: application/jsonrequired
Search parameters
whisperers | Array of strings List of whisperers to search on. |
startTime | number <double> Start unix timestamp of search window. Up to 6 decimals for microseconds. |
stopTime | number <double> Stop unix timestamp of search window. Up to 6 decimals for microseconds. |
startDate | string <date-time> Start date of search window (can replace startTime). |
stopDate | string <date-time> Stop date of search window (can replace stopTime). |
query | string Free query, using Elasticsearch query string DSL. |
aggs | object Aggregation request, using Elasticsearch aggregation DSL. |
Array of objects Sorting option. Sorting by @id is automaticaly added. | |
next | Array of strings Ids of the last resource already fetched to get next ones. |
size | integer Page size. |
withContent | boolean True if you want to embed content in the result items (only for HTTP coms) |
avoidTotalHits | boolean Tells if response should include total hits count. |
async | boolean Ask for an async search (when supported). |
asyncDelayMs | number <integer> How long (in milliseconds) server should wait for an answer before answering with a partial answer (when async). |
asyncId | string Id of previous async answer from server (to get follow up). Included in hypermedia answer from server when async answer. |
asyncKeepAliveS | number <integer> How long (in seconds) the async answer is allowed to search before being killed. |
Responses
Request samples
- Payload
{- "size": 20,
- "whisperers": [
- "KxZOoCLxSM6cVee7xq6iPw",
- "Km77Vs-SS4yRDXwivW8nlA"
], - "startTime": 1547789298.676,
- "stopTime": 1547805717.362,
- "query": "!req.uri:contexts AND !req.uri:version AND !req.query:afterUpdate*",
- "sort": [
- {
- "key": "req.start",
- "order": "asc"
}
]
}
Response samples
- 200
- 400
- 401
- 403
- 406
- 411
- 415
- 422
{- "total": 0,
- "items": [
- {
- "@id": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "@type": "Packet",
- "version": "2.0",
- "commonId": "ROlrqlFhTY2ayXIxTV2uZA.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "name": "456285.172.16.102.72-43118-172.16.102.125-8080#5",
- "whisperer": "ROlrqlFhTY2ayXIxTV2uZA",
- "instanceId": "rd-srv508-bes",
- "tcpSession": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931",
- "timestamp": 1642625100.188968,
- "length": 229,
- "rawPacket": {
- "link_type": "LINKTYPE_LINUX_SLL",
- "buf": [ ],
- "header": [ ]
}, - "protocols": {
- "Linux SLL": {
- "src": "50:6b:8d:3a:97:undefined",
- "dst": null
}, - "IPv4": {
- "src": "172.16.102.125",
- "dst": "172.16.102.72"
}, - "TCP": {
- "src": "8080",
- "dst": "43118",
- "direction": "in",
- "packetLot": 1,
- "index": 5,
- "relativeSeq": 1,
- "relativeAck": 0,
- "hasData": true
}
}, - "date": "2022-01-19T20:45:00.188Z",
- "minute": "2022-01-19T20:45:00.000Z",
- "protocolsList": [
- "Linux SLL",
- "IPv4",
- "TCP"
]
}
], - "aggs": { },
- "nextPage": {
- "@type": "SearchAction",
- "query": { }
}, - "asyncResults": {
- "@type": "SearchAction",
- "query": { }
}
}
Search for current status of Gociphers
Description
Search for current status of Gociphers
Rules
May ask searching without specifying a Gocipher:
- Admin
- Client with admin monitoring rights
Access
- Admin
- Customer, limited on search on its Gociphers
Authorizations:
Request Body schema: application/jsonrequired
Search parameters
whisperers | Array of strings List of whisperers to search on. |
query | string Free query, using Elasticsearch query string DSL. |
aggs | object Aggregation request, using Elasticsearch aggregation DSL. |
Array of objects Sorting option. Sorting by @id is automaticaly added. | |
next | Array of strings Aggregation request, using Elasticsearch aggregation DSL. |
size required | integer Page size. |
avoidTotalHits | boolean Tells if response should include total hits count. |
Responses
Request samples
- Payload
{- "size": 20,
- "whisperers": [
- "KxZOoCLxSM6cVee7xq6iPw",
- "Km77Vs-SS4yRDXwivW8nlA"
], - "query": "",
- "sort": [
- {
- "key": "time",
- "order": "asc"
}
]
}
Response samples
- 200
- 400
- 401
- 403
- 406
- 411
- 415
- 422
{- "total": 0,
- "items": [
- {
- "@id": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "@type": "Packet",
- "version": "2.0",
- "commonId": "ROlrqlFhTY2ayXIxTV2uZA.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "name": "456285.172.16.102.72-43118-172.16.102.125-8080#5",
- "whisperer": "ROlrqlFhTY2ayXIxTV2uZA",
- "instanceId": "rd-srv508-bes",
- "tcpSession": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931",
- "timestamp": 1642625100.188968,
- "length": 229,
- "rawPacket": {
- "link_type": "LINKTYPE_LINUX_SLL",
- "buf": [ ],
- "header": [ ]
}, - "protocols": {
- "Linux SLL": {
- "src": "50:6b:8d:3a:97:undefined",
- "dst": null
}, - "IPv4": {
- "src": "172.16.102.125",
- "dst": "172.16.102.72"
}, - "TCP": {
- "src": "8080",
- "dst": "43118",
- "direction": "in",
- "packetLot": 1,
- "index": 5,
- "relativeSeq": 1,
- "relativeAck": 0,
- "hasData": true
}
}, - "date": "2022-01-19T20:45:00.188Z",
- "minute": "2022-01-19T20:45:00.000Z",
- "protocolsList": [
- "Linux SLL",
- "IPv4",
- "TCP"
]
}
], - "aggs": { },
- "nextPage": {
- "@type": "SearchAction",
- "query": { }
}, - "asyncResults": {
- "@type": "SearchAction",
- "query": { }
}
}
Get current targets for this Whisperer across all Gociphers
Description
Get the targets being watched for this Whisperer.
Also available by GET method
Access
- Admin
- Customer
- Limited access to the Whisperers it has access to
Authorizations:
path Parameters
whisperer required | string Internal id of Whisperer |
Responses
Response samples
- 200
- 401
- 403
- 406
- 411
- 415
- 422
[- { }
]
Create a new Link
Description
Stores a UI state and gives a link in returns.
Access
- Customer
- Admin
Authorizations:
Request Body schema: application/jsonrequired
The state to link
required | object |
object | |
main required | object |
required | object |
search required | object |
Responses
Request samples
- Payload
{- "userInfo": {
- "whisp": {
- "selected": [
- "string"
]
}, - "impersonate": {
- "selected": "string"
}
}, - "time": {
- "timeSpan": {
- "start": "2019-08-24T14:15:22Z",
- "stop": "2019-08-24T14:15:22Z"
}, - "timeAggregation": "string"
}, - "main": { },
- "networkMap": {
- "origin": { },
- "zoom": { }
}, - "search": { }
}
Response samples
- 400
- 401
- 403
- 406
- 411
- 415
- 422
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Search for Links
Description
Search for links.
Also available by GET method on the collection
Rules
May ask searching without specifying a whisperer:
- Admin
- Client with admin monitoring rights
Access
- Admin
- Customer
Authorizations:
Request Body schema: application/jsonrequired
Search parameters
query | string Free query, using Elasticsearch query string DSL. |
aggs | object Aggregation request, using Elasticsearch aggregation DSL. |
Array of objects Sorting option. Sorting by @id is automaticaly added. | |
next | Array of strings Aggregation request, using Elasticsearch aggregation DSL. |
size required | integer Page size. |
avoidTotalHits | boolean Tells if response should include total hits count. |
includeETags | boolean Tells if response should include _eTags fields for update. |
Responses
Request samples
- Payload
{- "query": "string",
- "aggs": { },
- "sort": [
- {
- "key": "string",
- "order": "asc"
}
], - "next": [
- "string"
], - "size": 0,
- "avoidTotalHits": true,
- "includeETags": true
}
Response samples
- 200
- 400
- 401
- 403
- 406
- 411
- 415
- 422
{- "total": 0,
- "items": [
- {
- "@id": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "@type": "Packet",
- "version": "2.0",
- "commonId": "ROlrqlFhTY2ayXIxTV2uZA.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "name": "456285.172.16.102.72-43118-172.16.102.125-8080#5",
- "whisperer": "ROlrqlFhTY2ayXIxTV2uZA",
- "instanceId": "rd-srv508-bes",
- "tcpSession": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931",
- "timestamp": 1642625100.188968,
- "length": 229,
- "rawPacket": {
- "link_type": "LINKTYPE_LINUX_SLL",
- "buf": [ ],
- "header": [ ]
}, - "protocols": {
- "Linux SLL": {
- "src": "50:6b:8d:3a:97:undefined",
- "dst": null
}, - "IPv4": {
- "src": "172.16.102.125",
- "dst": "172.16.102.72"
}, - "TCP": {
- "src": "8080",
- "dst": "43118",
- "direction": "in",
- "packetLot": 1,
- "index": 5,
- "relativeSeq": 1,
- "relativeAck": 0,
- "hasData": true
}
}, - "date": "2022-01-19T20:45:00.188Z",
- "minute": "2022-01-19T20:45:00.000Z",
- "protocolsList": [
- "Linux SLL",
- "IPv4",
- "TCP"
]
}
], - "aggs": { },
- "nextPage": {
- "@type": "SearchAction",
- "query": { }
}, - "asyncResults": {
- "@type": "SearchAction",
- "query": { }
}
}
Get a link
Description
Get a link
The link may be public or not
Access for private link
- Customer
- Admin
Rules
- If Public link, it is not DELETED or deprecated
Access for public link
- Customer who created it
- Admin
- When using public link token
- FreeAccess is true
- User email is in recipients list
- User email domain is in domains list
Authorizations:
path Parameters
id required | string Links system Id |
Responses
Response samples
- 200
- 401
- 403
- 404
- 406
{- "@id": "fH5R3ZjhR7WPHBn2GDg1cA",
- "@type": "sp:link",
- "dateCreated": "2019-01-27T20:58:30.421Z",
- "creator": "VBqPbgjYRsK00O76DVeroQ==",
- "version": "0.1",
- "content": { }
}
Create a new Public Link
Description
Stores a UI state and gives a public link in return.
Access
- Customer with publishing permission on the whisperers present in the state, or on the team
- Admin
Authorizations:
Request Body schema: application/jsonrequired
required | Array of objects A collection of filters defining access control. |
freeAccess | boolean Flag indicating if the link provides free access without restrictions. |
sendEmail | boolean Indicates whether an email notification should be sent. |
dateDeprecated | string <date> The ISO date when the public link becomes deprecated. |
domains required | Array of strings List of domains whose emails have access to the public link. Starting with '@'. |
recipients required | Array of strings Email addresses of the recipients with access. |
stateToShare required | object Object representing the UI state to be shared. |
Responses
Request samples
- Payload
{- "accessFilters": [
- {
- "view": "string",
- "query": "string",
- "accessForbidden": true
}
], - "freeAccess": true,
- "sendEmail": true,
- "dateDeprecated": "2019-08-24",
- "domains": [
- "string"
], - "recipients": [
- "string"
], - "stateToShare": { }
}
Response samples
- 201
- 400
- 401
- 403
- 406
- 411
- 415
- 422
{- "urlToShare": "string"
}
Search for Public Links
Description
Search for public links.
Also available by GET method on the collection
Rules
content
is removedurlToShare
field is added with the Url of the link
Access
- Admin
- Customer to the public links he created
Authorizations:
Request Body schema: application/jsonrequired
Search parameters
query | string Free query, using Elasticsearch query string DSL. |
aggs | object Aggregation request, using Elasticsearch aggregation DSL. |
Array of objects Sorting option. Sorting by @id is automaticaly added. | |
next | Array of strings Aggregation request, using Elasticsearch aggregation DSL. |
size required | integer Page size. |
avoidTotalHits | boolean Tells if response should include total hits count. |
includeETags | boolean Tells if response should include _eTags fields for update. |
Responses
Request samples
- Payload
{- "query": "string",
- "aggs": { },
- "sort": [
- {
- "key": "string",
- "order": "asc"
}
], - "next": [
- "string"
], - "size": 0,
- "avoidTotalHits": true,
- "includeETags": true
}
Response samples
- 200
- 400
- 401
- 403
- 406
- 411
- 415
- 422
{- "total": 0,
- "items": [
- {
- "@id": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "@type": "Packet",
- "version": "2.0",
- "commonId": "ROlrqlFhTY2ayXIxTV2uZA.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "name": "456285.172.16.102.72-43118-172.16.102.125-8080#5",
- "whisperer": "ROlrqlFhTY2ayXIxTV2uZA",
- "instanceId": "rd-srv508-bes",
- "tcpSession": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931",
- "timestamp": 1642625100.188968,
- "length": 229,
- "rawPacket": {
- "link_type": "LINKTYPE_LINUX_SLL",
- "buf": [ ],
- "header": [ ]
}, - "protocols": {
- "Linux SLL": {
- "src": "50:6b:8d:3a:97:undefined",
- "dst": null
}, - "IPv4": {
- "src": "172.16.102.125",
- "dst": "172.16.102.72"
}, - "TCP": {
- "src": "8080",
- "dst": "43118",
- "direction": "in",
- "packetLot": 1,
- "index": 5,
- "relativeSeq": 1,
- "relativeAck": 0,
- "hasData": true
}
}, - "date": "2022-01-19T20:45:00.188Z",
- "minute": "2022-01-19T20:45:00.000Z",
- "protocolsList": [
- "Linux SLL",
- "IPv4",
- "TCP"
]
}
], - "aggs": { },
- "nextPage": {
- "@type": "SearchAction",
- "query": { }
}, - "asyncResults": {
- "@type": "SearchAction",
- "query": { }
}
}
Delete a public link
Description
Set a public link to DELETED status, making it invisible to searches and get.
Access
- Customer that has created the public link
- Admin
Authorizations:
path Parameters
id required | string Public link system Id |
Responses
Response samples
- 401
- 403
- 404
- 406
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Create and send a One Time Password for a user trying to connect to a Public link
Description
Create a One Time Password for a user trying to connect to a Public link. Send this OTP to the email of the user.
Rules
- Link is not DELETED or deprecated
Access
- FreeAccess is true
- User email is in recipients list
- User email domain is in domains list
path Parameters
id required | string Public link system Id |
Request Body schema: application/jsonrequired
Array of strings Email address of the user trying to access. |
Responses
Request samples
- Payload
{- "email": [
- "string"
]
}
Response samples
- 201
- 400
- 401
- 403
- 406
- 411
- 415
- 422
{- "status": "string"
}
Connects a public user and generates a public link JWT
Description
Connects a public user by generating a JWT specific to this public link, with dedicated access filters.
Rules
- Link is not DELETED or deprecated
- OTP is not too old
- OTP is associated to this email and link
Processing
- Email and connection date are added to public link tracked sessions
Access
- FreeAccess is true
- User email is in recipients list
- User email domain is in domains list
path Parameters
id required | string Public link system Id |
Request Body schema: application/jsonrequired
Array of strings Email address of the user trying to access. | |
otp | Array of strings One Time Password associated to this email. |
Responses
Request samples
- Payload
{- "email": [
- "string"
], - "otp": [
- "string"
]
}
Response samples
- 201
- 400
- 401
- 403
- 406
- 411
- 415
- 422
{- "token": "string"
}
Search for Sessions
Description
Search for sessions. Sessions are confidential, searching them is much restricted.
Also available by GET method on the collection
Access
- Admin
- Customer with admin monitoring right asking for an aggregation with size:0
Authorizations:
Request Body schema: application/jsonrequired
Search parameters
whisperers | Array of strings List of whisperers to search on. |
startTime | number <double> Start unix timestamp of search window. Up to 6 decimals for microseconds. |
stopTime | number <double> Stop unix timestamp of search window. Up to 6 decimals for microseconds. |
startDate | string <date-time> Start date of search window (can replace startTime). |
stopDate | string <date-time> Stop date of search window (can replace stopTime). |
query | string Free query, using Elasticsearch query string DSL. |
aggs | object Aggregation request, using Elasticsearch aggregation DSL. |
Array of objects Sorting option. Sorting by @id is automaticaly added. | |
next | Array of strings Ids of the last resource already fetched to get next ones. |
size | integer Page size. |
withContent | boolean True if you want to embed content in the result items (only for HTTP coms) |
avoidTotalHits | boolean Tells if response should include total hits count. |
async | boolean Ask for an async search (when supported). |
asyncDelayMs | number <integer> How long (in milliseconds) server should wait for an answer before answering with a partial answer (when async). |
asyncId | string Id of previous async answer from server (to get follow up). Included in hypermedia answer from server when async answer. |
asyncKeepAliveS | number <integer> How long (in seconds) the async answer is allowed to search before being killed. |
Responses
Request samples
- Payload
{- "size": 20,
- "whisperers": [
- "KxZOoCLxSM6cVee7xq6iPw",
- "Km77Vs-SS4yRDXwivW8nlA"
], - "startTime": 1547789298.676,
- "stopTime": 1547805717.362,
- "query": "!req.uri:contexts AND !req.uri:version AND !req.query:afterUpdate*",
- "sort": [
- {
- "key": "req.start",
- "order": "asc"
}
]
}
Response samples
- 200
- 400
- 401
- 403
- 406
- 411
- 415
- 422
{- "total": 0,
- "items": [
- {
- "@id": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "@type": "Packet",
- "version": "2.0",
- "commonId": "ROlrqlFhTY2ayXIxTV2uZA.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "name": "456285.172.16.102.72-43118-172.16.102.125-8080#5",
- "whisperer": "ROlrqlFhTY2ayXIxTV2uZA",
- "instanceId": "rd-srv508-bes",
- "tcpSession": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931",
- "timestamp": 1642625100.188968,
- "length": 229,
- "rawPacket": {
- "link_type": "LINKTYPE_LINUX_SLL",
- "buf": [ ],
- "header": [ ]
}, - "protocols": {
- "Linux SLL": {
- "src": "50:6b:8d:3a:97:undefined",
- "dst": null
}, - "IPv4": {
- "src": "172.16.102.125",
- "dst": "172.16.102.72"
}, - "TCP": {
- "src": "8080",
- "dst": "43118",
- "direction": "in",
- "packetLot": 1,
- "index": 5,
- "relativeSeq": 1,
- "relativeAck": 0,
- "hasData": true
}
}, - "date": "2022-01-19T20:45:00.188Z",
- "minute": "2022-01-19T20:45:00.000Z",
- "protocolsList": [
- "Linux SLL",
- "IPv4",
- "TCP"
]
}
], - "aggs": { },
- "nextPage": {
- "@type": "SearchAction",
- "query": { }
}, - "asyncResults": {
- "@type": "SearchAction",
- "query": { }
}
}
Get a session
Description
Get a session
Access
- Customer whose session it is
- Admin
Authorizations:
path Parameters
id required | string Sessions system Id |
Responses
Response samples
- 200
- 401
- 403
- 404
- 406
{- "@id": "06cb72b6-5a87-4baa-a3ca-620806a6aa7b",
- "dateCreated": "2019-01-27T21:03:38.750Z",
- "creator": "VBqPbgjYRsK00dhzdVeroQ",
- "version": "0.1",
- "dateModified": "2019-01-27T21:18:41.746Z",
- "updater": "VBqPbgjYRsK00dhzdVeroQ",
- "user": {
- "@id": "VBqPbgjYRsK00dhzdVeroQ",
- "email": "user@nomail.com"
}, - "main": {
- "app": "network-view",
- "start": "2019-01-27T20:57:47.468Z",
- "stop": "2019-01-27T20:58:38.320Z",
- "duration": 50,
- "reloads": 2,
- "activeHours": [
- "2019-01-27T20:00:00.000Z"
]
}, - "views": {
- "HTTP": {
- "duration": 44,
- "active": true,
- "start": "2019-01-27T20:58:38.320Z"
}, - "TCP": { },
- "PACKET": { }
}, - "subViews": {
- "TABLE": {
- "duration": 44,
- "active": true,
- "start": "2019-01-27T20:58:38.320Z"
}, - "SEQ_DIAG": { },
- "STATS": { }
}, - "options": {
- "hideGateways": {
- "active": false,
- "duration": 0
}, - "mergedReplicas": {
- "active": false,
- "duration": 0
}, - "showCircle": {
- "active": false,
- "duration": 0
}, - "menuOpened": {
- "active": false,
- "duration": 0
}, - "drawerOpened": {
- "active": true,
- "start": "2019-01-27T20:58:38.320Z",
- "duration": 44
}, - "detailsPinned": {
- "active": false,
- "duration": 0
}
}, - "whisperers": {
- "selected": [
- "SIT1 - W1",
- "SIT1 - W2",
- "SIT1 - W3",
- "SIT1 - W4",
- "SIT1 - W5"
]
}, - "actions": [
- {
- "name": "menu.whisperers.search",
- "count": 2
}, - {
- "name": "menu.whisperers.select",
- "count": 4
}, - {
- "name": "map.zoom",
- "count": 2
}, - {
- "name": "timeLine.drag",
- "count": 1
}, - {
- "name": "links.create",
- "count": 1
}
], - "actionsTotalCount": 11
}
Save a session
Description
Save a session
Access
- Customer whose session it is
- Admin
Authorizations:
path Parameters
id required | string Sessions system Id |
Request Body schema: application/jsonrequired
The session
@id required | string System id |
required | object Connected user |
required | object |
views required | object Statistics on the view used |
subViews | object Statistics on the subview used |
options | object Options selected |
whisperers | object List of selected whisperers |
Array of objects Statistics on the actions triggered by the user |
Responses
Request samples
- Payload
{- "@id": "06cb72b6-5a87-4baa-a3ca-620806a6aa7b",
- "dateCreated": "2019-01-27T21:03:38.750Z",
- "creator": "VBqPbgjYRsK00dhzdVeroQ",
- "version": "0.1",
- "dateModified": "2019-01-27T21:18:41.746Z",
- "updater": "VBqPbgjYRsK00dhzdVeroQ",
- "user": {
- "@id": "VBqPbgjYRsK00dhzdVeroQ",
- "email": "user@nomail.com"
}, - "main": {
- "app": "network-view",
- "start": "2019-01-27T20:57:47.468Z",
- "stop": "2019-01-27T20:58:38.320Z",
- "duration": 50,
- "reloads": 2,
- "activeHours": [
- "2019-01-27T20:00:00.000Z"
]
}, - "views": {
- "HTTP": {
- "duration": 44,
- "active": true,
- "start": "2019-01-27T20:58:38.320Z"
}, - "TCP": { },
- "PACKET": { }
}, - "subViews": {
- "TABLE": {
- "duration": 44,
- "active": true,
- "start": "2019-01-27T20:58:38.320Z"
}, - "SEQ_DIAG": { },
- "STATS": { }
}, - "options": {
- "hideGateways": {
- "active": false,
- "duration": 0
}, - "mergedReplicas": {
- "active": false,
- "duration": 0
}, - "showCircle": {
- "active": false,
- "duration": 0
}, - "menuOpened": {
- "active": false,
- "duration": 0
}, - "drawerOpened": {
- "active": true,
- "start": "2019-01-27T20:58:38.320Z",
- "duration": 44
}, - "detailsPinned": {
- "active": false,
- "duration": 0
}
}, - "whisperers": {
- "selected": [
- "SIT1 - W1",
- "SIT1 - W2",
- "SIT1 - W3",
- "SIT1 - W4",
- "SIT1 - W5"
]
}, - "actions": [
- {
- "name": "menu.whisperers.search",
- "count": 2
}, - {
- "name": "menu.whisperers.select",
- "count": 4
}, - {
- "name": "map.zoom",
- "count": 2
}, - {
- "name": "timeLine.drag",
- "count": 1
}, - {
- "name": "links.create",
- "count": 1
}
], - "actionsTotalCount": 11
}
Response samples
- 401
- 403
- 404
- 406
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Create a new Job
Description
Create a job
Process
- If type is PurgeJob
- Launches the purge on all selected resources
- Check progress and update the job regularly until success or failure
Access
- Admin
- Customer creating a Job on its whisperers
Authorizations:
Request Body schema: application/jsonrequired
The Job details
jobType required | string Enum: "PurgeJob" "DownloadJob" "UploadJob" "..." Type of job |
jobParameters required | object Input of the job |
progress required | integer Progress in % |
whisperer required | Array of strings List of whisperers |
startTime | string <date-time> Start of the job |
endTime | string <date-time> End of the job |
updateTime | string <date-time> Last update of the job |
actionStatus required | string Enum: "ActiveActionStatus" "CompletedActionStatus" "FailedActionStatus" "PotentialActionStatus" Status of the job |
result | object Result of the job |
error | object Error of the job, if any |
Responses
Request samples
- Payload
{- "jobType": "PurgeJob",
- "jobParameters": { },
- "progress": 0,
- "whisperer": [
- "string"
], - "startTime": "2019-08-24T14:15:22Z",
- "endTime": "2019-08-24T14:15:22Z",
- "updateTime": "2019-08-24T14:15:22Z",
- "actionStatus": "ActiveActionStatus",
- "result": { },
- "error": { }
}
Response samples
- 400
- 401
- 403
- 406
- 411
- 415
- 422
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Search for Jobs
Description
Search for jobs.
Also available by GET method on the collection
Rules
Admin and monitoring admin may search without specifying a whisperer
Access
- Admin
- Customer, limited on its whisperers
Authorizations:
Request Body schema: application/jsonrequired
Search parameters
whisperers | Array of strings List of whisperers to search on. |
startTime | number <double> Start unix timestamp of search window. Up to 6 decimals for microseconds. |
stopTime | number <double> Stop unix timestamp of search window. Up to 6 decimals for microseconds. |
startDate | string <date-time> Start date of search window (can replace startTime). |
stopDate | string <date-time> Stop date of search window (can replace stopTime). |
query | string Free query, using Elasticsearch query string DSL. |
aggs | object Aggregation request, using Elasticsearch aggregation DSL. |
Array of objects Sorting option. Sorting by @id is automaticaly added. | |
next | Array of strings Ids of the last resource already fetched to get next ones. |
size | integer Page size. |
withContent | boolean True if you want to embed content in the result items (only for HTTP coms) |
avoidTotalHits | boolean Tells if response should include total hits count. |
async | boolean Ask for an async search (when supported). |
asyncDelayMs | number <integer> How long (in milliseconds) server should wait for an answer before answering with a partial answer (when async). |
asyncId | string Id of previous async answer from server (to get follow up). Included in hypermedia answer from server when async answer. |
asyncKeepAliveS | number <integer> How long (in seconds) the async answer is allowed to search before being killed. |
Responses
Request samples
- Payload
{- "size": 20,
- "whisperers": [
- "KxZOoCLxSM6cVee7xq6iPw",
- "Km77Vs-SS4yRDXwivW8nlA"
], - "startTime": 1547789298.676,
- "stopTime": 1547805717.362,
- "query": "!req.uri:contexts AND !req.uri:version AND !req.query:afterUpdate*",
- "sort": [
- {
- "key": "req.start",
- "order": "asc"
}
]
}
Response samples
- 200
- 400
- 401
- 403
- 406
- 411
- 415
- 422
{- "total": 0,
- "items": [
- {
- "@id": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "@type": "Packet",
- "version": "2.0",
- "commonId": "ROlrqlFhTY2ayXIxTV2uZA.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "name": "456285.172.16.102.72-43118-172.16.102.125-8080#5",
- "whisperer": "ROlrqlFhTY2ayXIxTV2uZA",
- "instanceId": "rd-srv508-bes",
- "tcpSession": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931",
- "timestamp": 1642625100.188968,
- "length": 229,
- "rawPacket": {
- "link_type": "LINKTYPE_LINUX_SLL",
- "buf": [ ],
- "header": [ ]
}, - "protocols": {
- "Linux SLL": {
- "src": "50:6b:8d:3a:97:undefined",
- "dst": null
}, - "IPv4": {
- "src": "172.16.102.125",
- "dst": "172.16.102.72"
}, - "TCP": {
- "src": "8080",
- "dst": "43118",
- "direction": "in",
- "packetLot": 1,
- "index": 5,
- "relativeSeq": 1,
- "relativeAck": 0,
- "hasData": true
}
}, - "date": "2022-01-19T20:45:00.188Z",
- "minute": "2022-01-19T20:45:00.000Z",
- "protocolsList": [
- "Linux SLL",
- "IPv4",
- "TCP"
]
}
], - "aggs": { },
- "nextPage": {
- "@type": "SearchAction",
- "query": { }
}, - "asyncResults": {
- "@type": "SearchAction",
- "query": { }
}
}
Get a jobs details
Description
Get a jobs details.
Access
- Customer linked to the whisperers in this job
- Admin
Authorizations:
path Parameters
id required | string Customer internal @id |
Responses
Response samples
- 200
- 401
- 403
- 404
- 406
{- "@id": "Ju_4O7N9QvWLC8x7PswfnQ",
- "@type": "Job",
- "jobType": "DownloadJsonJob",
- "creator": "wB0wdZgkTJqxcSZYv8yZ8g",
- "creationTime": "2019-01-18T15:20:09.158Z",
- "updateTime": "2019-01-18T15:20:09.159Z",
- "endTime": "2019-01-18T15:20:09.106Z",
- "actionStatus": "CompletedActionStatus",
- "progress": 100,
- "jobParameters": {
- "user": "user@nomail.com",
- "resourceType": "HTTP",
- "totalItems": 25
}, - "result": {
- "totalItems": 25,
- "totalHosts": 6,
- "base64Size": 198684
}, - "whisperer": [
- "3k_C6E1STvy6VWGRdPC4Qg",
- "YN1W5EgyRBKw1qqghVINyA"
]
}
Update job details
Description
Update a Job
Rules
Impossible to update the following fields:
- jobType
- creationTime
- creator
Access
- Admin
- Customer that created the job and linked to all whisperers of the job
Authorizations:
path Parameters
id required | string Customer internal @id |
header Parameters
If-Match required | string eTag of previous state of the job |
Request Body schema: application/json-patch+jsonrequired
Json patch with the changes
op required | string Enum: "test" "remove" "add" "replace" "move" "copy" |
path required | string |
value | string |
from | string |
Responses
Request samples
- Payload
[- {
- "op": "test",
- "path": "string",
- "value": "string",
- "from": "string"
}
]
Response samples
- 401
- 403
- 404
- 406
- 411
- 412
- 415
- 422
- 428
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Send an email
Description
Sends an email from the configured account. Can be configured to be connected by OAuth (gmail for instance) or login/password.
Can send to one or several recipients, a text message or html. Txt message being mandatory.
As it is not intended for mass mailing, it makes a connection to the SMTP server for each email.
Access
- Can only be call by applications or admin
Request Body schema: application/jsonrequired
The email to send
to required | Array of strings List of recipients |
subject required | string Subject of the mail. Accepts unicodes characters (for icons) |
text required | string The plain message |
html | string The message in html |
Responses
Request samples
- Payload
{- "to": [
- "string"
], - "subject": "string",
- "text": "string",
- "html": "string"
}
Response samples
- 400
- 404
- 406
- 411
- 415
- 422
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Create a new Gui Log
Description
Create a Gui Log to trace an error happened on GUI
Access
- No identification required, but if identified, it will be saved
Authorizations:
Request Body schema: application/jsonrequired
The Gui Log
app required | string Enum: "Login" "NetworkView" "SelfMonitoring" Name of application |
time required | string <date-time> Time of log |
type required | string Enum: "BAD REQUEST" "SERVER ERROR" "UNEXPECTED" "TIMEOUT" "UNKNOWN" "XXX RENDER" Type of error |
name required | string Enum: "Saga Error" "React Error" Name of the error |
level required | string Enum: "ERROR" "WARNING" Level of Log |
message required | string Message of the error (from JS error.message) |
stack required | string Stack of the error |
details | string Details of the error. Component stack in React. |
whisperer | Array of strings List of whisperers |
customer | string System id of the customer |
timeout | integer Timeout value in case of timeouts |
object Request that failed | |
object Response that failed |
Responses
Request samples
- Payload
{- "app": "Login",
- "time": "2019-08-24T14:15:22Z",
- "type": "BAD REQUEST",
- "name": "Saga Error",
- "level": "ERROR",
- "message": "string",
- "stack": "string",
- "details": "string",
- "whisperer": [
- "string"
], - "customer": "string",
- "timeout": 0,
- "req": {
- "method": "string",
- "uri": "string",
- "body": "string",
- "headers": { }
}, - "res": {
- "status": "string",
- "statusText": "string",
- "body": "string",
- "headers": { }
}
}
Response samples
- 400
- 401
- 403
- 406
- 411
- 415
- 422
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Search for Gui Logs
Description
Search for Gui Logs.
Also available by GET method on the collection
Rules
Admin and monitoring admin may search without specifying a whisperer
Access
- Admin
- Customer with admin monitoring right asking for an aggregation with size:0
Authorizations:
Request Body schema: application/jsonrequired
Search parameters
whisperers | Array of strings List of whisperers to search on. |
startTime | number <double> Start unix timestamp of search window. Up to 6 decimals for microseconds. |
stopTime | number <double> Stop unix timestamp of search window. Up to 6 decimals for microseconds. |
startDate | string <date-time> Start date of search window (can replace startTime). |
stopDate | string <date-time> Stop date of search window (can replace stopTime). |
query | string Free query, using Elasticsearch query string DSL. |
aggs | object Aggregation request, using Elasticsearch aggregation DSL. |
Array of objects Sorting option. Sorting by @id is automaticaly added. | |
next | Array of strings Ids of the last resource already fetched to get next ones. |
size | integer Page size. |
withContent | boolean True if you want to embed content in the result items (only for HTTP coms) |
avoidTotalHits | boolean Tells if response should include total hits count. |
async | boolean Ask for an async search (when supported). |
asyncDelayMs | number <integer> How long (in milliseconds) server should wait for an answer before answering with a partial answer (when async). |
asyncId | string Id of previous async answer from server (to get follow up). Included in hypermedia answer from server when async answer. |
asyncKeepAliveS | number <integer> How long (in seconds) the async answer is allowed to search before being killed. |
Responses
Request samples
- Payload
{- "size": 20,
- "whisperers": [
- "KxZOoCLxSM6cVee7xq6iPw",
- "Km77Vs-SS4yRDXwivW8nlA"
], - "startTime": 1547789298.676,
- "stopTime": 1547805717.362,
- "query": "!req.uri:contexts AND !req.uri:version AND !req.query:afterUpdate*",
- "sort": [
- {
- "key": "req.start",
- "order": "asc"
}
]
}
Response samples
- 200
- 400
- 401
- 403
- 406
- 411
- 415
- 422
{- "total": 0,
- "items": [
- {
- "@id": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "@type": "Packet",
- "version": "2.0",
- "commonId": "ROlrqlFhTY2ayXIxTV2uZA.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "name": "456285.172.16.102.72-43118-172.16.102.125-8080#5",
- "whisperer": "ROlrqlFhTY2ayXIxTV2uZA",
- "instanceId": "rd-srv508-bes",
- "tcpSession": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931",
- "timestamp": 1642625100.188968,
- "length": 229,
- "rawPacket": {
- "link_type": "LINKTYPE_LINUX_SLL",
- "buf": [ ],
- "header": [ ]
}, - "protocols": {
- "Linux SLL": {
- "src": "50:6b:8d:3a:97:undefined",
- "dst": null
}, - "IPv4": {
- "src": "172.16.102.125",
- "dst": "172.16.102.72"
}, - "TCP": {
- "src": "8080",
- "dst": "43118",
- "direction": "in",
- "packetLot": 1,
- "index": 5,
- "relativeSeq": 1,
- "relativeAck": 0,
- "hasData": true
}
}, - "date": "2022-01-19T20:45:00.188Z",
- "minute": "2022-01-19T20:45:00.000Z",
- "protocolsList": [
- "Linux SLL",
- "IPv4",
- "TCP"
]
}
], - "aggs": { },
- "nextPage": {
- "@type": "SearchAction",
- "query": { }
}, - "asyncResults": {
- "@type": "SearchAction",
- "query": { }
}
}
Create / update GUI settings
Description
Stores the user settings. Mostly used by the UI itself
Access
- Customer
- Admin
Authorizations:
Request Body schema: application/jsonrequired
The settings to save
@id | string Id of the settings, and of the customer |
required | object GUI settings |
Responses
Request samples
- Payload
{- "@id": "string",
- "settings": {
- "global": { },
- "user": { }
}
}
Response samples
- 400
- 401
- 403
- 406
- 411
- 415
- 422
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Search for Settings
Description
Search for settings.
Also available by GET method on the collection
Access
- Admin
Authorizations:
Request Body schema: application/jsonrequired
Search parameters
query | string Free query, using Elasticsearch query string DSL. |
aggs | object Aggregation request, using Elasticsearch aggregation DSL. |
Array of objects Sorting option. Sorting by @id is automaticaly added. | |
next | Array of strings Aggregation request, using Elasticsearch aggregation DSL. |
size required | integer Page size. |
avoidTotalHits | boolean Tells if response should include total hits count. |
includeETags | boolean Tells if response should include _eTags fields for update. |
Responses
Request samples
- Payload
{- "query": "string",
- "aggs": { },
- "sort": [
- {
- "key": "string",
- "order": "asc"
}
], - "next": [
- "string"
], - "size": 0,
- "avoidTotalHits": true,
- "includeETags": true
}
Response samples
- 200
- 400
- 401
- 403
- 406
- 411
- 415
- 422
{- "total": 0,
- "items": [
- {
- "@id": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "@type": "Packet",
- "version": "2.0",
- "commonId": "ROlrqlFhTY2ayXIxTV2uZA.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "name": "456285.172.16.102.72-43118-172.16.102.125-8080#5",
- "whisperer": "ROlrqlFhTY2ayXIxTV2uZA",
- "instanceId": "rd-srv508-bes",
- "tcpSession": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931",
- "timestamp": 1642625100.188968,
- "length": 229,
- "rawPacket": {
- "link_type": "LINKTYPE_LINUX_SLL",
- "buf": [ ],
- "header": [ ]
}, - "protocols": {
- "Linux SLL": {
- "src": "50:6b:8d:3a:97:undefined",
- "dst": null
}, - "IPv4": {
- "src": "172.16.102.125",
- "dst": "172.16.102.72"
}, - "TCP": {
- "src": "8080",
- "dst": "43118",
- "direction": "in",
- "packetLot": 1,
- "index": 5,
- "relativeSeq": 1,
- "relativeAck": 0,
- "hasData": true
}
}, - "date": "2022-01-19T20:45:00.188Z",
- "minute": "2022-01-19T20:45:00.000Z",
- "protocolsList": [
- "Linux SLL",
- "IPv4",
- "TCP"
]
}
], - "aggs": { },
- "nextPage": {
- "@type": "SearchAction",
- "query": { }
}, - "asyncResults": {
- "@type": "SearchAction",
- "query": { }
}
}
Get GUI settings for a user
Description
Get settings
Access
- Customer
- Admin
Authorizations:
path Parameters
id required | string Settings Id == Id of user |
Responses
Response samples
- 200
- 401
- 403
- 404
- 406
{- "@id": "string",
- "@type": "GuiSettings",
- "creator": "string",
- "dateCreated": "2019-08-24",
- "version": "string",
- "settings": {
- "global": { },
- "user": { }
}
}
Create / update a plugin
Description
Uploads a plugin.
Depending on global
setting, the plugin is stored locally in ES
or remotely in Floocus managed S3 service.
Access
- Customer with
plugins.upload
permission - Admin
Authorizations:
Request Body schema: application/jsonrequired
The plugin to store
@id required | string Id of the plugin, unique for the organisation |
@type required | string Type of the plugin |
@version required | string Version of the plugin |
name required | string Human name of the plugin |
description | string Explains what the plugins does |
source required | string Base64 encoded javascript source code of the plugin |
Responses
Request samples
- Payload
{- "@id": "string",
- "@type": "string",
- "@version": "string",
- "name": "string",
- "description": "string",
- "source": "string"
}
Response samples
- 400
- 401
- 403
- 406
- 409
- 411
- 415
- 422
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Search for Plugins
Description
When global
, searches for both own organisation plugins and 'Floocus' ones.
When local, searches for any plugin.
Also available by GET method on the collection
Access
- Customer
Authorizations:
Request Body schema: application/jsonrequired
The plugin to store
type | string Type of the plugin |
Array of objects Sorting option. | |
next | Array of strings Ids of the last plugin fetched. |
size required | integer Page size. |
Responses
Request samples
- Payload
{- "type": "string",
- "sort": [
- {
- "key": "string",
- "order": "asc"
}
], - "next": [
- "string"
], - "size": 0
}
Response samples
- 200
- 400
- 401
- 403
- 406
- 411
- 415
- 422
{- "total": 0,
- "items": [
- {
- "@id": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "@type": "Packet",
- "version": "2.0",
- "commonId": "ROlrqlFhTY2ayXIxTV2uZA.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "name": "456285.172.16.102.72-43118-172.16.102.125-8080#5",
- "whisperer": "ROlrqlFhTY2ayXIxTV2uZA",
- "instanceId": "rd-srv508-bes",
- "tcpSession": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931",
- "timestamp": 1642625100.188968,
- "length": 229,
- "rawPacket": {
- "link_type": "LINKTYPE_LINUX_SLL",
- "buf": [ ],
- "header": [ ]
}, - "protocols": {
- "Linux SLL": {
- "src": "50:6b:8d:3a:97:undefined",
- "dst": null
}, - "IPv4": {
- "src": "172.16.102.125",
- "dst": "172.16.102.72"
}, - "TCP": {
- "src": "8080",
- "dst": "43118",
- "direction": "in",
- "packetLot": 1,
- "index": 5,
- "relativeSeq": 1,
- "relativeAck": 0,
- "hasData": true
}
}, - "date": "2022-01-19T20:45:00.188Z",
- "minute": "2022-01-19T20:45:00.000Z",
- "protocolsList": [
- "Linux SLL",
- "IPv4",
- "TCP"
]
}
], - "aggs": { },
- "nextPage": {
- "@type": "SearchAction",
- "query": { }
}, - "asyncResults": {
- "@type": "SearchAction",
- "query": { }
}
}
Get the manifest of a specific plugin
Description
Get plugin manifest
Access
- Customer
- Admin
Authorizations:
path Parameters
id required | string Plugin @id |
Responses
Response samples
- 200
- 401
- 403
- 404
- 406
{- "@id": "string",
- "@type": "GuiSettings",
- "creator": "string",
- "dateCreated": "2019-08-24",
- "version": "string",
- "settings": {
- "global": { },
- "user": { }
}
}
Get the code of a specific plugin
Description
Get the code
Access
- Open to everybody
path Parameters
id required | string Plugin @id |
Responses
Response samples
- 200
- 401
- 403
- 404
{- "@id": "string",
- "@type": "GuiSettings",
- "creator": "string",
- "dateCreated": "2019-08-24",
- "version": "string",
- "settings": {
- "global": { },
- "user": { }
}
}
Search for monitoring information
Description
Searches or aggregation analysis on monitored metrics:
- Processes stats
- Circuit breakers stats
- Pollers stats
- Parsing queues stats
- Elasticsearch indices stats
- Elasticsearch nodes stats
- Redis stats
- Applicative logs stats
Also available by GET method on the collections
Access
- Admin
- Client with admin monitoring right
Authorizations:
path Parameters
collection required | string Enum: "processes" "circuitbreakers" "pollers" "parsing" "elasticsearch" "elasticsearchNodes" "redis" "logs" Collection of metrics |
Request Body schema: application/jsonrequired
Search parameters
whisperers | Array of strings List of whisperers to search on. |
startTime | number <double> Start unix timestamp of search window. Up to 6 decimals for microseconds. |
stopTime | number <double> Stop unix timestamp of search window. Up to 6 decimals for microseconds. |
startDate | string <date-time> Start date of search window (can replace startTime). |
stopDate | string <date-time> Stop date of search window (can replace stopTime). |
query | string Free query, using Elasticsearch query string DSL. |
aggs | object Aggregation request, using Elasticsearch aggregation DSL. |
Array of objects Sorting option. Sorting by @id is automaticaly added. | |
next | Array of strings Ids of the last resource already fetched to get next ones. |
size | integer Page size. |
withContent | boolean True if you want to embed content in the result items (only for HTTP coms) |
avoidTotalHits | boolean Tells if response should include total hits count. |
async | boolean Ask for an async search (when supported). |
asyncDelayMs | number <integer> How long (in milliseconds) server should wait for an answer before answering with a partial answer (when async). |
asyncId | string Id of previous async answer from server (to get follow up). Included in hypermedia answer from server when async answer. |
asyncKeepAliveS | number <integer> How long (in seconds) the async answer is allowed to search before being killed. |
Responses
Request samples
- Payload
{- "size": 20,
- "whisperers": [
- "KxZOoCLxSM6cVee7xq6iPw",
- "Km77Vs-SS4yRDXwivW8nlA"
], - "startTime": 1547789298.676,
- "stopTime": 1547805717.362,
- "query": "!req.uri:contexts AND !req.uri:version AND !req.query:afterUpdate*",
- "sort": [
- {
- "key": "req.start",
- "order": "asc"
}
]
}
Response samples
- 200
- 400
- 401
- 403
- 406
- 411
- 415
- 422
{- "total": 0,
- "items": [
- {
- "@id": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "@type": "Packet",
- "version": "2.0",
- "commonId": "ROlrqlFhTY2ayXIxTV2uZA.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "name": "456285.172.16.102.72-43118-172.16.102.125-8080#5",
- "whisperer": "ROlrqlFhTY2ayXIxTV2uZA",
- "instanceId": "rd-srv508-bes",
- "tcpSession": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931",
- "timestamp": 1642625100.188968,
- "length": 229,
- "rawPacket": {
- "link_type": "LINKTYPE_LINUX_SLL",
- "buf": [ ],
- "header": [ ]
}, - "protocols": {
- "Linux SLL": {
- "src": "50:6b:8d:3a:97:undefined",
- "dst": null
}, - "IPv4": {
- "src": "172.16.102.125",
- "dst": "172.16.102.72"
}, - "TCP": {
- "src": "8080",
- "dst": "43118",
- "direction": "in",
- "packetLot": 1,
- "index": 5,
- "relativeSeq": 1,
- "relativeAck": 0,
- "hasData": true
}
}, - "date": "2022-01-19T20:45:00.188Z",
- "minute": "2022-01-19T20:45:00.000Z",
- "protocolsList": [
- "Linux SLL",
- "IPv4",
- "TCP"
]
}
], - "aggs": { },
- "nextPage": {
- "@type": "SearchAction",
- "query": { }
}, - "asyncResults": {
- "@type": "SearchAction",
- "query": { }
}
}
Get poller queue status
Description
Give the queue status of this poller
Access
- Admin
- Application
- Customer
Authorizations:
path Parameters
service required | string (PollerNames) Enum: "pack-poller" "tcp-poller" "web-httpcom-poller" "web-httpcom-content-poller" "web-httppers-poller" "hosts-poller" "hosts-agg" "whisp-status-poller" "whisps-status-agg" "status-poller" "capture-status-poller" "ciphers-status-poller" "ciphers-raw-status-poller" "ciphers-status-agg" "parsing-status-tcpsession-poller" "parsing-status-httppers-poller" Pollers service name |
Responses
Response samples
- 200
{- "count": 182,
- "first": "2019-01-30T22:35:51.254Z",
- "last": "2019-01-30T22:36:01.641Z"
}
Create a new Whisperer
Description
Create a new whisperer, and associate it to the owner customer.
Access
- Customer, with whisperers creation rights
- Client of the team owning the whisperer with whisperers right
- Customer with userTrainer rights impersonating a trainee creating a whisperer for the trainee
- Admin
Authorizations:
Request Body schema: application/jsonrequired
Whisperer creation request
customer required | string System Id of the customer. |
name required | string Name of the whisperer to create. |
Responses
Request samples
- Payload
{- "customer": "YOD66VZ54Jih",
- "name": "Upload"
}
Response samples
- 400
- 401
- 403
- 406
- 409
- 411
- 415
- 422
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Search for Whisperers
Description
Search for whisperers
Also available by GET method on the collection
Rules
If client is not admin, the search will be limited to the Whisperers owned by this customer or shared with him.
If client is using public link,
- Search is done on the whisperers from its token, not based on whisperers date.
users
andteams
are omitted in response
Access
- Admin
- Customer
Authorizations:
Request Body schema: application/jsonrequired
Search parameters
query | string Free query, using Elasticsearch query string DSL. |
aggs | object Aggregation request, using Elasticsearch aggregation DSL. |
Array of objects Sorting option. Sorting by @id is automaticaly added. | |
next | Array of strings Aggregation request, using Elasticsearch aggregation DSL. |
size required | integer Page size. |
avoidTotalHits | boolean Tells if response should include total hits count. |
includeETags | boolean Tells if response should include _eTags fields for update. |
Responses
Request samples
- Payload
{- "query": "string",
- "aggs": { },
- "sort": [
- {
- "key": "string",
- "order": "asc"
}
], - "next": [
- "string"
], - "size": 0,
- "avoidTotalHits": true,
- "includeETags": true
}
Response samples
- 200
- 400
- 401
- 403
- 406
- 411
- 415
- 422
{- "total": 0,
- "items": [
- {
- "@id": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "@type": "Packet",
- "version": "2.0",
- "commonId": "ROlrqlFhTY2ayXIxTV2uZA.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
- "name": "456285.172.16.102.72-43118-172.16.102.125-8080#5",
- "whisperer": "ROlrqlFhTY2ayXIxTV2uZA",
- "instanceId": "rd-srv508-bes",
- "tcpSession": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931",
- "timestamp": 1642625100.188968,
- "length": 229,
- "rawPacket": {
- "link_type": "LINKTYPE_LINUX_SLL",
- "buf": [ ],
- "header": [ ]
}, - "protocols": {
- "Linux SLL": {
- "src": "50:6b:8d:3a:97:undefined",
- "dst": null
}, - "IPv4": {
- "src": "172.16.102.125",
- "dst": "172.16.102.72"
}, - "TCP": {
- "src": "8080",
- "dst": "43118",
- "direction": "in",
- "packetLot": 1,
- "index": 5,
- "relativeSeq": 1,
- "relativeAck": 0,
- "hasData": true
}
}, - "date": "2022-01-19T20:45:00.188Z",
- "minute": "2022-01-19T20:45:00.000Z",
- "protocolsList": [
- "Linux SLL",
- "IPv4",
- "TCP"
]
}
], - "aggs": { },
- "nextPage": {
- "@type": "SearchAction",
- "query": { }
}, - "asyncResults": {
- "@type": "SearchAction",
- "query": { }
}
}
Get a Whisperer
Description
Get a whisperer's details.
Rules
Only admins can see DELETED whisperers.
Access
- Customer owning the whisperer
- The own whisperer
- Customer being shared access to this whisperer
- Customer of the team owning the whisperer with whisperers right
customers
orlinks
applications- A public link user having this Whisperer in the token
- Admin
Response
Response varies depending on client:
- Full resource for
- Customer owning the whisperer
- The own whisperer
- Client being shared access to this whisperer
- Client of the team owning the whisperer with whisperers right
- Customer or Links applications
- Full minus
users
andteams
fields for public links users - Only id and name for all Customers
Authorizations:
path Parameters
id required | string Internal id of Whisperer |
Responses
Response samples
- 200
- 401
- 403
- 404
- 406
{- "@id": "string",
- "@type": "Whisperer",
- "version": "string",
- "name": "string",
- "customer": "string",
- "team": "string",
- "dns": "string",
- "apikey": "string",
- "config": {
- "@id": "string",
- "@type": "string",
- "version": "string",
- "dateCreated": "2019-08-24",
- "dateModified": "2019-08-24",
- "editor": "string",
- "creator": "string",
- "client": {
- "capture": {
- "mode": "FILE",
- "file": "string",
- "interface": "string",
- "filter": "string",
- "slowItDown": 0,
- "captureBufferkB": 0
}, - "packets": {
- "sendBufferSizekB": 0,
- "sendBufferDelay": "string",
- "maxSendingInParallel": 0,
- "maxSendingBufferLength": 0,
- "vxlan": {
- "decapsulate": true,
- "keepOriginal": true
}, - "filterHosts": {
- "hostsToTrack": [
- "string"
], - "hostsToIgnore": [
- "string"
], - "trackByDefault": true,
- "waitForNameResolvingToTrack": true,
- "trackUnresolvedIp": true
}
}, - "dumpPackets": {
- "dumpToFile": true,
- "fileBufferSizekB": 0,
- "outputPath": "string"
}, - "dnsCache": {
- "customDnsServer": true,
- "host": "string",
- "port": 0,
- "trackIp": true,
- "ttl": "string",
- "refreshRate": "string",
- "sendFullDelay": "string",
- "sendUpdateDelay": "string",
- "purgeDelay": "string"
}, - "tcpSessions": {
- "track": true,
- "sendSessionDelay": "string",
- "sessionTimeOut": "string",
- "maxSendingInParallel": 0,
- "maxSendingBufferLength": 0
}, - "circuitBreakers": {
- "breakOnHighCpu": true,
- "maxCpu": 0,
- "breakOnHighRam": true,
- "maxRam": 0
}
}, - "server": {
- "dns": {
- "ttl": "string",
- "purgeDelay": "string",
- "maxDelta": "string",
- "customNamePatterns": [
- "string"
]
}, - "pack": {
- "savePackets": true
}, - "tcpStreams": {
- "saveTcpSession": true,
- "parseHTTP": true,
- "parseHTTPOptions": {
- "portsToParse": [
- 0
], - "portsToIgnore": [
- 0
], - "parseByDefault": true
}
}, - "webstreams": {
- "saveContent": true,
- "headersToFilter": [
- "string"
], - "urisToFilter": [
- "string"
], - "urisToFilterReqContent": [
- "string"
], - "urisToFilterResContent": [
- "string"
], - "saveRawHeaders": true,
- "urisToFilterReqRawHeaders": [
- "string"
], - "urisToFilterResRawHeaders": [
- "string"
], - "reqTemplates": [
- {
- "name": "string",
- "pattern": "string",
- "toParse": {
- "verb": true,
- "uri": true,
- "headers": true,
- "body": true
}
}
], - "reqTags": [
- {
- "name": "string",
- "pattern": "string",
- "toParse": {
- "verb": true,
- "uri": true,
- "headers": true,
- "body": true
}
}
], - "resTags": [
- {
- "name": "string",
- "pattern": "string",
- "toParse": {
- "status": true,
- "headers": true,
- "body": true
}
}
], - "saveHttpParsingLogs": true
}
}
}, - "users": [
- {
- "@id": "string",
- "email": "string",
- "rights": {
- "record": true,
- "share": true,
- "publish": true,
- "rights": true,
- "config": true,
- "delete": true
}
}
], - "creator": "string",
- "dateCreated": "2019-08-24",
- "editor": "string",
- "dateModified": "2019-08-24"
}
Change whisperer's name or shared users
Description
Updates a customer. You can:
- Update whisperer's name
- Change sharing settings: users and users rights on this whisperer
Rules
- Can do any change:
- Admin
- Client owning the whisperer
- Client of the team owning the whisperer with whisperers right
- Client being shared access to this whisperer with config rights can:
- Change the name
- Client being shared access to this whisperer with share rights can:
- Add or remove users from the sharing settings
- Client being shared access to this whisperer with rights change rights can:
- Change rights of users in the sharing settings
Side effects
- When adding or removing customers of shared list, the service updates the whisperers list in the customer resource (by calling Customer service).
- When adding or removing teams of shared list, the service updates the whisperers list in the team resource (by calling Customer service).
Access
- Customer owning the whisperer
- Client of the team owning the whisperer with whisperers right
- Client being shared access to this whisperer with config, share or rights modification rights
- Admin
Authorizations:
path Parameters
id required | string Internal id of Whisperer |
header Parameters
If-Match required | string eTag of previous state of the whisperer |
Request Body schema: application/json-patch+jsonrequired
Json patch with the changes
op required | string Enum: "test" "remove" "add" "replace" "move" "copy" |
path required | string |
value | string |
from | string |
Responses
Request samples
- Payload
[- {
- "op": "test",
- "path": "string",
- "value": "string",
- "from": "string"
}
]
Response samples
- 401
- 403
- 404
- 406
- 411
- 412
- 415
- 422
- 428
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Delete a Whisperer
Description
Delete a whisperer.
- Put it to technicalStatus DELETED.
Access
- Customer owning the whisperer
- Client being shared access to this whisperer and with delete right
- Client of the team owning the whisperer with whisperers right
- Customer application
- Admin
Authorizations:
path Parameters
id required | string Internal id of Whisperer |
Responses
Response samples
- 401
- 403
- 404
- 406
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Create/Replace the whisperer API key
Description
Create/Replace the whisperer API key used for whisperer connection to Spider.
The API key is a public/private key pair.
- The public key is stored in whisperer's settings.
- The private key is sent in response to this call.
Any call to this API (if authorized) will overwrite the previous API key, and the whisperer will not be able to use the previous one. A connected whisperer will be disconnected when its current JWT token will expire. The API key is taken as a configuration AT START of whisperers, and need a restart to be changed.
Output
The API can supports two outputs:
- application/json:
- Provides a file with the private key, Spider's URL, and the whisperer's id This file is the only expected configuration file at whisperer start.
- application/x-pem-file
- Provides only the private key as a PEM file
Access
- Customer owning the whisperer
- Client of the team owning the whisperer with whisperers right
- Admin
Authorizations:
path Parameters
id required | string System id of Whisperer |
Responses
Response samples
- 201
- 401
- 403
- 404
- 406
{- "whisperer": "abcdefghijklmnopqrstuv",
- "privatePem": "-----BEGIN RSA PRIVATE KEY-----\nline1\nline2\nline3\n...\n-----END RSA PRIVATE KEY-----\n"
}
Generate an API key signature with the private key of the whisperer
Description
This endpoint is for testing purposes only:
- It allows testing the API key or the whisperers API without a whisperer
- It generates a valid signature for the whisperer to call the configuration endpoint
- However, IT REQUIRES YOUR PRIVATE KEY IN INPUT
- After testing, please, reset your API key
Output
- The signature for this whisperer, timestamp and private API key
- A validation of this signature with the whisperer registered public API key
Access
- Customer owning the whisperer
- Admin
Authorizations:
path Parameters
id required | string System id of Whisperer |
query Parameters
timeStamp required | string <date-time> Timestamp to use in signature |
instanceId required | string InstanceId to use in signature |
Request Body schema: application/x-pem-file
The whisperer RSA private key, as a PEM
Responses
Response samples
- 400
- 401
- 403
- 404
- 406
- 411
- 415
- 422
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Create the whisperer configuration
Description
Initialize the configuration of the whisperer
Access
- Customer owning the whisperer and whisperer creation rights
- Client of the team owning the whisperer with whisperers right
- Customer with userTrainer rights impersonating a trainee creating a whisperer for the trainee
- Admin
Authorizations:
path Parameters
id required | string System id of Whisperer |
Request Body schema: application/jsonrequired
version required | string |
required | object Settings used client side - the Sniffer |
required | object Settings used server side, for parsing |
Responses
Request samples
- Payload
{- "version": "0.1",
- "client": {
- "capture": {
- "mode": "INTERFACE",
- "interface": "any",
- "filter": "(udp port 4789) and not host spider.streetsmart.global"
}, - "packets": {
- "vxlan": {
- "decapsulate": true,
- "keepOriginal": false
}, - "filterHosts": {
- "hostsToTrack": [ ],
- "hostsToIgnore": [
- ".*_poller[\\._]",
- "^itproduction_context_repository",
- "^security_authorization_service"
], - "trackByDefault": true
}
}, - "dnsCache": {
- "trackIp": true
}, - "tcpSessions": {
- "track": true
}
}, - "server": {
- "tcpStreams": {
- "parseHTTP": true,
- "parseHTTPOptions": {
- "portsToParse": [
- 80,
- 9200,
- [
- 3000,
- 3200
], - [
- 5000,
- 5100
]
], - "portsToIgnore": [
- 5432
], - "parseByDefault": true
}
}
}
}
Response samples
- 400
- 401
- 403
- 404
- 406
- 409
- 411
- 415
- 422
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Get Whisperer configuration
Description
Get the configuration of this Whisperer Usages:
- Called by whisperer at start (or before token expiration) with their API key
- Called by ephemeral whisperer at start with the token given by the Controller
- Called by whisperers regularly to check for configuration change
- Called by UI to get a whisperer token to perform upload
- Called by UI to get configuration
- Called by services to get whisperer configuration when parsing
API key
The first call from whisperers is made by:
- building a json payload with current time and whisperer id,
- then signing it with SHA256 algorithm using whisperer's private key
const timeStamp = moment().toISOString();
const info = {
timeStamp,
whispererId,
instanceId
};
const privKey = new NodeRSA(privatePem);
const signature = privKey.sign(Buffer.from(JSON.stringify(info)), 'base64');
- and then calling this API with specific headers:
Spider-TimeStamp: timeStamp
Spider-InstanceId: instanceId,
Spider-Signature: signature //base 64 encoded
Parameters
The view
parameter allows to modulate the output:
server
- Only server part (parsing) is sent
- Current configuration is merged with default configuration
client
- Only client part (parsing) is sent
- Current configuration is merged with default configuration
full
- Both client & server are sent
- Current configuration is merged with default configuration
null
- The raw configuration is sent (without merging with defaults)
- This view is used by UI to know what settings are specific, and what settings are defaults
Output
- The configuration
- A JWT token to use on further calls in Spider-Token header
- If no token provided, or if called from a Customer
- A Customer may call to get the configuration of one of its whisperers and use the generated token to upload data (as on the UI)
- If the Whisperer has a TTL associated to attachments, the token will have this as expiration instead of the default duration
Access
- The own whisperer
- Customer owning the whisperer
- Client being shared access to this whisperer
- Client of the team owning the whisperer with whisperers right
- Controller asking for a token for a Whisperer to spawn on an Pod (InstanceId)
- Admin
- Application
Authorizations:
path Parameters
id required | string System id of Whisperer |
query Parameters
view | string Enum: "server" "client" "full" Type of configuration to get |
header Parameters
Spider-Signature | string <base64> Signature of the call by the Whisperer, with its API key |
Spider-Timestamp | string <date-time> Provided with API key in first Whisperer call to get its JWT token with the config |
Spider-InstanceId | string Provided with API key in first Whisperer call to get its JWT token with the config |
Responses
Response samples
- 200
- 400
- 401
- 403
- 404
- 406
- 500
{- "@id": "string",
- "@type": "string",
- "version": "string",
- "dateCreated": "2019-08-24",
- "dateModified": "2019-08-24",
- "editor": "string",
- "creator": "string",
- "client": {
- "capture": {
- "mode": "FILE",
- "file": "string",
- "interface": "string",
- "filter": "string",
- "slowItDown": 0,
- "captureBufferkB": 0
}, - "packets": {
- "sendBufferSizekB": 0,
- "sendBufferDelay": "string",
- "maxSendingInParallel": 0,
- "maxSendingBufferLength": 0,
- "vxlan": {
- "decapsulate": true,
- "keepOriginal": true
}, - "filterHosts": {
- "hostsToTrack": [
- "string"
], - "hostsToIgnore": [
- "string"
], - "trackByDefault": true,
- "waitForNameResolvingToTrack": true,
- "trackUnresolvedIp": true
}
}, - "dumpPackets": {
- "dumpToFile": true,
- "fileBufferSizekB": 0,
- "outputPath": "string"
}, - "dnsCache": {
- "customDnsServer": true,
- "host": "string",
- "port": 0,
- "trackIp": true,
- "ttl": "string",
- "refreshRate": "string",
- "sendFullDelay": "string",
- "sendUpdateDelay": "string",
- "purgeDelay": "string"
}, - "tcpSessions": {
- "track": true,
- "sendSessionDelay": "string",
- "sessionTimeOut": "string",
- "maxSendingInParallel": 0,
- "maxSendingBufferLength": 0
}, - "circuitBreakers": {
- "breakOnHighCpu": true,
- "maxCpu": 0,
- "breakOnHighRam": true,
- "maxRam": 0
}
}, - "server": {
- "dns": {
- "ttl": "string",
- "purgeDelay": "string",
- "maxDelta": "string",
- "customNamePatterns": [
- "string"
]
}, - "pack": {
- "savePackets": true
}, - "tcpStreams": {
- "saveTcpSession": true,
- "parseHTTP": true,
- "parseHTTPOptions": {
- "portsToParse": [
- 0
], - "portsToIgnore": [
- 0
], - "parseByDefault": true
}
}, - "webstreams": {
- "saveContent": true,
- "headersToFilter": [
- "string"
], - "urisToFilter": [
- "string"
], - "urisToFilterReqContent": [
- "string"
], - "urisToFilterResContent": [
- "string"
], - "saveRawHeaders": true,
- "urisToFilterReqRawHeaders": [
- "string"
], - "urisToFilterResRawHeaders": [
- "string"
], - "reqTemplates": [
- {
- "name": "string",
- "pattern": "string",
- "toParse": {
- "verb": true,
- "uri": true,
- "headers": true,
- "body": true
}
}
], - "reqTags": [
- {
- "name": "string",
- "pattern": "string",
- "toParse": {
- "verb": true,
- "uri": true,
- "headers": true,
- "body": true
}
}
], - "resTags": [
- {
- "name": "string",
- "pattern": "string",
- "toParse": {
- "status": true,
- "headers": true,
- "body": true
}
}
], - "saveHttpParsingLogs": true
}
}
}
Change whisperer's config
Description
Updates a customer configuration.
Rules
- Can do any change:
- Admin
- Client owning the whisperer
- Client being shared access to this whisperer with config rights can:
- Change configuration settings
- Client being shared access to this whisperer with record rights can:
- Start or stop capture
Access
- Customer owning the whisperer
- Client being shared access to this whisperer with config, or record rights
- Client of the team owning the whisperer with whisperers right
- Admin
Authorizations:
path Parameters
id required | string System id of Whisperer |
header Parameters
If-Match required | string eTag of previous state of the whisperer's config |
Request Body schema: application/json-patch+jsonrequired
Json patch with the changes
op required | string Enum: "test" "remove" "add" "replace" "move" "copy" |
path required | string |
value | string |
from | string |
Responses
Request samples
- Payload
[- {
- "op": "test",
- "path": "string",
- "value": "string",
- "from": "string"
}
]
Response samples
- 401
- 403
- 404
- 406
- 411
- 412
- 415
- 422
- 428
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}
Get TLS configurations from a list of Whisperers
Description
From a list of Whisperers, provide their TLS configuration
Access
- Gocipher
- Admin requestBody: content: 'application/json': schema: description: 'The whisperer RSA private key, as a PEM' type: array items: type: string description: Internal Id of Whisperers minItems: 1
Authorizations:
Responses
Response samples
- 200
- 401
- 403
- 404
- 406
{- "@id": "string",
- "@type": "string",
- "version": "string",
- "whisperer": "string",
- "requiredState": "string",
- "tlsKeys": { }
}
Renew an ephemeral Whisperer token
Description
Called by ephemeral Whisperers (only) to renew their token (they do not have an API key).
If the Whisperer has a Time to Live associated to attachment, it won't renew.
Output
- A JWT token to use on further calls in Spider-Token header
- If no token provided, or if called from a Customer
- A Customer may call to get the configuration of one of its whisperers and use the generated token to upload data (as on the UI)
Access
- The own whisperer (only ephemerals can)
- Admin
Authorizations:
path Parameters
id required | string System id of Whisperer |
Responses
Response samples
- 401
- 403
- 404
- 406
{- "@type": "Error",
- "title": "Error title",
- "message": "Error details"
}