API Honeycast about honeytrap HOT 6 CLOSED

Response to Questions

1. Will it be exposed over a HTTP based API?
   Yes, we will be exposing the frontend over a http API.

what we want is to start with a simple frontend

[11:07]  
where we can show some info like honeycast

[11:07]  
so last sessions, durations etc

[11:07]  
this is information we gathered using the channels

The API will be exposed over a /api route which allows us to easily interface with the honeytrap backend.

from honeytrap.

Initial Thoughts:

• Should we have the API glean from all individual channels we are using or create a specific channel which retrieves specific messages, events to be stored?

• Should we initially use an embedded DB to store this data and serve them over endpoints on calls to the API?

Embedded DB: Boltdb (https://github.com/boltdb/bolt)
Expose Sample API:

/events - Returns all slice of all events we wish to have stored by API

/sessions - Returns a struct which contains a slice of PushMessage and session related 
events for the api.  

from honeytrap.

Though I do wonder if the Event is more than enough for it, has the PushMessage might contain data related to network or tarred container data. Hence making them an un-necessary overweight, but events keeping just the details we need. (Start, stop, details).

Ah, to my code, we can just stick with PushMessages, has the Event system sends a PushMessage when called to deliver an event.

from honeytrap.

Also we want to be able to filter them in the frontend, so you can enable or disable certain events you’re not interested in.

from honeytrap.

From the above discussion we can note the following:

• Stick entirely to PushMessage created by Events.
• Expose two endpoints: /session and /events.
• Expose API ability to return filtered results based on received events on API (based on params).

from honeytrap.

We have decided that for a more broader scope on request for the HTTP API, we will be using this format to make requests for the HTTP headers, to allow us easily tailor response to those items we wish to filter.

// EventResponse defines a struct which is sent a request type used to respond to
// given requests.
type EventResponse struct {
	ResponsePerPage int             `json:"responser_per_page"`
	Page            int             `json:"page"`
	Events          []message.Event `json:"events"`
}

// EventRequest defines a struct which receives a request type used to retrieve
// given requests type.
type EventRequest struct {
	ResponsePerPage int             `json:"responser_per_page"`
	Page            int             `json:"page"`
	TypeFilters     map[string]bool `json:"types"`
	SensorFilters   map[string]bool `json:"sensors"`
}

from honeytrap.