-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathopenapi.yaml
299 lines (290 loc) · 7.35 KB
/
openapi.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
openapi: 3.0.0
info:
title: Snort Log API
description: >-
This is API for logging events from Snort3 IPS and IDS. It also provide logging
of user's requests.
version: 0.0.1
servers:
- url: https://{ip}:{port}/api/v1
description: Development server
variables:
port:
default: '8000'
ip:
default: 0.0.0.0
components:
schemas:
Event:
type: object
properties:
id:
type: integer
format: int64
SID:
type: integer
format: int64
timestamp:
type: string
format: timestamp
source_ip:
type: string
source_port:
type: integer
format: int64
destination_ip:
type: string
destination_port:
type: integer
format: int64
protocol:
type: string
action:
type: string
enum:
- allow
- alert
- block
- drop
- log
- pass
message:
type: string
example:
id: 3895
sid: 254
timestamp: 2017-07-06T19:07:59.418327Z
src_addr: 192.168.10.3
src_port: 53
dst_addr: 192.168.10.5
dst_port: 49544
proto: UDP
action: allow
msg: PROTOCOL-DNS SPOOF query response with TTL of 1 min. and no authority
EventCountSid:
type: object
properties:
sid:
type: integer
count:
type: integer
EventCountAddr:
type: object
properties:
src_addr:
type: string
dst_addr:
type: string
count:
type: integer
Request:
type: object
properties:
id:
type: integer
format: int64
userip:
type: string
format: int64
http_method:
type: string
example: GET
timestamp:
type: string
format: timestamp
data:
type: string
format: json
description: Data used in requests
example:
id: 12
timestamp: 2023-11-30 12:15:29.530 +0200
userip: 127.0.0.1
http_method: GET
request_data:
endpoint: /events
period_start: 2023-11-30 12:15:29.530 +0200
period_end: 2023-11-30 12:15:29.530 +0200
sid: 10001
source_ip: 127.0.0.2
source_port: 80
destination_ip: 127.0.0.1
destination_port: 80
protocol: udp
type: sid
BadRequest:
type: object
properties:
error:
type: string
example: Bad Request
message:
type: string
example: The request is malformed or invalid.
SuccessfullyDeleted:
type: object
properties:
message:
type: string
example: All events are marked as deleted.
tags:
- name: event
description: Everything about Event
- name: request
description: Everything about Request
paths:
/events:
get:
tags:
- event
description: Filter events
responses:
'200':
description: Successful
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/Event'
'400':
description: Bad request
content:
application/json:
schema:
$ref: '#/components/schemas/BadRequest'
parameters:
- in: query
name: source_ip
schema:
type: string
required: false
- in: query
name: source_port
schema:
type: integer
required: false
- in: query
name: dest_ip
schema:
type: string
required: false
- in: query
name: dest_port
schema:
type: integer
required: false
- name: sid
in: query
schema:
type: integer
format: int64
required: false
- name: protocol
in: query
schema:
type: string
required: false
patch:
tags:
- event
description: >-
Mark all entries in the database as deleted to exclude them from future
request results.
responses:
'200':
description: Successfully Deleted
content:
application/json:
schema:
$ref: '#/components/schemas/SuccessfullyDeleted'
/events/count:
get:
tags:
- event
description: >-
Collect count of occurring events by concrete period using sid or addresses
responses:
'200':
description: successful
content:
application/json:
schema:
type: array
items:
oneOf:
- $ref: '#/components/schemas/EventCountSid'
- $ref: '#/components/schemas/EventCountAddr'
examples:
by_sid:
value:
- sid: 254
count: 7349
by_addr:
value:
- src_addr: 192.168.10.3
dst_addr: 192.168.10.9
count: 1485
'400':
description: Bad request
content:
application/json:
schema:
$ref: '#/components/schemas/BadRequest'
parameters:
- name: period
in: query
schema:
type: string
enum:
- all
- last_day
- last_week
- last_month
default: all
required: false
- name: type
in: query
description: Type of count (sid or addr)
schema:
type: string
default: sid
enum:
- sid
- addr
required: true
/requests-log:
get:
tags:
- request
description: >-
Filter user's requests by time period between two timestamps(should be less
then week)
responses:
'200':
description: Successful
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/Request'
'400':
description: Bad request
content:
application/json:
schema:
$ref: '#/components/schemas/BadRequest'
parameters:
- in: query
name: period_start
schema:
type: string
format: timestamp
required: true
- in: query
name: period_stop
schema:
type: string
format: timestamp
required: true