Skip to content
This repository was archived by the owner on Sep 16, 2021. It is now read-only.
This repository was archived by the owner on Sep 16, 2021. It is now read-only.

Feature Request: Endpoint for searching past analyzed PCAPs #4

Description

@deadbits

Add an API endpoint to search and return Bro results by job UUID.

Idea I had is using something simple like TinyDB to store any job UUID as the db's primary key and the bro log path in path key or similar. A user could hit /search/<job_uuid> and get back the zipped logs from the job_logs_bro path or an JSON API error message if the job isn't found.

I started a test of this TinyDB and it works pretty OK for a quick starter. Expanding the TinyDB use further a tiny bit, adding an API route for /jobs/count (for example) and returning the number of all jobs analyzed would be trivial.

Is this something desired I can put in a PR for?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions