mozilla
/
mig
зеркало из https://github.com/mozilla/mig.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
mig/doc/api.rst.html

999 строки
112 KiB
HTML
Исходник Ответственный История

Этот файл содержит невидимые символы Юникода!

Этот файл содержит невидимые символы Юникода, которые могут быть отображены не так, как показано ниже. Если это намеренно, можете спокойно проигнорировать это предупреждение. Используйте кнопку Экранировать, чтобы показать скрытые символы.

<!DOCTYPE html><html><head><meta charset="utf-8"><title></title><style type="text/css">body {
width: 95%;
max-width: 70%;
margin: 20px;
padding: 0;
background: #151515 url("../images/bkg.png") 0 0;
color: #eaeaea;
font: 16px;
line-height: 1.5em;
font-family: Monaco, "Bitstream Vera Sans Mono", "Lucida Console", Terminal, monospace;
}
#table-of-contents ul {
line-height: 1;
}
/* General & 'Reset' Stuff */
.container {
width: 95%;
max-width: 1000px;
margin: 0 auto;
}
section {
display: block;
margin: 0 0 20px 0;
}
h1, h2, h3, h4, h5, h6 {
/*margin: 0 0 20px;*/
/*margin: 0;*/
}
/* Header, <header>
* header - container
* h1 - project name
* h2 - project description
* */
header {
background: rgba(0, 0, 0, 0.1);
width: 100%;
/*border-bottom: 1px dashed #b5e853;*/
/*padding: 20px 0;
* margin: 0 0 40px 0;*/
padding: 5px 0;
margin: 0 0 10px 0;
}
header h1 {
font-size: 30px;
line-height: 1.5;
margin: 0 0 0 -40px;
font-weight: bold;
font-family: Monaco, "Bitstream Vera Sans Mono", "Lucida Console", Terminal, monospace;
/*color: #b5e853;*/
color: #089d00;
text-shadow: 0 1px 1px rgba(0, 0, 0, 0.1),
0 0 5px rgba(181, 232, 83, 0.1),
0 0 10px rgba(181, 232, 83, 0.1);
letter-spacing: -1px;
-webkit-font-smoothing: antialiased;
}
header h1:before {
content: "./ ";
font-size: 24px;
}
header h2 {
font-size: 18px;
font-weight: 300;
}
/* Main Content
* */
body {
width: 100%;
margin-left: auto;
margin-right: auto;
-webkit-font-smoothing: antialiased;
}
section img {
max-width: 100%
}
h2 a {
font-weight: bold;
color: #8AB638;
line-height: 1.4em;
font-size: 1.4em;
}
h3 a, h4 a, h5 a, h6 a {
font-weight: bold;
color: #934500;
line-height: 1.4em;
}
h1 {
font-size: 30px;
}
h2 {
font-size: 28px;
border-bottom: 1px dashed #b5e853;
}
h3 {
font-size: 18px;
}
h4 {
font-size: 14px;
}
h5 {
font-size: 12px;
text-transform: uppercase;
margin: 0 0 5px 0;
}
h6 {
font-size: 12px;
text-transform: uppercase;
color: #999;
margin: 0 0 5px 0;
}
dt {
font-style: italic;
font-weight: bold;
}
/*
ul li {
list-style: none;
}
*/
/*
ul li:before {
content: ">>";
font-family: Monaco, "Bitstream Vera Sans Mono", "Lucida Console", Terminal, monospace;
font-size: 13px;
color: #b5e853;
margin-left: -37px;
margin-right: 21px;
line-height: 16px;
}
*/
blockquote {
color: #aaa;
padding-left: 10px;
border-left: 1px dotted #666;
}
pre {
background: rgba(0, 0, 0, 0.9);
border: 1px solid rgba(255, 255, 255, 0.15);
padding: 10px;
font-size: 14px;
//color: #b5e853;
border-radius: 2px;
-moz-border-radius: 2px;
-webkit-border-radius: 2px;
text-wrap: normal;
overflow: auto;
overflow-y: hidden;
}
pre.address {
margin-bottom: 0 ;
margin-top: 0 ;
font: inherit }
pre.literal-block, pre.doctest-block, pre.math, pre.code {
margin-left: 2em ;
margin-right: 2em }
code .ln { color: grey; } /* line numbers */
/*code, code { background-color: #eeeeee }*/
code .comment, code .comment, code .c1 { color: #999; }
code .keyword, code .keyword, code .kd, code .kn, code .k, code .o { color: #FC8F3F; font-weight: bold;}
code .nb { color: #c45918;}
code .s {color: #0a77c4;}
code .punctuation, code .p { color: white;}
code .literal.string, code .literal.string { color: #40BF32; }
code .name, code .name.builtin, code .nx { color: white; }
code .deleted, code .deleted { background-color: #DEB0A1}
code .inserted, code .inserted { background-color: #A3D289}
table {
width: 100%;
margin: 0 0 20px 0;
}
th {
text-align: left;
border-bottom: 1px dashed #b5e853;
padding: 5px 10px;
}
td {
padding: 5px 10px;
}
hr {
height: 0;
border: 0;
border-bottom: 1px dashed #b5e853;
color: #b5e853;
}
/* Links
* a, a:hover, a:visited
* */
a {
color: #63c0f5;
/*text-shadow: 0 0 5px rgba(104, 182, 255, 0.5);*/
text-decoration: none;
}
cite {
color: #00FF4A;
}
strong {
color: #C64216;
}
</style></head><body><h1>MIG API</h1><div class="contents" id="table-of-contents"><h2>Table of Contents</h2><ul class="auto-toc"><li><p><a class="reference internal" href="#endpoints" id="id1">1   Endpoints</a></p><ul class="auto-toc"><li><p><a class="reference internal" href="#get-api-v1-heartbeat" id="id2">1.1   GET /api/v1/heartbeat</a></p></li><li><p><a class="reference internal" href="#get-api-v1-ip" id="id3">1.2   GET /api/v1/ip</a></p></li><li><p><a class="reference internal" href="#get-api-v1-dashboard" id="id4">1.3   GET /api/v1/dashboard</a></p></li><li><p><a class="reference internal" href="#get-api-v1-action" id="id5">1.4   GET /api/v1/action</a></p></li><li><p><a class="reference internal" href="#post-api-v1-action-create" id="id6">1.5   POST /api/v1/action/create/</a></p></li><li><p><a class="reference internal" href="#get-api-v1-agent" id="id7">1.6   GET /api/v1/agent</a></p></li><li><p><a class="reference internal" href="#get-api-v1-command" id="id8">1.7   GET /api/v1/command</a></p></li><li><p><a class="reference internal" href="#get-api-v1-investigator" id="id9">1.8   GET /api/v1/investigator</a></p></li><li><p><a class="reference internal" href="#post-api-v1-investigator-create" id="id10">1.9   POST /api/v1/investigator/create/</a></p></li><li><p><a class="reference internal" href="#post-api-v1-investigator-update" id="id11">1.10   POST /api/v1/investigator/update/</a></p></li><li><p><a class="reference internal" href="#get-api-v1-search" id="id12">1.11   GET /api/v1/search</a></p></li></ul></li><li><p><a class="reference internal" href="#data-transformation" id="id13">2   Data transformation</a></p><ul class="auto-toc"><li><p><a class="reference internal" href="#compliance-items" id="id14">2.1   Compliance Items</a></p></li><li><p><a class="reference internal" href="#geolocations" id="id15">2.2   Geolocations</a></p></li></ul></li><li><p><a class="reference internal" href="#authentication-with-x-pgpauthorization-version-1" id="id16">3   Authentication with X-PGPAUTHORIZATION version 1</a></p><ul class="auto-toc"><li><p><a class="reference internal" href="#security-implications" id="id17">3.1   Security implications</a></p></li><li><p><a class="reference internal" href="#example-1-invalid-timestamp" id="id18">3.2   Example 1: invalid timestamp</a></p></li><li><p><a class="reference internal" href="#example-2-invalid-signature" id="id19">3.3   Example 2: invalid signature</a></p></li><li><p><a class="reference internal" href="#generating-a-token-in-bash" id="id20">3.4   Generating a token in Bash</a></p></li><li><p><a class="reference internal" href="#generating-a-token-in-python" id="id21">3.5   Generating a token in Python</a></p></li></ul></li></ul></div><p>Interactions between an investigator (a human being) and the MIG platform are
performed through a REST API. The API exposes functions to create actions,
retrieve results, and generally monitor the activity of the agents.</p><p>The API follows the core principles of REST, and provides discoverable
endpoints. API responses follows the <strong>cljs</strong> format defined in
<a class="reference external" href="http://amundsen.com/media-types/collection/">Collection+JSON - Hypermedia Type</a>.</p><section id="endpoints"><header><h2><a href="#id1">1   Endpoints</a></h2></header><p>The API root is at <cite>/api/v1</cite> by defualt. All the endpoints described below are
reachable behind the root. If you change the location of the API root, update
the query paths accordingly.</p><section id="get-api-v1-heartbeat"><header><h3><a href="#id2">1.1   GET /api/v1/heartbeat</a></h3></header><ul><li><p>Description: basic endpoint that returns a HTTP 200</p></li><li><p>Parameters: none</p></li><li><p>Authentication: none</p></li><li><p>Response Code: 200 OK</p></li><li><p>Reponse: Collection+JSON</p></li></ul><pre><code class="code json"><span class="punctuation">{</span>
<span class="name tag">"collection"</span><span class="punctuation">:</span> <span class="punctuation">{</span>
<span class="name tag">"error"</span><span class="punctuation">:</span> <span class="punctuation">{},</span>
<span class="name tag">"href"</span><span class="punctuation">:</span> <span class="literal string double">"https://api.mig.mozilla.org/api/v1/heartbeat"</span><span class="punctuation">,</span>
<span class="name tag">"items"</span><span class="punctuation">:</span> <span class="punctuation">[</span>
<span class="punctuation">{</span>
<span class="name tag">"data"</span><span class="punctuation">:</span> <span class="punctuation">[</span>
<span class="punctuation">{</span>
<span class="name tag">"name"</span><span class="punctuation">:</span> <span class="literal string double">"heartbeat"</span><span class="punctuation">,</span>
<span class="name tag">"value"</span><span class="punctuation">:</span> <span class="literal string double">"gatorz say hi"</span>
<span class="punctuation">}</span>
<span class="punctuation">],</span>
<span class="name tag">"href"</span><span class="punctuation">:</span> <span class="literal string double">"/api/v1/heartbeat"</span>
<span class="punctuation">}</span>
<span class="punctuation">],</span>
<span class="name tag">"template"</span><span class="punctuation">:</span> <span class="punctuation">{},</span>
<span class="name tag">"version"</span><span class="punctuation">:</span> <span class="literal string double">"1.0"</span>
<span class="punctuation">}</span>
<span class="punctuation">}</span></code></pre></section><section id="get-api-v1-ip"><header><h3><a href="#id3">1.2   GET /api/v1/ip</a></h3></header><ul><li><p>Description: basic endpoint that returns the public IP of the caller. If the
API is behind a load balancer, it returns the value of X-Forwarded-For.</p></li><li><p>Parameters: none</p></li><li><p>Authentication: none</p></li><li><p>Response Code: 200 OK</p></li><li><p>Response: Text</p></li></ul><pre><code class="code bash"><span class="name variable">$ </span>curl https://api.mig.mozilla.org/api/v1/ip
108.36.248.44</code></pre></section><section id="get-api-v1-dashboard"><header><h3><a href="#id4">1.3   GET /api/v1/dashboard</a></h3></header><ul><li><p>Description: returns a status dashboard with counters of active and idle
agents, and a list of the last 10 actions ran.</p></li><li><p>Parameters: none</p></li><li><p>Authentication: X-PGPAUTHORIZATION</p></li><li><p>Response Code: 200 OK</p></li><li><p>Response: Collection+JSON</p></li></ul><pre><code class="code json"><span class="punctuation">{</span>
<span class="name tag">"collection"</span><span class="punctuation">:</span> <span class="punctuation">{</span>
<span class="name tag">"error"</span><span class="punctuation">:</span> <span class="punctuation">{},</span>
<span class="name tag">"href"</span><span class="punctuation">:</span> <span class="literal string double">"https://api.mig.mozilla.org/api/v1/dashboard"</span><span class="punctuation">,</span>
<span class="name tag">"items"</span><span class="punctuation">:</span> <span class="punctuation">[</span>
<span class="punctuation">{</span>
<span class="name tag">"data"</span><span class="punctuation">:</span> <span class="punctuation">[</span>
<span class="punctuation">{</span>
<span class="name tag">"name"</span><span class="punctuation">:</span> <span class="literal string double">"online agents"</span><span class="punctuation">,</span>
<span class="name tag">"value"</span><span class="punctuation">:</span> <span class="literal number integer">1367</span>
<span class="punctuation">},</span>
<span class="punctuation">{</span>
<span class="name tag">"name"</span><span class="punctuation">:</span> <span class="literal string double">"online agents by version"</span><span class="punctuation">,</span>
<span class="name tag">"value"</span><span class="punctuation">:</span> <span class="punctuation">[</span>
<span class="punctuation">{</span>
<span class="name tag">"count"</span><span class="punctuation">:</span> <span class="literal number integer">1366</span><span class="punctuation">,</span>
<span class="name tag">"version"</span><span class="punctuation">:</span> <span class="literal string double">"20150122+ad43a11.prod"</span>
<span class="punctuation">},</span>
<span class="punctuation">{</span>
<span class="name tag">"count"</span><span class="punctuation">:</span> <span class="literal number integer">1</span><span class="punctuation">,</span>
<span class="name tag">"version"</span><span class="punctuation">:</span> <span class="literal string double">"20150124+79ecbbb.prod"</span>
<span class="punctuation">}</span>
<span class="punctuation">]</span>
<span class="punctuation">},</span>
<span class="punctuation">{</span>
<span class="name tag">"name"</span><span class="punctuation">:</span> <span class="literal string double">"online endpoints"</span><span class="punctuation">,</span>
<span class="name tag">"value"</span><span class="punctuation">:</span> <span class="literal number integer">1367</span>
<span class="punctuation">},</span>
<span class="punctuation">{</span>
<span class="name tag">"name"</span><span class="punctuation">:</span> <span class="literal string double">"idle agents"</span><span class="punctuation">,</span>
<span class="name tag">"value"</span><span class="punctuation">:</span> <span class="literal number integer">23770</span>
<span class="punctuation">},</span>
<span class="punctuation">{</span>
<span class="name tag">"name"</span><span class="punctuation">:</span> <span class="literal string double">"idle agents by version"</span><span class="punctuation">,</span>
<span class="name tag">"value"</span><span class="punctuation">:</span> <span class="punctuation">[</span>
<span class="punctuation">{</span>
<span class="name tag">"count"</span><span class="punctuation">:</span> <span class="literal number integer">23770</span><span class="punctuation">,</span>
<span class="name tag">"version"</span><span class="punctuation">:</span> <span class="literal string double">"20150122+ad43a11.prod"</span>
<span class="punctuation">}</span>
<span class="punctuation">]</span>
<span class="punctuation">},</span>
<span class="punctuation">{</span>
<span class="name tag">"name"</span><span class="punctuation">:</span> <span class="literal string double">"idle endpoints"</span><span class="punctuation">,</span>
<span class="name tag">"value"</span><span class="punctuation">:</span> <span class="literal number integer">5218</span>
<span class="punctuation">},</span>
<span class="punctuation">{</span>
<span class="name tag">"name"</span><span class="punctuation">:</span> <span class="literal string double">"new endpoints"</span><span class="punctuation">,</span>
<span class="name tag">"value"</span><span class="punctuation">:</span> <span class="literal number integer">7889</span>
<span class="punctuation">},</span>
<span class="punctuation">{</span>
<span class="name tag">"name"</span><span class="punctuation">:</span> <span class="literal string double">"endpoints running 2 or more agents"</span><span class="punctuation">,</span>
<span class="name tag">"value"</span><span class="punctuation">:</span> <span class="literal number integer">0</span>
<span class="punctuation">},</span>
<span class="punctuation">{</span>
<span class="name tag">"name"</span><span class="punctuation">:</span> <span class="literal string double">"disappeared endpoints"</span><span class="punctuation">,</span>
<span class="name tag">"value"</span><span class="punctuation">:</span> <span class="literal number integer">48811</span>
<span class="punctuation">},</span>
<span class="punctuation">{</span>
<span class="name tag">"name"</span><span class="punctuation">:</span> <span class="literal string double">"flapping endpoints"</span><span class="punctuation">,</span>
<span class="name tag">"value"</span><span class="punctuation">:</span> <span class="literal number integer">4478</span>
<span class="punctuation">}</span>
<span class="punctuation">],</span>
<span class="name tag">"href"</span><span class="punctuation">:</span> <span class="literal string double">"https://api.mig.mozilla.org/api/v1/dashboard"</span>
<span class="punctuation">},</span>
<span class="punctuation">{</span>
<span class="name tag">"data"</span><span class="punctuation">:</span> <span class="punctuation">[</span>
<span class="punctuation">{</span>
<span class="name tag">"name"</span><span class="punctuation">:</span> <span class="literal string double">"action"</span><span class="punctuation">,</span>
<span class="name tag">"value"</span><span class="punctuation">:</span> <span class="punctuation">{</span>
<span class="name tag">"counters"</span><span class="punctuation">:</span> <span class="punctuation">{</span>
<span class="name tag">"done"</span><span class="punctuation">:</span> <span class="literal number integer">1119</span><span class="punctuation">,</span>
<span class="name tag">"inflight"</span><span class="punctuation">:</span> <span class="literal number integer">2</span><span class="punctuation">,</span>
<span class="name tag">"sent"</span><span class="punctuation">:</span> <span class="literal number integer">1121</span><span class="punctuation">,</span>
<span class="name tag">"success"</span><span class="punctuation">:</span> <span class="literal number integer">1119</span>
<span class="punctuation">},</span>
<span class="name tag">"description"</span><span class="punctuation">:</span> <span class="punctuation">{</span>
<span class="name tag">"author"</span><span class="punctuation">:</span> <span class="literal string double">"Spongebob SquarepantsJeff Bryner"</span><span class="punctuation">,</span>
<span class="name tag">"email"</span><span class="punctuation">:</span> <span class="literal string double">"bob@example.net"</span><span class="punctuation">,</span>
<span class="name tag">"revision"</span><span class="punctuation">:</span> <span class="literal number float">201412311300.0</span>
<span class="punctuation">},</span>
<span class="name tag">"expireafter"</span><span class="punctuation">:</span> <span class="literal string double">"2015-02-24T14:03:00Z"</span><span class="punctuation">,</span>
<span class="name tag">"finishtime"</span><span class="punctuation">:</span> <span class="literal string double">"9998-01-11T11:11:11Z"</span><span class="punctuation">,</span>
<span class="name tag">"id"</span><span class="punctuation">:</span> <span class="literal number float">6.115472790658567e+18</span><span class="punctuation">,</span>
<span class="name tag">"investigators"</span><span class="punctuation">:</span> <span class="punctuation">[</span>
<span class="punctuation">{</span>
<span class="name tag">"createdat"</span><span class="punctuation">:</span> <span class="literal string double">"2014-11-01T19:35:38.11369Z"</span><span class="punctuation">,</span>
<span class="name tag">"id"</span><span class="punctuation">:</span> <span class="literal number integer">1</span><span class="punctuation">,</span>
<span class="name tag">"lastmodified"</span><span class="punctuation">:</span> <span class="literal string double">"2014-11-01T19:35:42.474417Z"</span><span class="punctuation">,</span>
<span class="name tag">"name"</span><span class="punctuation">:</span> <span class="literal string double">"Sher Lock"</span><span class="punctuation">,</span>
<span class="name tag">"pgpfingerprint"</span><span class="punctuation">:</span> <span class="literal string double">"E60892BB9BD89A69F759A1A0A3D652173B763E8F"</span><span class="punctuation">,</span>
<span class="name tag">"status"</span><span class="punctuation">:</span> <span class="literal string double">"active"</span>
<span class="punctuation">}</span>
<span class="punctuation">],</span>
<span class="name tag">"lastupdatetime"</span><span class="punctuation">:</span> <span class="literal string double">"2015-02-23T14:03:11.561547Z"</span><span class="punctuation">,</span>
<span class="name tag">"name"</span><span class="punctuation">:</span> <span class="literal string double">"Verify system sends syslog to syslog servers instead of local"</span><span class="punctuation">,</span>
<span class="name tag">"operations"</span><span class="punctuation">:</span> <span class="punctuation">[</span>
<span class="punctuation">{</span>
<span class="name tag">"module"</span><span class="punctuation">:</span> <span class="literal string double">"file"</span><span class="punctuation">,</span>
<span class="name tag">"parameters"</span><span class="punctuation">:</span> <span class="punctuation">{</span>
<span class="name tag">"searches"</span><span class="punctuation">:</span> <span class="punctuation">{</span>
<span class="name tag">"authprivtoremotesyslog"</span><span class="punctuation">:</span> <span class="punctuation">{</span>
<span class="name tag">"contents"</span><span class="punctuation">:</span> <span class="punctuation">[</span>
<span class="literal string double">"^authpriv\\.\\*.*@[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}"</span>
<span class="punctuation">],</span>
<span class="name tag">"names"</span><span class="punctuation">:</span> <span class="punctuation">[</span>
<span class="literal string double">"^r?syslog.conf$"</span>
<span class="punctuation">],</span>
<span class="name tag">"options"</span><span class="punctuation">:</span> <span class="punctuation">{</span>
<span class="name tag">"matchall"</span><span class="punctuation">:</span> <span class="keyword constant">true</span><span class="punctuation">,</span>
<span class="name tag">"maxdepth"</span><span class="punctuation">:</span> <span class="literal number integer">1</span>
<span class="punctuation">},</span>
<span class="name tag">"paths"</span><span class="punctuation">:</span> <span class="punctuation">[</span>
<span class="literal string double">"/etc"</span>
<span class="punctuation">]</span>
<span class="punctuation">},</span>
<span class="name tag">"daemontoremotesyslog"</span><span class="punctuation">:</span> <span class="punctuation">{</span>
<span class="name tag">"contents"</span><span class="punctuation">:</span> <span class="punctuation">[</span>
<span class="literal string double">"^daemon\\.\\*.*@[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}."</span>
<span class="punctuation">],</span>
<span class="name tag">"names"</span><span class="punctuation">:</span> <span class="punctuation">[</span>
<span class="literal string double">"^r?syslog.conf$"</span>
<span class="punctuation">],</span>
<span class="name tag">"options"</span><span class="punctuation">:</span> <span class="punctuation">{</span>
<span class="name tag">"matchall"</span><span class="punctuation">:</span> <span class="keyword constant">true</span><span class="punctuation">,</span>
<span class="name tag">"maxdepth"</span><span class="punctuation">:</span> <span class="literal number integer">1</span>
<span class="punctuation">},</span>
<span class="name tag">"paths"</span><span class="punctuation">:</span> <span class="punctuation">[</span>
<span class="literal string double">"/etc"</span>
<span class="punctuation">]</span>
<span class="punctuation">},</span>
<span class="name tag">"kerntoremotesyslog"</span><span class="punctuation">:</span> <span class="punctuation">{</span>
<span class="name tag">"contents"</span><span class="punctuation">:</span> <span class="punctuation">[</span>
<span class="literal string double">"^kern\\.\\*.*@[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}"</span>
<span class="punctuation">],</span>
<span class="name tag">"names"</span><span class="punctuation">:</span> <span class="punctuation">[</span>
<span class="literal string double">"^r?syslog.conf$"</span>
<span class="punctuation">],</span>
<span class="name tag">"options"</span><span class="punctuation">:</span> <span class="punctuation">{</span>
<span class="name tag">"matchall"</span><span class="punctuation">:</span> <span class="keyword constant">true</span><span class="punctuation">,</span>
<span class="name tag">"maxdepth"</span><span class="punctuation">:</span> <span class="literal number integer">1</span>
<span class="punctuation">},</span>
<span class="name tag">"paths"</span><span class="punctuation">:</span> <span class="punctuation">[</span>
<span class="literal string double">"/etc"</span>
<span class="punctuation">]</span>
<span class="punctuation">}</span>
<span class="punctuation">}</span>
<span class="punctuation">}</span>
<span class="punctuation">}</span>
<span class="punctuation">],</span>
<span class="name tag">"pgpsignatures"</span><span class="punctuation">:</span> <span class="punctuation">[</span>
<span class="literal string double">"wsBc....."</span>
<span class="punctuation">],</span>
<span class="name tag">"starttime"</span><span class="punctuation">:</span> <span class="literal string double">"2015-02-23T14:03:00.751008Z"</span><span class="punctuation">,</span>
<span class="name tag">"status"</span><span class="punctuation">:</span> <span class="literal string double">"inflight"</span><span class="punctuation">,</span>
<span class="name tag">"syntaxversion"</span><span class="punctuation">:</span> <span class="literal number integer">2</span><span class="punctuation">,</span>
<span class="name tag">"target"</span><span class="punctuation">:</span> <span class="literal string double">"agents.queueloc like 'linux.%' AND tags-&gt;&gt;'operator'='IT'"</span><span class="punctuation">,</span>
<span class="name tag">"threat"</span><span class="punctuation">:</span> <span class="punctuation">{</span>
<span class="name tag">"family"</span><span class="punctuation">:</span> <span class="literal string double">"compliance"</span><span class="punctuation">,</span>
<span class="name tag">"level"</span><span class="punctuation">:</span> <span class="literal string double">"medium"</span><span class="punctuation">,</span>
<span class="name tag">"ref"</span><span class="punctuation">:</span> <span class="literal string double">"sysmediumlogs1"</span><span class="punctuation">,</span>
<span class="name tag">"type"</span><span class="punctuation">:</span> <span class="literal string double">"system"</span>
<span class="punctuation">},</span>
<span class="name tag">"validfrom"</span><span class="punctuation">:</span> <span class="literal string double">"2015-02-23T14:03:00Z"</span>
<span class="punctuation">}</span>
<span class="punctuation">}</span>
<span class="punctuation">],</span>
<span class="name tag">"href"</span><span class="punctuation">:</span> <span class="literal string double">"https://api.mig.example.net/api/v1/action?actionid=6115472790658567168"</span>
<span class="punctuation">}</span>
<span class="punctuation">],</span>
<span class="name tag">"template"</span><span class="punctuation">:</span> <span class="punctuation">{},</span>
<span class="name tag">"version"</span><span class="punctuation">:</span> <span class="literal string double">"1.0"</span>
<span class="punctuation">}</span>
<span class="punctuation">}</span></code></pre></section><section id="get-api-v1-action"><header><h3><a href="#id5">1.4   GET /api/v1/action</a></h3></header><ul><li><p>Description: retrieve an action by its ID. Include links to related commands.</p></li><li><p>Authentication: X-PGPAUTHORIZATION</p></li><li><dl><dt>Parameters:</dt><dd><ul><li><p><cite>actionid</cite>: a uint64 that identifies an action by its ID</p></li></ul></dd></dl></li><li><p>Response Code: 200 OK</p></li><li><p>Response: Collection+JSON</p></li></ul><pre><code class="code json"><span class="punctuation">{</span>
<span class="name tag">"collection"</span><span class="punctuation">:</span> <span class="punctuation">{</span>
<span class="name tag">"error"</span><span class="punctuation">:</span> <span class="punctuation">{},</span>
<span class="name tag">"href"</span><span class="punctuation">:</span> <span class="literal string double">"https://api.mig.example.net/api/v1/action?actionid=6115472790658567168"</span><span class="punctuation">,</span>
<span class="name tag">"items"</span><span class="punctuation">:</span> <span class="punctuation">[</span>
<span class="punctuation">{</span>
<span class="name tag">"data"</span><span class="punctuation">:</span> <span class="punctuation">[</span>
<span class="punctuation">{</span>
<span class="name tag">"name"</span><span class="punctuation">:</span> <span class="literal string double">"action"</span><span class="punctuation">,</span>
<span class="name tag">"value"</span><span class="punctuation">:</span> <span class="punctuation">{</span>
<span class="name tag">"counters"</span><span class="punctuation">:</span> <span class="punctuation">{</span>
<span class="name tag">"done"</span><span class="punctuation">:</span> <span class="literal number integer">1119</span><span class="punctuation">,</span>
<span class="name tag">"inflight"</span><span class="punctuation">:</span> <span class="literal number integer">2</span><span class="punctuation">,</span>
<span class="name tag">"sent"</span><span class="punctuation">:</span> <span class="literal number integer">1121</span><span class="punctuation">,</span>
<span class="name tag">"success"</span><span class="punctuation">:</span> <span class="literal number integer">1119</span>
<span class="punctuation">},</span>
<span class="name tag">"description"</span><span class="punctuation">:</span> <span class="punctuation">{</span>
<span class="name tag">"author"</span><span class="punctuation">:</span> <span class="literal string double">"Sponge Bob"</span><span class="punctuation">,</span>
<span class="name tag">"email"</span><span class="punctuation">:</span> <span class="literal string double">"bob@example.net"</span><span class="punctuation">,</span>
<span class="name tag">"revision"</span><span class="punctuation">:</span> <span class="literal number float">201412311300.0</span>
<span class="punctuation">},</span>
<span class="name tag">"expireafter"</span><span class="punctuation">:</span> <span class="literal string double">"2015-02-24T14:03:00Z"</span><span class="punctuation">,</span>
<span class="name tag">"finishtime"</span><span class="punctuation">:</span> <span class="literal string double">"9998-01-11T11:11:11Z"</span><span class="punctuation">,</span>
<span class="name tag">"id"</span><span class="punctuation">:</span> <span class="literal number float">6.115472790658567e+18</span><span class="punctuation">,</span>
<span class="name tag">"investigators"</span><span class="punctuation">:</span> <span class="punctuation">[</span>
<span class="punctuation">{</span>
<span class="name tag">"createdat"</span><span class="punctuation">:</span> <span class="literal string double">"2014-11-01T19:35:38.11369Z"</span><span class="punctuation">,</span>
<span class="name tag">"id"</span><span class="punctuation">:</span> <span class="literal number integer">1</span><span class="punctuation">,</span>
<span class="name tag">"lastmodified"</span><span class="punctuation">:</span> <span class="literal string double">"2014-11-01T19:35:42.474417Z"</span><span class="punctuation">,</span>
<span class="name tag">"name"</span><span class="punctuation">:</span> <span class="literal string double">"Sher Lock"</span><span class="punctuation">,</span>
<span class="name tag">"pgpfingerprint"</span><span class="punctuation">:</span> <span class="literal string double">"E60892BB9BD89A69F759A1A0A3D652173B763E8F"</span><span class="punctuation">,</span>
<span class="name tag">"status"</span><span class="punctuation">:</span> <span class="literal string double">"active"</span>
<span class="punctuation">}</span>
<span class="punctuation">],</span>
<span class="name tag">"lastupdatetime"</span><span class="punctuation">:</span> <span class="literal string double">"2015-02-23T14:03:11.561547Z"</span><span class="punctuation">,</span>
<span class="name tag">"name"</span><span class="punctuation">:</span> <span class="literal string double">"Verify system sends syslog to syslog servers instead of local"</span><span class="punctuation">,</span>
<span class="name tag">"operations"</span><span class="punctuation">:</span> <span class="punctuation">[</span>
<span class="punctuation">{</span>
<span class="name tag">"module"</span><span class="punctuation">:</span> <span class="literal string double">"file"</span><span class="punctuation">,</span>
<span class="name tag">"parameters"</span><span class="punctuation">:</span> <span class="punctuation">{</span>
<span class="name tag">"searches"</span><span class="punctuation">:</span> <span class="punctuation">{</span>
<span class="name tag">"authprivtoremotesyslog"</span><span class="punctuation">:</span> <span class="punctuation">{</span>
<span class="name tag">"contents"</span><span class="punctuation">:</span> <span class="punctuation">[</span>
<span class="literal string double">"^authpriv\\.\\*.*@[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}"</span>
<span class="punctuation">],</span>
<span class="name tag">"names"</span><span class="punctuation">:</span> <span class="punctuation">[</span>
<span class="literal string double">"^r?syslog.conf$"</span>
<span class="punctuation">],</span>
<span class="name tag">"options"</span><span class="punctuation">:</span> <span class="punctuation">{</span>
<span class="name tag">"matchall"</span><span class="punctuation">:</span> <span class="keyword constant">true</span><span class="punctuation">,</span>
<span class="name tag">"maxdepth"</span><span class="punctuation">:</span> <span class="literal number integer">1</span>
<span class="punctuation">},</span>
<span class="name tag">"paths"</span><span class="punctuation">:</span> <span class="punctuation">[</span>
<span class="literal string double">"/etc"</span>
<span class="punctuation">]</span>
<span class="punctuation">},</span>
<span class="name tag">"daemontoremotesyslog"</span><span class="punctuation">:</span> <span class="punctuation">{</span>
<span class="name tag">"contents"</span><span class="punctuation">:</span> <span class="punctuation">[</span>
<span class="literal string double">"^daemon\\.\\*.*@[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}."</span>
<span class="punctuation">],</span>
<span class="name tag">"names"</span><span class="punctuation">:</span> <span class="punctuation">[</span>
<span class="literal string double">"^r?syslog.conf$"</span>
<span class="punctuation">],</span>
<span class="name tag">"options"</span><span class="punctuation">:</span> <span class="punctuation">{</span>
<span class="name tag">"matchall"</span><span class="punctuation">:</span> <span class="keyword constant">true</span><span class="punctuation">,</span>
<span class="name tag">"maxdepth"</span><span class="punctuation">:</span> <span class="literal number integer">1</span>
<span class="punctuation">},</span>
<span class="name tag">"paths"</span><span class="punctuation">:</span> <span class="punctuation">[</span>
<span class="literal string double">"/etc"</span>
<span class="punctuation">]</span>
<span class="punctuation">},</span>
<span class="name tag">"kerntoremotesyslog"</span><span class="punctuation">:</span> <span class="punctuation">{</span>
<span class="name tag">"contents"</span><span class="punctuation">:</span> <span class="punctuation">[</span>
<span class="literal string double">"^kern\\.\\*.*@[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}"</span>
<span class="punctuation">],</span>
<span class="name tag">"names"</span><span class="punctuation">:</span> <span class="punctuation">[</span>
<span class="literal string double">"^r?syslog.conf$"</span>
<span class="punctuation">],</span>
<span class="name tag">"options"</span><span class="punctuation">:</span> <span class="punctuation">{</span>
<span class="name tag">"matchall"</span><span class="punctuation">:</span> <span class="keyword constant">true</span><span class="punctuation">,</span>
<span class="name tag">"maxdepth"</span><span class="punctuation">:</span> <span class="literal number integer">1</span>
<span class="punctuation">},</span>
<span class="name tag">"paths"</span><span class="punctuation">:</span> <span class="punctuation">[</span>
<span class="literal string double">"/etc"</span>
<span class="punctuation">]</span>
<span class="punctuation">}</span>
<span class="punctuation">}</span>
<span class="punctuation">}</span>
<span class="punctuation">}</span>
<span class="punctuation">],</span>
<span class="name tag">"pgpsignatures"</span><span class="punctuation">:</span> <span class="punctuation">[</span>
<span class="literal string double">"wsBc....."</span>
<span class="punctuation">],</span>
<span class="name tag">"starttime"</span><span class="punctuation">:</span> <span class="literal string double">"2015-02-23T14:03:00.751008Z"</span><span class="punctuation">,</span>
<span class="name tag">"status"</span><span class="punctuation">:</span> <span class="literal string double">"inflight"</span><span class="punctuation">,</span>
<span class="name tag">"syntaxversion"</span><span class="punctuation">:</span> <span class="literal number integer">2</span><span class="punctuation">,</span>
<span class="name tag">"target"</span><span class="punctuation">:</span> <span class="literal string double">"agents.queueloc like 'linux.%' AND tags-&gt;&gt;'operator'='IT'"</span><span class="punctuation">,</span>
<span class="name tag">"threat"</span><span class="punctuation">:</span> <span class="punctuation">{</span>
<span class="name tag">"family"</span><span class="punctuation">:</span> <span class="literal string double">"compliance"</span><span class="punctuation">,</span>
<span class="name tag">"level"</span><span class="punctuation">:</span> <span class="literal string double">"medium"</span><span class="punctuation">,</span>
<span class="name tag">"ref"</span><span class="punctuation">:</span> <span class="literal string double">"sysmediumlogs1"</span><span class="punctuation">,</span>
<span class="name tag">"type"</span><span class="punctuation">:</span> <span class="literal string double">"system"</span>
<span class="punctuation">},</span>
<span class="name tag">"validfrom"</span><span class="punctuation">:</span> <span class="literal string double">"2015-02-23T14:03:00Z"</span>
<span class="punctuation">}</span>
<span class="punctuation">}</span>
<span class="punctuation">],</span>
<span class="name tag">"href"</span><span class="punctuation">:</span> <span class="literal string double">"https://api.mig.example.net/api/v1/action?actionid=6115472790658567168"</span>
<span class="punctuation">}</span>
<span class="punctuation">],</span>
<span class="name tag">"template"</span><span class="punctuation">:</span> <span class="punctuation">{},</span>
<span class="name tag">"version"</span><span class="punctuation">:</span> <span class="literal string double">"1.0"</span>
<span class="punctuation">}</span>
<span class="punctuation">}</span></code></pre></section><section id="post-api-v1-action-create"><header><h3><a href="#id6">1.5   POST /api/v1/action/create/</a></h3></header><ul><li><p>Description: send a signed action to the API for submission to the scheduler.</p></li><li><p>Authentication: X-PGPAUTHORIZATION</p></li><li><dl><dt>Parameters: (POST body)</dt><dd><ul><li><p><cite>action</cite>: a signed action in JSON format</p></li></ul></dd></dl></li><li><p>Response Code: 202 Accepted</p></li><li><p>Response: Collection+JSON</p></li></ul></section><section id="get-api-v1-agent"><header><h3><a href="#id7">1.6   GET /api/v1/agent</a></h3></header><ul><li><p>Description: retrieve an agent by its ID</p></li><li><p>Authentication: X-PGPAUTHORIZATION</p></li><li><dl><dt>Parameters:</dt><dd><ul><li><p><cite>agentid</cite>: a uint64 that identifies an agent by its ID</p></li></ul></dd></dl></li><li><p>Response Code: 200 OK</p></li><li><p>Response: Collection+JSON</p></li></ul><pre><code class="code json"><span class="punctuation">{</span>
<span class="name tag">"collection"</span><span class="punctuation">:</span> <span class="punctuation">{</span>
<span class="name tag">"error"</span><span class="punctuation">:</span> <span class="punctuation">{},</span>
<span class="name tag">"href"</span><span class="punctuation">:</span> <span class="literal string double">"https://api.mig.example.net/api/v1/agent?agentid=1423779015943326976"</span><span class="punctuation">,</span>
<span class="name tag">"items"</span><span class="punctuation">:</span> <span class="punctuation">[</span>
<span class="punctuation">{</span>
<span class="name tag">"data"</span><span class="punctuation">:</span> <span class="punctuation">[</span>
<span class="punctuation">{</span>
<span class="name tag">"name"</span><span class="punctuation">:</span> <span class="literal string double">"agent"</span><span class="punctuation">,</span>
<span class="name tag">"value"</span><span class="punctuation">:</span> <span class="punctuation">{</span>
<span class="name tag">"destructiontime"</span><span class="punctuation">:</span> <span class="literal string double">"0001-01-01T00:00:00Z"</span><span class="punctuation">,</span>
<span class="name tag">"environment"</span><span class="punctuation">:</span> <span class="punctuation">{</span>
<span class="name tag">"addresses"</span><span class="punctuation">:</span> <span class="punctuation">[</span>
<span class="literal string double">"10.150.75.13/26"</span><span class="punctuation">,</span>
<span class="literal string double">"fe80::813:6bff:fef8:31df/64"</span>
<span class="punctuation">],</span>
<span class="name tag">"arch"</span><span class="punctuation">:</span> <span class="literal string double">"amd64"</span><span class="punctuation">,</span>
<span class="name tag">"ident"</span><span class="punctuation">:</span> <span class="literal string double">"RedHatEnterpriseServer 6.5 Santiago"</span><span class="punctuation">,</span>
<span class="name tag">"init"</span><span class="punctuation">:</span> <span class="literal string double">"upstart"</span><span class="punctuation">,</span>
<span class="name tag">"isproxied"</span><span class="punctuation">:</span> <span class="keyword constant">false</span>
<span class="punctuation">},</span>
<span class="name tag">"heartbeatts"</span><span class="punctuation">:</span> <span class="literal string double">"2015-02-23T15:00:42.656265Z"</span><span class="punctuation">,</span>
<span class="name tag">"id"</span><span class="punctuation">:</span> <span class="literal number float">1.423779015943327e+18</span><span class="punctuation">,</span>
<span class="name tag">"mode"</span><span class="punctuation">:</span> <span class="literal string double">""</span><span class="punctuation">,</span>
<span class="name tag">"name"</span><span class="punctuation">:</span> <span class="literal string double">"syslog1.private.mydomain.example.net"</span><span class="punctuation">,</span>
<span class="name tag">"pid"</span><span class="punctuation">:</span> <span class="literal number integer">24666</span><span class="punctuation">,</span>
<span class="name tag">"queueloc"</span><span class="punctuation">:</span> <span class="literal string double">"linux.syslog1.private.mydomain.example.net.598f3suaf33ta"</span><span class="punctuation">,</span>
<span class="name tag">"starttime"</span><span class="punctuation">:</span> <span class="literal string double">"2015-02-12T22:10:15.897514Z"</span><span class="punctuation">,</span>
<span class="name tag">"status"</span><span class="punctuation">:</span> <span class="literal string double">"online"</span><span class="punctuation">,</span>
<span class="name tag">"tags"</span><span class="punctuation">:</span> <span class="punctuation">{</span>
<span class="name tag">"operator"</span><span class="punctuation">:</span> <span class="literal string double">"IT"</span>
<span class="punctuation">},</span>
<span class="name tag">"version"</span><span class="punctuation">:</span> <span class="literal string double">"20150122+ad43a11.prod"</span>
<span class="punctuation">}</span>
<span class="punctuation">}</span>
<span class="punctuation">],</span>
<span class="name tag">"href"</span><span class="punctuation">:</span> <span class="literal string double">"https://api.mig.example.net/api/v1/agent?agentid=1423779015943326976"</span>
<span class="punctuation">}</span>
<span class="punctuation">],</span>
<span class="name tag">"template"</span><span class="punctuation">:</span> <span class="punctuation">{},</span>
<span class="name tag">"version"</span><span class="punctuation">:</span> <span class="literal string double">"1.0"</span>
<span class="punctuation">}</span>
<span class="punctuation">}</span></code></pre></section><section id="get-api-v1-command"><header><h3><a href="#id8">1.7   GET /api/v1/command</a></h3></header><ul><li><p>Description: retrieve a command by its ID. Include link to related action.</p></li><li><p>Authentication: X-PGPAUTHORIZATION</p></li><li><dl><dt>Parameters:</dt><dd><ul><li><p><cite>commandid</cite>: a uint64 that identifies a command by its ID</p></li></ul></dd></dl></li><li><p>Response Code: 200 OK</p></li><li><p>Response: Collection+JSON</p></li></ul><pre><code class="code bash"><span class="operator">{</span>
<span class="literal string double">"collection"</span>: <span class="operator">{</span>
<span class="literal string double">"error"</span>: <span class="operator">{}</span>,
<span class="literal string double">"href"</span>: <span class="literal string double">"https://api.mig.example.net/api/v1/command?commandid=1424700180901330688"</span>,
<span class="literal string double">"items"</span>: <span class="operator">[</span>
<span class="operator">{</span>
<span class="literal string double">"data"</span>: <span class="operator">[</span>
<span class="operator">{</span>
<span class="literal string double">"name"</span>: <span class="literal string double">"command"</span>,
<span class="literal string double">"value"</span>: <span class="operator">{</span>
<span class="literal string double">"action"</span>: <span class="operator">{</span>
<span class="literal string double">"counters"</span>: <span class="operator">{}</span>,
<span class="literal string double">"description"</span>: <span class="operator">{</span>
<span class="literal string double">"author"</span>: <span class="literal string double">"Spongebob Squarepants"</span>,
<span class="literal string double">"email"</span>: <span class="literal string double">"bob@example.net"</span>,
<span class="literal string double">"revision"</span>: 201412311300.0
<span class="operator">}</span>,
<span class="literal string double">"expireafter"</span>: <span class="literal string double">"2015-02-24T14:03:00Z"</span>,
<span class="literal string double">"finishtime"</span>: <span class="literal string double">"0001-01-01T00:00:00Z"</span>,
<span class="literal string double">"id"</span>: 6.115472790658567e+18,
<span class="literal string double">"lastupdatetime"</span>: <span class="literal string double">"0001-01-01T00:00:00Z"</span>,
<span class="literal string double">"name"</span>: <span class="literal string double">"Verify system sends syslog to syslog servers instead of local"</span>,
<span class="literal string double">"operations"</span>: <span class="operator">[</span>
<span class="operator">{</span>
<span class="literal string double">"module"</span>: <span class="literal string double">"file"</span>,
<span class="literal string double">"parameters"</span>: <span class="operator">{</span>
<span class="literal string double">"searches"</span>: <span class="operator">{</span>
<span class="literal string double">"authprivtoremotesyslog"</span>: <span class="operator">{</span>
<span class="literal string double">"contents"</span>: <span class="operator">[</span>
<span class="literal string double">"^authpriv\\.\\*.*@[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}"</span>
<span class="operator">]</span>,
<span class="literal string double">"names"</span>: <span class="operator">[</span>
<span class="literal string double">"^r?syslog.conf</span><span class="name variable">$"</span><span class="literal string double">
],
"</span>options<span class="literal string double">": {
"</span>matchall<span class="literal string double">": true,
"</span>maxdepth<span class="literal string double">": 1
},
"</span>paths<span class="literal string double">": [
"</span>/etc<span class="literal string double">"
]
},
"</span>daemontoremotesyslog<span class="literal string double">": {
"</span>contents<span class="literal string double">": [
"</span>^daemon<span class="literal string escape">\\</span>.<span class="literal string escape">\\</span>*.*@<span class="operator">[</span>0-9<span class="operator">]{</span>1,3<span class="operator">}</span><span class="literal string escape">\\</span>.<span class="operator">[</span>0-9<span class="operator">]{</span>1,3<span class="operator">}</span><span class="literal string escape">\\</span>.<span class="operator">[</span>0-9<span class="operator">]{</span>1,3<span class="operator">}</span>.<span class="literal string double">"
],
"</span>names<span class="literal string double">": [
"</span>^r?syslog.conf<span class="literal string double">$"
],
"</span>options<span class="literal string double">": {
"</span>matchall<span class="literal string double">": true,
"</span>maxdepth<span class="literal string double">": 1
},
"</span>paths<span class="literal string double">": [
"</span>/etc<span class="literal string double">"
]
},
"</span>kerntoremotesyslog<span class="literal string double">": {
"</span>contents<span class="literal string double">": [
"</span>^kern<span class="literal string escape">\\</span>.<span class="literal string escape">\\</span>*.*@<span class="operator">[</span>0-9<span class="operator">]{</span>1,3<span class="operator">}</span><span class="literal string escape">\\</span>.<span class="operator">[</span>0-9<span class="operator">]{</span>1,3<span class="operator">}</span><span class="literal string escape">\\</span>.<span class="operator">[</span>0-9<span class="operator">]{</span>1,3<span class="operator">}</span><span class="literal string double">"
],
"</span>names<span class="literal string double">": [
"</span>^r?syslog.conf<span class="literal string double">$"
],
"</span>options<span class="literal string double">": {
"</span>matchall<span class="literal string double">": true,
"</span>maxdepth<span class="literal string double">": 1
},
"</span>paths<span class="literal string double">": [
"</span>/etc<span class="literal string double">"
]
}
}
}
}
],
"</span>pgpsignatures<span class="literal string double">": [
"</span>ws....<span class="literal string double">"
],
"</span>starttime<span class="literal string double">": "</span>0001-01-01T00:00:00Z<span class="literal string double">",
"</span>syntaxversion<span class="literal string double">": 2,
"</span>target<span class="literal string double">": "</span>agents.queueloc like <span class="literal string single">'linux.%'</span> AND tags-&gt;&gt;<span class="literal string single">'operator'</span><span class="operator">=</span><span class="literal string single">'IT'</span><span class="literal string double">",
"</span>threat<span class="literal string double">": {
"</span>family<span class="literal string double">": "</span>compliance<span class="literal string double">",
"</span>level<span class="literal string double">": "</span>medium<span class="literal string double">",
"</span>ref<span class="literal string double">": "</span>sysmediumlogs1<span class="literal string double">",
"</span><span class="name builtin">type</span><span class="literal string double">": "</span>system<span class="literal string double">"
},
"</span>validfrom<span class="literal string double">": "</span>2015-02-23T14:03:00Z<span class="literal string double">"
},
"</span>agent<span class="literal string double">": {
"</span>destructiontime<span class="literal string double">": "</span>0001-01-01T00:00:00Z<span class="literal string double">",
"</span>environment<span class="literal string double">": {
"</span>isproxied<span class="literal string double">": false
},
"</span>heartbeatts<span class="literal string double">": "</span>0001-01-01T00:00:00Z<span class="literal string double">",
"</span>id<span class="literal string double">": 1.423779015943327e+18,
"</span>mode<span class="literal string double">": "",
"</span>name<span class="literal string double">": "</span>syslog1.private.mydomain.example.net<span class="literal string double">",
"</span>queueloc<span class="literal string double">": "</span>linux.syslog1.private.mydomain.example.net.e98r198dhq<span class="literal string double">",
"</span>starttime<span class="literal string double">": "</span>0001-01-01T00:00:00Z<span class="literal string double">",
"</span>version<span class="literal string double">": "</span>20150122+ad43a11.prod<span class="literal string double">"
},
"</span>finishtime<span class="literal string double">": "</span>2015-02-23T14:03:10.402108Z<span class="literal string double">",
"</span>id<span class="literal string double">": 1.4247001809013307e+18,
"</span>results<span class="literal string double">": [
{
"</span>elements<span class="literal string double">": {
"</span>authprivtoremotesyslog<span class="literal string double">": [
{
"</span>file<span class="literal string double">": "",
"</span>fileinfo<span class="literal string double">": {
"</span>lastmodified<span class="literal string double">": "",
"</span>mode<span class="literal string double">": "",
"</span>size<span class="literal string double">": 0
},
"</span>search<span class="literal string double">": {
"</span>contents<span class="literal string double">": [
"</span>^authpriv<span class="literal string escape">\\</span>.<span class="literal string escape">\\</span>*.*@<span class="operator">[</span>0-9<span class="operator">]{</span>1,3<span class="operator">}</span><span class="literal string escape">\\</span>.<span class="operator">[</span>0-9<span class="operator">]{</span>1,3<span class="operator">}</span><span class="literal string escape">\\</span>.<span class="operator">[</span>0-9<span class="operator">]{</span>1,3<span class="operator">}</span><span class="literal string double">"
],
"</span>names<span class="literal string double">": [
"</span>^r?syslog.conf<span class="literal string double">$"
],
"</span>options<span class="literal string double">": {
"</span>matchall<span class="literal string double">": true,
"</span>matchlimit<span class="literal string double">": 0,
"</span>maxdepth<span class="literal string double">": 0
},
"</span>paths<span class="literal string double">": [
"</span>/etc<span class="literal string double">"
]
}
}
],
"</span>daemontoremotesyslog<span class="literal string double">": [
{
"</span>file<span class="literal string double">": "",
"</span>fileinfo<span class="literal string double">": {
"</span>lastmodified<span class="literal string double">": "",
"</span>mode<span class="literal string double">": "",
"</span>size<span class="literal string double">": 0
},
"</span>search<span class="literal string double">": {
"</span>contents<span class="literal string double">": [
"</span>^daemon<span class="literal string escape">\\</span>.<span class="literal string escape">\\</span>*.*@<span class="operator">[</span>0-9<span class="operator">]{</span>1,3<span class="operator">}</span><span class="literal string escape">\\</span>.<span class="operator">[</span>0-9<span class="operator">]{</span>1,3<span class="operator">}</span><span class="literal string escape">\\</span>.<span class="operator">[</span>0-9<span class="operator">]{</span>1,3<span class="operator">}</span>.<span class="literal string double">"
],
"</span>names<span class="literal string double">": [
"</span>^r?syslog.conf<span class="literal string double">$"
],
"</span>options<span class="literal string double">": {
"</span>matchall<span class="literal string double">": true,
"</span>matchlimit<span class="literal string double">": 0,
"</span>maxdepth<span class="literal string double">": 0
},
"</span>paths<span class="literal string double">": [
"</span>/etc<span class="literal string double">"
]
}
}
],
"</span>kerntoremotesyslog<span class="literal string double">": [
{
"</span>file<span class="literal string double">": "",
"</span>fileinfo<span class="literal string double">": {
"</span>lastmodified<span class="literal string double">": "",
"</span>mode<span class="literal string double">": "",
"</span>size<span class="literal string double">": 0
},
"</span>search<span class="literal string double">": {
"</span>contents<span class="literal string double">": [
"</span>^kern<span class="literal string escape">\\</span>.<span class="literal string escape">\\</span>*.*@<span class="operator">[</span>0-9<span class="operator">]{</span>1,3<span class="operator">}</span><span class="literal string escape">\\</span>.<span class="operator">[</span>0-9<span class="operator">]{</span>1,3<span class="operator">}</span><span class="literal string escape">\\</span>.<span class="operator">[</span>0-9<span class="operator">]{</span>1,3<span class="operator">}</span><span class="literal string double">"
],
"</span>names<span class="literal string double">": [
"</span>^r?syslog.conf<span class="literal string double">$"
],
"</span>options<span class="literal string double">": {
"</span>matchall<span class="literal string double">": true,
"</span>matchlimit<span class="literal string double">": 0,
"</span>maxdepth<span class="literal string double">": 0
},
"</span>paths<span class="literal string double">": [
"</span>/etc<span class="literal string double">"
]
}
}
]
},
"</span>errors<span class="literal string double">": null,
"</span>foundanything<span class="literal string double">": false,
"</span>statistics<span class="literal string double">": {
"</span>exectime<span class="literal string double">": "</span>20.968752ms<span class="literal string double">",
"</span>filescount<span class="literal string double">": 140,
"</span>openfailed<span class="literal string double">": 0,
"</span>totalhits<span class="literal string double">": 0
},
"</span>success<span class="literal string double">": true
}
],
"</span>starttime<span class="literal string double">": "</span>2015-02-23T14:03:00.901331Z<span class="literal string double">",
"</span>status<span class="literal string double">": "</span>success<span class="literal string double">"
}
}
],
"</span>href<span class="literal string double">": "</span>https://api.mig.example.net/api/v1/command?commandid<span class="operator">=</span>1424700180901330688<span class="literal string double">",
"</span>links<span class="literal string double">": [
{
"</span>href<span class="literal string double">": "</span>https://api.mig.example.net/api/v1/action?actionid<span class="operator">=</span>6115472790658567168<span class="literal string double">",
"</span>rel<span class="literal string double">": "</span>action<span class="literal string double">"
}
]
}
],
"</span>template<span class="literal string double">": {},
"</span>version<span class="literal string double">": "</span>1.0<span class="literal string double">"
}
}</span></code></pre></section><section id="get-api-v1-investigator"><header><h3><a href="#id9">1.8   GET /api/v1/investigator</a></h3></header><ul><li><p>Description: retrieve an investigator by its ID. Include link to the
investigator's action history.</p></li><li><p>Authentication: X-PGPAUTHORIZATION</p></li><li><dl><dt>Parameters:</dt><dd><ul><li><p><cite>investigatorid</cite>: a uint64 that identifies a command by its ID</p></li></ul></dd></dl></li><li><p>Response Code: 200 OK</p></li><li><p>Response: Collection+JSON</p></li></ul><pre><code class="code json"><span class="punctuation">{</span>
<span class="name tag">"collection"</span><span class="punctuation">:</span> <span class="punctuation">{</span>
<span class="name tag">"error"</span><span class="punctuation">:</span> <span class="punctuation">{},</span>
<span class="name tag">"href"</span><span class="punctuation">:</span> <span class="literal string double">"https://api.mig.example.net/api/v1/investigator?investigatorid=1"</span><span class="punctuation">,</span>
<span class="name tag">"items"</span><span class="punctuation">:</span> <span class="punctuation">[</span>
<span class="punctuation">{</span>
<span class="name tag">"data"</span><span class="punctuation">:</span> <span class="punctuation">[</span>
<span class="punctuation">{</span>
<span class="name tag">"name"</span><span class="punctuation">:</span> <span class="literal string double">"investigator"</span><span class="punctuation">,</span>
<span class="name tag">"value"</span><span class="punctuation">:</span> <span class="punctuation">{</span>
<span class="name tag">"createdat"</span><span class="punctuation">:</span> <span class="literal string double">"2014-11-01T19:35:38.11369Z"</span><span class="punctuation">,</span>
<span class="name tag">"id"</span><span class="punctuation">:</span> <span class="literal number integer">1</span><span class="punctuation">,</span>
<span class="name tag">"lastmodified"</span><span class="punctuation">:</span> <span class="literal string double">"2014-11-01T19:35:42.474417Z"</span><span class="punctuation">,</span>
<span class="name tag">"name"</span><span class="punctuation">:</span> <span class="literal string double">"Julien Vehent"</span><span class="punctuation">,</span>
<span class="name tag">"pgpfingerprint"</span><span class="punctuation">:</span> <span class="literal string double">"E60892BB9BD89A69F759A1A0A3D652173B763E8F"</span><span class="punctuation">,</span>
<span class="name tag">"publickey"</span><span class="punctuation">:</span> <span class="literal string double">"LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWS........."</span><span class="punctuation">,</span>
<span class="name tag">"status"</span><span class="punctuation">:</span> <span class="literal string double">"active"</span>
<span class="punctuation">}</span>
<span class="punctuation">}</span>
<span class="punctuation">],</span>
<span class="name tag">"href"</span><span class="punctuation">:</span> <span class="literal string double">"https://api.mig.example.net/api/v1/investigator?investigatorid=1"</span><span class="punctuation">,</span>
<span class="name tag">"links"</span><span class="punctuation">:</span> <span class="punctuation">[</span>
<span class="punctuation">{</span>
<span class="name tag">"href"</span><span class="punctuation">:</span> <span class="literal string double">"https://api.mig.example.net/api/v1/search?type=action&amp;investigatorid=1&amp;limit=100"</span><span class="punctuation">,</span>
<span class="name tag">"rel"</span><span class="punctuation">:</span> <span class="literal string double">"investigator history"</span>
<span class="punctuation">}</span>
<span class="punctuation">]</span>
<span class="punctuation">}</span>
<span class="punctuation">],</span>
<span class="name tag">"template"</span><span class="punctuation">:</span> <span class="punctuation">{},</span>
<span class="name tag">"version"</span><span class="punctuation">:</span> <span class="literal string double">"1.0"</span>
<span class="punctuation">}</span>
<span class="punctuation">}</span></code></pre></section><section id="post-api-v1-investigator-create"><header><h3><a href="#id10">1.9   POST /api/v1/investigator/create/</a></h3></header><ul><li><p>Description: create a new investigator in the database</p></li><li><p>Authentication: X-PGPAUTHORIZATION</p></li><li><dl><dt>Parameters: (POST body)</dt><dd><ul><li><p><cite>name</cite>: string that represents the full name</p></li><li><p><cite>publickey</cite>: armored GPG public key</p></li></ul></dd></dl></li><li><p>Response Code: 201 Created</p></li><li><p>Response: Collection+JSON</p></li><li><p>Example: (without authentication)</p></li></ul><pre><code class="code bash"><span class="name variable">$ </span>gpg --export -a --export-options <span class="name builtin">export</span>-minimal bob_kelso@example.net &gt; /tmp/bobpubkey
<span class="name variable">$ </span>curl -iv -F <span class="literal string double">"name=Bob Kelso"</span> -F <span class="name variable">publickey</span><span class="operator">=</span>@/tmp/pubkey https://api.mig.example.net/api/v1/investigator/create/</code></pre></section><section id="post-api-v1-investigator-update"><header><h3><a href="#id11">1.10   POST /api/v1/investigator/update/</a></h3></header><ul><li><p>Description: update an existing investigator in the database</p></li><li><p>Authentication: X-PGPAUTHORIZATION</p></li><li><dl><dt>Parameters: (POST body)</dt><dd><ul><li><p><cite>id</cite>: investigator id, to identify the target investigator</p></li><li><p><cite>status</cite>: new status of the investigator, to be updated</p></li></ul></dd></dl></li><li><p>Response Code: 201 Created</p></li><li><p>Response: Collection+JSON</p></li><li><p>Example: (without authentication)</p></li></ul><pre><code class="code bash"><span class="name variable">$ </span>curl -iv -X POST -d <span class="name variable">id</span><span class="operator">=</span><span class="literal number">1234</span> -d <span class="name variable">status</span><span class="operator">=</span>disabled https://api.mig.example.net/api/v1/investigator/update/</code></pre></section><section id="get-api-v1-search"><header><h3><a href="#id12">1.11   GET /api/v1/search</a></h3></header><ul><li><p>Description: search for actions, commands, agents or investigators.</p></li><li><p>Authentication: X-PGPAUTHORIZATION</p></li><li><p>Response Code: 200 OK</p></li><li><p>Response: Collection+JSON</p></li><li><dl><dt>Parameters:</dt><dd><ul><li><p><cite>type</cite>: define the type of item returned by the search.
Valid types are: <cite>action</cite>, <cite>command</cite>, <cite>agent</cite> or <cite>investigator</cite>.</p><blockquote><ul><li><p><cite>action</cite>: (default) return a list of actions</p></li><li><p><cite>command</cite>: return a list of commands</p></li><li><p><cite>agent</cite>: return a list of agents that have shown activity</p></li><li><p><cite>investigator</cite>: return a list of investigators that have show activity</p></li></ul></blockquote></li><li><p><cite>actionid</cite>: filter results on numeric action ID</p></li><li><p><cite>actionname</cite>: filter results on string action name, accept <cite>ILIKE</cite> pattern</p></li><li><p><cite>after</cite>: return results recorded after this RFC3339 date. If not set,
return results for last 10 years. Impact on search depends on the type:</p><blockquote><ul><li><p><cite>action</cite>: select actions with a <cite>validfrom</cite> date greater than <cite>after</cite>.</p></li><li><p><cite>agent</cite>: select agents that have sent a heartbeat since <cite>after</cite>.</p></li><li><p><cite>command</cite>: select commands with a <cite>starttime</cite> date greated than <cite>after</cite>.</p></li><li><p><cite>investigator</cite>: select investigators with a <cite>createdat</cite> date greater
than <cite>after</cite>.</p></li></ul></blockquote></li><li><p><cite>agentid</cite>: filter results on the agent ID</p></li><li><p><cite>agentname</cite>: filter results on string agent name, accept <cite>ILIKE</cite> pattern</p></li><li><p><cite>agentversion</cite>: filter results on agent version string, accept <cite>ILIKE</cite> pattern</p></li><li><p><cite>before</cite>: return results recorded before this RFC3339 date. If not set,
return results for the next 10 years. Impact on search depends on the
type:</p><blockquote><ul><li><p><cite>action</cite>: select actions with a <cite>expireafter</cite> date lower than <cite>before</cite></p></li><li><p><cite>agent</cite>: select agents that have sent a heartbeat priot to <cite>before</cite></p></li><li><p><cite>command</cite>: select commands with a <cite>starttime</cite> date lower than <cite>before</cite></p></li><li><p><cite>investigator</cite>: select investigators with a <cite>lastmodified</cite> date lower
than <cite>before</cite></p></li></ul></blockquote></li><li><p><cite>commandid</cite>: filter results on the command ID</p></li><li><p><cite>foundanything</cite>: filter commands on the <cite>foundanything</cite> boolean of their
results (only for type <cite>command</cite>, as it requires looking into results)</p></li><li><p><cite>investigatorid</cite>: filter results on the investigator ID</p></li><li><p><cite>investigatorname</cite>: filter results on string investigator name, accept
<cite>ILIKE</cite> pattern</p></li><li><p><cite>limit</cite>: limit the number of results, default is set to 100</p></li><li><p><cite>offset</cite>: discard the X first results, defaults to 0. Used in conjunction
with <cite>limit</cite>, offset can be used to paginate search results.
ex: <strong>&amp;limit=10&amp;offset=50</strong> will grab 10 results discarding the first 50.</p></li><li><dl><dt><cite>report</cite>: if set, return results in the given report format:</dt><dd><ul><li><p><cite>complianceitems</cite> returns command results as compliance items</p></li><li><p><cite>geolocations</cite> returns command results as geolocation endpoints</p></li></ul></dd></dl></li><li><p><cite>status</cite>: filter on internal status, accept <cite>ILIKE</cite> pattern.
Status depends on the type. Below are the available statuses per type:</p><blockquote><ul><li><p><cite>action</cite>: pending, scheduled, preparing, invalid, inflight, completed</p></li><li><p><cite>agent</cite>: online, upgraded, destroyed, offline, idle</p></li><li><p><cite>command</cite>: prepared, sent, success, timeout, cancelled, expired, failed</p></li><li><p><cite>investigator</cite>: active, disabled</p></li></ul></blockquote></li><li><p><cite>target</cite>: returns agents that match a target query (only for <cite>agent</cite> type)</p></li><li><p><cite>threatfamily</cite>: filter results of the threat family of the action, accept
<cite>ILIKE</cite> pattern (only for types <cite>command</cite> and <cite>action</cite>)</p></li></ul></dd></dl></li></ul><p><strong>`ILIKE` pattern</strong></p><p>Some search parameters accept Postgres's pattern matching syntax. For these
parameters, the value is used as a SQL <cite>ILIKE</cite> search pattern, as described in
<a class="reference external" href="http://www.postgresql.org/docs/9.4/static/functions-matching.html">Postgres's documentation</a>.</p><p>Note: URL encoding transform the <strong>%</strong> character into <strong>%25</strong>, its ASCII value.</p><ul><li><p>Examples:</p></li></ul><p>Generate a compliance report from <cite>compliance</cite> action ran over the last 24
hours. For more information on the <cite>compliance</cite> format, see section 2.</p><pre><code class="code bash">/api/v1/search?type<span class="operator">=</span><span class="name builtin">command</span><span class="punctuation">&amp;</span><span class="name variable">threatfamily</span><span class="operator">=</span>compliance<span class="punctuation">&amp;</span><span class="name variable">status</span><span class="operator">=</span><span class="keyword">done</span>
<span class="punctuation">&amp;</span><span class="name variable">report</span><span class="operator">=</span>complianceitems<span class="punctuation">&amp;</span><span class="name variable">limit</span><span class="operator">=</span>100000
<span class="punctuation">&amp;</span><span class="name variable">after</span><span class="operator">=</span>2014-05-30T00:00:00-04:00<span class="punctuation">&amp;</span><span class="name variable">before</span><span class="operator">=</span>2014-05-30T23:59:59-04:00</code></pre><p>List the agents that have sent a heartbeat in the last hour.</p><pre><code class="code bash">/api/v1/search?type<span class="operator">=</span>agent<span class="punctuation">&amp;</span><span class="name variable">after</span><span class="operator">=</span>2014-05-30T15:00:00-04:00<span class="punctuation">&amp;</span><span class="name variable">limit</span><span class="operator">=</span>200</code></pre><p>Find actions ran between two dates (limited to 10 results as is the default).</p><pre><code class="code bash">/api/v1/search?type<span class="operator">=</span>action<span class="punctuation">&amp;</span><span class="name variable">status</span><span class="operator">=</span>sent
<span class="punctuation">&amp;</span><span class="name variable">after</span><span class="operator">=</span>2014-05-01T00:00:00-00:00<span class="punctuation">&amp;</span><span class="name variable">before</span><span class="operator">=</span>2014-05-30T00:00:00-00:00</code></pre><p>Find the last 10 commands signed by an investigator identified by name.</p><pre><code class="code bash">/api/v1/search?investigatorname<span class="operator">=</span>%25bob%25smith%25<span class="punctuation">&amp;</span><span class="name variable">limit</span><span class="operator">=</span>10<span class="punctuation">&amp;</span><span class="name builtin">type</span><span class="operator">=</span><span class="name builtin">command</span></code></pre></section></section><section id="data-transformation"><header><h2><a href="#id13">2   Data transformation</a></h2></header><p>The API implements several data transformation functions between the base
format of <cite>action</cite> and <cite>command</cite>, and reporting formats.</p><section id="compliance-items"><header><h3><a href="#id14">2.1   Compliance Items</a></h3></header><p>The compliance item format is used to measure the compliance of a target with
particular requirement. A single compliance item represent the compliance of
one target (host) with one check (test + value).</p><p>In MIG, an <cite>action</cite> can contain compliance checks. An <cite>action</cite> creates one
<cite>command</cite> per <cite>agent</cite>. Upon completion, the agent stores the results in the
<cite>command.results</cite>. To visualize the results of an action, an investigator must
look at the results of each command generated by that action.</p><p>To generate compliance items, the API takes the results from commands, and
creates one item per result. Therefore, a single action that creates hundreds of
commands could, in turn, generate thousands of compliance items.</p><p>The format for compliance items is simple, to be easily graphed and aggregated.</p><pre><code class="code json"><span class="punctuation">{</span>
<span class="name tag">"target"</span><span class="punctuation">:</span> <span class="literal string double">"server1.mydomain.example.net"</span><span class="punctuation">,</span>
<span class="name tag">"utctimestamp"</span><span class="punctuation">:</span> <span class="literal string double">"2015-02-19T02:59:30.203004Z"</span><span class="punctuation">,</span>
<span class="name tag">"tags"</span><span class="punctuation">:</span> <span class="punctuation">{</span>
<span class="name tag">"operator"</span><span class="punctuation">:</span> <span class="literal string double">"IT"</span>
<span class="punctuation">},</span>
<span class="name tag">"compliance"</span><span class="punctuation">:</span> <span class="keyword constant">true</span><span class="punctuation">,</span>
<span class="name tag">"link"</span><span class="punctuation">:</span> <span class="literal string double">"https://api.mig.example.net/api/v1/command?commandid=1424314751392165120"</span><span class="punctuation">,</span>
<span class="name tag">"policy"</span><span class="punctuation">:</span> <span class="punctuation">{</span>
<span class="name tag">"url"</span><span class="punctuation">:</span> <span class="literal string double">"https://wiki.example.net/ComplianceDoc/IT+System+security+guidelines"</span><span class="punctuation">,</span>
<span class="name tag">"name"</span><span class="punctuation">:</span> <span class="literal string double">"system"</span><span class="punctuation">,</span>
<span class="name tag">"level"</span><span class="punctuation">:</span> <span class="literal string double">"low"</span>
<span class="punctuation">},</span>
<span class="name tag">"check"</span><span class="punctuation">:</span> <span class="punctuation">{</span>
<span class="name tag">"test"</span><span class="punctuation">:</span> <span class="punctuation">{</span>
<span class="name tag">"type"</span><span class="punctuation">:</span> <span class="literal string double">"file"</span><span class="punctuation">,</span>
<span class="name tag">"value"</span><span class="punctuation">:</span> <span class="literal string double">"content='^-w /var/spool/cron/root -p wa'"</span>
<span class="punctuation">},</span>
<span class="name tag">"location"</span><span class="punctuation">:</span> <span class="literal string double">"/etc/audit/audit.rules"</span><span class="punctuation">,</span>
<span class="name tag">"ref"</span><span class="punctuation">:</span> <span class="literal string double">"syslowaudit1"</span><span class="punctuation">,</span>
<span class="name tag">"description"</span><span class="punctuation">:</span> <span class="literal string double">"compliance check for auditd"</span><span class="punctuation">,</span>
<span class="name tag">"name"</span><span class="punctuation">:</span> <span class="literal string double">"attemptstoaltercrontab_user_config"</span>
<span class="punctuation">}</span>
<span class="punctuation">}</span></code></pre><p>When using the parameter <cite>&amp;report=complianceitems</cite>, the <cite>search</cite> endpoint of the API
will generate a list of compliance items from the results of the search.</p></section><section id="geolocations"><header><h3><a href="#id15">2.2   Geolocations</a></h3></header><p>The geolocations format transforms command results into an array of geolocated
endpoints for consumption by a map, like Google Maps. The format discards
results details, and only stores the value of FoundAnything.</p><p>This feature requires using <strong>MaxMind's GeoIP2-City</strong> database. The database
must be configured in the API as follow:</p><pre><code class="code">[maxmind]
path = "/etc/mig/GeoIP2-City.mmdb"</code></pre><p>Geolocations are returned as CLJS items in this format:</p><pre><code class="code json"><span class="punctuation">{</span>
<span class="name tag">"actionid"</span><span class="punctuation">:</span> <span class="literal number float">1.4271242660295127e+18</span><span class="punctuation">,</span>
<span class="name tag">"city"</span><span class="punctuation">:</span> <span class="literal string double">"Absecon"</span><span class="punctuation">,</span>
<span class="name tag">"commandid"</span><span class="punctuation">:</span> <span class="literal number float">1.427124243673173e+18</span><span class="punctuation">,</span>
<span class="name tag">"country"</span><span class="punctuation">:</span> <span class="literal string double">"United States"</span><span class="punctuation">,</span>
<span class="name tag">"endpoint"</span><span class="punctuation">:</span> <span class="literal string double">"somehost.example.net"</span><span class="punctuation">,</span>
<span class="name tag">"foundanything"</span><span class="punctuation">:</span> <span class="keyword constant">true</span><span class="punctuation">,</span>
<span class="name tag">"latitude"</span><span class="punctuation">:</span> <span class="literal number float">39.4284</span><span class="punctuation">,</span>
<span class="name tag">"longitude"</span><span class="punctuation">:</span> <span class="literal number float">-74.4957</span>
<span class="punctuation">}</span></code></pre><p>When using the parameter <cite>&amp;report=geolocations</cite>, the <cite>search</cite> endpoint of the
API will generate a list of geolocations from the results of the search.</p></section></section><section id="authentication-with-x-pgpauthorization-version-1"><header><h2><a href="#id16">3   Authentication with X-PGPAUTHORIZATION version 1</a></h2></header><p>Authenticating against the MIG API requires sending a PGP signed token in the
request header named <cite>X-PGPAUTHORIZATION</cite>. The key that signs the token must
belong to an active investigator. Construction of the token works as follows:</p><ol class="arabic"><li><p>make a string named <strong>str</strong> composed of a version, a UTC timestamp in RFC3339 format
and a random nonce, each separated by semicolons. The current version is <strong>1</strong>
and may be upgraded in the future. The nonce value must be a positive integer.</p><p><strong>str=&lt;VERSION&gt;;&lt;UTC TIMESTAMP RFC3339&gt;;&lt;NONCE&gt;</strong></p><p>UTC is a hard requirement. The timestamp must end with the suffix <strong>Z</strong>
which indicates the UTC timezone. In bash, a correct timestamp can be
generated with the command <cite>$ date -u +%Y-%m-%dT%H:%M:%SZ</cite>.</p><p>An example string would look like: <cite>1;2006-01-02T15:04:05Z;1825922807490630059</cite></p><p>The string must be terminated by a newline character, hexadecimal code <cite>0x0a</cite>.</p></li></ol><pre><code class="code bash"><span class="name variable">$ </span>hexdump -C <span class="operator">&lt;&lt;&lt;</span> <span class="literal string single">'1;2006-01-02T15:04:05Z;1825922807490630059'</span>
<span class="literal number">00000000</span> <span class="literal number">31</span> 3b <span class="literal number">32</span> <span class="literal number">30</span> <span class="literal number">30</span> <span class="literal number">36</span> 2d <span class="literal number">30</span> <span class="literal number">31</span> 2d <span class="literal number">30</span> <span class="literal number">32</span> <span class="literal number">54</span> <span class="literal number">31</span> <span class="literal number">35</span> 3a <span class="punctuation">|</span>1<span class="punctuation">;</span>2006-01-02T15:<span class="punctuation">|</span>
<span class="literal number">00000010</span> <span class="literal number">30</span> <span class="literal number">34</span> 3a <span class="literal number">30</span> <span class="literal number">35</span> 5a 3b <span class="literal number">31</span> <span class="literal number">38</span> <span class="literal number">32</span> <span class="literal number">35</span> <span class="literal number">39</span> <span class="literal number">32</span> <span class="literal number">32</span> <span class="literal number">38</span> <span class="literal number">30</span> <span class="punctuation">|</span>04:05Z<span class="punctuation">;</span>182592280<span class="punctuation">|</span>
<span class="literal number">00000020</span> <span class="literal number">37</span> <span class="literal number">34</span> <span class="literal number">39</span> <span class="literal number">30</span> <span class="literal number">36</span> <span class="literal number">33</span> <span class="literal number">30</span> <span class="literal number">30</span> <span class="literal number">35</span> <span class="literal number">39</span> 0a <span class="punctuation">|</span>7490630059.<span class="punctuation">|</span>
0000002b</code></pre><ol class="arabic" start="2"><li><p>PGP sign <strong>str</strong> with the private key of the investigator. Armor and detach
the signature into <strong>armoredSig</strong>:</p><pre>$ gpg -a --detach-sig &lt;&lt;&lt; '1;2006-01-02T15:04:05Z;1825922807490630059'
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABCAAGBQJUZ5psAAoJEKPWUhc7dj6PFd8IALWQS4x9Kzssww1pxc7uq9mg
JT/3jHLwAYPQV3ltqFcI5R2EGHo5DsXXjX6lfOc7DgbteB9UV+H++KG0oVUTTjuP
kncmFYmoBEDqbXju6EASBLyUlt3M43N9DmQaAaeoyW2gB0p0aEYRZoN3Cf0O0qhU
b3nnsCz6IyuBcQAZh1Jnmf7AMwRmXier8OflObQ9wJ1iYF9KCD0TgP1Z+kaCvMqC
PWQ5XaNaXn665V19mjAMicOtO9U3A/v4ApYyUSPyq0cuLrT8z/Z1vdjyeZVTaOM8
MhnoKfgBnegQnP+BPQZlWcjaBsquenC/joYRhq20nAEwSjZ1Nm7+qHo/DW0bYOA=
=4nrR
-----END PGP SIGNATURE-----</pre></li><li><p>Create <strong>sig</strong> by taking <strong>armoredSig</strong> and removing the PGP headers, footers,
empty lines and newlines.</p><blockquote><p>example: <cite>iQEcBAABCAAGBQJUWPDpAAoJEKPWUhc7dj6PQdgH/0TRMOEAL4SL6v+JvixWtEGJzXBCqBpRBsygHAKT+m4AxwniVa9vr8vfWm14eFpZTGdlDx39Ko+tdFoHn5Z1yKEeQWEQYXqhneAnv0pYR1aIjXM8MY63TNePWBZxUerlRkjv2IH16/W5aBrbOctOxEs1BKuN2pd4Hgubr+2f43gcRcWW+Ww/5Fyg1lKzH8jP84uqiIT8wQOdBrwUkgRdSdfMQbYFjsgY57G+ZsMobNhhlFedgKuZShJCd+G1GlwsfZPsZOSLmVZahI7wjR3vckCJ66eff3e/xX7Gt0zGGa5i1dgH5Q6TSjRGRBE37FwD4C6fycUEuy9yKI7iFziw33Y==k6gT</cite></p></blockquote></li><li><p>Create <strong>token</strong> by concatenating <strong>str</strong>, a semicolon, and <strong>sig</strong>.
<strong>token=&lt;str&gt;;&lt;sig&gt;</strong>
example: <cite>1;2006-01-02T15:04:05Z;1825922807490630059;owEBYQGe/pANAwAIAaPWUhc7dj6...&lt;truncated&gt;</cite></p></li><li><p>Send <strong>token</strong> in the header named <strong>X-PGPAUTHORIZATION</strong> with the request:</p><pre>$ curl -H 'X-PGPAUTHORIZATION: 1;2006-01-02T15:04:05Z;1825922807490630059;owEBYQGe/pANAwAIAaP...&lt;truncated&gt;' localhost:12345/api/v1/</pre></li><li><p>The API verifies the version and validity period of the timestamp. By default, a
token will be rejected if its timestamp deviates from the server time by more
than 10 minutes. Administrators can configure this value. In effect, this
means a timestamp is valid for twice the duration of the window. By default,
that's 10 minutes before current server time, and 10 minutes after current
server time.</p></li><li><p>If the timestamp is valid, the API next verifies the signature against the data
and authenticates the user. Failure to verify the signature returns an error
with the HTTP code 401 Unauthorized.</p></li><li><p>The user is authorized, the API processes and answer the request.</p></li></ol><section id="security-implications"><header><h3><a href="#id17">3.1   Security implications</a></h3></header><ol class="arabic"><li><p>A token can be used an unlimited number of times within its validity period.
There is no check to guarantee that a token is only used once. It is
assumed that the token is transmitted over a secure channel such as HTTPS to
prevent token theft by a malicious user.</p></li><li><p>API clients and servers must use proper time synchronization for the timestamp
verification to work. A client or a server that has inaccurate time may not be
able to establish connections. We believe this requirement to be reasonable
considering the sensitivity of the API.</p></li></ol></section><section id="example-1-invalid-timestamp"><header><h3><a href="#id18">3.2   Example 1: invalid timestamp</a></h3></header><p>The signature is valid but the timestamp is beyond the acceptable time window.</p><pre><code class="code bash"><span class="name variable">$ </span>curl -H <span class="literal string single">'X-PGPAUTHORIZATION: 1;2006-01-02T15:04:05Z;1825922807490630059;iQEcB...&lt;truncated&gt;'</span> http://localhost:12345/api/v1/
<span class="operator">{</span>
<span class="literal string double">"collection"</span>: <span class="operator">{</span>
<span class="literal string double">"error"</span>: <span class="operator">{</span>
<span class="literal string double">"code"</span>: <span class="literal string double">"6077873045059431424"</span>,
<span class="literal string double">"message"</span>: <span class="literal string double">"Authorization verification failed with error 'verifySignedToken() -&gt; token timestamp is not within acceptable time limits'"</span>
<span class="operator">}</span>,
<span class="literal string double">"href"</span>: <span class="literal string double">"http://localhost:12345/api/v1/"</span>,
<span class="literal string double">"template"</span>: <span class="operator">{}</span>,
<span class="literal string double">"version"</span>: <span class="literal string double">"1.0"</span>
<span class="operator">}</span>
<span class="operator">}</span></code></pre></section><section id="example-2-invalid-signature"><header><h3><a href="#id19">3.3   Example 2: invalid signature</a></h3></header><p>The signature is not valid, or is signed by a key that the API does not
recognize.</p><pre><code class="code bash"><span class="name variable">$ </span>curl -H <span class="literal string single">'X-PGPAUTHORIZATION: 1;2014-11-04T15:36:05Z;1825922807490630059;iQEcBA...&lt;truncated&gt;'</span> http://localhost:12345/api/v1/
<span class="operator">{</span>
<span class="literal string double">"collection"</span>: <span class="operator">{</span>
<span class="literal string double">"error"</span>: <span class="operator">{</span>
<span class="literal string double">"code"</span>: <span class="literal string double">"6077875007260332032"</span>,
<span class="literal string double">"message"</span>: <span class="literal string double">"Authorization verification failed with error 'verifySignedToken() -&gt; GetFingerprintFromSignature() -&gt; openpgp: invalid signature: hash tag doesn't match'"</span>
<span class="operator">}</span>,
<span class="literal string double">"href"</span>: <span class="literal string double">"http://localhost:12345/api/v1/"</span>,
<span class="literal string double">"template"</span>: <span class="operator">{}</span>,
<span class="literal string double">"version"</span>: <span class="literal string double">"1.0"</span>
<span class="operator">}</span>
<span class="operator">}</span></code></pre></section><section id="generating-a-token-in-bash"><header><h3><a href="#id20">3.4   Generating a token in Bash</a></h3></header><pre><code class="code">$ token="1;$(date -u +%Y-%m-%dT%H:%M:%SZ);$RANDOM$RANDOM$RANDOM$RANDOM"; \
sig=$(gpg -a --detach-sig &lt;&lt;&lt; $token |tail -8 |head -7 \
| sed ':a;N;$!ba;s/\n//g'); echo "X-PGPAUTHORIZATION: $token;$sig"
X-PGPAUTHORIZATION: 1;2014-11-04T19:13:37Z;13094113753132512760;iQEcBAA.....</code></pre></section><section id="generating-a-token-in-python"><header><h3><a href="#id21">3.5   Generating a token in Python</a></h3></header><pre><code class="code python"><span class="comment">#!/usr/bin/env python</span>
<span class="keyword namespace">import</span> <span class="name namespace">os</span>
<span class="keyword namespace">import</span> <span class="name namespace">gnupg</span>
<span class="keyword namespace">from</span> <span class="name namespace">time</span> <span class="keyword namespace">import</span> <span class="name">gmtime</span><span class="punctuation">,</span> <span class="name">strftime</span>
<span class="keyword namespace">import</span> <span class="name namespace">random</span>
<span class="keyword namespace">import</span> <span class="name namespace">requests</span>
<span class="keyword namespace">import</span> <span class="name namespace">json</span>
<span class="keyword">def</span> <span class="name function">makeToken</span><span class="punctuation">(</span><span class="name">gpghome</span><span class="punctuation">,</span> <span class="name">keyid</span><span class="punctuation">):</span>
<span class="name">gpg</span> <span class="operator">=</span> <span class="name">gnupg</span><span class="operator">.</span><span class="name">GPG</span><span class="punctuation">(</span><span class="name">gnupghome</span><span class="operator">=</span><span class="name">gpghome</span><span class="punctuation">)</span>
<span class="name">version</span> <span class="operator">=</span> <span class="literal string">"1"</span>
<span class="name">timestamp</span> <span class="operator">=</span> <span class="name">strftime</span><span class="punctuation">(</span><span class="literal string">"%Y-%m-</span><span class="literal string interpol">%d</span><span class="literal string">T%H:%M:%SZ"</span><span class="punctuation">,</span> <span class="name">gmtime</span><span class="punctuation">())</span>
<span class="name">nonce</span> <span class="operator">=</span> <span class="name builtin">str</span><span class="punctuation">(</span><span class="name">random</span><span class="operator">.</span><span class="name">randint</span><span class="punctuation">(</span><span class="literal number integer">10000</span><span class="punctuation">,</span> <span class="literal number integer">18446744073709551616</span><span class="punctuation">))</span>
<span class="name">token</span> <span class="operator">=</span> <span class="name">version</span> <span class="operator">+</span> <span class="literal string">";"</span> <span class="operator">+</span> <span class="name">timestamp</span> <span class="operator">+</span> <span class="literal string">";"</span> <span class="operator">+</span> <span class="name">nonce</span>
<span class="name">sig</span> <span class="operator">=</span> <span class="name">gpg</span><span class="operator">.</span><span class="name">sign</span><span class="punctuation">(</span><span class="name">token</span> <span class="operator">+</span> <span class="literal string">"</span><span class="literal string escape">\n</span><span class="literal string">"</span><span class="punctuation">,</span>
<span class="name">keyid</span><span class="operator">=</span><span class="name">keyid</span><span class="punctuation">,</span>
<span class="name">detach</span><span class="operator">=</span><span class="name builtin pseudo">True</span><span class="punctuation">,</span> <span class="name">clearsign</span><span class="operator">=</span><span class="name builtin pseudo">True</span><span class="punctuation">)</span>
<span class="name">token</span> <span class="operator">+=</span> <span class="literal string">";"</span>
<span class="name">linectr</span><span class="operator">=</span><span class="literal number integer">0</span>
<span class="keyword">for</span> <span class="name">line</span> <span class="operator word">in</span> <span class="name builtin">iter</span><span class="punctuation">(</span><span class="name builtin">str</span><span class="punctuation">(</span><span class="name">sig</span><span class="punctuation">)</span><span class="operator">.</span><span class="name">splitlines</span><span class="punctuation">()):</span>
<span class="name">linectr</span><span class="operator">+=</span><span class="literal number integer">1</span>
<span class="keyword">if</span> <span class="name">linectr</span> <span class="operator">&lt;</span> <span class="literal number integer">4</span> <span class="operator word">or</span> <span class="name">line</span><span class="operator">.</span><span class="name">startswith</span><span class="punctuation">(</span><span class="literal string">'-'</span><span class="punctuation">)</span> <span class="operator word">or</span> <span class="operator word">not</span> <span class="name">line</span><span class="punctuation">:</span>
<span class="keyword">continue</span>
<span class="name">token</span> <span class="operator">+=</span> <span class="name">line</span>
<span class="keyword">return</span> <span class="name">token</span>
<span class="keyword">if</span> <span class="name">__name__</span> <span class="operator">==</span> <span class="literal string">'__main__'</span><span class="punctuation">:</span>
<span class="name">token</span> <span class="operator">=</span> <span class="name">makeToken</span><span class="punctuation">(</span><span class="literal string">"/home/ulfr/.gnupg"</span><span class="punctuation">,</span>
<span class="literal string">"E60892BB9BD89A69F759A1A0A3D652173B763E8F"</span><span class="punctuation">)</span>
<span class="name">r</span> <span class="operator">=</span> <span class="name">requests</span><span class="operator">.</span><span class="name">get</span><span class="punctuation">(</span><span class="literal string">"http://localhost:12345/api/v1/dashboard"</span><span class="punctuation">,</span>
<span class="name">headers</span><span class="operator">=</span><span class="punctuation">{</span><span class="literal string">'X-PGPAUTHORIZATION'</span><span class="punctuation">:</span> <span class="name">token</span><span class="punctuation">})</span>
<span class="keyword">print</span> <span class="name">token</span>
<span class="keyword">print</span> <span class="name">r</span><span class="operator">.</span><span class="name">text</span></code></pre></section></section></body></html>
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку