TomasMadeja
commented
4 years ago /mix/create
{
name=<name>,
description=<desc>,
labels=[<label>],
annotated_units=[
{
id_annotated_unit=<id>,
ip_mapping=[
{
"original" : <mac>,
"replacement" : <mac>
}
],
mac_mapping=[
{
"original" : <mac>,
"replacement" : <mac>
}
],
port_mapping=[
{
"ip":
"type": "old"
"address": <ipaddr>
"port":
"old": <portnum>
"new": <portnum>
}
],
timestamp=<number>
}
]
}
/unit/normalize
{
"id_unit": <id>,
"mac_mapping": [
{
"mac" : <macaddr>,
"ips" : [
<ipaddr>
]
}
],
"ips": {
"target_nodes": [
<ipaddr>
],
"intermediate_nodes": [
<ipaddr>
],
"source_nodes": [
<ipaddr>
]
},
"tcp_timestamp_mapping": [
{
"ip" : <ipaddr>,
"min" : <number>
}
]
}
API
API requests for annotated units that returned analyzed data now additionaly return ip.groups, ip.searched_protocols. mac.associations, tcp.timestamp.min.
API /unit./normalize now no longer requires ip_mapping. IP addresses are automatically mapped based on target/intermidiet/source.
Dependencies
Added pyyaml=5.1 dependency due to TM tools
Force Werkzeug==0.16.1 due to cached_property dependency