falcosecurity / falcosidekick-ui

A simple WebUI with latest events from Falco
Apache License 2.0
113 stars 16 forks source link

Falcosidekick-ui

Falco Ecosystem Repository Incubating

release last commit licence docker pulls

Description

A simple WebUI for displaying latest events from Falco. It works as output for Falcosidekick.

Requirements

Events are stored in a Redis server with Redisearch module (> v2).

Usage

Options

Precedence: flag value -> environment variable value -> default value

Usage of Falcosidekick-UI:  
-a string
      Listen Address (default "0.0.0.0", environment "FALCOSIDEKICK_UI_ADDR")
-d boolean
      Disable authentication (environment "FALCOSIDEKICK_UI_DISABLEAUTH")
-l string   
      Log level: "debug", "info", "warning", "error" (default "info",  environment "FALCOSIDEKICK_UI_LOGLEVEL")
-p int
      Listen Port (default "2802", environment "FALCOSIDEKICK_UI_PORT")
-r string
      Redis server address (default "localhost:6379", environment "FALCOSIDEKICK_UI_REDIS_URL")
-t string
      TTL for keys, the format is X<unit>,
      with unit (s, m, h, d, W, M, y)" (default "0", environment "FALCOSIDEKICK_UI_TTL")
-u string  
      User in format <login>:<password> (default "admin:admin", environment "FALCOSIDEKICK_UI_USER")
-v boolean
      Display version
-w string  
      Redis password (default "", environment "FALCOSIDEKICK_UI_REDIS_PASSWORD")
-x boolean
      Allow CORS for development (environment "FALCOSIDEKICK_UI_DEV")

If not user is set and the authentication is not disabled, the default user is admin:admin

Run with docker

docker run -d -p 2802:2802 falcosecurity/falcosidekick-ui

Run

git clone https://github.com/falcosecurity/falcosidekick-ui.git
cd falcosidekick-ui

go run .
#or
make falcosidekick-ui && ./falcosidekick-ui

Endpoints

Route Method Query Parameters Usage
/docs GET none Get Swagger Docs
/ GET none Display WebUI

UI

The UI is reachable by default at http://localhost:2802/.

API

The prefix for access to the API is /api/v1/. The base URL for the API is http://localhost:2802/api/v1/.

Route Method Query Parameters Usage
/ POST none Add event
/healthz GET none Healthcheck
/authenticate, /auth POST none Authenticate
/configuration, /config GET none Get Configuration
/outputs GET none Get list of Outputs of Falcosidekick
/event/count GET pretty, priority, rule, filter, tags, since, limit, page Count all events
/event/count/priority GET pretty, priority, rule, filter, tags, since, limit, page Count events by priority
/event/count/rule GET pretty, priority, rule, filter, tags, since, limit, page Count events by rule
/event/count/source GET pretty, priority, rule, filter, tags, since, limit, page Count events by source
/event/count/tags GET pretty, priority, rule, filter, tags, since, limit, page Count events by tags
/event/search GET pretty, priority, rule, filter, tags, since, limit, page Search events

All responses are in JSON format.

Query parameters list:

Development

Start local redis server

docker run -d -p 6379:6379 redislabs/redisearch:2.2.4

Build

Requirements:

make falcosidekick-ui

Lint

make lint

Full lint

make lint-full

Update Docs

Requirement:

make docs

Screenshots

falcosidekick-ui falcosidekick-ui falcosidekick-ui falcosidekick-ui falcosidekick-ui

Authors