Alerts
Alerts were introduced in CDRouter 12.0 and are not available in previous releases of CDRouter.
List alerts
Get a list of alerts.
GET /api/v1/results/{id}/alerts/
URL Parameters
| Name | Description |
|---|---|
page |
integer (optional) See Paging |
limit |
integer (optional) See Paging |
detailed |
boolean (optional) See Summary / Detailed Representations |
filter |
string (optional) See Filtering |
sort |
string (optional) See Sorting |
Response
200 OK
{
"timestamp": "2019-11-22T11:50:18.110582528-05:00",
"data": [
{
"idx": "1",
"created": "2019-11-21T17:01:19.169517-05:00",
"updated": "2019-11-21T17:01:19.169517-05:00",
"seq": "1",
"loop": "1",
"test_name": "start",
"test_description": "CDRouter Startup",
"category": "Potential Corporate Privacy Violation",
"dest_ip": "47.89.240.98",
"dest_port": "11812",
"interface": "ics",
"proto": "TCP",
"rev": "1",
"rule": "alert ip any any -> any any (msg:\"QACAFE POLICY CDRouter found LAN MAC in plaintext\"; content:\"B0:75:0C\"; nocase; reference:url,www.qacafe.com; classtype:policy-violation; sid:3000012; rev:1;)",
"rule_set": "QACAFE POLICY",
"severity": "1",
"sid": "3000012",
"signature": "CDRouter found LAN MAC in plaintext",
"src_ip": "202.254.1.2",
"src_port": "54977"
},
{
"idx": "2",
"created": "2019-11-21T17:05:14.654167-05:00",
"updated": "2019-11-21T17:05:14.654167-05:00",
"seq": "215",
"loop": "1",
"test_name": "v4_lan_sctp_cookie_info",
"test_description": "NMap IPv4 SCTP Cookie scan",
"category": "Potential Corporate Privacy Violation",
"dest_ip": "47.89.240.98",
"dest_port": "11812",
"interface": "ics",
"proto": "TCP",
"rev": "1",
"rule": "alert ip any any -> any any (msg:\"QACAFE POLICY CDRouter found LAN MAC in plaintext\"; content:\"B0:75:0C\"; nocase; reference:url,www.qacafe.com; classtype:policy-violation; sid:3000012; rev:1;)",
"rule_set": "QACAFE POLICY",
"severity": "1",
"sid": "3000012",
"signature": "CDRouter found LAN MAC in plaintext",
"src_ip": "202.254.1.2",
"src_port": "54977"
},
{
"idx": "3",
"created": "2019-11-21T17:08:56.847786-05:00",
"updated": "2019-11-21T17:08:56.847786-05:00",
"seq": "282",
"loop": "1",
"test_name": "cdrouter_scale_1",
"test_description": "Verify all DHCP clients are operational",
"category": "Potential Corporate Privacy Violation",
"dest_ip": "47.89.240.98",
"dest_port": "11812",
"interface": "ics",
"proto": "TCP",
"rev": "1",
"rule": "alert ip any any -> any any (msg:\"QACAFE POLICY CDRouter found LAN MAC in plaintext\"; content:\"B0:75:0C\"; nocase; reference:url,www.qacafe.com; classtype:policy-violation; sid:3000012; rev:1;)",
"rule_set": "QACAFE POLICY",
"severity": "1",
"sid": "3000012",
"signature": "CDRouter found LAN MAC in plaintext",
"src_ip": "202.254.1.2",
"src_port": "54977"
}
],
"links": {
"current": 1,
"first": 1,
"last": 1,
"limit": 25,
"total": 14
}
}
Get an alert
Get an alert.
GET /api/v1/results/{id}/alerts/{idx}
Response
200 OK
{
"timestamp": "2019-11-22T11:52:16.127527707-05:00",
"data": {
"src_port": "54977",
"src_ip": "202.254.1.2",
"signature": "CDRouter found LAN MAC in plaintext",
"sid": "3000012",
"severity": "1",
"rule_set": "QACAFE POLICY",
"rule": "alert ip any any -> any any (msg:\"QACAFE POLICY CDRouter found LAN MAC in plaintext\"; content:\"B0:75:0C\"; nocase; reference:url,www.qacafe.com; classtype:policy-violation; sid:3000012; rev:1;)",
"rev": "1",
"references": [
"http://www.qacafe.com"
],
"proto": "TCP",
"payload_hex": "<...snipped...>",
"payload_ascii": "<...snipped...>",
"payload": "<...snipped...>",
"interface": "ics",
"dest_port": "11812",
"dest_ip": "47.89.240.98",
"category": "Potential Corporate Privacy Violation",
"test_description": "CDRouter Startup",
"test_name": "start",
"loop": "1",
"seq": "1",
"updated": "2019-11-21T17:01:19.169517-05:00",
"created": "2019-11-21T17:01:19.169517-05:00",
"idx": "1",
"id": "20191121170000"
}
}
Response
404 Not Found
{
"error": "no such alert"
}
Get alerts stats for a single result
Compute stats for alerts in a single result.
POST /api/v1/results/{id}/alerts/?stats=all
URL Parameters
| Name | Description |
|---|---|
| stats | string (required) Must be all |
Response
200 OK
{
"timestamp": "2019-11-22T11:50:18.115052964-05:00",
"data": {
"frequent_destinations": [
{"count": "14", "addr": "47.89.240.98"}
],
"frequent_sources": [
{"count": "14", "addr": "202.254.1.2"}
],
"tests": [
{"count": "1", "name": "cdrouter_scale_1"},
{"count": "1", "name": "cdrouter_scale_10"},
{"count": "1", "name": "cdrouter_scale_15"},
{"count": "1", "name": "cdrouter_scale_2"},
{"count": "1", "name": "cdrouter_scale_20"},
{"count": "1", "name": "cdrouter_scale_3"},
{"count": "4", "name": "cdrouter_scale_30"},
{"count": "1", "name": "cdrouter_scale_40"},
{"count": "1", "name": "final"},
{"count": "1", "name": "start"},
{"count": "1", "name": "v4_lan_sctp_cookie_info"}
],
"signatures": [
{"count": "14", "severity": "1", "signature": "CDRouter found LAN MAC in plaintext"}
],
"rule_sets": [
{"count": "14", "name": "QACAFE POLICY"}
],
"categories": [
{"count": "14", "severity": "1", "category": "Potential Corporate Privacy Violation"}
],
"severities": {
"5": {"count": "0", "severity": "5", "name": "Debug"},
"4": {"count": "0", "severity": "4", "name": "Information"},
"3": {"count": "0", "severity": "3", "name": "Low Severity"},
"2": {"count": "0", "severity": "2", "name": "Medium Severity"},
"1": {"count": "14", "severity": "1", "name": "High Severity"}
}
}
}
