Alerts

Alerts were introduced in CDRouter 12.0 and are not available in previous releases of CDRouter.

List alerts

Get a list of alerts.

GET /api/v1/results/{id}/alerts/

URL Parameters

Name Description
page integer (optional) See Paging
limit integer (optional) See Paging
detailed boolean (optional) See Summary / Detailed Representations
filter string (optional) See Filtering
sort string (optional) See Sorting

Response 200 OK

{

    "timestamp": "2019-11-22T11:50:18.110582528-05:00",
    "data": [
        {
            "idx": "1",
            "created": "2019-11-21T17:01:19.169517-05:00",
            "updated": "2019-11-21T17:01:19.169517-05:00",
            "seq": "1",
            "loop": "1",
            "test_name": "start",
            "test_description": "CDRouter Startup",
            "category": "Potential Corporate Privacy Violation",
            "dest_ip": "47.89.240.98",
            "dest_port": "11812",
            "interface": "ics",
            "proto": "TCP",
            "rev": "1",
            "rule": "alert ip any any -> any any (msg:\"QACAFE POLICY CDRouter found LAN MAC in plaintext\"; content:\"B0:75:0C\"; nocase; reference:url,www.qacafe.com; classtype:policy-violation; sid:3000012; rev:1;)",
            "rule_set": "QACAFE POLICY",
            "severity": "1",
            "sid": "3000012",
            "signature": "CDRouter found LAN MAC in plaintext",
            "src_ip": "202.254.1.2",
            "src_port": "54977"
        },
        {
            "idx": "2",
            "created": "2019-11-21T17:05:14.654167-05:00",
            "updated": "2019-11-21T17:05:14.654167-05:00",
            "seq": "215",
            "loop": "1",
            "test_name": "v4_lan_sctp_cookie_info",
            "test_description": "NMap IPv4 SCTP Cookie scan",
            "category": "Potential Corporate Privacy Violation",
            "dest_ip": "47.89.240.98",
            "dest_port": "11812",
            "interface": "ics",
            "proto": "TCP",
            "rev": "1",
            "rule": "alert ip any any -> any any (msg:\"QACAFE POLICY CDRouter found LAN MAC in plaintext\"; content:\"B0:75:0C\"; nocase; reference:url,www.qacafe.com; classtype:policy-violation; sid:3000012; rev:1;)",
            "rule_set": "QACAFE POLICY",
            "severity": "1",
            "sid": "3000012",
            "signature": "CDRouter found LAN MAC in plaintext",
            "src_ip": "202.254.1.2",
            "src_port": "54977"
        },
        {
            "idx": "3",
            "created": "2019-11-21T17:08:56.847786-05:00",
            "updated": "2019-11-21T17:08:56.847786-05:00",
            "seq": "282",
            "loop": "1",
            "test_name": "cdrouter_scale_1",
            "test_description": "Verify all DHCP clients are operational",
            "category": "Potential Corporate Privacy Violation",
            "dest_ip": "47.89.240.98",
            "dest_port": "11812",
            "interface": "ics",
            "proto": "TCP",
            "rev": "1",
            "rule": "alert ip any any -> any any (msg:\"QACAFE POLICY CDRouter found LAN MAC in plaintext\"; content:\"B0:75:0C\"; nocase; reference:url,www.qacafe.com; classtype:policy-violation; sid:3000012; rev:1;)",
            "rule_set": "QACAFE POLICY",
            "severity": "1",
            "sid": "3000012",
            "signature": "CDRouter found LAN MAC in plaintext",
            "src_ip": "202.254.1.2",
            "src_port": "54977"
        }
    ],
    "links": {
        "current": 1,
        "first": 1,
        "last": 1,
        "limit": 25,
        "total": 14
    }
}

Get an alert

Get an alert.

GET /api/v1/results/{id}/alerts/{idx}

Response 200 OK

{
    "timestamp": "2019-11-22T11:52:16.127527707-05:00",
    "data": {
        "src_port": "54977",
        "src_ip": "202.254.1.2",
        "signature": "CDRouter found LAN MAC in plaintext",
        "sid": "3000012",
        "severity": "1",
        "rule_set": "QACAFE POLICY",
        "rule": "alert ip any any -> any any (msg:\"QACAFE POLICY CDRouter found LAN MAC in plaintext\"; content:\"B0:75:0C\"; nocase; reference:url,www.qacafe.com; classtype:policy-violation; sid:3000012; rev:1;)",
        "rev": "1",
        "references": [
            "http://www.qacafe.com"
        ],
        "proto": "TCP",
        "payload_hex": "<...snipped...>",
        "payload_ascii": "<...snipped...>",
        "payload": "<...snipped...>",
        "interface": "ics",
        "dest_port": "11812",
        "dest_ip": "47.89.240.98",
        "category": "Potential Corporate Privacy Violation",
        "test_description": "CDRouter Startup",
        "test_name": "start",
        "loop": "1",
        "seq": "1",
        "updated": "2019-11-21T17:01:19.169517-05:00",
        "created": "2019-11-21T17:01:19.169517-05:00",
        "idx": "1",
        "id": "20191121170000"
    }
}

Response 404 Not Found

{
    "error": "no such alert"
}

Get alerts stats for a single result

Compute stats for alerts in a single result.

POST /api/v1/results/{id}/alerts/?stats=all

URL Parameters

Name Description
stats string (required) Must be all

Response 200 OK

{
    "timestamp": "2019-11-22T11:50:18.115052964-05:00",
    "data": {
        "frequent_destinations": [
            {"count": "14", "addr": "47.89.240.98"}
        ],
        "frequent_sources": [
            {"count": "14", "addr": "202.254.1.2"}
        ],
        "tests": [
            {"count": "1", "name": "cdrouter_scale_1"},
            {"count": "1", "name": "cdrouter_scale_10"},
            {"count": "1", "name": "cdrouter_scale_15"},
            {"count": "1", "name": "cdrouter_scale_2"},
            {"count": "1", "name": "cdrouter_scale_20"},
            {"count": "1", "name": "cdrouter_scale_3"},
            {"count": "4", "name": "cdrouter_scale_30"},
            {"count": "1", "name": "cdrouter_scale_40"},
            {"count": "1", "name": "final"},
            {"count": "1", "name": "start"},
            {"count": "1", "name": "v4_lan_sctp_cookie_info"}
        ],
        "signatures": [
            {"count": "14", "severity": "1", "signature": "CDRouter found LAN MAC in plaintext"}
        ],
        "rule_sets": [
            {"count": "14", "name": "QACAFE POLICY"}
        ],
        "categories": [
            {"count": "14", "severity": "1", "category": "Potential Corporate Privacy Violation"}
        ],
        "severities": {
            "5": {"count": "0", "severity": "5", "name": "Debug"},
            "4": {"count": "0", "severity": "4", "name": "Information"},
            "3": {"count": "0", "severity": "3", "name": "Low Severity"},
            "2": {"count": "0", "severity": "2", "name": "Medium Severity"},
            "1": {"count": "14", "severity": "1", "name": "High Severity"}
        }
    }
}