The Web service lets you control the Artica PCAP daemon via json.
Tokens -http-on -http-off activate the HTTP service.
When activate the HTTP service, Artica will use a random port and bind the loopback interface and create random API Key for authentication.
Use the token -http-port [port number] to define the listen port of the HTTP service
By default the HTTP service bind the loopback interface, use the token -http-interface [interface name] to change the interface to listen.
The API Key allows you to query the HTTP service by adding X-Auth-Token: API Key in the request header except if you query the engine from the 127.0.0.1 address.
use the Token -http-key to define the Key
Some HTTP client engines may not allow you to add the X-Auth-Token HTTP header.
You can specify which source IP addresses will be exempt from API key verification.
Set of comma-separated source IP addresses exempt from API key verification with the token -http-nokey
-http-nokey 192.168.1.1,10.1.2.3,172.16.23.2
http://[ip]:[port]/
Will ouput a json like
{ "content": { "Status": true, "Error": "", "Version": "1.0.34", "MemoryRecord": {}, "MemoryCacheRecords": 3310, "MemorCacheSize": 26480, "DatabaseSize": 306970624, "DatabaseRecords": 3728241, "DNSRequests": 56593, "ScannedIPs": 238650, "MemoryUsage: 2309988944, "Result": "" } }
Most important information was:
http://[ip]:[port]/scan/1.2.3.4 or http://[ip]:[port]/scan/1.2.3.4:80
Will ouput a json like
{ "content": { "Status": true, "Error": "", "Version": "1.0.34", "MemoryRecord": { "ipStr": "192.231.100.1", "dnsResults": "", "rblServer": "", "rblResults": "", "cachesResult": "BAD", "geoIPCode": "", "geoIPRule": "", "geoIPLog": "", "geoIPCountry": "", "hostname": "Unknown", "memoryCache": { "fileid": 2, "cacheType": "Sourcefirehol_level1", "category": "" }, "dstPort": 22, "savedTime": 1691518570, "tempTime": 1691518570, "remediationTime": 1691518570, "remediationTimeout": false }, "MemoryCacheRecords": 376, "MemorCacheSize": 3008, "DatabaseSize": 306970624, "DatabaseRecords": 3728241, "DNSRequests": 1129, "ScannedIPs": 1797, "Result": "BAD" } }
BAD OR GOOD"BAD OR GOOD"Reload parameters, reload databases in memory
http://[ip]:[port]/service/reload