A simple WebUI for displaying latest events from Falco. It works as output for Falcosidekick.
Events are stored in a Redis
server with Redisearch
module (> v2).
Usage of Falcosidekick-UI:
-a string
Listen Address (default "0.0.0.0", environment "FALCOSIDEKICK_UI_ADDR")
-d boolean
Disable authentication (environment "FALCOSIDEKICK_UI_DISABLEAUTH")
-l string
Log level: "debug", "info", "warning", "error" (default "info", environment "FALCOSIDEKICK_UI_LOGLEVEL")
-p int
Listen Port (default "2802", environment "FALCOSIDEKICK_UI_PORT")
-r string
Redis server address (default "localhost:6379", environment "FALCOSIDEKICK_UI_REDIS_URL")
-t string
TTL for keys, the format is X<unit>,
with unit (s, m, h, d, W, M, y)" (default "0", environment "FALCOSIDEKICK_UI_TTL")
-u string
User in format <login>:<password> (default "admin:admin", environment "FALCOSIDEKICK_UI_USER")
-v boolean
Display version
-w string
Redis password (default "", environment "FALCOSIDEKICK_UI_REDIS_PASSWORD")
-x boolean
Allow CORS for development (environment "FALCOSIDEKICK_UI_DEV")
If not user is set and the authentication is not disabled, the default user is
admin:admin
docker run -d -p 2802:2802 falcosecurity/falcosidekick-ui
git clone /~https://github.com/falcosecurity/falcosidekick-ui.git
cd falcosidekick-ui
go run .
#or
make falcosidekick-ui && ./falcosidekick-ui
Route | Method | Query Parameters | Usage |
---|---|---|---|
/docs |
GET |
none | Get Swagger Docs |
/ |
GET |
none | Display WebUI |
The UI is reachable by default at http://localhost:2802/
.
The prefix for access to the API is
/api/v1/
. The base URL for the API ishttp://localhost:2802/api/v1/
.
Route | Method | Query Parameters | Usage |
---|---|---|---|
/ |
POST |
none | Add event |
/healthz |
GET |
none | Healthcheck |
/authenticate , /auth |
POST |
none | Authenticate |
/configuration , /config |
GET |
none | Get Configuration |
/outputs |
GET |
none | Get list of Outputs of Falcosidekick |
/event/count |
GET |
pretty , priority , rule , filter , tags , since , limit , page |
Count all events |
/event/count/priority |
GET |
pretty , priority , rule , filter , tags , since , limit , page |
Count events by priority |
/event/count/rule |
GET |
pretty , priority , rule , filter , tags , since , limit , page |
Count events by rule |
/event/count/source |
GET |
pretty , priority , rule , filter , tags , since , limit , page |
Count events by source |
/event/count/tags |
GET |
pretty , priority , rule , filter , tags , since , limit , page |
Count events by tags |
/event/search |
GET |
pretty , priority , rule , filter , tags , since , limit , page |
Search events |
All responses are in JSON format.
Query parameters list:
pretty
: return well formated JSONpriority
: filter by priorityrule
: filter by rulefilter
: filter by termsource
: filter by sourcetags
: filter by tagssince
: filter by since (in 'second', 'min', 'day', 'week', 'month', 'year')limit
: limit number of results (default: 100)page
: page of results
docker run -d -p 6379:6379 redislabs/redisearch:2.2.4
Requirements:
go
>= 1.18nodejs
>= v14yarn
>= 1.22
make falcosidekick-ui
make lint
make lint-full
Requirement:
make docs
- Thomas Labarussias (/~https://github.com/Issif)
- Frank Jogeleit (/~https://github.com/fjogeleit)