THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
| Table of Contents |
|---|
C2 at a glance
Command and control, herein C2, consists a C2 server and C2 agents. MiNIFi agents must adhere to the C2 protocols to have successful communications. C2 communications occur over a variety of protocols. Currently an HTTP/HTTPS RESTFul paradigm exists to support C2 capabilities to MiNiFi C2 agents. In the future additional protocols may become available for use. All protocols support the following operations:
| Operation Name | Description |
|---|---|
ACKNOWLEDGE | Operation used by MiNiFi C2 agents to acknowledge the receipt and execution of a C2 server requested operation |
CLEAR | Clears C2 connection queues |
DESCRIBE | Currently Unused |
HEARTBEAT | Heartbeat provides status and operational capabilities to C2 server(s) |
UPDATE | Updates components of the C2 agent or the flow configuration. |
RESTART | Restarts C2 agents |
START | Starts components within the C2 agents |
| STOP | Stops components within the C2 agent |
Heartbeats
Primary communications are carried over a C2 heartbeat. The heartbeat contains operational information about the C2 agent and can occur a configurable frequency. The heartbeat provides status information to the C2 server. The response from the heartbeat contains requested operations from the C2 server. These operations are then acknowledged if/when they are completed. This means that the heartbeat is the only operation initiated by the C2 agent and the C2 server responds directly to these heartbeats.
Protocols
HTTP Protocol
Heartbeat structure
Heartbeats consist of a POST of the following Schema to the C2 heartbeat url. Metrics is a configurable list of metrics that can be returned, so the entirety of that object is optional.
| Advanced Tables - JSON Table | ||||
|---|---|---|---|---|
| ||||
{
"Components" : {
"FlowController" : "enabled",
"ProcessorName" : "enabled/disabled"
},
"DeviceInfo" : {
"NetworkInfo" : {
"deviceid" : "string",
"hostname" : "string",
"ip" : "string"
},
"SystemInformation" : {
"machinearch" : "string",
"physicalmem" : "string",
"vcores" : "string"
}
},
"metrics" : {
"ProcessMetrics" : {
"CpuMetrics" : {
"involcs" : "string"
},
"MemoryMetrics" : {
"maxrss" : "string"
}
},
"QueueMetrics" : {
"Connection" : {
"datasize" : "string",
"datasizemax" : "string",
"queued" : "string",
"queuedmax" : "string"
}
},
"RepositoryMetrics" : {
"flowfile" : {
"full" : "1/0",
"running" : "1/0",
"size" : "string"
},
"provenance" : {
"full" : "1/0",
"running" : "1/0",
"size" : "string"
}
}
},
"operation" : "heartbeat",
"state" : {
"running" : "true/false",
"uptime" : "string"
}
} |
| Table of Contents |
|---|
C2 at a glance
Command and control, herein C2, consists a C2 server and C2 agents. MiNIFi agents must adhere to the C2 protocols to have successful communications. C2 communications occur over a variety of protocols. Currently an HTTP/HTTPS RESTFul paradigm exists to support C2 capabilities to MiNiFi C2 agents. In the future additional protocols may become available for use. All protocols support the following operations:
| Operation Name | Description |
|---|---|
ACKNOWLEDGE | Operation used by MiNiFi C2 agents to acknowledge the receipt and execution of a C2 server requested operation |
CLEAR | Clears C2 connection queues |
DESCRIBE | Currently Unused |
HEARTBEAT | Heartbeat provides status and operational capabilities to C2 server(s) |
UPDATE | Updates components of the C2 agent or the flow configuration. |
RESTART | Restarts C2 agents |
START | Starts components within the C2 agents |
| STOP | Stops components within the C2 agent |
...
Primary communications are carried over a C2 heartbeat. The heartbeat contains operational information about the C2 agent and can occur a configurable frequency. The heartbeat provides status information to the C2 server. The response from the heartbeat contains requested operations from the C2 server. These operations are then acknowledged if/when they are completed. This means that the heartbeat is the only operation initiated by the C2 agent and the C2 server responds directly to these heartbeats.
Protocols
HTTP Protocol
Heartbeat structure
Heartbeats consist of a POST of the following Schema to the C2 heartbeat url. Metrics is a configurable list of metrics that can be returned, so the entirety of that object is optional.
Responses to the heartbeats have the following structure
...
}
]
}
Operation schemas
The following are the schema definitions for each operation that is contained within the requested operations of a heartbeat response. It is expected that C2 agents adhere to this structure
...