Versions Compared

Old Version 7

changes.mady.by.user Marc Parisi

Saved on

compared with

New Version 8

changes.mady.by.user Marc Parisi

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Heartbeats consist of a POST of the following Schema to the C2 heartbeat url. Metrics is a configurable list of metrics that can be returned, so the entirety of that object is optional.

Advanced Tables - JSON Table
outputwiki
enableSortingfalse
{
"Components" : {
"FlowController" : "enabled",
"ProcessorName" : "enabled/disabled"
},
"DeviceInfo" : {
"NetworkInfo" : {
"deviceid" : "string",
"hostname" : "string",
"ip" : "string"
},
"SystemInformation" : {
"machinearch" : "string",
"physicalmem" : "string",
"vcores" : "string"
}
},
"metrics" : {
"ProcessMetrics" : {
"CpuMetrics" : {
"involcs" : "string"
},
"MemoryMetrics" : {
"maxrss" : "string"
}
},
"QueueMetrics" : {
"Connection" : {
"datasize" : "string",
"datasizemax" : "string",
"queued" : "string",
"queuedmax" : "string"
}
},
"RepositoryMetrics" : {
"flowfile" : {
"full" : "1/0",
"running" : "1/0",
"size" : "string"
},
"provenance" : {
"full" : "1/0",
"running" : "1/0",
"size" : "string"
}
}
},
"operation" : "heartbeat",
"state" : {
"running" : "true/false",
"uptime" : "string"
}
}
Responses to the heartbeats have the following structure
Advanced Tables - JSON Table
outputwiki
{"operation" : "heartbeat",

...


"requested_operations": [

...

 {

...


"operation" : "string",

...


"operationid": "string",

...


"name": "string",

...


"content" : [

...


{ "string" : "string" }

...


]
}

]

}

                    ]
                  }
 
   ]
 
  } 

Operation schemas

The following are the schema definitions for each operation that is contained within the requested operations of a heartbeat response. It is expected that C2 agents adhere to this structure

...

                   "operation" : “clear”,
                   “operationid"operationid": "string",
                   "name": “connection”,

...