...
Advanced Tables - JSON Table | ||||||
---|---|---|---|---|---|---|
| ||||||
{ "Components" : { "FlowControlleroperation" : "enabledheartbeat", "ProcessorName" : "enabled/disabled" }, "AgentInformation" deviceInfo": { "NetworkInfosystemInfo" : { "deviceid" : "string", "hostname" : "string", "ip" : "string", "flowid" cpuUtilization": "string" }, "SystemInformation" : { device cpu usage since last heartbeat <float>", "machinearch" : "stringmachine arch <string>", "physicalmem" : "string", "vcores" memoryUsage": "string" }, "AvailableClasses": [ {device memory usage in bytes <int>", "properties"operatingSystem": ["<string>", "physicalMem": "device memory in bytes <int>", "vCores": "device vCores <int>"property" }, "networkInfo": { ]"hostname": "<string>", "ipAddress": "<string>" }, "class_nameidentifier": "org::apache::nifi::minifi::processors::AppendHostInfo",device id <string>" }, "agentInfo": { "agentManifest": { "supportsDynamicPropertiesbuildInfo": "false"{ }"compiler": "<string>", "flags": "<string>", { "revision": "<string>", "propertiestimestamp": ["<int>", "version": "<string>" }, "propertybundles": [ { ], "componentManifest": { "class_nameprocessors": "org::apache::nifi::minifi::processors::AppendHostInfo", [ { "supportsDynamicPropertiespropertyDescriptors": "false"{ } ], "BuildInformationProperty1": { "build_date "defaultValue": "date<value>", "build_rev "description": "string<string>", "build_version": "string "expressionLanguageScope": "<string>", "compiler "name": "string<string>", "compiler_flags "required": "string<true/false>", "device_id "validator": "string" }, "Extensions" : [ "extension1", "extension2", "extensionn" ] }, "metrics" : { "ProcessMetrics" : { "CpuMetrics" : { "involcs" : "string" }, "MemoryMetrics" : { "maxrss" : "string" } }, "QueueMetrics" : { "Connection" : { "datasize" : "string", "datasizemax" : "string", "queued" : "string", "queuedmax" : "string" } }, "RepositoryMetrics" : { "flowfile" : { "full" : "1/0", "running" : "1/0", "size" : "string" }, "provenance" : { "full" : "1/0", "running" : "1/0", "size" : "string" } } }, "operation" : "heartbeat", "state" : { "running" : "true/false", "uptime" : "string" } } } }, "supportedRelationships": [ { "description": "success", "name": "success" }, { "description": "failure", "name": "failure" } ], "inputRequirement": "<INPUT_FORBIDDEN/INPUT_ALLOWED/INPUT_REQUIRED>", "isSingleThreaded": "<true/false>", "supportsDynamicProperties": "<true/false>", "supportsDynamicRelationships": "<true/false>", "type": "Processor name <string>", "typeDescription": "<string>" } ], "controllerServices": [ { "propertyDescriptors": { "Property1": { "defaultValue": "<value>", "description": "<string>", "expressionLanguageScope": "<string>", "name": "<string>", "required": "<true/false>", "validator": "string" } }, "supportsDynamicProperties": "<true/false>", "supportsDynamicRelationships": "<true/false>", "type": "ControllerService name <string>", "typeDescription": "<string>" } ] }, "artifact": "artifact name <string>", "group": "<string>", "version": "<string>" } ] }, "status": { "repositories": { "ff": { "size": "<int>", "running": "<true/false>", "full": "<true/false>" }, "repo_name": { "size": "<int>", "running": "<true/false>", "full": "<true/false>" } }, "components": { "componentN": { "running": "<true/false>", "uuid": "<uuid string>" } }, "resourceConsumption": { "cpuUtilization": "agent cpu usage since last heartbeat <float>", "memoryUsage": "agent memory usage in bytes <int>" }, "uptime": "<int>" }, "agentClass": "<string>", "agentManifestHash": "<string>", "identifier": "agent id <string>" }, "metrics": { "QueueMetrics": { "Connection": { "datasize": "<string>", "datasizemax": "<string>", "queued": "<string>", "queuedmax": "<string>" } }, "RepositoryMetrics": { "flowfile": { "full": "<true/false>", "running": "<true/false>", "size": "<string>" }, "provenance": { "full": "<true/false>", "running": "<true/false>", "size": "<string>" } } } } |
Responses to the heartbeats have the following structure
...
Operation Name | Description | operand/name | content/args |
---|---|---|---|
ACKNOWLEDGE | Operation used by MiNiFi C2 agents to acknowledge the receipt and execution of a C2 server requested operation | N/A | |
CLEAR | Clear repositories | repositories | N/A |
CLEAR | Clears the connection queues | connection | connection1=<connection name>, connection2=<connection 2> ... Will also accept a list <connection name1>,<connection name2>, ... |
CLEAR | Clears component state | corecomponentstate | corecomponent1=<component name>, corecomponent2=<component 2> ... |
DESCRIBE | Return metrics | metrics | metricsClass=<metric class to obtain> |
DESCRIBE | Return configuration options | configuration | N/A |
DESCRIBE | Return agent manifest | manifest | N/A |
DESCRIBE | Return backtraces from the state monitor | jstack | N/A |
DESCRIBE | Return all core component states | corecomponentstate | N/A |
HEARTBEAT | heartbeat operation – may contain embedded heartbeats. | N/A | N/A |
PAUSE | Pauses C2 agents | N/A | N/A |
RESTART | Restarts C2 agents | N/A | N/A |
RESUME | Resumes C2 agents | N/A | N/A |
START | Starts components within the C2 agents | C2 FlowController <name of component to start> | N/A |
STOP | Stops components within the C2 agent | C2 FlowController <name of component to stop> | N/A |
TRANSFER | Transfers an object between the C2 agent and C2 designator. | debug | N/A |
UPDATE | Update flow | configuration | location=<URL to updated flow file>updated flow file> or configuration_data=<flow file yaml content> |
UPDATE | Update configuration property | properties | propertykey1=propertyvalue1, propertykey2=propertyvalue2 ... |
UPDATE | Download an asset | asset | file="filename.txt", url="/c2/asset/6c8052a7-93ec-42d2-aa78-69217e3385a7", forceDownload=false forceDownload: If true, existing files with the same name are overwritten. If false, existing files are not downloaded again. |
Future Work
Future architecture of C2 should be open to the discussion of distributed architectures and multiple heads ( i.e. in a client server multiple client/servers in the case where we can talk to geographically distributed agents ).
...