HI Team,

We have configured metlo in GCP and daemonset in GKE. Data is not getting exported to application. KIndly help us on this. Here are the attached log of one of pod

21/10/2022 -- 06:56:59 - - [ERRCODE: SC_ERR_STATS_LOG_GENERIC(278)] - eve.stats: stats are disabled globally: set stats.enabled to true. See https://suricata.readthedocs.io/en/suricata-6.0.5/configuration/suricata-yaml.html#stats 21/10/2022 -- 06:56:59 - - Running in live mode, activating unix socket 21/10/2022 -- 06:56:59 - - 1 rule files processed. 1 rules successfully loaded, 0 rules failed 21/10/2022 -- 06:56:59 - - Threshold config parsed: 0 rule(s) found 21/10/2022 -- 06:56:59 - - 1 signatures processed. 0 are IP-only rules, 0 are inspecting packet payload, 1 inspect application layer, 0 are decoder event only 21/10/2022 -- 06:56:59 - - Going to use 1 thread(s) 21/10/2022 -- 06:56:59 - - Running in live mode, activating unix socket 21/10/2022 -- 06:56:59 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 21/10/2022 -- 06:56:59 - - all 1 packet processing threads, 2 management threads initialized, engine started. 21/10/2022 -- 06:56:59 - - All AFP capture threads are running. 21/10/2022 -- 06:56:58 - - This is Suricata version 6.0.5 RELEASE running in SYSTEM mode 21/10/2022 -- 06:56:58 - - CPUs/cores online: 1 21/10/2022 -- 06:56:59 - - Found an MTU of 1460 for 'eth0' 21/10/2022 -- 06:56:59 - - Found an MTU of 1460 for 'eth0' 21/10/2022 -- 06:56:59 - - Setting logging socket of non-blocking in live mode. 21/10/2022 -- 06:56:59 - - eve-log output device (unix_stream) initialized: /etc/suricata-logs/eve.sock 21/10/2022 -- 06:56:59 - - JsonRdpLog logger not enabled: protocol rdp is disabled 21/10/2022 -- 06:56:59 - - JsonIKEv2Log logger not enabled: protocol ikev2 is disabled 21/10/2022 -- 06:56:59 - - JsonKRB5Log logger not enabled: protocol krb5 is disabled 21/10/2022 -- 06:56:59 - - JsonSNMPLog logger not enabled: protocol snmp is disabled 21/10/2022 -- 06:56:59 - - JsonRFBLog logger not enabled: protocol rfb is disabled 21/10/2022 -- 06:56:59 - - [ERRCODE: SC_ERR_STATS_LOG_GENERIC(278)] - eve.stats: stats are disabled globally: set stats.enabled to true. See https://suricata.readthedocs.io/en/suricata-6.0.5/configuration/suricata-yaml.html#stats

============================================================================================

metlo.yaml:

apiVersion: apps/v1 kind: DaemonSet metadata: name: metlo-app spec: selector: matchLabels: name: metlo-app template: metadata: labels: name: metlo-app spec: hostNetwork: true tolerations: # this toleration is to have the daemonset runnable on master nodes # remove it if your masters can't run pods - key: node-role.kubernetes.io/master effect: NoSchedule containers: - name: suricata-daemon image: metlo/suricata-daemon imagePullPolicy: Always securityContext: privileged: true env: - name: METLO_ADDR value: ------------ - name: METLO_KEY value: *****

Changelog

4aa3db9 fix goreleaser config (#184)
dededfc Fix Go Mod Sum Deps Path (#183)
4b17634 Add govxlan release workflow (#182)
afe88da add endpoint and data fields to webhook payload (#181)
d1ed378 Go VXLAN Ingestor (#177)
5c31dfe add routes for large response (#180)
554971d add routes for file handling to sample ecommerce (#179)
0d64195 check if endpoint properties exist (#178)
d24e923 add webhooks (#176)
8666c10 conditionally update endpoint based on risk score and last active (#175)
d22e32b static number of ips and speed flag (#174)
fdb2861 Better error logging on suricata (#172)
cd8a690 Suricata mirroring installation script (#171)
43e03db switch node agent to typescript (#170)
86f1164 move sidebar to app level (#168)
497b182 upgrade fastify to 4.10.2 (#167)
752e69a upgrade to nextjs 13 (#166)
fcc38ef Optimize frontend docker (#165)
94e7aad get rid of react icons (#164)
1510b54 Update version for spring-reactive, add build instructions (#162)
e800cce Option to force creation of new entity instead of updating existing in gcp (#161)
f0fb94a Cleanup unused files and imports (#159)
993dc1e Spring Boot Reactive Client and Spring Boot Starter (#157)
4ee573e fix toast message (#158)
75e9b5d add onboarding (#155)
9f864b7 url encode api keys when deleting (#156)
8c4aa17 style and format docs (#153)
1d87e2f Golang ingestor for gin,gorilla (#149)
c47b4f6 fix metlo config schema and get metlo config (#152)
6f1dea8 Allow azure collector on internal IPs only (#144)
d34d74b Check network on packet mirroring (#141)
36f3a55 Fix Node Workers (#150)
e418c16 change settings page layout (#148)
a50348e add UI for delete endpoint (#147)
d062298 Update README.md (#146)
67bd510 Update README.md (#145)
8d1b863 add host page and endpoint deletion logic (#143)
a1baa84 Don't require license key prompt on deployment script (#142)
3d4d4bc Remove src files and yarn cache from docker images (#138)
4776eaa Input license key from manage-deployment (#139)
ed24fd3 Add outbound firewall rule for metlo gcp cli(#134)
a463098 add licenseKey to log aggregated stats (#136)
fb00cd9 add license key to docker compose (#135)
98a891e add validation for metlo-config (#117)
52e8c6a Add cleanup for gcp cli mirroring (#133)
f2d2732 Add tunnel instructions to azure metlo instance (#132)
c5c100a Update README.md (#131)
8b54c44 Clean Up Docs (#130)
5233879 add metlo address param to launch stack link (#129)
15251ad Update README.md (#128)
de522cc Update default directory in metlo deployment script (#126)
2378a7d fix redis queue length check (#125)
09f84f1 Cloudformation scripts (#104)
72253dd Azure Deployment Setup (#124)
c894125 Add more regions to gcp cli mirroring (#123)
4020585 make deploy script (#122)
0e72941 Update manage-deployment.py (#121)
0df0143 Update README.md (#120)
506df9a update gcp docs (#119)
ed958e0 Remove Gcloud from Backend Docker (#116)
a460fdc update node agent - fastify (#115)
b930e9a add manual deploy steps to aws and gcp connections (#114)
5eeed7e add launch stack for aws, update aws and gcp docs (#111)
a625e0a Fix issue on removal if object is null (#113)
510905f GCP CLI new, list and remove packet mirroring (#112)
6cd7be8 Update README.md (#110)
fad8d0e Add more regions (#109)
b4a7a9e Update in app docs (#108)
d0cfcbf AWS CLI Improvements (#107)
4d359fa Remove connection routes (#106)
b6a73ca Add more validation (#105)
67096f7 Python testing fix (#103)
d880329 Add option in daemonset for suricata listening interface (#102)
b14a093 Fix Express Request Paths (#101)
a6f37c9 Add support for load balanced ecs traffic mirroring (#96)
fb63480 change image file names (#94)
c665284 Bump cli version (#93)
45c9e71 Update README.md (#92)
b9cf596 Remove port from gcp cli metlo url, add suricata rules from init script (#91)
2949b7a where to and where (#90)
6270e0f bump node version (#89)
3ac6cce Add sleep to analyze loop (#88)
51851fc Use router for api (#86)
b9b8a8d Add docs for ingestor in connections page (#78)
3ff05fe make getUnauthenticatedEndpointsSensitiveData param by ctx (#85)
10dd6ad Split Entity Manager Save and Save List (#84)
74de536 add optional headers to api calls (#83)
55d4d60 move static images to different folder (#82)
58daeec GCP CLI tooling (#75)
0fb62a4 (fix) Support Redis 6 (#80)
538c5a3 finish cleaning up db access (#79)
a354e03 (fix) Get rid of unneeded filter options (#77)
43fc075 (fix) extend metlo config from base entity (#76)
12fd0dd feature: editable metlo-config (#74)
ce3fb95 Cleanup Data Access (#73)
dd05d0e (Feature) Java rate limiting (#72)
03e5542 feature: add default redacted fields and value (#71)
7049f96 fix: optimize endpoint page (#68)
e49c8a1 feature: add initial graphql checks (#65)
926d60d fix: handle errors on body parser middleware (#67)
ad39dc1 (fix) Add metlo ingestor endpoint to address for java/spring (#70)
04791c3 (feature) Java spring ingestor (#66)
d2f59e1 feature: add test client for sample ecommerce service (#64)
c941468 feature: update sample ecommerce service with fastify, and update responses (#63)
06512d5 (feature+fix) Add source to suricata ingestor. Correct endpoint for gcp mirroring (#62)
b5e92b6 feature: add initial graphql changes (#61)
bd885a5 (fix) mirroring UI endpoint (#60)
75eb975 fix(remove extra configs on data-source) (#59)
747de67 Kubernetes fixes for #52 (#58)
490bcd0 fix(optimize-analyzer) (#56)
81c8312 (feature) Pull variables from env file for ingestor (#57)
f6e3aa7 (feature) add aws traffic mirroring to cli (#55)
12c7a1f (feature) Suricata limit by rules (#54)
39c6621 Update README.md
eb24923 add num workers to env
77d1a1e (fix) manage deployment encryption key (#53)
e3c3019 feature(optimize-collector) (#48)
786710f Improvements to node/python ingestor(s) (#51)
f6c3ce4 fix node and python package READMEs
8bd1217 (cleanup) remove metlo egg info
c8d9bf8 deploy python package
0683f92 (bugfix) Add missing response body on fastify (#49)
0db3f74 publish metlo node agent to npm
bde6683 change metlo cli package
0bd095f (feature) Add mutex locking on shared data structures (#46)
a992809 Add better data capture from suricata unix streams (#45)
31a8e05 Python ingestor for django and flask (#43)
358bb84 Add GCP Instructions to README
cea0f65 Fix AWS deploy on README
7bc3630 Add AWS Deploy Button to README
62f7b4b add endpoints, update logic for sample ecommerce service (#42)
2c12831 fix endpoint, data field, and spec generation (#40)
1b190e8 add init-env command to manage-deployment
31742af add manage deployment script (#39)
2cf5f8d sample-ecommerce: add dockerfile, update dependencies, add pm2 (#38)
ae810f5 run build tests on develop
ae24f1a add staging docker-compose file (#37)
064da1d feature(add-initial-migrations): added initial migration work (#34)
ac4fc63 (feature) Add local server address and port to node ingestor (#36)
964eb53 (feature) Add deletion confirmation for api keys (#35)
22dc7de (feature) add fastify compatibility to node ingestor
538dd56 Use object.entries instead of object.values
ab51d14 remove errant logging code for node ingestor
7deb827 change to synchronize in dataSource options
e546793 add initial table migrations
421e668 (feature) Add koa ingestor, modify express ingestor, better auto handling of module selection for monkey patching
50df6b3 add NODE_ENV for dev scripts, fix initialization based on env
788e4f0 update ApiTrace model
c38e155 add migrations, migrations run on initialization, remove synchronize
8014506 remove comments
70ee45b update authentication config
790b83b add warning in generated spec component
b6522b8 (features) Add basic express ingestor
faec3ea add attackView to TraceDetail
f3b21cb update attack components
32ac654 add attack view sessionMeta fields
e4b91c4 check if uuid param is valid uuid before endpoint and alert filtering
2a38282 turn off spellcheck in endpoint and alert search
ab51d65 add encryption key to ingestor environment
8dd6f24 remove console log
a7051fa fix toast formatting
fc83c35 add error handling to settings
d43900a fix alert uuid param
d3f0c8b add toast handler, fix toast messages
99103ce fix authentication config and block fields populate
14202e2 change clear api trace cron time, remove analyzing traces log
7b22e46 add search for alert id, add routing to alerts
89e9462 update job import, fix protection page
0dc4178 separate job scripts, types, utils for jobs
3858792 add updated trace endpoints to list
c3fafb4 (cleanup) remove minute level agg
cb8b1eb (cleanup) move clear api traces into own file
919efc2 get rid of enterprise path in tsconfig
66ec089 remove attack backend
ae21644 fix yaml path pointer lookup
46a460f fix path parameter parsing for spec validation
da12506 add null type checking for spec generation
a7687c8 (feature) change logo of settings page
b67b308 (feature) move api keys to settings page
8a4ee60 (bugfix) add missing for attribute when adding new api key
ead7a20 (feature) List source of API Keys
8b7746b (feature) Add api key source
44f8e28 (feature) Add options to add/list/delete api key
500dc4b (feature) Modify response for create api key
89f4677 (chore) format output of api keys listing
7cf7135 add pagination to endpoint alerts, fix toasts
afed122 update json to yaml converter
254e612 fix alert tab undefined
20c4a22 Change discord link in README to permanent link
bba19c3 Update README.md
e3233d0 update alert message and formatting
ccd9916 fix query, and optimize retrieving specific endpoint
3bfad2f fix endpoint query, update frontend UI and parameters
3f55152 optimized endpoint query, update for data classes, authenticated filtering, and last active filtering
72455e4 add unauntheticated endpoint returning sensitive data alert
39af5fc reorganize logAggregatedStats post
2837a30 add user set authentication
1d7e7c3 add different update time for spec generation or upload
d95dc47 add host to returned fields for alert
d05759e formatting and remove hasher log
e37fd23 update spec model, update logic for spec diff alerts
27f05d8 add isAuthenticatedDetected filtering
cc5ec90 add check for unauthenticated endpoints
3b69566 update spec handler
2c720bb add queryRunner to spec services and fix rollbacks
433023b fix endpoint list
af755f7 don't show new connection page when host count is not 0
ffd3ec2 fix frontend build error
de56c21 optionally collect emails
af2fa7f (feature) Add working kubernetes ingest daemonset
5411747 get rid of uneeded daemon set file
91bf94c organize kubernetes daemonset
107cd3a minor bugfixes
b693aa0 add snooze button
8df1bbe fix spec generation to get traces within timeframe, fix default content type for spec
8b11892 add attack detail page
a990e75 fix alert modal for unsecured endpoint
d62583b update protection directory structure
133a760 (feature) separate out example and deployment yaml for kubernetes
41db5d9 remove console log
e40847f no api key name error handler
a997937 remove execution time logging
68b2650 fix attack response error toast, fix protection table
ebd50a6 formatting
0220746 add protection index, update attack models and backend logic
2a4de4b remove log line
6346d4e (feature) Store hashed key instead of plain text
453f529 (feature) add delete key handler and endpoint
c8ef135 (feature) remove cli option to add api keys
bc2d4db (feature) Add option to list and add api keys from api
0fe61ca update aggregate queries for spec upload and clearing traces
99cc89d (feature) add partial kubernetes file, remove docker-compose.yaml
8d98cc2 add sandbox mode
080c712 (feature) Add api key generation cli tool
2ce8685 (feature) add docker images with combined suricata and metlo ingestor
fa8d797 (feature) set process title on metlo ingestor
65964fb fix spec generation for array types, nullable values, update spec diff additionalProperties parsing
765451c update data field scanning
2b0bcc3 use default if content-type not defined in trace for spec generation, consolidate endpoint generation find query
efa1978 fix spec validation parsing for arrays and error messages
5306ffa update queries for clearApiTraces
0d80858 update queries and fix spec upload
dc30a64 fix trace list home page
cbdc94c add different attack types
15cf238 add attack model and get endpont
4cf8dd5 Update README.md
0fdc01b start protection page
f9e4fcb update data field parsing, scanner, endpoint generation, trace logging, add trace analysis, update jobs
0e3e6d6 remove body parser stringify
eed141b update regexes
a6cf7a4 fix collector populate auth config
a88e961 fix tags cancel, fix json content viewer
3056d38 remove unnecessary conversions in body parser
32ff836 update block fields parsing to only recurse if needed
6d2e4e2 remove totalCalls from apiEndpoint
1325bf3 add shim for enterprise code
d138d52 Update README.md
1d9c914 add additional endpoint match logic for log request
85d2d73 use des-ecb algo for encrypting uniqueSessionId
71846da update new spec upload logic
d47c1d5 fix database transaction
2fe35f1 fix alert filter scroll
e793b59 split up hourly and minutely aggregate trace data tables
b69d70c add jwt handler for auth config
4a246be Update README.md
10cb946 fix authConfig, update aggregate trace data
5f86703 add metlo-config yaml and create sessionMeta for trace
2f0b11d update spec component in endpoint detail
992f33d add ui tooltip for conversion
bbd9d40 add swagger conversion to v3
74a411c formatting
cc600b5 update traces delete
f1ec84f (fix) fix rebase conflict
0d2d76f (chore) cleanup api, services functions
c71bb97 (chore) update body parser to parse multipart content, fix additionalProperties parsing
c15ba9c (fix) fix spec UI
644c05b Add discord community to readme
728cd08 (feature) add check on source instance type for valid aws instances
606b1a0 (chore) add media type validation to response validator, use updated packages, toast fix
bae94cd (fix) fix trace detail json view
3971399 add session secret env var to docker compose
01d1892 (fix) fix url pathing for spec detail page
13859cb (chore) home page style
35216fd (chore) use update instead of save for alert and endpoint risk score update
578f754 (style) home empty view
5b4feba (chore) add empty view home page
8744f8a (chore) update removed similar endpoint aggregate data to point to new endpoint
30146aa (fix) fix usage charts
169a3ad (chore) update aggregate data logging and model
9a374cb Update README.md
fce1a8f Update README.md
a4ec8e8 Update README.md
d5b15ea Update README.md
dbec82d Update README.md
4659f23 (fix) No HSTS Alert
297775a (fix) fix doughnut chart tooltip
7cf74b1 (chore) update get daily usage queries to use aggregate table
2c8c241 (feature) add aggregate trace data table and update clear api trace job
48af715 (feature) add script for generating alert
2a69c52 (fix) fix body parser middleware to handle array of trace params
f0b3752 Update README.md
5ea4581 add security policy
8619027 Update README.md
7ea83ff (chore) delete traces that are more than hour ago
28dc072 pass env vars in docker compose
42e0e90 add ability to disable logging
adcb4b1 (feature) log aggregated stats
a76d6f4 (chore) update local docker compose
4d3abf1 (chore) include block_fields yaml in volume
2b024ca Add instance settings table
6acef7f (feature) style test-editor method selection
d04579c Update README.md
8dc686b Update README.md
527b809 (chore) move verify api key middleware
2306048 (feature) add body parser middleware
5945770 (feature) support env vars for tests
ebebc88 update readme
a500d60 (bugfix) miscellaneous bugfixes
62ccf36 (bugfix) Add title to delete modal
5d53b0d (feature) add confirmation to test editor delete
bbbbebc hide delete button for new test
6cdd12e (feature) Delete an endpoint test
e0b6fe6 (feature) add rest of the features to testing
8ff72aa (fix) cli script
d86648d fill in test api function in cli
f2fe177 (feature) replace credentials file if user asks
4432014 (feature) Add option to provide host on init to metlo cli
104b135 use @metlo/testing in cli
6d85806 (chore) update spec diff errors to not add format/type errors for disabled paths
4f7c513 (feature) start cli
2ad1d36 (feature) Add api endpoint information to list endpoint test
0149d03 (chore) update spec diff alert
777fa33 (chore) add '[REDACTED]' to blocked fields instead of removing
be01d10 (feature) list enpoint tests filtered by endpoint hostname
79443a5 (feature) replace newman with metlo's own testing library
e443a12 (chore) update database execute transactions
8b6dd5d (chore) add ability to provide paths for all methods and fix db model
d0bd71b (fix) fix path regex for all endpoints of host for block fields
d5f6257 (feature) delete gcp connections
5385b62 (feature) list source type on gcp connection
b5b6707 (feature) Add other mirroring options for GCP
e0843cd (fix) fix block fields table data initialization
56e84d5 (feature) add job for clearing api traces
34da541 (chore) move block fields to service
7d4fcb2 (feature) add removing select fields from api trace before storing in db
9050b00 (chore) Ignore vscode setting files in git
a91f799 (chore) Add gcp source type enums
07b1310 (feature) Add mirror source selection to AWS connection
ddd7de1 (fix) vulnerability list count
f09b676 (chore) create user on initialization
69690fb add vulnerabilities page
c8c9976 (chore) fix alert modal style
ace71b1 (chore) alerts page styling
3c9d993 (feature) add host filtering to alerts
c5ee035 remove dark mode switch
b55dc3e (feature) add additional property and unevaluated property validation to request body, update request error alert generation
f3fb007 (chore) update data field detail style
0c1f812 (chore) add index on apiEndpointUuid
1658061 (feature) Add gcloud to backend dockerfile
1d95545 (feature) Additional styling elements for missing hsts alert frontend
3cb54eb (fix) fix build error with linter
2da24e2 (chore) style fixes
6a10a79 (fix) fix error messages on backend, remove search, add title on open api spec
3cab5e0 (style) endpoint page risk tag
e8f309b (style) adjust data heading and data attr
964c8bb (fix) fix spec height
bb2fd0c (feature) add ui components to Spec display
b41d9fd (fix) update offset on alert type change
3b8e0a4 (bugfix) Add axios to dependencies for backend
2b2a3df (feature) present api trace instead of trace uuid in hsts alert
66dc1b4 (feature) add missing HSTS alert
e85a344 (feature) Avoid listing autogenerated api specs
f5d13d1 (feature) Delete API spec
401ef1b (feature) add data field deletion
f55a529 style home page
9a74060 (chore) color update
87f3bd4 (chore) add const colors to home chart
4760d41 (chore) formatting, colors
bd1d594 add charge endpoint to payment processor test ingestor
f6677ae stop auto detection of driver license fields (#24)
8cc8277 (feature) add ingestor to docker compose
c5d4033 add payment processor sample data to test ingestor
1710743 add more endpoints to ecommerce test ingestor
34d1391 (chore) add yarn lock
b9c84c9 (feature) add sample-ecommerce service
48135a2 (chore) remove extra space
e3cb444 (chore) update express json limit size
42dbafd (bugfix) fix dev-collector path
4fb13ce (bugfix) fix useEffect missing dependancy array warnings for gcp and aws connections
b9ed745 (chore) Move collector one directory up to /src
6e33718 (feature) Add api key verification to collector
72f2584 (chore) Add api key to test ingestor
57bc825 Add api key to ingestor service file
4a10e49 (chore) remove separate data source for collector
5784c50 Set interface on suricata.yaml instead of rules
cd8f126 (chore) mark key column for ApiKey as unique
762353b (feature) Add auth keys to suricata ingestor
cd145ff (feature) Separate out collector
228fc1c Fix the destination source
027651c (feature) add sensitive data in path params alert
27a75a9 keyboard shortcut in test editor
23affa0 (style) fix styling on sensitive data ane endpoint pages
20a91ac wire up latest alerts
cbf563c (chore) link sensitive data to endpoints page with filtered options
9e9ac28 (chore) remove unused alert
7979bf8 (style) no hover color on sensitive data page
2bf135f (fix) fix request location labels
9da6679 (chore) update endpoint data table, clean up get endpoints service
8420f9c (chore) add error messages for spec validation
2374b37 (fix) fix issues with data tag list
34ce8c2 (feature) sensitive data page
9d94ae3 (chore) add tooltip to relative time, move maps
d26214a (fix) fix children component issue, fix endpoint table pagination
97f3b7d (chore) formatting
41785f4 (fix) style fix on alerts tab, remove unresolve, fix placeholder logic, fix pagination counting logic
06e07c8 (chore) update endpoint firstDetected and lastActive, add data classes and search to endpoints page
3a691ec (chore) consolidate query runner raw queries into DatabaseService
885f5ba (fix) remove log
4c71789 upgrade next and fix errors
a5d0ba1 Revert "upgrade next"
a73831e upgrade next
cbe9746 (style) make more room on endpoint and alert pages
dbda826 Add GCP connections for mirroring (#22)
6a1e2c5 (fix) properly obtain and release connections when running queries
2ee4968 (feature) add sensitive data and vulnerability page placeholders
17f978f (fix) set open by default on alert page
67e876a (fix) add some undefined fixes for spec generation
962577a handle empty state home
daf43d6 redo home page
60ac128 (feature) add basic authentication detected alert
047a5ec (feature) add sensitive data in query params alert
5738db8 (feature) add additional parameters errors for response body
ed3ae30 (chore) use database service for update spec
726c46c (feature) use query params for initial alert filters
3caab70 restructure alerts page code
ef1a554 (style) PII Chart Labels
24f2cfd [Snyk] Upgrade @types/node from 18.6.4 to 18.6.5 (#20)
0d099bd (chore) add validation error message based on type
e031b34 (feature) add openapi schema validator
b410ee5 (chore) add path parameters to spec generation
6d0dc62 (fix) update endpoint model, match trace with lowest number params endpoint
db02337 (fix) handle '/' paths in sync endpoints, add empty dataClasses on new instantiation
83eba54 (chore) update docker compose with redis
86d6409 (feature) add pii alert, update UI for alerts
b620cd2 (fix) fix issues with spec diff and spec generation
6d36bf5 (chore) remove unused handler, update endpoint query
2539841 (fix) try parsing path parameter as number otherwise keep as string
df0c4ad (chore) update styles on alert
e8d4c7a don't allow deleting autogenerated specs
f37db6b add test status tags
86c89fc (fix) test editor saving
0f80f8a (bugfix) match destination and source urls, fix casing for ports
d5d92ec (bugfix) match up ingestor response to single log request
cf13d7f (chore) Add default outgoing filter on aws traffic filter
b35a84a (chore) Show message on completion
bdec808 (bugfix) fix suricata installation files
4d8dea3 (bugfix) Mirroring filter direction correction
b7a7fe8 (chore) Save on ssh task end
fa23c6e (chore) Add back missing functions lost during rebase
a1d0b8b (chore) Setup mirror rules to only mirror things from source ip
09386cb (chore) fetch long running connection like an async jobs
d51795b (chore) Reorganize ssh files
331b61b (bugfix) Bugfixes for delete connection
9f61ed8 Delete connections
2205afc (chore) update detail view left panel
08b36ee (chore) update full detail view
6437687 (fix) fix heights in alert detail
86258a3 (chore) fix formatting
7918088 (feature) update alerts model, backend logic, frontend UI
f5cdbac (style) test page
119af67 (style) switch detected field icon
f396c39 (style) resizeable panes
082a165 (fix) data field update fixes
a4291fc tag list for data classes
6c8497d [Snyk] Upgrade @chakra-ui/icons from 2.0.4 to 2.0.6 (#17)
283a519 [Snyk] Upgrade @chakra-ui/theme-tools from 2.0.5 to 2.0.7 (#18)
a03e16c [Snyk] Upgrade chart.js from 3.8.2 to 3.9.1 (#19)
0c1bec3 (fix) get rid of semicolon
51d0bcb (feature) add scannerIdentified to data class model, update some logic
a58fc7b Prettify all TS/JS files (#14)
d9d8b44 (feature) change data field model, update data field logic, update detected fields UI, add database service, fixes to endpoint generation
aa907d8 (feature) update alerts model and backend logic for alerts
28cd32b (fix) fix data field parsing for body data
450c3b3 (chore) add dictionary word check for suspect parameter
931bf33 (chore) add description to spec generated responses
acef44a (fix) fix non json parsing for open api spec generation
493cbfa (fix) prexpand rows with fields, change empty view size
2c890f4 (feature) test running job
1e57279 add tags to tests
cf32b00 (bugfix) add missing parameters to suricata output interface
ae8588d (chore) Match suricata output interface to test-ingestor
15c7b17 (chore) Modify prod docker compose and setup files
6d0d513 move init sql to root
67454fc build common module with jobrunner
423b852 (fix) running tests with no tests defined
7848377 (feature) finish wiring up tests
d7b7aa9 (bugfix) remove errant ',' in backend package.json
08e3267 (chore) add dependencies to backend
01e90cf (chore) Add backend configuration for GCP
d17447b (chore) Modify designs for Connection Info UI
35ef7a0 (chore) fix script file paths and move scripts folder
f96bb4c Move installation scripts to within src/suricata-setup
5b0cc73 Reorganize files to make structure consistent with logic
a4400ea test page toasts
ec99b06 (fix) fix generate endpoint job, remove uneeded code in index file
7672a56 (fix) fix open api request/response validation
2fcc66e (chore) update gitignore
a9cd877 (chore) move logic to data field service
a3a29e9 add headers to test ingestor
b279b29 (fix) use secret from env var
530b847 (feature) update data fields UI, update backend data fields logic, add path parameter fields
4ba093e (fix) fix filter options being cut off, update search message
a26f567 (feature) add test list filters
a4e9d04 (fix) infinite render loop on test page
59ed7b9 (style) testing page cleanup
64e76dc (chore) formatting and update imports
6910a5a (feature) add all traced data fields to endpoints
51fc5af (fix) fix imports from common in backend
3a05fb8 (chore) add request parameters/headers/body and response headers/body as well as schema definitions with open api spec generation
db31fba (feature) Add authentication support for 'basic' auth methods
367c167 style testing page
2b736c9 (chore) Fix test method selection styling
7459417 (chore) Fix styling attributes for data preview
ee358f6 Basic styling and setup for test response body preview
e954fce Update README.md
22b7a08 style test list
c85ba0c Update README.md
6b255e1 (bugfix) fix typings for api endpoint tests
ec88438 (bugfix) correct path for opening individual test page
d14a289 (feature) Add listing of test on endpoints page
c62c5b0 fix build
0ab70dd add to readme
39bf933 List tests page
6bc9840 create save test service in frontend
0da9e13 endpoints for list tests
4e359d1 delete test data
61e6d90 (chore) Wire up saves for endpoint tests
441d2b5 (feature) Add testing product (#6)
66ea164 feature(connections) : Connections UI (#11)
e535cdd feature(mirroring) Support mirroring on AWS and set it on user behalf (#7)
168bbb2 add nvmrc
a54406c add build status shield
25b388f Combine frontend and backend workflows (#5)
6439cd8 Setup Build Workflows (#4)
6510392 frontend build dep path
d4010b5 different way of setting up working directory
713cab0 update build workflow
9b7675b Create node.js.yml
3a39562 specify default branch
5f97436 test build frontend job
254e582 add titles
b5f8cc9 add favicon
0505d39 (style) Use new logo (#3)
6a9f9d8 Merge pull request #2 from metlo-labs/sortby-riskscore-for-lists
2964ab4 return getEndpoints with entries ordered by risk score high to low
3e553e0 return getAlerts with entries ordered by risk score, createdAt date high to low
efec2d4 fix isRisk PII styling
544c533 change risk score calc
04a1a13 format
446a632 pii data fixes
5d8dccf add make purchase ingestor
7a97c74 generate endpoints script
5ad0f50 (styling) increase risk score column width on endpoints
c5d60d8 fix(openapi-spec-parsing): update openapispec services and frontend UI (#1)
f5405f1 add name to test product producer
e0bc325 add new test data producer
3b039ff update responses
029f47d fix alert detail UI
1d6c569 alert for open api spec diff
e4c0727 add usage work frontend and backend
42d7794 fix endpoint page styling
050781c open specific detail if uuid specified
5b6e423 frontend formatting
db17e32 add linting, fix lint issues
c37278c consolidate frontend imports
c4dfdf8 Add security group info to ec2 instance creation
8e99809 Suricata setup over ssh
1dcf0f6 Add files to push
8ec87a5 fix tsconfig builds
bb119a1 basic installation setup over ssh setup
48aa829 add noDataComponent on endpoint tabs
3f37581 fix empty state
07504d8 endpoint pii fields, styling fixes, backend data class api update
ccb392e empty view styling
5ded8f8 apply conditional styling
e24883a make row columns clickable
b5a8f52 details for alerts
d97cdcb highlight selected row
c3471a5 fix returns, add method signatures
8fdc440 redo trace list
cbc0c74 update backend dockerfile, remove backend types and enums
ae08ae9 consolidate enums
80ba0d2 consolidate types
b6ca0e2 add local constant import
42e1423 change to absolute imports, update yarn commands
41077eb Add tsconfig.json for suricata ingestor.
310ce62 better labels for functions
d12bb0e Setup of machinery for suricata complete.
b304369 Test and fix instance setup
04c4b1b basic stuff for setting up instances
9a87fcb export functions for instance creation
2dddd74 List region for a given network interface
1b131d1 List region for a given instance
67343d1 move models inside src, update imports
f8bad89 fix home page layout
a6935d1 update pii field handlers, update pii field backend
3dfa175 fix resolving
61c2194 alert tabs, alert detail, resolve stuff
aa1047d default tab change
e8cca69 trace page styling
1337da5 fix test ingestor port name
227761d fix typo
358c0f3 fix test ingestor path
49aec28 add job runner to docker compose
fae1688 commit activity per month
02c70b4 disable x-powered-by
2383e9e fix scan
c5a124b add top alerts
fd95bab add condition to scan
c67b4f9 fix spec api and page
2df87e1 fix test date
b2d5524 fix pii fields and traces tabs
ff00149 push to docker command
00b4ef9 change logo
4ad5ac1 fix api urls
9cf38bd return keypair when creating instance, remove logs
576fbe0 Update readme, more utils
60a015d Create Mirror Session
ea0080a Add traffic mirroring filter rules
1eaff38 Create mirror target
0226550 Add steps to create a new instance
df61cad alert page, alert tab, more alert backend
0f3bfbc add license
0fd48a7 add readme
b49f0ee fix
3530019 test badge
0703189 shrink logo height
0463276 get summary
163ee25 start summary backend
5cc6dda resolve alert
a1011d7 alert backend
5db13d7 update error message
1d43b8c finish update spec
ca885b4 update endpoint path
3a68033 update spec file put
2658d6f updated spec endpoint paths
a9acdee styling
03b56de trace detail
35bf60b work on spec page
1ae7b7d start spec page
aacd2f5 Merge branch 'master' of github.com:metlo-labs/metlo
a54ff43 spec handler
5f2ff91 add last updated to spec list
aaa683e add date time
c3356c4 fetch hosts fix
a53bf45 risk score sensitive data
1a84fd0 upload new api spec
d8d5059 update score when spec uploaded
787a8dd remove environment filter
d0ce6a1 20 traces for endpoint
0673862 risk score, database save issue fixes
782dcc4 more work on spec list
bf5aeb7 spec list page
4f27f5c Revert "use common in backend"
4f591cc use common in backend
b9e662a start spec list component
5443f1d add createdAt, updatedAt to openapiSpec
4f485bc endpoint page ssr
e25b45c settings -> specs
764324d fix spec generation
6c4d333 add extension, fix spec showing
109e619 stringify spec with formatting
ddd779f get firstDetected and lastActive
f7ed5c9 add host filtering
6bad360 add make file
73cf5af fix build
9e02b81 add postgres to docker compose
09ae754 pagination on endpoints
7b87baa remove cors
7d2a194 start hooking up stuff, backend endpoint changes, common type changes
72e0a97 add cors
2cf3a11 add quickstart to readme
bae64ed change port
c7b5459 docker compose
924d6e6 use env var for backend
a46d403 update isRisk
525abc3 remove errant closing brace
5bf5fca refactor to pass client instead of config, create new instance
7962fd6 Add function to create and upload new keypair for instance
7a38ab5 Add yarn files
0ffcb29 describe instance details and get all instances meeting specifications
ee77fe1 Add listing for latest ubuntu 20.04 image
fdac515 update already defined endpoint if exists when generating endpoints from traces
d2770f9 update spec defined endpoints with totalCalls and matched data classes of removed endpoints
597394f frontend docker image
58f916c backend docker image
7342939 fix types
7aac3bd check for sensitive data when generating endpoint from traces
1e79e96 reroute api calls to backend
155e8a2 base /api/v1 endpoint
279f2b9 change to /api/v1
a723494 find sensitive data in body, reorganize
0cd4e83 add new endpoint to test data
1e53381 fix update spec handler
24d27d5 forEach instead of map
56f3d89 update job
cef05f2 call generate spec after generate endpoints
eaf57a7 node jobs script
fa653dc change test ingest speed
a28ba1d add generate to auto generated spec name
648e9d3 fix generate open api spec
14de909 add generate spec func, fix new spec file issues
68ef491 change readme header
206761e readme header
8144909 clear frontend readme
a20470f light mode code editor
b717cc1 add pii data chart
ccdb706 get spec list
19b3fd9 fix endpoint generate from traces for host and method
ba587c1 add openApiSpec to detailed endpoint, add autogenerated column
78bd1a4 add coming soon to tests
0f35b8c alert page
ed764ae Some cleanup and bug fixes
b4dfc09 Add cli stuff for ingestor. Push alert to remote url
d1f1593 issues -> alerts
4449426 fix log request
ff2d594 make responsive
cf045cd fix types
6ce05c1 update spec
43f817f redo endpoint layout
c71ab9a add and remove specs, fix logic
b74fb7e only update endpoint if exists in log request call and assign endpoint to trace
46953e1 new spec handle
c16fe32 Add basic data ingestor from suricata
a71e2a8 add back types, enums for now
365fd1f format
b1df65c add dependencies, move things around, fix models and code issues
28ba588 add high risk alerts
784fe57 add endpoints to alert on home
85bd6b8 add alert list to home page
e2cea7d fix styling
5c18add connection list
43296d3 @common and alert list
5e5a3fc add home page stats
2e34ada work on trace list
96099f2 add trace list
0c91ad6 use common types in frontend
ab4218b add common package with types
acbd35e add response handlers and file upload endpoint
a83c443 fix
83ac7da add endpoints from traces
a44d7c7 fix sidebar layout
9f3157f add endpoint handlers
75027ac log in apiendpoint and matchedDataClass tables
4a90977 formatting
6970687 add get endpoints
1be064d work on endpoint page
05c79c8 work on endpoint page
c45b72b table fixes
f3bf095 ui work
95579f1 use next link
89aca69 add pages
4b29163 add some log request stuff, fix regexes
9b123fb change colors
06446d4 start sidebar
efaf371 start sidebar
365559b regexp things, model updates, service fixes, types, scan func
ffc0f54 fix models, update log-request
1d700dc update tsconfig
d56565c switch to yarn
0ccc75c tie test ingester to backend
a87b946 add batch for logrequest
253027f add log request service
61ec051 start test ingester
e707708 add typeorm, models, enums, types
1e3168c add api log-request, bodyparser
22e1f29 frontend initial setup
9554769 initial commit
3233370 Initial commit

Source code(tar.gz)
Source code(zip)
metlo_0.0.1_checksums.txt(485 bytes)
metlo_0.0.1_darwin_amd64.tar.gz(3.35 MB)
metlo_0.0.1_darwin_arm64.tar.gz(3.24 MB)
metlo_0.0.1_linux_386.tar.gz(3.09 MB)
metlo_0.0.1_linux_amd64.tar.gz(3.23 MB)
metlo_0.0.1_linux_arm64.tar.gz(2.96 MB)

unable to find api

HI Team,

We have configured metlo in GCP and daemonset in GKE. Data is not getting exported to application. KIndly help us on this. Here are the attached log of one of pod

21/10/2022 -- 06:56:59 - - [ERRCODE: SC_ERR_STATS_LOG_GENERIC(278)] - eve.stats: stats are disabled globally: set stats.enabled to true. See https://suricata.readthedocs.io/en/suricata-6.0.5/configuration/suricata-yaml.html#stats 21/10/2022 -- 06:56:59 - - Running in live mode, activating unix socket 21/10/2022 -- 06:56:59 - - 1 rule files processed. 1 rules successfully loaded, 0 rules failed 21/10/2022 -- 06:56:59 - - Threshold config parsed: 0 rule(s) found 21/10/2022 -- 06:56:59 - - 1 signatures processed. 0 are IP-only rules, 0 are inspecting packet payload, 1 inspect application layer, 0 are decoder event only 21/10/2022 -- 06:56:59 - - Going to use 1 thread(s) 21/10/2022 -- 06:56:59 - - Running in live mode, activating unix socket 21/10/2022 -- 06:56:59 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 21/10/2022 -- 06:56:59 - - all 1 packet processing threads, 2 management threads initialized, engine started. 21/10/2022 -- 06:56:59 - - All AFP capture threads are running. 21/10/2022 -- 06:56:58 - - This is Suricata version 6.0.5 RELEASE running in SYSTEM mode 21/10/2022 -- 06:56:58 - - CPUs/cores online: 1 21/10/2022 -- 06:56:59 - - Found an MTU of 1460 for 'eth0' 21/10/2022 -- 06:56:59 - - Found an MTU of 1460 for 'eth0' 21/10/2022 -- 06:56:59 - - Setting logging socket of non-blocking in live mode. 21/10/2022 -- 06:56:59 - - eve-log output device (unix_stream) initialized: /etc/suricata-logs/eve.sock 21/10/2022 -- 06:56:59 - - JsonRdpLog logger not enabled: protocol rdp is disabled 21/10/2022 -- 06:56:59 - - JsonIKEv2Log logger not enabled: protocol ikev2 is disabled 21/10/2022 -- 06:56:59 - - JsonKRB5Log logger not enabled: protocol krb5 is disabled 21/10/2022 -- 06:56:59 - - JsonSNMPLog logger not enabled: protocol snmp is disabled 21/10/2022 -- 06:56:59 - - JsonRFBLog logger not enabled: protocol rfb is disabled 21/10/2022 -- 06:56:59 - - [ERRCODE: SC_ERR_STATS_LOG_GENERIC(278)] - eve.stats: stats are disabled globally: set stats.enabled to true. See https://suricata.readthedocs.io/en/suricata-6.0.5/configuration/suricata-yaml.html#stats

============================================================================================

metlo.yaml:

apiVersion: apps/v1 kind: DaemonSet metadata: name: metlo-app spec: selector: matchLabels: name: metlo-app template: metadata: labels: name: metlo-app spec: hostNetwork: true tolerations: # this toleration is to have the daemonset runnable on master nodes # remove it if your masters can't run pods - key: node-role.kubernetes.io/master effect: NoSchedule containers: - name: suricata-daemon image: metlo/suricata-daemon imagePullPolicy: Always securityContext: privileged: true env: - name: METLO_ADDR value: ------------ - name: METLO_KEY value: *****

opened by saleem-unifycare 16
What is ?
Hi there 👋

I setup Metlo locally using docker compose ( read me instructions ).

git clone https://github.com/metlo-labs/metlo.git cd metlo ENCRYPTION_KEY="some random string" EXPRESS_SECRET="some random string" docker-compose up -d

I'm also running my local app via docker compose and followed your intructions for a node connection.

var metlo = require("metlo") metlo(<YOUR_METLO_API_KEY>, <YOUR_METLO_COLLECTOR_URL>)

First problem/question

Can't find in your docs what the YOUR_METLO_COLLECTOR_URL should be. From looking at your docker compose file it looks like collector is also an alias for injestor and looking at the node library the value expected is just the host. Not sure if I can just pass the host or also need to include the port for the injestor (8081).

Suggestion:

update names to be consistent

show the YOUR_METLO_COLLECTOR_URL value when the user is on the connections page or when creating a key

Second problem/question

Since I'm running both apps in docker I can't point to localhost. I tried using http://host.docker.internal but without success. Do you know what I should set as the YOUR_METLO_COLLECTOR_URL in my case?
opened by ZeRego 11
Can't login
I deployed with Docker step by step in a cloud server, following the instructions:

Devtools network tab show this:

/auth/login (200 OK - POST) -> JWT

/_next/data/XXXXXXXXXXXX/index.json (307 Temporary Redirect - GET) -> no response

/_next/data/XXXXXXXXXXXX/login.json (200 OK - GET) ->

{ "pageProps": { "localAuthAllowed": true }, "__N_SSP": true }

Nothing happens
opened by matiaslopezd 10

Metlo cli - SyntaxError: Unexpected token '.'

I install metlo from npm

npm i -g @metlo/cli

Server: Ubuntu 22.04.1 LTS Nodejs: v12.22.9 Npm: 8.5.1 metlo: metlo/[email protected]

Error log

metlo --help
/usr/local/lib/node_modules/@metlo/cli/node_modules/@aws-sdk/client-ec2/dist-cjs/protocols/Aws_ec2.js:22372
        if (input.TagSpecifications?.length === 0) {
                                    ^

SyntaxError: Unexpected token '.'
    at wrapSafe (internal/modules/cjs/loader.js:915:16)
    at Module._compile (internal/modules/cjs/loader.js:963:27)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1027:10)
    at Module.load (internal/modules/cjs/loader.js:863:32)
    at Function.Module._load (internal/modules/cjs/loader.js:708:14)
    at Module.require (internal/modules/cjs/loader.js:887:19)
    at require (internal/modules/cjs/helpers.js:74:18)
    at Object.<anonymous> (/usr/local/lib/node_modules/@metlo/cli/node_modules/@aws-sdk/client-ec2/dist-cjs/commands/AcceptAddressTransferCommand.js:8:19)
    at Module._compile (internal/modules/cjs/loader.js:999:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1027:10)

opened by r00t9 5

[Bug] AttributeError: 'FakePayload' object has no attribute 'stream'

/opt/venv/lib/python3.10/site-packages/django/test/client.py:751: in post
    response = super().post(path, data=data, content_type=content_type, secure=secure, **extra)
/opt/venv/lib/python3.10/site-packages/django/test/client.py:407: in post
    return self.generic('POST', path, post_data, content_type,
/opt/venv/lib/python3.10/site-packages/django/test/client.py:473: in generic
    return self.request(**r)
/opt/venv/lib/python3.10/site-packages/django/test/client.py:719: in request
    self.check_exception(response)
/opt/venv/lib/python3.10/site-packages/django/test/client.py:580: in check_exception
    raise exc_value
/opt/venv/lib/python3.10/site-packages/django/core/handlers/exception.py:47: in inner
    response = get_response(request)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <metlo.django.MetloDjango object at 0xffff911058a0>
request = <WSGIRequest: POST '/admin/module/group/group_name/delete/'>

    def __call__(self, request):
        response = self.get_response(request)
        params = request.GET if request.method == "GET" else request.POST
        dest_ip = request.META.get("SERVER_NAME") if \
            "1.0.0.127.in-addr.arpa" not in request.META.get("SERVER_NAME") else "localhost"
        src_ip = request.META.get("REMOTE_ADDR") if \
            "1.0.0.127.in-addr.arpa" not in request.META.get("REMOTE_ADDR") else "localhost"
>       source_port = request.environ["wsgi.input"].stream.raw._sock.getpeername()[1]
E       AttributeError: 'FakePayload' object has no attribute 'stream'

/opt/venv/lib/python3.10/site-packages/metlo/django.py:45: AttributeError

I've deployed docker version of Metlo and configured our Django application with the metlo module. After running our test suite I ended up with most of the tests failing with same AttributeError.

opened by maciejstromich 4

docker-compose up -d server returns 500 error

I'm trying to use metlo on my local host. I've followed the steps from README. After containers are started when I try to visit the web app, it returns a 500 error.

Do I need to set environment variables? can the team add those instructions to the README?

$ docker-compose up -d
WARNING: The BACKEND_URL variable is not set. Defaulting to a blank string.
WARNING: The SANDBOX_MODE variable is not set. Defaulting to a blank string.
WARNING: The DISABLE_LOGGING_STATS variable is not set. Defaulting to a blank string.
WARNING: The NUM_WORKERS variable is not set. Defaulting to a blank string.

-- snip --

opened by dmdhrumilmistry 3

Daemonset is unable to start

We are seeing below error when we try to install metlo daemonset on K8S cluster. I can see similar issue on https://github.com/metlo-labs/metlo/issues/52#issuecomment-1296806302 Can you share solution.

STARTING starting suricata starting metlo 10/11/2022 -- 19:26:26 - - This is Suricata version 6.0.1 RELEASE running in SYSTEM mode 10/11/2022 -- 19:26:26 - - [ERRCODE: SC_ERR_SYSCALL(50)] - Failure when trying to get MTU via ioctl for 'eth0': No such device (19) 10/11/2022 -- 19:26:26 - - [ERRCODE: SC_ERR_SYSCALL(50)] - Failure when trying to get MTU via ioctl for 'eth0': No such device (19) 10/11/2022 -- 19:26:26 - - [ERRCODE: SC_ERR_SOCKET(200)] - Error connecting to socket "/tmp/eve.sock": Connection refused (will keep trying) 10/11/2022 -- 19:26:26 - - JsonRdpLog logger not enabled: protocol rdp is disabled 10/11/2022 -- 19:26:26 - - JsonIKEv2Log logger not enabled: protocol ikev2 is disabled 10/11/2022 -- 19:26:26 - - JsonKRB5Log logger not enabled: protocol krb5 is disabled 10/11/2022 -- 19:26:26 - - JsonSNMPLog logger not enabled: protocol snmp is disabled 10/11/2022 -- 19:26:26 - - JsonRFBLog logger not enabled: protocol rfb is disabled 10/11/2022 -- 19:26:26 - - [ERRCODE: SC_ERR_STATS_LOG_GENERIC(278)] - eve.stats: stats are disabled globally: set stats.enabled to true. See https://suricata.readthedocs.io/en/suricata-6.0.1/configuration/suricata-yaml.html#stats 10/11/2022 -- 19:26:27 - - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Unable to find type for iface "eth0": No such device 10/11/2022 -- 19:26:27 - - all 2 packet processing threads, 2 management threads initialized, engine started. 10/11/2022 -- 19:26:27 - - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Unable to find iface eth0: No such device 10/11/2022 -- 19:26:27 - - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Couldn't init AF_PACKET socket, fatal error 10/11/2022 -- 19:26:27 - - [ERRCODE: SC_ERR_FATAL(171)] - thread W#01-eth0 failed

opened by venkateshmadala 3
Feature Request: Add option to obsfucate PII
Greetings Metlo Team,

Is it possible to store PII information in obfuscated form? This will ensure user privacy.

for example:

{ "other_params":"...", "email":"[email protected]", "phone":"1234567890" }

Obfuscated Form:

{ "other_params":"...", "email":"[email protected]", "phone":"xx3456xxxx" }
opened by dmdhrumilmistry 2
Missing endpoint in Node Agent

Hi! With the nodejs agent when the POST request is sent to the metlo backend from nodejs agent the endpoint /api/v1/log-request/single is missing, so the current workaround is to add /api/v1/log-request/single to the host URL
bug

opened by Killian-G 2
Errors in local deployment with docker-compose-local

Hello! I tried to start Metlo in local environment with docker-compose-local.yaml file: sudo docker-compose -f docker-compose-local.yaml up in repo root directory.

Firstly, I get the next error: Service 'ingestor' failed to buid: ADD failed: forbidden path outside the build context: ../../../backend (). So, I changed ADD ../../../backend backend to ADD ./backend backend, and ADD ../../../common common to ADD ./common common in all dockerfiles in deploy directory. And it works.

But the next error has been appeared, like in previous issue (https://github.com/metlo-labs/metlo/issues/32):

Could you please help me? Thanks!

opened by drmckay-kirill 2
[Bug] Too many false-positive

I tried it on my Android repo but, almost all of the issued cases were false-positive. For example https://github.com/Drjacky/MVIModularizationTemplate/issues/19

It says there is an issue with kotlin-stdlib-1.4.31.jar but, neither my repo nor the internal library(root dependency) use that version:

Third-library: https://github.com/detekt/sarif4k/blob/main/build.gradle.kts

opened by Drjacky 2
XSS/SQLI testing through cli
TODO:

Cross product on multiple payloads in a single request

UI for test generation

More payload types

Also maybe split payloads into more manageable chunks/representative types
opened by AHarmlessPyro 0
Param detection in request paths

How does Metlo detect params?

Some request paths are marked with incorrect parameters.

The current path in Metlo: /api/{param1}/org/{param2} Expected /api/{param1}/org/onboardingStatus

Route source: https://github.com/lightdash/lightdash/blob/e6057c27c37659235e1617527e8a6e27881ee9bc/packages/backend/src/routers/organizationRouter.ts#L176

Could it use the express routes to detect the params instead of using some magic logic? It can even detect what is the name of the param instead of using generic param1 param2 etc eg: /user/:userUuid -> /user/{userUuid}
question

opened by ZeRego 1

v0.0.3(Dec 12, 2022)

Source code(tar.gz)
Source code(zip)
metlo_0.0.3_darwin_amd64.tar.gz(6.32 MB)
metlo_0.0.3_linux_amd64.tar.gz(5.82 MB)
v0.0.2(Dec 9, 2022)
Changelog

542c09f fix govxlan command and add deploy scripts

Source code(tar.gz)
Source code(zip)
metlo_0.0.2_checksums.txt(485 bytes)
metlo_0.0.2_darwin_amd64.tar.gz(3.35 MB)
metlo_0.0.2_darwin_arm64.tar.gz(3.24 MB)
metlo_0.0.2_linux_386.tar.gz(3.09 MB)
metlo_0.0.2_linux_amd64.tar.gz(3.23 MB)
metlo_0.0.2_linux_arm64.tar.gz(2.96 MB)
v0.0.1(Dec 9, 2022)
Changelog

4aa3db9 fix goreleaser config (#184)

dededfc Fix Go Mod Sum Deps Path (#183)

4b17634 Add govxlan release workflow (#182)

afe88da add endpoint and data fields to webhook payload (#181)

d1ed378 Go VXLAN Ingestor (#177)

5c31dfe add routes for large response (#180)

554971d add routes for file handling to sample ecommerce (#179)

0d64195 check if endpoint properties exist (#178)

d24e923 add webhooks (#176)

8666c10 conditionally update endpoint based on risk score and last active (#175)

d22e32b static number of ips and speed flag (#174)

fdb2861 Better error logging on suricata (#172)

cd8a690 Suricata mirroring installation script (#171)

43e03db switch node agent to typescript (#170)

86f1164 move sidebar to app level (#168)

497b182 upgrade fastify to 4.10.2 (#167)

752e69a upgrade to nextjs 13 (#166)

fcc38ef Optimize frontend docker (#165)

94e7aad get rid of react icons (#164)

1510b54 Update version for spring-reactive, add build instructions (#162)

e800cce Option to force creation of new entity instead of updating existing in gcp (#161)

f0fb94a Cleanup unused files and imports (#159)

993dc1e Spring Boot Reactive Client and Spring Boot Starter (#157)

4ee573e fix toast message (#158)

75e9b5d add onboarding (#155)

9f864b7 url encode api keys when deleting (#156)

8c4aa17 style and format docs (#153)

1d87e2f Golang ingestor for gin,gorilla (#149)

c47b4f6 fix metlo config schema and get metlo config (#152)

6f1dea8 Allow azure collector on internal IPs only (#144)

d34d74b Check network on packet mirroring (#141)

36f3a55 Fix Node Workers (#150)

e418c16 change settings page layout (#148)

a50348e add UI for delete endpoint (#147)

d062298 Update README.md (#146)

67bd510 Update README.md (#145)

8d1b863 add host page and endpoint deletion logic (#143)

a1baa84 Don't require license key prompt on deployment script (#142)

3d4d4bc Remove src files and yarn cache from docker images (#138)

4776eaa Input license key from manage-deployment (#139)

ed24fd3 Add outbound firewall rule for metlo gcp cli(#134)

a463098 add licenseKey to log aggregated stats (#136)

fb00cd9 add license key to docker compose (#135)

98a891e add validation for metlo-config (#117)

52e8c6a Add cleanup for gcp cli mirroring (#133)

f2d2732 Add tunnel instructions to azure metlo instance (#132)

c5c100a Update README.md (#131)

8b54c44 Clean Up Docs (#130)

5233879 add metlo address param to launch stack link (#129)

15251ad Update README.md (#128)

de522cc Update default directory in metlo deployment script (#126)

2378a7d fix redis queue length check (#125)

09f84f1 Cloudformation scripts (#104)

72253dd Azure Deployment Setup (#124)

c894125 Add more regions to gcp cli mirroring (#123)

4020585 make deploy script (#122)

0e72941 Update manage-deployment.py (#121)

0df0143 Update README.md (#120)

506df9a update gcp docs (#119)

ed958e0 Remove Gcloud from Backend Docker (#116)

a460fdc update node agent - fastify (#115)

b930e9a add manual deploy steps to aws and gcp connections (#114)

5eeed7e add launch stack for aws, update aws and gcp docs (#111)

a625e0a Fix issue on removal if object is null (#113)

510905f GCP CLI new, list and remove packet mirroring (#112)

6cd7be8 Update README.md (#110)

fad8d0e Add more regions (#109)

b4a7a9e Update in app docs (#108)

d0cfcbf AWS CLI Improvements (#107)

4d359fa Remove connection routes (#106)

b6a73ca Add more validation (#105)

67096f7 Python testing fix (#103)

d880329 Add option in daemonset for suricata listening interface (#102)

b14a093 Fix Express Request Paths (#101)

a6f37c9 Add support for load balanced ecs traffic mirroring (#96)

fb63480 change image file names (#94)

c665284 Bump cli version (#93)

45c9e71 Update README.md (#92)

b9cf596 Remove port from gcp cli metlo url, add suricata rules from init script (#91)

2949b7a where to and where (#90)

6270e0f bump node version (#89)

3ac6cce Add sleep to analyze loop (#88)

51851fc Use router for api (#86)

b9b8a8d Add docs for ingestor in connections page (#78)

3ff05fe make getUnauthenticatedEndpointsSensitiveData param by ctx (#85)

10dd6ad Split Entity Manager Save and Save List (#84)

74de536 add optional headers to api calls (#83)

55d4d60 move static images to different folder (#82)

58daeec GCP CLI tooling (#75)

0fb62a4 (fix) Support Redis 6 (#80)

538c5a3 finish cleaning up db access (#79)

a354e03 (fix) Get rid of unneeded filter options (#77)

43fc075 (fix) extend metlo config from base entity (#76)

12fd0dd feature: editable metlo-config (#74)

ce3fb95 Cleanup Data Access (#73)

dd05d0e (Feature) Java rate limiting (#72)

03e5542 feature: add default redacted fields and value (#71)

7049f96 fix: optimize endpoint page (#68)

e49c8a1 feature: add initial graphql checks (#65)

926d60d fix: handle errors on body parser middleware (#67)

ad39dc1 (fix) Add metlo ingestor endpoint to address for java/spring (#70)

04791c3 (feature) Java spring ingestor (#66)

d2f59e1 feature: add test client for sample ecommerce service (#64)

c941468 feature: update sample ecommerce service with fastify, and update responses (#63)

06512d5 (feature+fix) Add source to suricata ingestor. Correct endpoint for gcp mirroring (#62)

b5e92b6 feature: add initial graphql changes (#61)

bd885a5 (fix) mirroring UI endpoint (#60)

75eb975 fix(remove extra configs on data-source) (#59)

747de67 Kubernetes fixes for #52 (#58)

490bcd0 fix(optimize-analyzer) (#56)

81c8312 (feature) Pull variables from env file for ingestor (#57)

f6e3aa7 (feature) add aws traffic mirroring to cli (#55)

12c7a1f (feature) Suricata limit by rules (#54)

39c6621 Update README.md

eb24923 add num workers to env

77d1a1e (fix) manage deployment encryption key (#53)

e3c3019 feature(optimize-collector) (#48)

786710f Improvements to node/python ingestor(s) (#51)

f6c3ce4 fix node and python package READMEs

8bd1217 (cleanup) remove metlo egg info

c8d9bf8 deploy python package

0683f92 (bugfix) Add missing response body on fastify (#49)

0db3f74 publish metlo node agent to npm

bde6683 change metlo cli package

0bd095f (feature) Add mutex locking on shared data structures (#46)

a992809 Add better data capture from suricata unix streams (#45)

31a8e05 Python ingestor for django and flask (#43)

358bb84 Add GCP Instructions to README

cea0f65 Fix AWS deploy on README

7bc3630 Add AWS Deploy Button to README

62f7b4b add endpoints, update logic for sample ecommerce service (#42)

2c12831 fix endpoint, data field, and spec generation (#40)

1b190e8 add init-env command to manage-deployment

31742af add manage deployment script (#39)

2cf5f8d sample-ecommerce: add dockerfile, update dependencies, add pm2 (#38)

ae810f5 run build tests on develop

ae24f1a add staging docker-compose file (#37)

064da1d feature(add-initial-migrations): added initial migration work (#34)

ac4fc63 (feature) Add local server address and port to node ingestor (#36)

964eb53 (feature) Add deletion confirmation for api keys (#35)

22dc7de (feature) add fastify compatibility to node ingestor

538dd56 Use object.entries instead of object.values

ab51d14 remove errant logging code for node ingestor

7deb827 change to synchronize in dataSource options

e546793 add initial table migrations

421e668 (feature) Add koa ingestor, modify express ingestor, better auto handling of module selection for monkey patching

50df6b3 add NODE_ENV for dev scripts, fix initialization based on env

788e4f0 update ApiTrace model

c38e155 add migrations, migrations run on initialization, remove synchronize

8014506 remove comments

70ee45b update authentication config

790b83b add warning in generated spec component

b6522b8 (features) Add basic express ingestor

faec3ea add attackView to TraceDetail

f3b21cb update attack components

32ac654 add attack view sessionMeta fields

e4b91c4 check if uuid param is valid uuid before endpoint and alert filtering

2a38282 turn off spellcheck in endpoint and alert search

ab51d65 add encryption key to ingestor environment

8dd6f24 remove console log

a7051fa fix toast formatting

fc83c35 add error handling to settings

d43900a fix alert uuid param

d3f0c8b add toast handler, fix toast messages

99103ce fix authentication config and block fields populate

14202e2 change clear api trace cron time, remove analyzing traces log

7b22e46 add search for alert id, add routing to alerts

89e9462 update job import, fix protection page

0dc4178 separate job scripts, types, utils for jobs

3858792 add updated trace endpoints to list

c3fafb4 (cleanup) remove minute level agg

cb8b1eb (cleanup) move clear api traces into own file

919efc2 get rid of enterprise path in tsconfig

66ec089 remove attack backend

ae21644 fix yaml path pointer lookup

46a460f fix path parameter parsing for spec validation

da12506 add null type checking for spec generation

a7687c8 (feature) change logo of settings page

b67b308 (feature) move api keys to settings page

8a4ee60 (bugfix) add missing for attribute when adding new api key

ead7a20 (feature) List source of API Keys

8b7746b (feature) Add api key source

44f8e28 (feature) Add options to add/list/delete api key

500dc4b (feature) Modify response for create api key

89f4677 (chore) format output of api keys listing

7cf7135 add pagination to endpoint alerts, fix toasts

afed122 update json to yaml converter

254e612 fix alert tab undefined

20c4a22 Change discord link in README to permanent link

bba19c3 Update README.md

e3233d0 update alert message and formatting

ccd9916 fix query, and optimize retrieving specific endpoint

3bfad2f fix endpoint query, update frontend UI and parameters

3f55152 optimized endpoint query, update for data classes, authenticated filtering, and last active filtering

72455e4 add unauntheticated endpoint returning sensitive data alert

39af5fc reorganize logAggregatedStats post

2837a30 add user set authentication

1d7e7c3 add different update time for spec generation or upload

d95dc47 add host to returned fields for alert

d05759e formatting and remove hasher log

e37fd23 update spec model, update logic for spec diff alerts

27f05d8 add isAuthenticatedDetected filtering

cc5ec90 add check for unauthenticated endpoints

3b69566 update spec handler

2c720bb add queryRunner to spec services and fix rollbacks

433023b fix endpoint list

af755f7 don't show new connection page when host count is not 0

ffd3ec2 fix frontend build error

de56c21 optionally collect emails

af2fa7f (feature) Add working kubernetes ingest daemonset

5411747 get rid of uneeded daemon set file

91bf94c organize kubernetes daemonset

107cd3a minor bugfixes

b693aa0 add snooze button

8df1bbe fix spec generation to get traces within timeframe, fix default content type for spec

8b11892 add attack detail page

a990e75 fix alert modal for unsecured endpoint

d62583b update protection directory structure

133a760 (feature) separate out example and deployment yaml for kubernetes

41db5d9 remove console log

e40847f no api key name error handler

a997937 remove execution time logging

68b2650 fix attack response error toast, fix protection table

ebd50a6 formatting

0220746 add protection index, update attack models and backend logic

2a4de4b remove log line

6346d4e (feature) Store hashed key instead of plain text

453f529 (feature) add delete key handler and endpoint

c8ef135 (feature) remove cli option to add api keys

bc2d4db (feature) Add option to list and add api keys from api

0fe61ca update aggregate queries for spec upload and clearing traces

99cc89d (feature) add partial kubernetes file, remove docker-compose.yaml

8d98cc2 add sandbox mode

080c712 (feature) Add api key generation cli tool

2ce8685 (feature) add docker images with combined suricata and metlo ingestor

fa8d797 (feature) set process title on metlo ingestor

65964fb fix spec generation for array types, nullable values, update spec diff additionalProperties parsing

765451c update data field scanning

2b0bcc3 use default if content-type not defined in trace for spec generation, consolidate endpoint generation find query

efa1978 fix spec validation parsing for arrays and error messages

5306ffa update queries for clearApiTraces

0d80858 update queries and fix spec upload

dc30a64 fix trace list home page

cbdc94c add different attack types

15cf238 add attack model and get endpont

4cf8dd5 Update README.md

0fdc01b start protection page

f9e4fcb update data field parsing, scanner, endpoint generation, trace logging, add trace analysis, update jobs

0e3e6d6 remove body parser stringify

eed141b update regexes

a6cf7a4 fix collector populate auth config

a88e961 fix tags cancel, fix json content viewer

3056d38 remove unnecessary conversions in body parser

32ff836 update block fields parsing to only recurse if needed

6d2e4e2 remove totalCalls from apiEndpoint

1325bf3 add shim for enterprise code

d138d52 Update README.md

1d9c914 add additional endpoint match logic for log request

85d2d73 use des-ecb algo for encrypting uniqueSessionId

71846da update new spec upload logic

d47c1d5 fix database transaction

2fe35f1 fix alert filter scroll

e793b59 split up hourly and minutely aggregate trace data tables

b69d70c add jwt handler for auth config

4a246be Update README.md

10cb946 fix authConfig, update aggregate trace data

5f86703 add metlo-config yaml and create sessionMeta for trace

2f0b11d update spec component in endpoint detail

992f33d add ui tooltip for conversion

bbd9d40 add swagger conversion to v3

74a411c formatting

cc600b5 update traces delete

f1ec84f (fix) fix rebase conflict

0d2d76f (chore) cleanup api, services functions

c71bb97 (chore) update body parser to parse multipart content, fix additionalProperties parsing

c15ba9c (fix) fix spec UI

644c05b Add discord community to readme

728cd08 (feature) add check on source instance type for valid aws instances

606b1a0 (chore) add media type validation to response validator, use updated packages, toast fix

bae94cd (fix) fix trace detail json view

3971399 add session secret env var to docker compose

01d1892 (fix) fix url pathing for spec detail page

13859cb (chore) home page style

35216fd (chore) use update instead of save for alert and endpoint risk score update

578f754 (style) home empty view

5b4feba (chore) add empty view home page

8744f8a (chore) update removed similar endpoint aggregate data to point to new endpoint

30146aa (fix) fix usage charts

169a3ad (chore) update aggregate data logging and model

9a374cb Update README.md

fce1a8f Update README.md

a4ec8e8 Update README.md

d5b15ea Update README.md

dbec82d Update README.md

4659f23 (fix) No HSTS Alert

297775a (fix) fix doughnut chart tooltip

7cf74b1 (chore) update get daily usage queries to use aggregate table

2c8c241 (feature) add aggregate trace data table and update clear api trace job

48af715 (feature) add script for generating alert

2a69c52 (fix) fix body parser middleware to handle array of trace params

f0b3752 Update README.md

5ea4581 add security policy

8619027 Update README.md

7ea83ff (chore) delete traces that are more than hour ago

28dc072 pass env vars in docker compose

42e0e90 add ability to disable logging

adcb4b1 (feature) log aggregated stats

a76d6f4 (chore) update local docker compose

4d3abf1 (chore) include block_fields yaml in volume

2b024ca Add instance settings table

6acef7f (feature) style test-editor method selection

d04579c Update README.md

8dc686b Update README.md

527b809 (chore) move verify api key middleware

2306048 (feature) add body parser middleware

5945770 (feature) support env vars for tests

ebebc88 update readme

a500d60 (bugfix) miscellaneous bugfixes

62ccf36 (bugfix) Add title to delete modal

5d53b0d (feature) add confirmation to test editor delete

bbbbebc hide delete button for new test

6cdd12e (feature) Delete an endpoint test

e0b6fe6 (feature) add rest of the features to testing

8ff72aa (fix) cli script

d86648d fill in test api function in cli

f2fe177 (feature) replace credentials file if user asks

4432014 (feature) Add option to provide host on init to metlo cli

104b135 use @metlo/testing in cli

6d85806 (chore) update spec diff errors to not add format/type errors for disabled paths

4f7c513 (feature) start cli

2ad1d36 (feature) Add api endpoint information to list endpoint test

0149d03 (chore) update spec diff alert

777fa33 (chore) add '[REDACTED]' to blocked fields instead of removing

be01d10 (feature) list enpoint tests filtered by endpoint hostname

79443a5 (feature) replace newman with metlo's own testing library

e443a12 (chore) update database execute transactions

8b6dd5d (chore) add ability to provide paths for all methods and fix db model

d0bd71b (fix) fix path regex for all endpoints of host for block fields

d5f6257 (feature) delete gcp connections

5385b62 (feature) list source type on gcp connection

b5b6707 (feature) Add other mirroring options for GCP

e0843cd (fix) fix block fields table data initialization

56e84d5 (feature) add job for clearing api traces

34da541 (chore) move block fields to service

7d4fcb2 (feature) add removing select fields from api trace before storing in db

9050b00 (chore) Ignore vscode setting files in git

a91f799 (chore) Add gcp source type enums

07b1310 (feature) Add mirror source selection to AWS connection

ddd7de1 (fix) vulnerability list count

f09b676 (chore) create user on initialization

69690fb add vulnerabilities page

c8c9976 (chore) fix alert modal style

ace71b1 (chore) alerts page styling

3c9d993 (feature) add host filtering to alerts

c5ee035 remove dark mode switch

b55dc3e (feature) add additional property and unevaluated property validation to request body, update request error alert generation

f3fb007 (chore) update data field detail style

0c1f812 (chore) add index on apiEndpointUuid

1658061 (feature) Add gcloud to backend dockerfile

1d95545 (feature) Additional styling elements for missing hsts alert frontend

3cb54eb (fix) fix build error with linter

2da24e2 (chore) style fixes

6a10a79 (fix) fix error messages on backend, remove search, add title on open api spec

3cab5e0 (style) endpoint page risk tag

e8f309b (style) adjust data heading and data attr

964c8bb (fix) fix spec height

bb2fd0c (feature) add ui components to Spec display

b41d9fd (fix) update offset on alert type change

3b8e0a4 (bugfix) Add axios to dependencies for backend

2b2a3df (feature) present api trace instead of trace uuid in hsts alert

66dc1b4 (feature) add missing HSTS alert

e85a344 (feature) Avoid listing autogenerated api specs

f5d13d1 (feature) Delete API spec

401ef1b (feature) add data field deletion

f55a529 style home page

9a74060 (chore) color update

87f3bd4 (chore) add const colors to home chart

4760d41 (chore) formatting, colors

bd1d594 add charge endpoint to payment processor test ingestor

f6677ae stop auto detection of driver license fields (#24)

8cc8277 (feature) add ingestor to docker compose

c5d4033 add payment processor sample data to test ingestor

1710743 add more endpoints to ecommerce test ingestor

34d1391 (chore) add yarn lock

b9c84c9 (feature) add sample-ecommerce service

48135a2 (chore) remove extra space

e3cb444 (chore) update express json limit size

42dbafd (bugfix) fix dev-collector path

4fb13ce (bugfix) fix useEffect missing dependancy array warnings for gcp and aws connections

b9ed745 (chore) Move collector one directory up to /src

6e33718 (feature) Add api key verification to collector

72f2584 (chore) Add api key to test ingestor

57bc825 Add api key to ingestor service file

4a10e49 (chore) remove separate data source for collector

5784c50 Set interface on suricata.yaml instead of rules

cd8f126 (chore) mark key column for ApiKey as unique

762353b (feature) Add auth keys to suricata ingestor

cd145ff (feature) Separate out collector

228fc1c Fix the destination source

027651c (feature) add sensitive data in path params alert

27a75a9 keyboard shortcut in test editor

23affa0 (style) fix styling on sensitive data ane endpoint pages

20a91ac wire up latest alerts

cbf563c (chore) link sensitive data to endpoints page with filtered options

9e9ac28 (chore) remove unused alert

7979bf8 (style) no hover color on sensitive data page

2bf135f (fix) fix request location labels

9da6679 (chore) update endpoint data table, clean up get endpoints service

8420f9c (chore) add error messages for spec validation

2374b37 (fix) fix issues with data tag list

34ce8c2 (feature) sensitive data page

9d94ae3 (chore) add tooltip to relative time, move maps

d26214a (fix) fix children component issue, fix endpoint table pagination

97f3b7d (chore) formatting

41785f4 (fix) style fix on alerts tab, remove unresolve, fix placeholder logic, fix pagination counting logic

06e07c8 (chore) update endpoint firstDetected and lastActive, add data classes and search to endpoints page

3a691ec (chore) consolidate query runner raw queries into DatabaseService

885f5ba (fix) remove log

4c71789 upgrade next and fix errors

a5d0ba1 Revert "upgrade next"

a73831e upgrade next

cbe9746 (style) make more room on endpoint and alert pages

dbda826 Add GCP connections for mirroring (#22)

6a1e2c5 (fix) properly obtain and release connections when running queries

2ee4968 (feature) add sensitive data and vulnerability page placeholders

17f978f (fix) set open by default on alert page

67e876a (fix) add some undefined fixes for spec generation

962577a handle empty state home

daf43d6 redo home page

60ac128 (feature) add basic authentication detected alert

047a5ec (feature) add sensitive data in query params alert

5738db8 (feature) add additional parameters errors for response body

ed3ae30 (chore) use database service for update spec

726c46c (feature) use query params for initial alert filters

3caab70 restructure alerts page code

ef1a554 (style) PII Chart Labels

24f2cfd [Snyk] Upgrade @types/node from 18.6.4 to 18.6.5 (#20)

0d099bd (chore) add validation error message based on type

e031b34 (feature) add openapi schema validator

b410ee5 (chore) add path parameters to spec generation

6d0dc62 (fix) update endpoint model, match trace with lowest number params endpoint

db02337 (fix) handle '/' paths in sync endpoints, add empty dataClasses on new instantiation

83eba54 (chore) update docker compose with redis

86d6409 (feature) add pii alert, update UI for alerts

b620cd2 (fix) fix issues with spec diff and spec generation

6d36bf5 (chore) remove unused handler, update endpoint query

2539841 (fix) try parsing path parameter as number otherwise keep as string

df0c4ad (chore) update styles on alert

e8d4c7a don't allow deleting autogenerated specs

f37db6b add test status tags

86c89fc (fix) test editor saving

0f80f8a (bugfix) match destination and source urls, fix casing for ports

d5d92ec (bugfix) match up ingestor response to single log request

cf13d7f (chore) Add default outgoing filter on aws traffic filter

b35a84a (chore) Show message on completion

bdec808 (bugfix) fix suricata installation files

4d8dea3 (bugfix) Mirroring filter direction correction

b7a7fe8 (chore) Save on ssh task end

fa23c6e (chore) Add back missing functions lost during rebase

a1d0b8b (chore) Setup mirror rules to only mirror things from source ip

09386cb (chore) fetch long running connection like an async jobs

d51795b (chore) Reorganize ssh files

331b61b (bugfix) Bugfixes for delete connection

9f61ed8 Delete connections

2205afc (chore) update detail view left panel

08b36ee (chore) update full detail view

6437687 (fix) fix heights in alert detail

86258a3 (chore) fix formatting

7918088 (feature) update alerts model, backend logic, frontend UI

f5cdbac (style) test page

119af67 (style) switch detected field icon

f396c39 (style) resizeable panes

082a165 (fix) data field update fixes

a4291fc tag list for data classes

6c8497d [Snyk] Upgrade @chakra-ui/icons from 2.0.4 to 2.0.6 (#17)

283a519 [Snyk] Upgrade @chakra-ui/theme-tools from 2.0.5 to 2.0.7 (#18)

a03e16c [Snyk] Upgrade chart.js from 3.8.2 to 3.9.1 (#19)

0c1bec3 (fix) get rid of semicolon

51d0bcb (feature) add scannerIdentified to data class model, update some logic

a58fc7b Prettify all TS/JS files (#14)

d9d8b44 (feature) change data field model, update data field logic, update detected fields UI, add database service, fixes to endpoint generation

aa907d8 (feature) update alerts model and backend logic for alerts

28cd32b (fix) fix data field parsing for body data

450c3b3 (chore) add dictionary word check for suspect parameter

931bf33 (chore) add description to spec generated responses

acef44a (fix) fix non json parsing for open api spec generation

493cbfa (fix) prexpand rows with fields, change empty view size

2c890f4 (feature) test running job

1e57279 add tags to tests

cf32b00 (bugfix) add missing parameters to suricata output interface

ae8588d (chore) Match suricata output interface to test-ingestor

15c7b17 (chore) Modify prod docker compose and setup files

6d0d513 move init sql to root

67454fc build common module with jobrunner

423b852 (fix) running tests with no tests defined

7848377 (feature) finish wiring up tests

d7b7aa9 (bugfix) remove errant ',' in backend package.json

08e3267 (chore) add dependencies to backend

01e90cf (chore) Add backend configuration for GCP

d17447b (chore) Modify designs for Connection Info UI

35ef7a0 (chore) fix script file paths and move scripts folder

f96bb4c Move installation scripts to within src/suricata-setup

5b0cc73 Reorganize files to make structure consistent with logic

a4400ea test page toasts

ec99b06 (fix) fix generate endpoint job, remove uneeded code in index file

7672a56 (fix) fix open api request/response validation

2fcc66e (chore) update gitignore

a9cd877 (chore) move logic to data field service

a3a29e9 add headers to test ingestor

b279b29 (fix) use secret from env var

530b847 (feature) update data fields UI, update backend data fields logic, add path parameter fields

4ba093e (fix) fix filter options being cut off, update search message

a26f567 (feature) add test list filters

a4e9d04 (fix) infinite render loop on test page

59ed7b9 (style) testing page cleanup

64e76dc (chore) formatting and update imports

6910a5a (feature) add all traced data fields to endpoints

51fc5af (fix) fix imports from common in backend

3a05fb8 (chore) add request parameters/headers/body and response headers/body as well as schema definitions with open api spec generation

db31fba (feature) Add authentication support for 'basic' auth methods

367c167 style testing page

2b736c9 (chore) Fix test method selection styling

7459417 (chore) Fix styling attributes for data preview

ee358f6 Basic styling and setup for test response body preview

e954fce Update README.md

22b7a08 style test list

c85ba0c Update README.md

6b255e1 (bugfix) fix typings for api endpoint tests

ec88438 (bugfix) correct path for opening individual test page

d14a289 (feature) Add listing of test on endpoints page

c62c5b0 fix build

0ab70dd add to readme

39bf933 List tests page

6bc9840 create save test service in frontend

0da9e13 endpoints for list tests

4e359d1 delete test data

61e6d90 (chore) Wire up saves for endpoint tests

441d2b5 (feature) Add testing product (#6)

66ea164 feature(connections) : Connections UI (#11)

e535cdd feature(mirroring) Support mirroring on AWS and set it on user behalf (#7)

168bbb2 add nvmrc

a54406c add build status shield

25b388f Combine frontend and backend workflows (#5)

6439cd8 Setup Build Workflows (#4)

6510392 frontend build dep path

d4010b5 different way of setting up working directory

713cab0 update build workflow

9b7675b Create node.js.yml

3a39562 specify default branch

5f97436 test build frontend job

254e582 add titles

b5f8cc9 add favicon

0505d39 (style) Use new logo (#3)

6a9f9d8 Merge pull request #2 from metlo-labs/sortby-riskscore-for-lists

2964ab4 return getEndpoints with entries ordered by risk score high to low

3e553e0 return getAlerts with entries ordered by risk score, createdAt date high to low

efec2d4 fix isRisk PII styling

544c533 change risk score calc

04a1a13 format

446a632 pii data fixes

5d8dccf add make purchase ingestor

7a97c74 generate endpoints script

5ad0f50 (styling) increase risk score column width on endpoints

c5d60d8 fix(openapi-spec-parsing): update openapispec services and frontend UI (#1)

f5405f1 add name to test product producer

e0bc325 add new test data producer

3b039ff update responses

029f47d fix alert detail UI

1d6c569 alert for open api spec diff

e4c0727 add usage work frontend and backend

42d7794 fix endpoint page styling

050781c open specific detail if uuid specified

5b6e423 frontend formatting

db17e32 add linting, fix lint issues

c37278c consolidate frontend imports

c4dfdf8 Add security group info to ec2 instance creation

8e99809 Suricata setup over ssh

1dcf0f6 Add files to push

8ec87a5 fix tsconfig builds

bb119a1 basic installation setup over ssh setup

48aa829 add noDataComponent on endpoint tabs

3f37581 fix empty state

07504d8 endpoint pii fields, styling fixes, backend data class api update

ccb392e empty view styling

5ded8f8 apply conditional styling

e24883a make row columns clickable

b5a8f52 details for alerts

d97cdcb highlight selected row

c3471a5 fix returns, add method signatures

8fdc440 redo trace list

cbc0c74 update backend dockerfile, remove backend types and enums

ae08ae9 consolidate enums

80ba0d2 consolidate types

b6ca0e2 add local constant import

42e1423 change to absolute imports, update yarn commands

41077eb Add tsconfig.json for suricata ingestor.

310ce62 better labels for functions

d12bb0e Setup of machinery for suricata complete.

b304369 Test and fix instance setup

04c4b1b basic stuff for setting up instances

9a87fcb export functions for instance creation

2dddd74 List region for a given network interface

1b131d1 List region for a given instance

67343d1 move models inside src, update imports

f8bad89 fix home page layout

a6935d1 update pii field handlers, update pii field backend

3dfa175 fix resolving

61c2194 alert tabs, alert detail, resolve stuff

aa1047d default tab change

e8cca69 trace page styling

1337da5 fix test ingestor port name

227761d fix typo

358c0f3 fix test ingestor path

49aec28 add job runner to docker compose

fae1688 commit activity per month

02c70b4 disable x-powered-by

2383e9e fix scan

c5a124b add top alerts

fd95bab add condition to scan

c67b4f9 fix spec api and page

2df87e1 fix test date

b2d5524 fix pii fields and traces tabs

ff00149 push to docker command

00b4ef9 change logo

4ad5ac1 fix api urls

9cf38bd return keypair when creating instance, remove logs

576fbe0 Update readme, more utils

60a015d Create Mirror Session

ea0080a Add traffic mirroring filter rules

1eaff38 Create mirror target

0226550 Add steps to create a new instance

df61cad alert page, alert tab, more alert backend

0f3bfbc add license

0fd48a7 add readme

b49f0ee fix

3530019 test badge

0703189 shrink logo height

0463276 get summary

163ee25 start summary backend

5cc6dda resolve alert

a1011d7 alert backend

5db13d7 update error message

1d43b8c finish update spec

ca885b4 update endpoint path

3a68033 update spec file put

2658d6f updated spec endpoint paths

a9acdee styling

03b56de trace detail

35bf60b work on spec page

1ae7b7d start spec page

aacd2f5 Merge branch 'master' of github.com:metlo-labs/metlo

a54ff43 spec handler

5f2ff91 add last updated to spec list

aaa683e add date time

c3356c4 fetch hosts fix

a53bf45 risk score sensitive data

1a84fd0 upload new api spec

d8d5059 update score when spec uploaded

787a8dd remove environment filter

d0ce6a1 20 traces for endpoint

0673862 risk score, database save issue fixes

782dcc4 more work on spec list

bf5aeb7 spec list page

4f27f5c Revert "use common in backend"

4f591cc use common in backend

b9e662a start spec list component

5443f1d add createdAt, updatedAt to openapiSpec

4f485bc endpoint page ssr

e25b45c settings -> specs

764324d fix spec generation

6c4d333 add extension, fix spec showing

109e619 stringify spec with formatting

ddd779f get firstDetected and lastActive

f7ed5c9 add host filtering

6bad360 add make file

73cf5af fix build

9e02b81 add postgres to docker compose

09ae754 pagination on endpoints

7b87baa remove cors

7d2a194 start hooking up stuff, backend endpoint changes, common type changes

72e0a97 add cors

2cf3a11 add quickstart to readme

bae64ed change port

c7b5459 docker compose

924d6e6 use env var for backend

a46d403 update isRisk

525abc3 remove errant closing brace

5bf5fca refactor to pass client instead of config, create new instance

7962fd6 Add function to create and upload new keypair for instance

7a38ab5 Add yarn files

0ffcb29 describe instance details and get all instances meeting specifications

ee77fe1 Add listing for latest ubuntu 20.04 image

fdac515 update already defined endpoint if exists when generating endpoints from traces

d2770f9 update spec defined endpoints with totalCalls and matched data classes of removed endpoints

597394f frontend docker image

58f916c backend docker image

7342939 fix types

7aac3bd check for sensitive data when generating endpoint from traces

1e79e96 reroute api calls to backend

155e8a2 base /api/v1 endpoint

279f2b9 change to /api/v1

a723494 find sensitive data in body, reorganize

0cd4e83 add new endpoint to test data

1e53381 fix update spec handler

24d27d5 forEach instead of map

56f3d89 update job

cef05f2 call generate spec after generate endpoints

eaf57a7 node jobs script

fa653dc change test ingest speed

a28ba1d add generate to auto generated spec name

648e9d3 fix generate open api spec

14de909 add generate spec func, fix new spec file issues

68ef491 change readme header

206761e readme header

8144909 clear frontend readme

a20470f light mode code editor

b717cc1 add pii data chart

ccdb706 get spec list

19b3fd9 fix endpoint generate from traces for host and method

ba587c1 add openApiSpec to detailed endpoint, add autogenerated column

78bd1a4 add coming soon to tests

0f35b8c alert page

ed764ae Some cleanup and bug fixes

b4dfc09 Add cli stuff for ingestor. Push alert to remote url

d1f1593 issues -> alerts

4449426 fix log request

ff2d594 make responsive

cf045cd fix types

6ce05c1 update spec

43f817f redo endpoint layout

c71ab9a add and remove specs, fix logic

b74fb7e only update endpoint if exists in log request call and assign endpoint to trace

46953e1 new spec handle

c16fe32 Add basic data ingestor from suricata

a71e2a8 add back types, enums for now

365fd1f format

b1df65c add dependencies, move things around, fix models and code issues

28ba588 add high risk alerts

784fe57 add endpoints to alert on home

85bd6b8 add alert list to home page

e2cea7d fix styling

5c18add connection list

43296d3 @common and alert list

5e5a3fc add home page stats

2e34ada work on trace list

96099f2 add trace list

0c91ad6 use common types in frontend

ab4218b add common package with types

acbd35e add response handlers and file upload endpoint

a83c443 fix

83ac7da add endpoints from traces

a44d7c7 fix sidebar layout

9f3157f add endpoint handlers

75027ac log in apiendpoint and matchedDataClass tables

4a90977 formatting

6970687 add get endpoints

1be064d work on endpoint page

05c79c8 work on endpoint page

c45b72b table fixes

f3bf095 ui work

95579f1 use next link

89aca69 add pages

4b29163 add some log request stuff, fix regexes

9b123fb change colors

06446d4 start sidebar

efaf371 start sidebar

365559b regexp things, model updates, service fixes, types, scan func

ffc0f54 fix models, update log-request

1d700dc update tsconfig

d56565c switch to yarn

0ccc75c tie test ingester to backend

a87b946 add batch for logrequest

253027f add log request service

61ec051 start test ingester

e707708 add typeorm, models, enums, types

1e3168c add api log-request, bodyparser

22e1f29 frontend initial setup

9554769 initial commit

3233370 Initial commit

Source code(tar.gz)
Source code(zip)
metlo_0.0.1_checksums.txt(485 bytes)
metlo_0.0.1_darwin_amd64.tar.gz(3.35 MB)
metlo_0.0.1_darwin_arm64.tar.gz(3.24 MB)
metlo_0.0.1_linux_386.tar.gz(3.09 MB)
metlo_0.0.1_linux_amd64.tar.gz(3.23 MB)
metlo_0.0.1_linux_arm64.tar.gz(2.96 MB)

Metlo is an open-source API security platform.

Related tags

Overview

Metlo API Security

Metlo is an open-source API security platform

Quick start

Features

Endpoint Discovery

API Testing

Protection

Development

Comments

metlo.yaml:

First problem/question

Second problem/question

Releases(v0.0.3)

v0.0.3(Dec 12, 2022)

v0.0.2(Dec 9, 2022)

Changelog

v0.0.1(Dec 9, 2022)

Changelog

Owner

The open-source security lake platform for AWS

An Open-Source Platform to certify open-source projects.

Cloud security platform web with steampipe

Reference for How to Write an Open Source JavaScript Library - https://egghead.io/series/how-to-write-an-open-source-javascript-library

This project is for hacktoberfest to encourage new developer and open source developers to contribute to open source and improve skills which require debugging, write testable code, industry standards, problem solving and many more,

This is a project for open source enthusiast who want to contribute to open source in this hacktoberfest 2022. 💻 🎯🚀

Monitor your code for exposed API keys, tokens, credentials, and high-risk security IaC misconfigurations

Improve the security of your API by detecting common vulnerabilities as defined by OWASP and enforced with Spectral.

Bringing an all Open-Source Platform to study Data Structures and Algorithms ⚡

MagicMirror² is an open source modular smart mirror platform

LucaMail - an Open Source,Cross Platform Email Client

An open source movie library platform for viewing movie info and saving movies for later.

Open source data infrastructure platform. Designed for developers, built for speed.

Open source data infrastructure platform. Designed for developers, built for speed.

🧙 Mage is an open-source data management platform that helps you clean data and prepare it for training AI/ML models.

Brickdoc is an open-source compound document-based online workspace and low-code development platform.

Brickdoc is an open-source compound document-based online workspace and low-code development platform.

MashCard is an open-source all-in-one workspace and low-code development platform.

Windmill: Open-source platform and runtime to turn any scripts into internal apps, integrations and workflows