Home

Awesome

Falcosidekick-ui

Falco Ecosystem Repository Incubating

release last commit licence docker pulls

Description

A simple WebUI for displaying latest events from Falco. It works as output for Falcosidekick.

Requirements

Events are stored in a Redis server with Redisearch module (> v2).

Usage

Options

Precedence: flag value -> environment variable value -> default value

Usage of Falcosidekick-UI:  
-a string
      Listen Address (default "0.0.0.0", environment "FALCOSIDEKICK_UI_ADDR")
-d boolean
      Disable authentication (environment "FALCOSIDEKICK_UI_DISABLEAUTH")
-l string   
      Log level: "debug", "info", "warning", "error" (default "info",  environment "FALCOSIDEKICK_UI_LOGLEVEL")
-p int
      Listen Port (default "2802", environment "FALCOSIDEKICK_UI_PORT")
-r string
      Redis server address (default "localhost:6379", environment "FALCOSIDEKICK_UI_REDIS_URL")
-t string
      TTL for keys, the format is X<unit>,
      with unit (s, m, h, d, W, M, y)" (default "0", environment "FALCOSIDEKICK_UI_TTL")
-u string  
      User in format <login>:<password> (default "admin:admin", environment "FALCOSIDEKICK_UI_USER")
-v boolean
      Display version
-w string  
      Redis password (default "", environment "FALCOSIDEKICK_UI_REDIS_PASSWORD")
-x boolean
      Allow CORS for development (environment "FALCOSIDEKICK_UI_DEV")

If not user is set and the authentication is not disabled, the default user is admin:admin

Run with docker

docker run -d -p 2802:2802 falcosecurity/falcosidekick-ui

Run

git clone https://github.com/falcosecurity/falcosidekick-ui.git
cd falcosidekick-ui

go run .
#or
make falcosidekick-ui && ./falcosidekick-ui

Endpoints

RouteMethodQuery ParametersUsage
/docsGETnoneGet Swagger Docs
/GETnoneDisplay WebUI

UI

The UI is reachable by default at http://localhost:2802/.

API

The prefix for access to the API is /api/v1/. The base URL for the API is http://localhost:2802/api/v1/.

RouteMethodQuery ParametersUsage
/POSTnoneAdd event
/healthzGETnoneHealthcheck
/authenticate, /authPOSTnoneAuthenticate
/configuration, /configGETnoneGet Configuration
/outputsGETnoneGet list of Outputs of Falcosidekick
/event/countGETpretty, priority, rule, filter, tags, since, limit, pageCount all events
/event/count/priorityGETpretty, priority, rule, filter, tags, since, limit, pageCount events by priority
/event/count/ruleGETpretty, priority, rule, filter, tags, since, limit, pageCount events by rule
/event/count/sourceGETpretty, priority, rule, filter, tags, since, limit, pageCount events by source
/event/count/tagsGETpretty, priority, rule, filter, tags, since, limit, pageCount events by tags
/event/searchGETpretty, priority, rule, filter, tags, since, limit, pageSearch events

All responses are in JSON format.

Query parameters list:

Development

Start local redis server

docker run -d -p 6379:6379 redislabs/redisearch:2.2.4

Build

Requirements:

make falcosidekick-ui

Lint

make lint

Full lint

make lint-full

Update Docs

Requirement:

make docs

Screenshots

falcosidekick-ui falcosidekick-ui falcosidekick-ui falcosidekick-ui falcosidekick-ui

Authors