{% extends "base.html" %}
{% block content %}
    <div class="page-header">
        <h3>API Documentation</h3>
        <p>
        The websnort API is currently implemented as a blocking synchronous HTTP POST.
        If you have a large ruleset defined for your instance or many concurrent requests,
        timeout issues could be a problem.  An asynchronous job submission API is possible
        if there is enough interest.
        </p>
        <div class="overview">
        <table class="table table-striped table-bordered">
        	<thead>
        		<tr>
        			<th>URL</th>
        			<th>Method</th>
        			<th style="width: 25%;">Description</th>
        			<th>Successful Response</th>
        			<th>Unsuccessful Response</th>
        		</tr>
        	</thead>
        	<tbody>
        		<tr>
        			<td>/api/submit</td>
        			<td>POST</td>
        			<td>Accepts a multipart/form-data submission containing the pcap 
        				file to scan and returns a results json dictionary.        				
        			</td>
        			<td>
        				{"apiversion": "version",<br/>
        				 "status": "Success",<br/> 
        				 "filename": "filename"<br/>
        				 "filesize": bytes,<br/>
        				 "md5": "hexstring", <br/> 
        				 "start": "YYYY-MM-DDTHH:mm:SS.sssssss",<br/> 
        				 "duration": seconds,<br/>
        				 "analyses": [<br/>
        				 {"status": "Success",<br/>
        				 "name": "configname",<br/>
        				 "module": "idsname",<br/>
        				 "version": "idsversion",<br/>
        				 "ruleset": "label",<br/>
        				 "duration": seconds,<br/>
        				 "alerts":[<br/>
        				 {"source": "ipaddress", <br/>
        				 "destination": "ipaddress", <br/>
        				 "protocol": "protocol name",<br/>
        				 "classtype": "alert classificaiton", <br/>
        				 "sid": signature_id, <br/>
        				 "timestamp": "YYYY-MM-DDTHH:mm:SS.sssssss", <br/>
        				 "message": "alert description", <br/>
        				 "revision": signature_revision}]},<br/>
        				 ]}<br/>
        			</td>
        			<td>
        				{"apiversion": "version",<br/>
        				 "status": "Failed",<br/> 
        				 "filename": "filename"<br/>
        				 "filesize": bytes,<br/>
        				 "md5": "hexstring", <br/> 
        				 "start": "YYYY-MM-DDTHH:mm:SS.sssssss",<br/> 
        				 "duration": seconds,<br/>
        				 "errors": ["Error description / details"] <br/>
        				 "analyses": []}<br/>
        			</td>
        		</tr>
        	</tbody>
        </table> 
        </div>
        <h3>Example</h3>
        <pre>
$ curl -i --form file=@test.pcap http://localhost:8080/api/submit
HTTP/1.0 200 OK
Date: Sun, 31 Aug 2014 02:52:50 GMT
Server: WSGIServer/0.1 Python/2.7.6
Content-Length: 1001
Content-Type: application/json

{
    "status": "Success", 
    "errors": [], 
    "apiversion": "0.4", 
    "filename": "test.pcap", 
    "start": "2014-08-31T12:52:48.828358", 
    "filesize": 12373, 
    "duration": 2.134792, 
    "analyses": [
        {
            "status": "Success", 
            "name": "snort", 
            "alerts": [
                {
                    "source": "10.1.1.132:58650", 
                    "classtype": "Detection of a Network Scan", 
                    "protocol": "UDP", 
                    "sid": 1917, 
                    "timestamp": "2014-01-28T21:26:04.885446", 
                    "message": "SCAN UPnP service discover attempt", 
                    "destination": "239.255.255.250:1900", 
                    "revision": 6
                }
            ], 
            "module": "snort", 
            "version": "2.9.6.0 GRE (Build 47)", 
            "ruleset": "community", 
            "duration": 2.131043
        }
    ], 
    "md5": "22bd2cfbdea14676ef4211e539cbb535"
}        </pre>
    </div>
{% endblock %}