![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4&size=40){kind=avatar}
A simple WebUI for displaying latest events from Falco. It works as output for Falcosidekick.
Events are stored in a Redis server with Redisearch module (> v2).
Usage of Falcosidekick-UI:
-a string
Listen Address (default "0.0.0.0", environment "FALCOSIDEKICK_UI_ADDR")
-d boolean
Disable authentication (environment "FALCOSIDEKICK_UI_DISABLEAUTH")
-l string
Log level: "debug", "info", "warning", "error" (default "info", environment "FALCOSIDEKICK_UI_LOGLEVEL")
-p int
Listen Port (default "2802", environment "FALCOSIDEKICK_UI_PORT")
-r string
Redis server address (default "localhost:6379", environment "FALCOSIDEKICK_UI_REDIS_URL")
-t string
TTL for keys, the format is X<unit>,
with unit (s, m, h, d, W, M, y)" (default "0", environment "FALCOSIDEKICK_UI_TTL")
-u string
User in format <login>:<password> (default "admin:admin", environment "FALCOSIDEKICK_UI_USER")
-v boolean
Display version
-w string
Redis password (default "", environment "FALCOSIDEKICK_UI_REDIS_PASSWORD")
-x boolean
Allow CORS for development (environment "FALCOSIDEKICK_UI_DEV")If not user is set and the authentication is not disabled, the default user is
admin:admin
docker run -d -p 2802:2802 falcosecurity/falcosidekick-uigit clone https://github.com/falcosecurity/falcosidekick-ui.git
cd falcosidekick-ui
go run .
#or
make falcosidekick-ui && ./falcosidekick-ui
| Route | Method | Query Parameters | Usage |
|---|---|---|---|
/docs |
GET |
none | Get Swagger Docs |
/ |
GET |
none | Display WebUI |
The UI is reachable by default at http://localhost:2802/.
The prefix for access to the API is
/api/v1/. The base URL for the API ishttp://localhost:2802/api/v1/.
| Route | Method | Query Parameters | Usage |
|---|---|---|---|
/ |
POST |
none | Add event |
/healthz |
GET |
none | Healthcheck |
/authenticate, /auth |
POST |
none | Authenticate |
/configuration, /config |
GET |
none | Get Configuration |
/outputs |
GET |
none | Get list of Outputs of Falcosidekick |
/event/count |
GET |
pretty, priority, rule, filter, tags, since, limit, page |
Count all events |
/event/count/priority |
GET |
pretty, priority, rule, filter, tags, since, limit, page |
Count events by priority |
/event/count/rule |
GET |
pretty, priority, rule, filter, tags, since, limit, page |
Count events by rule |
/event/count/source |
GET |
pretty, priority, rule, filter, tags, since, limit, page |
Count events by source |
/event/count/tags |
GET |
pretty, priority, rule, filter, tags, since, limit, page |
Count events by tags |
/event/search |
GET |
pretty, priority, rule, filter, tags, since, limit, page |
Search events |
All responses are in JSON format.
Query parameters list:
pretty: return well formated JSONpriority: filter by priorityrule: filter by rulefilter: filter by termsource: filter by sourcetags: filter by tagssince: filter by since (in 'second', 'min', 'day', 'week', 'month', 'year')limit: limit number of results (default: 100)page: page of results
docker run -d -p 6379:6379 redislabs/redisearch:2.2.4Requirements:
go>= 1.18nodejs>= v14yarn>= 1.22
make falcosidekick-uimake lintmake lint-fullRequirement:
make docs
- Thomas Labarussias (https://github.com/Issif)
- Frank Jogeleit (https://github.com/fjogeleit)
![@dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=64&v=4){kind=small}
