Tanner WEB
==========
Tanner WEB provides various stats related to traffic captured by snare in UI form. It can be accessed at ``locahost:8091/``.

/
~~~~
This is the index page which has a logo (mushorg) with ``Tanner web`` written below it.

Below that we can find general info of the tanner instance:

* **Tanner version** -- Which shows the version of tanner instance
* **No. of snares connected** -- Which shows the number of snares connected to the tanner instance
* **Latest session** -- Which will navigate you to the latest session's info page
Below that we can find a clickable which states, ``Click here to navigate to snares list``, clicking which will move you to the ``/snares`` page.

/snares
~~~~~~~~~~ 
This shows all the snares' uuid. Each snare object is clickable. Clicking displays the page **/snare/<snare-uuid>**

/snare/<snare-uuid>
~~~~~~~~~~~~~~~~~~~~~~
Replace ``<snare-uuid>`` with a valid `snare-uuid` and it will provide two options:
	* **Snare-Stats** -- It will move you to **/snare-stats/<snare-uuid>**
	* **Sessions** -- It will move you to **/<snare-uuid>/sessions**

/snare-stats/<snare-uuid>
~~~~~~~~~~~~~~~~~~~~~~~~~
This page shows some general stats about the snare

	* **No of Sessions** - Total no of sessions of the snare
	* **Total Duration** - Total durations during which sessions remain active
	* **Attack Frequency** - Frequency of different attacks made on the snare

/<snare-uuid>/sessions
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This shows all the sessions' uuid. Each is clickable. Clicking displays **/session/<sess-uuid>**
Filters can be on the sessions using the input box and clicking the ``Apply`` button.
Filters are sepatated by ``white-space`` and name-value pair are separated by ``:``. E.g ``filter1:value1 filter2:value2``.

It supports 6 filters:
	* **peer_ip** -- Sessions with given ip. E.g ``peer_ip:127.0.0.1 ``
	* **user-agent** -- Sessions with given user-agent. E.g ``user-agent:Chrome``
	* **attack_types** -- Sessions with given attack type such as lfi, rfi, xss, cmd_exec, sqli. E.g ``attack_types:lfi``
	* **possible_owners** -- Sessions with given owner type such as user, tool, crawler, attacker. E.g ``possible_owners:attacker``
	* **start_time** -- Sessions which started after `start_time`. E.g ``start_time:1480560``
	* **end_time** -- Sessions which ended before `end_time`. E.g ``end_time:1480560``
	* **location** -- Sessions which have been done from the specified geometric `location`. It can take value of either country, city, country_code or zip_code. E.g ``location:India``, ``location:Mumbai``, ``location:US``, ``location:636005`` etc

Multiple filters can be applied as ``peer_ip:127.0.0.1 start_time:1480560 possible_owners:attacker``

/session/<sess-uuid>
~~~~~~~~~~~~~~~~~~~~~~~~
It gives all information about the session with given uuid. Here you may find some of the text clickable such as 
``peer_ip``,``possible_owners``, ``start_time``, ``end_time``, ``attack_types``. Clicking on them will display all the sessions will same attribute value.