Tanner API
==========
Tanner api provides various stats related to traffic captured by snare. It can be accessed at ``locahost:8092/?key=API_KEY``.

where, ``API_KEY`` is a JWT-token created by a particular tanner-api, which can be found during tanner-api startup: 

``API_KEY for full access: 'API_KEY'``

How to create an API_KEY with desired signature?
~~~~~~~~
* By default tanner's API_KEYs use the signature: 'tanner_api_auth'
* This signature is veryfied on all the API requests.
* It is highly recommended that every tanner-owner set their own signature.
* This can be done by modifying tanner.config['API']['auth_signature'] to the desired one.

/?key=API_KEY
~~~~
This is the index page which shows ``tanner api``.

/snares
~~~~~~~~~~
This shows all the snares' uuid.

/snare/<snare-uuid>?key=API_KEY
~~~~~~~~~~~~~~~~~~~~~~
Replace ``<snare-uuid>`` with a valid `snare-uuid` and it will show all the sessions related to that ``snare-uuid`` and their details.

/snare-stats/<snare-uuid>?key=API_KEY
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Replace ``<snare-uuid>`` with a valid `snare-uuid` and it will show some stats.

	* No of sessions in the sanre
	* Total duration for which snare remains active
	* Attack frequency, which shows no of sessions which face different attacks.

/<snare-uuid>/sessions?filters=<filters>&key=API_KEY
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This shows all the sessions' uuid which follow the filters.
Filters are sepatated by ``white-space`` and name-value pair are separated by ``:``. E.g ``?filters=filter1:value1 filter2:value2``.

It supports 5 filters:

	* **peer_ip** -- Sessions with given ip. E.g ``peer_ip:127.0.0.1 ``
	* **user-agent** -- Sessions with given user-agent. E.g ``user-agent:Chrome``
	* **attack_types** -- Sessions with given attack type such as lfi, rfi, xss, cmd_exec, sqli. E.g ``attack_types:lfi``
	* **possible_owners** -- Sessions with given owner type such as user, tool, crawler, attacker. E.g ``possible_owners:attacker``
	* **start_time** -- Sessions which started after `start_time`. E.g ``start_time:1480560``
	* **end_time** -- Sessions which ended before `end_time`. E.g ``end_time:1480560``

Multiple filters can be applied as ``peer_ip:127.0.0.1 start_time:1480560 possible_owners:attacker``

/api/session/<sess-uuid>?key=API_KEY
~~~~~~~~~~~~~~~~~~~~~~~~
It gives all information about the session with given uuid.

External hyperlinks, like Python_.
.. _Python: http://www.python.org/