Uploaded image for project: 'Metron (Retired)'
  1. Metron (Retired)
  2. METRON-1554 Pcap Query Panel
  3. METRON-1638

Retrieve Pcap results in pdml format

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Done
    • Major
    • Resolution: Done
    • None
    • 0.6.0
    • None

    Description

      There should be a REST endpoint that allows a user to retrieve pcap page results in pdml format.  Assuming tshark is installed, there should be a "GET /api/v1/pcap/pdml/<jobId>/<pageNumber>" endpoint that will return pcap results for the given page in pdml format (https://wiki.wireshark.org/PDML), converted to json for easier consumption by a UI. This endpoint will call out to the tskark utility for the raw to pdml conversion.

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #1120

          Activity

            People

              rmerriman Ryan Merriman
              rmerriman Ryan Merriman
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: