// Trisul Remote Protocol (TRP) definition // Based on Google Protocol Buffers // (c) 2010-11, Unleash Networks (http://www.unleashnetworks.com) // $Rev: 3535 $ package TRP; message Timestamp { required int64 tv_sec=1; required int64 tv_usec=2 [default=0]; } message TimeInterval { required Timestamp from=1; required Timestamp to=2; } message StatsTuple { required Timestamp ts=1; required double val=2; } message MeterValues { required int32 meter=1; repeated StatsTuple values=2; } message KeyStats { optional int64 context=1[default=0]; required string counter_group=2; required string key=3; repeated MeterValues meters=4; } message KeyDetails { required string key=1; optional string label=2; optional string description=3; } message SessionID { required int64 slice_id=1; required int64 session_id=2; } message AlertID { required int64 slice_id=1; required int64 alert_id=2; } message ResourceID { required int64 slice_id=1; required int64 resource_id=2; } message CounterGroupDetails { required string guid=1; required string name=2; optional int64 bucket_size=3; optional TimeInterval time_interval=4; } enum AuthLevel { ADMIN=1; BASIC_USER=2; FORENSIC_USER=3; BLOCKED_USER=4; } enum CompressionType { UNCOMPRESSED=1; GZIP=2; } enum PcapFormat { LIBPCAP=1; UNSNIFF=2; } message Message { enum Command { HELLO_REQUEST=1; HELLO_RESPONSE=2; OK_RESPONSE=3; ERROR_RESPONSE=5; COUNTER_GROUP_REQUEST=6; COUNTER_GROUP_RESPONSE=7; COUNTER_ITEM_REQUEST=8; COUNTER_ITEM_RESPONSE=9; RELEASE_RESOURCE_REQUEST=10; RELEASE_CONTEXT_REQUEST=11; CONTROLLED_COUNTER_GROUP_REQUEST=12; CONTROLLED_COUNTER_GROUP_RESPONSE=13; FILTERED_DATAGRAMS_REQUEST=14; FILTERED_DATAGRAMS_RESPONSE=15; CONTROLLED_CONTEXT_REQUEST=16; CONTROLLED_CONTEXT_RESPONSE=17; SEARCH_KEYS_REQUEST=18; SEARCH_KEYS_RESPONSE=19; COUNTER_GROUP_INFO_REQUEST=20; COUNTER_GROUP_INFO_RESPONSE=21; SESSION_TRACKER_REQUEST=22; SESSION_TRACKER_RESPONSE=23; SESSION_ITEM_REQUEST=24; SESSION_ITEM_RESPONSE=25; BULK_COUNTER_ITEM_REQUEST=26; BULK_COUNTER_ITEM_RESPONSE=27; CGMONITOR_REQUEST=28; CGMONITOR_RESPONSE=29; TOPPER_SNAPSHOT_REQUEST=30; TOPPER_SNAPSHOT_RESPONSE=31; UPDATE_KEY_REQUEST=32; UPDATE_KEY_RESPONSE=33; KEY_SESS_ACTIVITY_REQUEST=34; KEY_SESS_ACTIVITY_RESPONSE=35; RING_STATS_REQUEST=36; RING_STATS_RESPONSE=37; SERVER_STATS_REQUEST=38; SERVER_STATS_RESPONSE=39; SESSION_GROUP_REQUEST=40; SESSION_GROUP_RESPONSE=41; ALERT_ITEM_REQUEST=42; ALERT_ITEM_RESPONSE=43; ALERT_GROUP_REQUEST=44; ALERT_GROUP_RESPONSE=45; RESOURCE_ITEM_REQUEST=46; RESOURCE_ITEM_RESPONSE=47; RESOURCE_GROUP_REQUEST=48; RESOURCE_GROUP_RESPONSE=49; KEY_LOOKUP_REQUEST=50; KEY_LOOKUP_RESPONSE=51; GREP_REQUEST=60; GREP_RESPONSE=61; } required Command trp_command=1; optional HelloRequest hello_request=2; optional HelloResponse hello_response=3; optional OKResponse ok_response=4; optional ErrorResponse error_response=5; optional CounterGroupRequest counter_group_request=6; optional CounterGroupResponse counter_group_response=7; optional CounterItemRequest counter_item_request=8; optional CounterItemResponse counter_item_response=9; optional ReleaseContextRequest release_context_request=11; optional ControlledCounterGroupRequest controlled_counter_group_request=12; optional ControlledCounterGroupResponse controlled_counter_group_response=13; optional FilteredDatagramRequest filtered_datagram_request=14; optional FilteredDatagramResponse filtered_datagram_response=15; optional ControlledContextRequest controlled_context_request=16; optional ControlledContextResponse controlled_context_response=17; optional SearchKeysRequest search_keys_request=18; optional SearchKeysResponse search_keys_response=19; optional CounterGroupInfoRequest counter_group_info_request=20; optional CounterGroupInfoResponse counter_group_info_response=21; optional SessionItemRequest session_item_request=22; optional SessionItemResponse session_item_response=23; optional BulkCounterItemRequest bulk_counter_item_request=24; optional BulkCounterItemResponse bulk_counter_item_response=25; optional TopperSnapshotRequest topper_snapshot_request=28; optional TopperSnapshotResponse topper_snapshot_response=29; optional UpdateKeyRequest update_key_request=30; optional KeySessionActivityRequest key_session_activity_request=31; optional KeySessionActivityResponse key_session_activity_response=32; optional SessionTrackerRequest session_tracker_request=33; optional SessionTrackerResponse session_tracker_response=34; optional ServerStatsRequest server_stats_request=37; optional ServerStatsResponse server_stats_response=38; optional SessionGroupRequest session_group_request=39; optional SessionGroupResponse session_group_response=40; optional AlertItemRequest alert_item_request=41; optional AlertItemResponse alert_item_response=42; optional AlertGroupRequest alert_group_request=43; optional AlertGroupResponse alert_group_response=44; optional ResourceItemRequest resource_item_request=45; optional ResourceItemResponse resource_item_response=46; optional ResourceGroupRequest resource_group_request=47; optional ResourceGroupResponse resource_group_response=48; optional KeyLookupRequest key_lookup_request=49; optional KeyLookupResponse key_lookup_response=50; optional GrepRequest grep_request=51; optional GrepResponse grep_response=52; } /////////////////////////////// // Hello message HelloRequest{ required string station_id=1; } message HelloResponse{ required string trisul_id=1; required string trisul_description=2; required string connection_id=3; required string version_string=4; required Timestamp connection_start_time=5; required Timestamp connection_up_time=6; required AuthLevel current_auth_level=7; } /////////////////////////////// // Error message ErrorResponse{ required int64 original_command=1; required int64 error_code=2; required string error_message=3; } /////////////////////////////// // OK message OKResponse{ required int64 original_command=1; optional string message=2; } message ReleaseContextRequest{ optional int64 context=1; } /////////////////////////////// // CounterItemRequest message CounterItemRequest{ optional int64 context=1 [default=0]; required string counter_group=2; required int64 meter=3 [default=0]; required string key=4; required TimeInterval time_interval=5; } /////////////////////////////// // CounterItemResponse message CounterItemResponse{ required KeyStats stats=1; } /////////////////////////////// // CounterGroupRequest message CounterGroupRequest{ optional int64 context=1 [default=0]; required string counter_group=2; optional int64 meter=3 [default=0]; optional int64 maxitems=4 [default=10]; optional TimeInterval time_interval=5; optional Timestamp time_instant=6; optional int64 flags=7; } /////////////////////////////// // CounterItemRequest message CounterGroupResponse{ required int64 context=1; required string counter_group=2; required int64 meter=3; repeated KeyDetails keys=6; } message ControlledCounterGroupRequest{ required string dynamic_group_id=1; required string counter_group=2; required int64 meter=3; required int64 maxitems=4; required int64 bucket_ms=5; required int64 top_nsize=6; required TimeInterval time_interval=7; required string control_counter_id=9; required string control_key=10; } message ControlledCounterGroupResponse{ required string dynamic_group_id=1; } /////////////////////////////// // FilteredDatagramRequest message FilteredDatagramRequest{ optional int64 max_packets=1[default=0]; optional int64 max_bytes=2[default=0]; optional CompressionType compress_type=3[default=UNCOMPRESSED]; // by trisul filter format expr message ByFilterExpr { required TimeInterval time_interval=1; required string filter_expression=2; } optional ByFilterExpr filter_expression=4; // by session message BySession { optional string session_group=1[default="{99A78737-4B41-4387-8F31-8077DB917336}"]; required SessionID session_id=2; } optional BySession session=5; // by alert message ByAlert { optional string alert_group=1[default="{9AFD8C08-07EB-47E0-BF05-28B4A7AE8DC9}"]; required AlertID alert_id=2; } optional ByAlert alert=6; // by resource message ByResource { required string resource_group=1; required ResourceID resource_id=2; } optional ByResource resource=7; } ///////////////////////////////////// // FileredDatagaramResponse message FilteredDatagramResponse{ required PcapFormat format=1; required CompressionType compress_type=2; required TimeInterval time_interval=3; required int64 num_datagrams=4; required int64 num_bytes=5; required string sha1=6; required bytes contents=7; } ////////////////////////////////////////// // ControlledContextRequest message ControlledContextRequest{ required TimeInterval time_interval=1; required string filter_expression=2; } ////////////////////////////////////////// //// ControlledContextResponse message ControlledContextResponse{ required int64 context=1; optional string context_db=2; required TimeInterval time_interval =3; } /////////////////////////////////////// // SearchkeysRequest message SearchKeysRequest{ optional int64 context=1[default=0]; required string counter_group=2; required string pattern=3; required int64 maxitems=4; } ////////////////////////////////////// // SearchKeysResponse message SearchKeysResponse{ optional int64 context=1; required string counter_group=2; repeated KeyDetails found_keys=3; } ///////////////////////////////////// /// CounterGroupInfoRequest message CounterGroupInfoRequest{ optional int64 context=1[default=0]; optional string counter_group=2; } /////////////////////////////////// /// CounterGroupInfoResponse message CounterGroupInfoResponse{ optional int64 context=1; repeated CounterGroupDetails group_details=2; } ///////////////////////////////////// // SessionItemRequest message SessionItemRequest{ optional int64 context=1[default=0]; optional string session_group=2[default="{99A78737-4B41-4387-8F31-8077DB917336}"]; repeated string session_keys=3; repeated SessionID session_ids=4; } //////////////////////////////////// // SessionItemResponse message SessionItemResponse{ optional int64 context=1[default=0]; required string session_group=2; message Item { optional string session_key=1; optional SessionID session_id=2; optional string user_label=3; required TimeInterval time_interval=4; required int64 state=5; required int64 az_bytes=6; required int64 za_bytes=7; required KeyDetails key1A=8; required KeyDetails key2A=9; required KeyDetails key1Z=10; required KeyDetails key2Z=11; } repeated Item items=3; } ////////////////////////////////////////// // BulkCounterItemRequest message BulkCounterItemRequest{ optional int64 context=1[default=0]; required string counter_group=2; required int64 meter=3; required TimeInterval time_interval=4; repeated string keys=5; } ////////////////////////////////////////// // BulkCounterItemResponse message BulkCounterItemResponse{ repeated KeyStats stats=1; repeated KeyDetails details=2; } /////////////////////////////////////////// /// TopperSnapshotRequest message TopperSnapshotRequest{ optional int64 context=1[default=0]; required string counter_group=2; required int64 meter=3; required TimeInterval Time=4; required int64 maxitems=5; } /////////////////////////////////////////// // TopperSnapshotResponse message TopperSnapshotResponse{ optional int64 context=1; required string counter_group=2; required int64 meter=3; required Timestamp time=4; required int64 window_secs=5; required string keys=6; required string labels=7; } ////////////////////////////////////////////// /// UpdatekeysRequest /// Response = OKResponse or ErrorResponse message UpdateKeyRequest{ optional int64 context=1[default=0]; required string counter_group=2; required string key=4; required string label=5; optional string description=6; } /////////////////////////////////// // KeySessionActivityrequest message KeySessionActivityRequest{ optional int64 context=1[default=0]; optional string session_group=2[default="{99A78737-4B41-4387-8F31-8077DB917336}"]; required string key=3; optional int64 maxitems=4[default=100]; optional int64 volume_filter=5[default=0]; optional int64 duration_filter=6[default=0]; required TimeInterval time_interval=7; } ///////////////////////////////////// // KeySessionActivityResponse message KeySessionActivityResponse{ optional int64 context=1; required string session_group=2; repeated SessionID sessions=3; } ///////////////////////////////////// // SessionTrackerRequest message SessionTrackerRequest { optional int64 context=1[default=0]; optional string session_group=2[default="{99A78737-4B41-4387-8F31-8077DB917336}"]; required int64 tracker_id=3 [default=1]; optional int64 maxitems=4 [default=100]; required TimeInterval time_interval=5; } /////////////////////////////////// // SessionTrackerResponse message SessionTrackerResponse{ optional int64 context=1; required string session_group=2; repeated SessionID sessions=3; } /////////////////////////////////// // SessionGroupRequest message SessionGroupRequest { optional int64 context=1[default=0]; optional string session_group=2[default="{99A78737-4B41-4387-8F31-8077DB917336}"]; optional int64 tracker_id=3; optional string key_filter=4; optional int64 maxitems=5 [default=100]; } ////////////////////////////////// // SessionGroupResponse message SessionGroupResponse { optional int64 context=1; required string session_group=2; repeated string session_keys=3; } ////////////////////////////////// // ServerStatsRequest message ServerStatsRequest{ required int64 param=1; } ////////////////////////////////// // ServerStatsResponse message ServerStatsResponse{ required string instance_name=1; required int64 connections=2; required int64 uptime_seconds=3; required double cpu_usage_percent_trisul=4; required double cpu_usage_percent_total=5; required double mem_usage_trisul=6; required double mem_usage_total=7; required double mem_total=8; required int64 size_total=9; required double drop_percent_cap=11; required double drop_percent_trisul=12; required TimeInterval time_interval=13; } ///////////////////////////////////// // AlertItemRequest message AlertItemRequest{ optional int64 context=1[default=0]; required string alert_group=2; repeated AlertID alert_ids=3; } //////////////////////////////////// // AlertItemResponse message AlertItemResponse{ optional int64 context=1; required string alert_group=2; message Item { optional int64 sensor_id=1; required Timestamp time=2; optional string source_ip=3; optional string source_port=4; optional string destination_ip=5; optional string destination_port=6; required string sigid=7; required string classification=8; required string priority=9; required Timestamp dispatch_time=10; required string aux_message1=11; required string aux_message2=12; } repeated Item items=3; } //////////////////////////////////// // AlertGroupQueryRequest message AlertGroupRequest { optional int64 context=1[default=0]; required string alert_group=2; required TimeInterval time_interval=3; optional int64 maxitems=5 [default=10]; optional string source_ip=6; optional string source_port=7; optional string destination_ip=8; optional string destination_port=9; optional string sigid=10; optional string classification=11; optional string priority=12; optional string aux_message1=13; optional string aux_message2=14; } ///////////////////////////////////// // AlertGroupResponse message AlertGroupResponse { optional int64 context=1; required string alert_group=2; repeated AlertID alerts=3; } ///////////////////////////////////// // ResourceRequest - mutliple message ResourceItemRequest{ optional int64 context=1[default=0]; required string resource_group=2; repeated ResourceID resource_ids=3; } //////////////////////////////////// // ResourceItemResponse message ResourceItemResponse{ optional int64 context=1; required string resource_group=2; message Item { required Timestamp time=1; required ResourceID resource_id=2; optional string source_ip=3; optional string source_port=4; optional string destination_ip=5; optional string destination_port=6; optional string uri=7; optional string userlabel=8; } repeated Item items=3; } //////////////////////////////////// // ResourceGroupRequest message ResourceGroupRequest { optional int64 context=1[default=0]; required string resource_group=2; required TimeInterval time_interval=3; optional int64 maxitems=4 [default=10]; optional string source_ip=5; optional string source_port=6; optional string destination_ip=7; optional string destination_port=8; optional string uri_pattern=9; optional string userlabel_pattern=10; } ///////////////////////////////////// // ResourceGroupResponse message ResourceGroupResponse { optional int64 context=1; required string resource_group=2; repeated ResourceID resources=3; } ///////////////////////////////////////////// // KeyLookup - mutliple keys from a single CG message KeyLookupRequest { optional int64 context=1[default=0]; required string counter_group=2; repeated string keys=3; } ///////////////////////////////////////////// // KeyLookup message KeyLookupResponse { optional int64 context=1; required string counter_group=2; repeated KeyDetails key_details=3; } //////////////////////////////////// // GrepRequest message GrepRequest { optional int64 context=1[default=0]; optional string session_group=2[default="{99A78737-4B41-4387-8F31-8077DB917336}"]; required TimeInterval time_interval=3; optional int64 maxitems=4 [default=50]; required string pattern=5; } ///////////////////////////////////// // GrepResponse message GrepResponse { optional int64 context=1; optional string session_group=2[default="{99A78737-4B41-4387-8F31-8077DB917336}"]; repeated SessionID sessions=3; }