anti
70d8ffc607
Extends tracing to every remaining module: all 23 API route handlers, correlation engine, sniffer (fingerprint/p0f/syslog), prober (jarm/hassh/tcpfp), profiler behavioral analysis, logging subsystem, engine, and mutator. Bridges the ingester→SSE trace gap by persisting trace_id/span_id columns on the logs table and creating OTEL span links in the SSE endpoint. Adds log-trace correlation via _TraceContextFilter injecting otel_trace_id into Python LogRecords. Includes development/docs/TRACING.md with full span reference (76 spans), pipeline propagation architecture, quick start guide, and troubleshooting.
41 lines
1.3 KiB
Python
41 lines
1.3 KiB
Python
from typing import Any, Optional
|
|
|
|
from fastapi import APIRouter, Depends, HTTPException, Query
|
|
|
|
from decnet.telemetry import traced as _traced
|
|
from decnet.web.dependencies import require_viewer, repo
|
|
|
|
router = APIRouter()
|
|
|
|
|
|
@router.get(
|
|
"/attackers/{uuid}/commands",
|
|
tags=["Attacker Profiles"],
|
|
responses={
|
|
401: {"description": "Could not validate credentials"},
|
|
404: {"description": "Attacker not found"},
|
|
},
|
|
)
|
|
@_traced("api.get_attacker_commands")
|
|
async def get_attacker_commands(
|
|
uuid: str,
|
|
limit: int = Query(50, ge=1, le=200),
|
|
offset: int = Query(0, ge=0, le=2147483647),
|
|
service: Optional[str] = None,
|
|
user: dict = Depends(require_viewer),
|
|
) -> dict[str, Any]:
|
|
"""Retrieve paginated commands for an attacker profile."""
|
|
attacker = await repo.get_attacker_by_uuid(uuid)
|
|
if not attacker:
|
|
raise HTTPException(status_code=404, detail="Attacker not found")
|
|
|
|
def _norm(v: Optional[str]) -> Optional[str]:
|
|
if v in (None, "null", "NULL", "undefined", ""):
|
|
return None
|
|
return v
|
|
|
|
result = await repo.get_attacker_commands(
|
|
uuid=uuid, limit=limit, offset=offset, service=_norm(service),
|
|
)
|
|
return {"total": result["total"], "limit": limit, "offset": offset, "data": result["data"]}
|