Home
Resources
N2OS Software Development Kit
The N2OS Software Development Kit (SDK).
OpenAPI
The scriptable variables correlation feature allows users to implement custom checks on the way variable values change over time. This section covers how such scripts can be implemented and used.
PCAPs endpoint

Resources
- Release Notes
  Access the release notes for release-based products.
- N2OS Configuration
  The N2OS Configuration - Reference Guide.
- N2OS Software Development Kit
  The N2OS Software Development Kit (SDK).
  - Scriptable protocols
    The Lua scripting API for building a custom protocol decoder.
  - Scriptable variables
    The scriptable variables correlation feature allows users to implement custom checks on the way variable values change over time. This section covers how such scripts can be implemented and used.
  - OpenAPI
    The scriptable variables correlation feature allows users to implement custom checks on the way variable values change over time. This section covers how such scripts can be implemented and used.
  - Data model reference
    The data model reference for query entities.
  - Data integration best practices
    A description of best practices when using Nozomi Networks data integration with Syslog integration or OpenAPI calls.
- Integration Guides
  Integration guides to help you use applications that integrate with Nozomi Networks products.
- Reference Guides
  Additional reference guides with information on items such as Alerts and Incidents and Federal Information Processing Standards (FIPS).
- Quick Start Guides
  Hardware Quick Start Guides.
- Security
  Stay up-to-date with the most recent information and solutions for all vulnerabilities that affect Nozomi Networks products.
- Print format documentation
  A list of all the technical documentation that is available in print format.
- Documentation archive
  Access previous versions of the technical documentation.

PCAPs endpoint

A GET request to /api/open/pcaps allows you to get the list of all traces available on the machine.

This endpoint lets you to interact with packet capture (pcap)s that have been uploaded to Guardian from the Upload traces page of the System section.

Upload traces page — Figure 1. Upload traces page

A GET request to /api/open/pcaps/:id allows you to retrieve a given trace.

Requirements and Restrictions

The authenticated user must be in a group having admin role or with Upload traces section enabled.
In case the request body does not adhere to the format described above, the call returns a 422 error.
If you specify an identifier (ID) of a trace that does not exist, the call returns a 404 error.
If the request is accepted, the result will contain information on the retrieved trace.

Example of traces get all list request — Figure 2. Example of traces get all list request

Example of traces get by Identifier request — Figure 3. Example of traces get by ID request

A DELETE request to /api/open/pcaps/:id allows you to delete a given trace.

Requirements and Restrictions

The authenticated user must be in a group having admin role or with Upload traces section enabled.
In case the request body does not adhere to the format described above, the call returns a 422 error.
If you specify an ID of a trace that does not exist, the call returns a 404 error.
If the request is accepted, the trace will be deleted.

Example of trace delete request — Figure 4. Example of trace delete request

A POST request to /api/open/pcaps/upload allows you to upload a trace passed as a file in the body of the request.

Requirements and Restrictions

The authenticated user must be in a group having admin role or with Upload traces section enabled.
The trace should be passed in the form-data section of the request body.
In case the request body does not adhere to the format described above, the call returns a 422 error.
If the file sent in the request is not a valid trace, the call returns a 422 error along with an error reason describing the cause of the validation failure.
If the request is accepted, the trace will be uploaded.

Example of trace upload request — Figure 5. Example of trace upload request

A POST request to /api/open/pcaps/import allows you to import a trace file that is already present in the machine.

Requirements and Restrictions

The authenticated user must be in a group having admin role or with Upload traces section enabled.
The trace file should be present in the /data/tmp directory of the machine.
The filename parameter of the request should contain the name of the trace file.
In case the request body does not adhere to the format described above, the call returns a 422 error.
If the trace file is not a valid trace, the call returns a 422 error along with an error reason describing the cause of the validation failure.
If the request is accepted, the trace will be uploaded.

Example of trace import request — Figure 6. Example of trace import request

A PATCH request to /api/open/pcaps allows you to replay a trace that has been previously uploaded or imported.

Requirements and Restrictions

The authenticated user must be in a group having admin role or with Upload traces section enabled.
The trace should be present in the list of the available traces returned by the GET request to /api/open/pcaps.
The id parameter of the request should contain the ID of the trace.
The use_packet_time boolean parameter should be set to true if you want to use the time of the packets; false otherwise.
The data_to_reset_before_play parameter should be set to {} if you do not want to reset data before playing the trace. Otherwise, you need to specify a JavaScript Object Notation (JSON) dictionary with the sections you want to reset, for example {"alerts": true, "vi": true}. The list of all available sections is the following:
- alerts_data
- assertions
- learning
- network_data
- process_data
- queries
- smart_polling_data
- timemachine_data
- traces_data
- vi_data
- vulnerability_data
The list above reflects the options available for Data reset in the user interface (UI).
In case the request body does not adhere to the format described above, the call returns a 422 error.
If you specify an ID of a trace that does not exist, the call returns a 404 error.
If the request is accepted, the trace will be replayed.

Example of trace replay request — Figure 7. Example of trace replay request

A PATCH request to /api/open/pcaps/note allows you to change the note field of a trace.

Requirements and Restrictions

The authenticated user must be in a group having admin role or with Upload traces section enabled.
The trace should be present in the list of the available traces returned by the GET request to /api/open/pcaps.
The id parameter of the request should contain the ID of the trace.
The note parameter of the request should contain the text you want to change.
In case the request body does not adhere to the format described above, the call returns a 422 error.
If the request is accepted, the note will be changed.

Example of trace note request — Figure 8. Example of trace note request