Skip to content
Snippets Groups Projects

Graph-Based Network Forensics: Analysis API


The Analysis API Module is used to perform queries on a running instance of the Dgraph graph database. A set of predefined queries is available, which can be easily extended by new queries. A custom query can be defined by the user as well.

It is used by the Analysis Web Module, which extends the usage of this module by a friendly user interface.

Requirements

  • a running instance of Dgraph
  • Docker
  • Python3
  • Python3 packages in requirements.txt

The installation can be performed using the following command:

$ git clone https://gitlab.ics.muni.cz/granef/analysis-api.git

Use the following command to build the Docker container:

$ docker build --tag=granef/analysis-api .

Usage

The Docker container can be either run separately with command line arguments or as part of the Granef toolkit with arguments set in the granef.yml configuration file.

The following arguments can be set:

Short argument Long argument Description Default
-i --input Dummy argument (requested by the GRANEF toolkit)
-ip --ip IP address to bind the API web server 0.0.0.0
-p --port Port to bind the API web server 7000
-di --dgraph_ip Dgraph server IP addres alpha
-dp --dgraph_port Dgraph server port 9080

Use the following command to run the API:

$ docker run --rm --network granef -p 127.0.0.1:7000:7000 granef/analysis-api -ip 0.0.0.0 -p 7000 -di alpha -dp 9080

The API is then available at http://127.0.0.1:7000.