Conversation
udgover
left a comment
udgover
left a comment
There was a problem hiding this comment.
Few comments related to ws security. Other than that LGTM.
| async def chat_proxy_endpoint(httpreq: Request, client_ws: WebSocket): | ||
| """ | ||
| 1. Accepts connection from Vue.js | ||
| 2. Authenticates user (via Cookie or Query Param). |
There was a problem hiding this comment.
Do you think this is enough as a security pov?
|
|
||
| enabled = True | ||
| http_root = http://agents:8888 | ||
| websocket_root = ws://agents:8888 |
There was a problem hiding this comment.
shouldn't we enforce wss?
There was a problem hiding this comment.
IMO it'a as complicated as enforcing https - depends a lot on the infrastructure setup you might want to have, certificates, etc. Given this communication is meant to happen within the same docker network I would tend to say I'd leave it up to whoever deploys it to implement wss? WDYT?
There was a problem hiding this comment.
Agree! Maybe we should state this somewhere in the documentation. We let user handle secure deployment to fit their needs.
|
|
||
| # Configuration | ||
| AGENT_HTTP_BASE = yeti_config.get("agents", "http_root") | ||
| AGENT_WEBSOCKET_BASE = yeti_config.get("agents", "websocket_root") |
There was a problem hiding this comment.
Enforce wss? See comment in sample conf.
| FILTER_TAG = "extract_investigation" | ||
|
|
||
|
|
||
| class UrlExtractInvestigation(task.AnalyticsTask): |
There was a problem hiding this comment.
The name is confusing :) I initially thought it was only meant to extract URL from a report. However, correct me if I'm wrong, it's meant to extractr IOCs from a provided URL which corresponds to an article / report.
There was a problem hiding this comment.
Ah yeah, it's meant to Extract an investigation from a URL! I'm open to suggestions for a better name :) ExtractIocsFromReportUrl ?
2 participants
This pull request introduces a new agent integration feature, enabling proxying and streaming of chat sessions and analytics tasks to an external Agent Service. It adds a new API router for agent-related endpoints, updates system configuration to reflect agent support, and implements an analytics task that interacts with the agent service. Key changes are grouped below.
Agent Integration and API Enhancements:
core/web/apiv2/agents.pyAPI router that proxies chat and session requests to an external Agent Service via HTTP and WebSocket, including streaming responses and bi-directional message forwarding. This includes user authentication and session management.core/web/webapp.py, mounting it under/agentsand protecting it with user authentication dependencies. [1] [2]core/web/apiv2/system.py) to expose anagents_enabledfield, reflecting the new agent integration status. [1] [2]enabled,http_root,websocket_root) toyeti.conf.samplefor easy deployment and customization.Analytics Task Integration:
plugins/analytics/public/url_extract_investigation.pythat streams URL investigation requests to the agent service, parses responses, and creates investigation entities and linked observables in the system.RBAC and Dependency Updates:
core/schemas/rbac.pyto properly await asynchronous route handlers, ensuring correct permission checks for async endpoints.websocketspackage to dependencies to support WebSocket proxying.