├── LICENSE
├── README.md
├── sensor.sh
├── tango
├── appserver
│ └── static
│ │ ├── appLogo_allblack.png
│ │ ├── appLogo_allwhite.png
│ │ ├── appLogo_black.gif
│ │ ├── appLogo_black.png
│ │ ├── appLogo_white.gif
│ │ ├── appLogo_white.png
│ │ ├── application.css
│ │ ├── bg_hash_grey.gif
│ │ ├── loader.gif
│ │ ├── overlay_bottomgradient_10.png
│ │ ├── overlay_bottomgradient_18.png
│ │ ├── overlay_bottomgradient_large.png
│ │ ├── overlay_bottomgradient_soft.png
│ │ ├── overlay_glass_28.png
│ │ ├── overlay_gloss_28.png
│ │ ├── overlay_gradient.png
│ │ ├── overlay_gradient_25.png
│ │ ├── overlay_gradient_28.png
│ │ ├── overlay_gradient_4.png
│ │ ├── overlay_gradient_50.png
│ │ ├── overlay_innerleftshadow.png
│ │ ├── overlay_innershadow_4.png
│ │ ├── overlay_reversegradient_28.png
│ │ ├── overlay_reversegradient_4.png
│ │ ├── overlay_reversegradient_light_28.png
│ │ ├── overlay_reversegradientridge_28.png
│ │ ├── overlay_softgradient_28.png
│ │ ├── overlay_togradient_large.png
│ │ ├── overlay_topInnerShadow_35.png
│ │ ├── overlay_topgradient.png
│ │ ├── overlay_topgradient_beige_soft.png
│ │ ├── overlay_topgradient_soft.png
│ │ ├── overlay_white_28.png
│ │ ├── overlay_whiteridge_28.png
│ │ ├── single.css
│ │ ├── single_trend.css
│ │ ├── single_trend.js
│ │ └── splIcons.gif
├── bin
│ └── vt.py
├── default
│ ├── app.conf
│ ├── commands.conf
│ ├── data
│ │ └── ui
│ │ │ ├── nav
│ │ │ └── default.xml
│ │ │ └── views
│ │ │ ├── attacker_overview.xml
│ │ │ ├── attacker_profile.xml
│ │ │ ├── attacker_session_analysis.xml
│ │ │ ├── edit_sensor.xml
│ │ │ ├── file_analysis.xml
│ │ │ ├── ioc_feed.xml
│ │ │ ├── location_overview.xml
│ │ │ ├── malware_analysis.xml
│ │ │ ├── malware_campaigns.xml
│ │ │ ├── network_analysis.xml
│ │ │ ├── password_analysis.xml
│ │ │ ├── sensor_status.xml
│ │ │ └── session_overview.xml
│ ├── eventtypes.conf
│ ├── indexes.conf
│ ├── props.conf
│ ├── savedsearches.conf
│ └── transforms.conf
├── lookups
│ ├── sensors.csv
│ └── virustotal.csv
├── metadata
│ ├── default.meta
│ └── local.meta
└── static
│ ├── appIcon.png
│ ├── appIconAlt.png
│ ├── appIconAlt_2x.png
│ └── appIcon_2x.png
├── tango_input
├── bin
│ ├── input.py
│ └── input.sh
└── default
│ ├── app.conf
│ ├── inputs.conf
│ └── outputs.conf
└── uf_only.sh
/LICENSE:
--------------------------------------------------------------------------------
1 | GNU GENERAL PUBLIC LICENSE
2 | Version 2, June 1991
3 |
4 | Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
5 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
6 | Everyone is permitted to copy and distribute verbatim copies
7 | of this license document, but changing it is not allowed.
8 |
9 | Preamble
10 |
11 | The licenses for most software are designed to take away your
12 | freedom to share and change it. By contrast, the GNU General Public
13 | License is intended to guarantee your freedom to share and change free
14 | software--to make sure the software is free for all its users. This
15 | General Public License applies to most of the Free Software
16 | Foundation's software and to any other program whose authors commit to
17 | using it. (Some other Free Software Foundation software is covered by
18 | the GNU Lesser General Public License instead.) You can apply it to
19 | your programs, too.
20 |
21 | When we speak of free software, we are referring to freedom, not
22 | price. Our General Public Licenses are designed to make sure that you
23 | have the freedom to distribute copies of free software (and charge for
24 | this service if you wish), that you receive source code or can get it
25 | if you want it, that you can change the software or use pieces of it
26 | in new free programs; and that you know you can do these things.
27 |
28 | To protect your rights, we need to make restrictions that forbid
29 | anyone to deny you these rights or to ask you to surrender the rights.
30 | These restrictions translate to certain responsibilities for you if you
31 | distribute copies of the software, or if you modify it.
32 |
33 | For example, if you distribute copies of such a program, whether
34 | gratis or for a fee, you must give the recipients all the rights that
35 | you have. You must make sure that they, too, receive or can get the
36 | source code. And you must show them these terms so they know their
37 | rights.
38 |
39 | We protect your rights with two steps: (1) copyright the software, and
40 | (2) offer you this license which gives you legal permission to copy,
41 | distribute and/or modify the software.
42 |
43 | Also, for each author's protection and ours, we want to make certain
44 | that everyone understands that there is no warranty for this free
45 | software. If the software is modified by someone else and passed on, we
46 | want its recipients to know that what they have is not the original, so
47 | that any problems introduced by others will not reflect on the original
48 | authors' reputations.
49 |
50 | Finally, any free program is threatened constantly by software
51 | patents. We wish to avoid the danger that redistributors of a free
52 | program will individually obtain patent licenses, in effect making the
53 | program proprietary. To prevent this, we have made it clear that any
54 | patent must be licensed for everyone's free use or not licensed at all.
55 |
56 | The precise terms and conditions for copying, distribution and
57 | modification follow.
58 |
59 | GNU GENERAL PUBLIC LICENSE
60 | TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
61 |
62 | 0. This License applies to any program or other work which contains
63 | a notice placed by the copyright holder saying it may be distributed
64 | under the terms of this General Public License. The "Program", below,
65 | refers to any such program or work, and a "work based on the Program"
66 | means either the Program or any derivative work under copyright law:
67 | that is to say, a work containing the Program or a portion of it,
68 | either verbatim or with modifications and/or translated into another
69 | language. (Hereinafter, translation is included without limitation in
70 | the term "modification".) Each licensee is addressed as "you".
71 |
72 | Activities other than copying, distribution and modification are not
73 | covered by this License; they are outside its scope. The act of
74 | running the Program is not restricted, and the output from the Program
75 | is covered only if its contents constitute a work based on the
76 | Program (independent of having been made by running the Program).
77 | Whether that is true depends on what the Program does.
78 |
79 | 1. You may copy and distribute verbatim copies of the Program's
80 | source code as you receive it, in any medium, provided that you
81 | conspicuously and appropriately publish on each copy an appropriate
82 | copyright notice and disclaimer of warranty; keep intact all the
83 | notices that refer to this License and to the absence of any warranty;
84 | and give any other recipients of the Program a copy of this License
85 | along with the Program.
86 |
87 | You may charge a fee for the physical act of transferring a copy, and
88 | you may at your option offer warranty protection in exchange for a fee.
89 |
90 | 2. You may modify your copy or copies of the Program or any portion
91 | of it, thus forming a work based on the Program, and copy and
92 | distribute such modifications or work under the terms of Section 1
93 | above, provided that you also meet all of these conditions:
94 |
95 | a) You must cause the modified files to carry prominent notices
96 | stating that you changed the files and the date of any change.
97 |
98 | b) You must cause any work that you distribute or publish, that in
99 | whole or in part contains or is derived from the Program or any
100 | part thereof, to be licensed as a whole at no charge to all third
101 | parties under the terms of this License.
102 |
103 | c) If the modified program normally reads commands interactively
104 | when run, you must cause it, when started running for such
105 | interactive use in the most ordinary way, to print or display an
106 | announcement including an appropriate copyright notice and a
107 | notice that there is no warranty (or else, saying that you provide
108 | a warranty) and that users may redistribute the program under
109 | these conditions, and telling the user how to view a copy of this
110 | License. (Exception: if the Program itself is interactive but
111 | does not normally print such an announcement, your work based on
112 | the Program is not required to print an announcement.)
113 |
114 | These requirements apply to the modified work as a whole. If
115 | identifiable sections of that work are not derived from the Program,
116 | and can be reasonably considered independent and separate works in
117 | themselves, then this License, and its terms, do not apply to those
118 | sections when you distribute them as separate works. But when you
119 | distribute the same sections as part of a whole which is a work based
120 | on the Program, the distribution of the whole must be on the terms of
121 | this License, whose permissions for other licensees extend to the
122 | entire whole, and thus to each and every part regardless of who wrote it.
123 |
124 | Thus, it is not the intent of this section to claim rights or contest
125 | your rights to work written entirely by you; rather, the intent is to
126 | exercise the right to control the distribution of derivative or
127 | collective works based on the Program.
128 |
129 | In addition, mere aggregation of another work not based on the Program
130 | with the Program (or with a work based on the Program) on a volume of
131 | a storage or distribution medium does not bring the other work under
132 | the scope of this License.
133 |
134 | 3. You may copy and distribute the Program (or a work based on it,
135 | under Section 2) in object code or executable form under the terms of
136 | Sections 1 and 2 above provided that you also do one of the following:
137 |
138 | a) Accompany it with the complete corresponding machine-readable
139 | source code, which must be distributed under the terms of Sections
140 | 1 and 2 above on a medium customarily used for software interchange; or,
141 |
142 | b) Accompany it with a written offer, valid for at least three
143 | years, to give any third party, for a charge no more than your
144 | cost of physically performing source distribution, a complete
145 | machine-readable copy of the corresponding source code, to be
146 | distributed under the terms of Sections 1 and 2 above on a medium
147 | customarily used for software interchange; or,
148 |
149 | c) Accompany it with the information you received as to the offer
150 | to distribute corresponding source code. (This alternative is
151 | allowed only for noncommercial distribution and only if you
152 | received the program in object code or executable form with such
153 | an offer, in accord with Subsection b above.)
154 |
155 | The source code for a work means the preferred form of the work for
156 | making modifications to it. For an executable work, complete source
157 | code means all the source code for all modules it contains, plus any
158 | associated interface definition files, plus the scripts used to
159 | control compilation and installation of the executable. However, as a
160 | special exception, the source code distributed need not include
161 | anything that is normally distributed (in either source or binary
162 | form) with the major components (compiler, kernel, and so on) of the
163 | operating system on which the executable runs, unless that component
164 | itself accompanies the executable.
165 |
166 | If distribution of executable or object code is made by offering
167 | access to copy from a designated place, then offering equivalent
168 | access to copy the source code from the same place counts as
169 | distribution of the source code, even though third parties are not
170 | compelled to copy the source along with the object code.
171 |
172 | 4. You may not copy, modify, sublicense, or distribute the Program
173 | except as expressly provided under this License. Any attempt
174 | otherwise to copy, modify, sublicense or distribute the Program is
175 | void, and will automatically terminate your rights under this License.
176 | However, parties who have received copies, or rights, from you under
177 | this License will not have their licenses terminated so long as such
178 | parties remain in full compliance.
179 |
180 | 5. You are not required to accept this License, since you have not
181 | signed it. However, nothing else grants you permission to modify or
182 | distribute the Program or its derivative works. These actions are
183 | prohibited by law if you do not accept this License. Therefore, by
184 | modifying or distributing the Program (or any work based on the
185 | Program), you indicate your acceptance of this License to do so, and
186 | all its terms and conditions for copying, distributing or modifying
187 | the Program or works based on it.
188 |
189 | 6. Each time you redistribute the Program (or any work based on the
190 | Program), the recipient automatically receives a license from the
191 | original licensor to copy, distribute or modify the Program subject to
192 | these terms and conditions. You may not impose any further
193 | restrictions on the recipients' exercise of the rights granted herein.
194 | You are not responsible for enforcing compliance by third parties to
195 | this License.
196 |
197 | 7. If, as a consequence of a court judgment or allegation of patent
198 | infringement or for any other reason (not limited to patent issues),
199 | conditions are imposed on you (whether by court order, agreement or
200 | otherwise) that contradict the conditions of this License, they do not
201 | excuse you from the conditions of this License. If you cannot
202 | distribute so as to satisfy simultaneously your obligations under this
203 | License and any other pertinent obligations, then as a consequence you
204 | may not distribute the Program at all. For example, if a patent
205 | license would not permit royalty-free redistribution of the Program by
206 | all those who receive copies directly or indirectly through you, then
207 | the only way you could satisfy both it and this License would be to
208 | refrain entirely from distribution of the Program.
209 |
210 | If any portion of this section is held invalid or unenforceable under
211 | any particular circumstance, the balance of the section is intended to
212 | apply and the section as a whole is intended to apply in other
213 | circumstances.
214 |
215 | It is not the purpose of this section to induce you to infringe any
216 | patents or other property right claims or to contest validity of any
217 | such claims; this section has the sole purpose of protecting the
218 | integrity of the free software distribution system, which is
219 | implemented by public license practices. Many people have made
220 | generous contributions to the wide range of software distributed
221 | through that system in reliance on consistent application of that
222 | system; it is up to the author/donor to decide if he or she is willing
223 | to distribute software through any other system and a licensee cannot
224 | impose that choice.
225 |
226 | This section is intended to make thoroughly clear what is believed to
227 | be a consequence of the rest of this License.
228 |
229 | 8. If the distribution and/or use of the Program is restricted in
230 | certain countries either by patents or by copyrighted interfaces, the
231 | original copyright holder who places the Program under this License
232 | may add an explicit geographical distribution limitation excluding
233 | those countries, so that distribution is permitted only in or among
234 | countries not thus excluded. In such case, this License incorporates
235 | the limitation as if written in the body of this License.
236 |
237 | 9. The Free Software Foundation may publish revised and/or new versions
238 | of the General Public License from time to time. Such new versions will
239 | be similar in spirit to the present version, but may differ in detail to
240 | address new problems or concerns.
241 |
242 | Each version is given a distinguishing version number. If the Program
243 | specifies a version number of this License which applies to it and "any
244 | later version", you have the option of following the terms and conditions
245 | either of that version or of any later version published by the Free
246 | Software Foundation. If the Program does not specify a version number of
247 | this License, you may choose any version ever published by the Free Software
248 | Foundation.
249 |
250 | 10. If you wish to incorporate parts of the Program into other free
251 | programs whose distribution conditions are different, write to the author
252 | to ask for permission. For software which is copyrighted by the Free
253 | Software Foundation, write to the Free Software Foundation; we sometimes
254 | make exceptions for this. Our decision will be guided by the two goals
255 | of preserving the free status of all derivatives of our free software and
256 | of promoting the sharing and reuse of software generally.
257 |
258 | NO WARRANTY
259 |
260 | 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
261 | FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
262 | OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
263 | PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
264 | OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
265 | MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
266 | TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
267 | PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
268 | REPAIR OR CORRECTION.
269 |
270 | 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
271 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
272 | REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
273 | INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
274 | OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
275 | TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
276 | YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
277 | PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
278 | POSSIBILITY OF SUCH DAMAGES.
279 |
280 | END OF TERMS AND CONDITIONS
281 |
282 | How to Apply These Terms to Your New Programs
283 |
284 | If you develop a new program, and you want it to be of the greatest
285 | possible use to the public, the best way to achieve this is to make it
286 | free software which everyone can redistribute and change under these terms.
287 |
288 | To do so, attach the following notices to the program. It is safest
289 | to attach them to the start of each source file to most effectively
290 | convey the exclusion of warranty; and each file should have at least
291 | the "copyright" line and a pointer to where the full notice is found.
292 |
293 | {description}
294 | Copyright (C) {year} {fullname}
295 |
296 | This program is free software; you can redistribute it and/or modify
297 | it under the terms of the GNU General Public License as published by
298 | the Free Software Foundation; either version 2 of the License, or
299 | (at your option) any later version.
300 |
301 | This program is distributed in the hope that it will be useful,
302 | but WITHOUT ANY WARRANTY; without even the implied warranty of
303 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
304 | GNU General Public License for more details.
305 |
306 | You should have received a copy of the GNU General Public License along
307 | with this program; if not, write to the Free Software Foundation, Inc.,
308 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
309 |
310 | Also add information on how to contact you by electronic and paper mail.
311 |
312 | If the program is interactive, make it output a short notice like this
313 | when it starts in an interactive mode:
314 |
315 | Gnomovision version 69, Copyright (C) year name of author
316 | Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
317 | This is free software, and you are welcome to redistribute it
318 | under certain conditions; type `show c' for details.
319 |
320 | The hypothetical commands `show w' and `show c' should show the appropriate
321 | parts of the General Public License. Of course, the commands you use may
322 | be called something other than `show w' and `show c'; they could even be
323 | mouse-clicks or menu items--whatever suits your program.
324 |
325 | You should also get your employer (if you work as a programmer) or your
326 | school, if any, to sign a "copyright disclaimer" for the program, if
327 | necessary. Here is a sample; alter the names:
328 |
329 | Yoyodyne, Inc., hereby disclaims all copyright interest in the program
330 | `Gnomovision' (which makes passes at compilers) written by James Hacker.
331 |
332 | {signature of Ty Coon}, 1 April 1989
333 | Ty Coon, President of Vice
334 |
335 | This General Public License does not permit incorporating your program into
336 | proprietary programs. If your program is a subroutine library, you may
337 | consider it more useful to permit linking proprietary applications with the
338 | library. If this is what you want to do, use the GNU Lesser General
339 | Public License instead of this License.
340 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | ## About
5 | Tango is a set of scripts and Splunk apps which help organizations and users quickly and easily deploy honeypots and then view the data and analysis of the attacker sessions. There are two scripts provided which facilitate the installation of the honeypots and/or Splunk Universal Forwarder. One of the scripts `uf_only.sh` will install the Splunk Universal Forwarder and install the necessary input and output configuration files. The other script `sensor.sh` will install the Splunk Universal Forwarder along with the Cowrie honeypot required for the Tango Honeypot Intelligence app to work.
6 |
7 | ###Version 2.0
8 | Version 2.0 now supports the Cowrie honeypot as well as updates the Sensor forwarders to 6.3.0
9 |
10 | ## Before You Begin
11 |
12 | There are a few things that should be noted before you install:
13 |
14 | - When you deploy the input app on a sensor, the app will communicate with the website, [ipv4.icanhazip.com](www.ipv4.icanhazip.com) to get the external IP address of the sensor. This is useful information for the sensor management portion of the app. Please feel free to remove if you'd rather not communicate with that site. Please note that if you do not use this, a lot of the "Sensor Management" fields will be blank.
15 | - The Tango Honeypot Intelligence Splunk App is built to use JSON formatted data from Cowrie by Michel Oosterhof, which can be found on his [github](https://github.com/micheloosterhof/cowrie).
16 | - You will need to add your own VirusTotal API key to the Splunk app, which can be configured at /opt/splunk/etc/apps/tango/bin/vt.py The API is free to obtain, you will just need to follow the procedures found on their website to receive one. Please note that you are limited to 4 requests per minute, so if you attempt to do more than that, you will not receive any information. This pertains to the File Analysis section of the Splunk Honeypot Intelligence app.
17 |
18 | ## Installation
19 |
20 |
21 | ### Sensor Installation (Cowrie and Splunk Universal Fowarder)
22 | This script has been tested on a brand-new install of Ubuntu 14.04 and Cent OS 7 with no reported issues.
23 |
24 | To get started, run the commands below and follow the prompts to enter the necessary input.
25 |
26 | ```
27 | git clone https://github.com/aplura/Tango.git /tmp/tango; chmod +x /tmp/tango/sensor.sh
28 | cd /tmp/tango/
29 | ./sensor.sh
30 | ```
31 |
32 | There are some options you can change in /opt/cowrie/cowrie.cfg if you choose, however, some of these will break the forwarding of logs (such as changing the listening port set to 2222), however, there are some extra modules, such as mysql or xmpp logging you can enable if you choose, as well as changing the hostname of the honeypot.
33 |
34 | cowrie is highly configurable, so if you wish to add extra commands or output to cowrie, there are tons of resources on github or google, which can help you do that if you choose.
35 |
36 | The script will install the required packages based on the OS, then install cowrie, and lastly, install the Splunk Universal Forwarder.
37 |
38 | ### Sensor Installation (Splunk UF Only)
39 |
40 | If you already have cowrie honeypots deployed and wish to start analyzing their logs in the Tango Honeypot Intelligence Splunk App, you can run the uf_only.sh script, which will install the Splunk UF on your host, and configure the inputs and outputs necessary to start viewing your logs.
41 |
42 | To get started, run the commands below and follow the prompts to enter the necessary input.
43 |
44 | ```
45 | git clone https://github.com/aplura/Tango.git /tmp/tango; chmod +x /tmp/tango/uf_only.sh
46 | cd /tmp/tango/
47 | ./uf_only.sh
48 | ```
49 |
50 | ### Server Installation
51 |
52 | In order to view the logs you are sending from cowrie, you will need to install Splunk Enterprise on a server, and install the Tango Honeypot Intelligence for Splunk App from this repo. There are plenty of guides on Splunk's website to get Splunk Enterprise running, however, the basic gist of setting up a server is this:
53 |
54 | - Download Splunk Enterprise from Splunk
55 | - Copy the Tango Honeypot Intelligence for Splunk App into $SPLUNK_HOME/etc/apps/
56 | - Create a Splunk listener on port 9997 (It's not required to be on 9997, however, the scripts are configured to use that port, so, if you change the port, change it everywhere)
57 | - Add your VirusTotal API key to /opt/splunk/etc/apps/tango/bin/vt.py
58 | - You'll need to add the requests source into the tango app's bin directory `/opt/splunk/etc/apps/tango/bin/`. Requests can be found here: [Kenneth Reitz Github](https://github.com/kennethreitz/requests/). This is needed for the VirusTotal lookup.
59 | - Restart Splunk
60 | - You'll need to allow users to search the 'honeypot' index by default. To do this, go into “Settings”, then “Access Controls”, then “Roles”, “Admin”, then scroll all the way down to “Indexes Searched by Default”, then add honeypot to the right-hand column.
61 |
62 | Once in Splunk, you can start using the Tango app to analyze your Honeypot logs.
63 |
64 | ## Tango Honeypot Intelligence for Splunk App
65 |
66 | Now that you have your sensors and server running, you'll want to use the Tango Splunk App to analyze your logs and start identifying what the attackers are doing on your systems. Start by logging into Splunk and clicking on the "Tango Honeypot Intelligence App" on the left-hand side.
67 |
68 | Once you enter the app, you'll be first taken to the "Attack Overview" portion of the app, which shows a broad overview of the attacks against your sensors. This includes Attempts vs. Successes, Latest Logins, Attackers logging into multiple locations, etc.
69 |
70 | You'll notice at the top of the app, in the navigation pane, there are multiple categories of reports available to you, which include:
71 |
72 | - Attack Analysis
73 | - File Analysis
74 | - Network Analysis
75 | - Sensor Management
76 | - Threat Feed
77 |
78 | Below we will go through each section and describe some of the data available in each section.
79 |
80 | ### Attack Analysis
81 |
82 | ##### Attack Overview
83 |
84 | This dashboard shows a broad overview of the attacks against your sensors. This includes Attempts vs. Successes, Latest Logins, Attackers logging into multiple locations, etc.
85 |
86 | ##### Session Playlog
87 |
88 | This is one of the most beneficial dashboards available in the app, since it actually shows you what the attacker is doing on your honeypot. At the top of the dashboard, you can see the most recent sessions along with a filter to select a particular sensor. Clicking on a session will populate the panels below, which includes the passwords attempted/accepted, the commands entered, any files downloaded during the session and the raw logs for the session.
89 |
90 | ##### Attacker Profile
91 |
92 | Using this dashboard, you can inquire about a certain IP and if seen in the app, you can get valuable information pertaining to that IP to include:
93 |
94 | - Geolocational data
95 | - Times seen
96 | - SSH Client versions
97 | - Sessions seen
98 | - Files Downloaded
99 |
100 | ##### Session Analysis
101 |
102 | This series of dashboards contains some analytical information, to include the % of sessions with interaction, the various SSH versions seen, some environment details extracted by the session, and a Human vs. Bot Identification dashboard.
103 |
104 | ##### Location Overview
105 |
106 | In this section, you are able to see various geographical data related to each session and attacker. There are currently three dashboards available:
107 |
108 | - Top countries from which attackers have logged in from
109 | - Top countries where attackers have scanned from
110 | - Top sensors that have been attacked
111 |
112 | We also include a map which includes the location of attackers seen.
113 |
114 | ##### Username/Password Analysis
115 |
116 | Currently, this dashboard contains the top usernames and passwords seen being attempted by the attackers, as well as the top username/password combinations.
117 |
118 | ### Malware Analysis
119 |
120 | ##### File Analysis
121 |
122 | Starting at the top of this page, you can see the latest files downloaded by attackers, which includes the following:
123 |
124 | - URL of file
125 | - SHA256 Hash of file
126 | - Sensor which the file was seen being download
127 | - The session identifier of the session, which the file was downloaded
128 | - The time that the file was downloaded
129 |
130 | Below that is the latest "Attempted" file downloads. This contains URL's that were seen in a session that do not have a corresponding SHA256 hash (which indicates a successful download). This can be due to a server error on the hosting website, an incorrect spelling of the file, or if this URL was seen elsewhere in the command, perhaps as an argument or target site of the malware.
131 |
132 | Lastly, is a panel which you are able to look up a particular SHA256 hash seen previously downloaded in VirusTotal to retrieve the following information:
133 |
134 | - Date Scanned
135 | - SHA256 Hash
136 | - How many AV vendors identified this file
137 | - The various signatures of the file
138 |
139 | Please note that the VirusTotal API is limited to 4 requests per minute. With that being said, you can use this panel to quickly lookup the file hashes seen by in your sessions.
140 |
141 | This "lookup" will produce a local "cache" to use in other dashboards, so it's useful to run lookups on any malware you see. This was created do to limitations in the Virustotal API, and will be used as a workaround for the time being.
142 |
143 | ##### Malware Analysis
144 |
145 | This dashboard will show the Top 10 Malware Signatures we've seen over time, as well as the most recent legitimate malware. This dashboard is populated from the VirusTotal local "cache" found on the File Analysis page. This dashboard will also show you files that have been downloaded, but, produced no signatures in Virustotal.
146 |
147 | ##### Malware Campaigns
148 |
149 | This set of reports give you information on possible campaigns associated with your sessions. Currently this includes:
150 |
151 | - Potential Malware Campaigns (By URL)
152 | - Potential Malware Campaigns (By Domain)
153 | - Potential Malware Campaigns (By Filename)
154 | - Potential Malware Campaigns (By SHA Hash)
155 |
156 | This section will continue to be developed to include other possible campaign attribution by looking at other TTP's associated with each session. This could include commands entered during each session, terminal variables (size, language, SSH keys, etc.). For now, we can see the URL's, Domain's and Filenames that have been seen being used by multiple attackers.
157 |
158 | ### Network Analysis
159 |
160 | This dashboard currently includes reports on the following:
161 |
162 | - Top Domains Seen
163 | - Same URI on Multiple Domains
164 | - Latest IP Addresses Seen
165 |
166 | ### Sensor Management
167 |
168 | ##### Sensor Status
169 |
170 | This dashboard provides geographical information pertaining to each sensor currently deployed. You will find the following information available to you in this dashboard:
171 |
172 | - Sensor Name
173 | - Last Active
174 | - Sensor IP Address (External IP)
175 | - ASN
176 | - ASN Country
177 | - Network Name
178 | - Network Range
179 |
180 | This dashboard also provides you with a map populated with the locations of all your sensors deployed.
181 |
182 | ##### Edit Sensor
183 |
184 | In this dashboard, you are able to edit a few fields for your sensors, these fields are:
185 |
186 | - Owner
187 | - Owner Email
188 | - Comment
189 |
190 |
191 | ### Threat Feed
192 |
193 | Lastly, this dashboard contains feeds which you can download and integrate with other network monitoring solutions, which will hopefully be automated in the future.
194 |
195 | The feeds currently available are:
196 |
197 | - IP Addresses
198 | - Potentially Malicious URLs
199 | - SHA File Hashes
200 | - Potentially Malicious Domains
201 | - File Names
202 |
203 | ### Screenshots
204 |
205 | Below are some screenshots which illustrate the features of Tango:
206 |
207 | #### Attack Overview
208 |
209 |
210 |
211 | #### Session Analysis
212 |
213 |
214 |
215 | #### Malware Campaigns
216 |
217 |
218 |
219 | #### Session Playlog
220 |
221 |
222 |
223 | #### IOC Feed
224 |
225 |
226 |
227 | #### Network Analysis
228 |
229 |
230 |
231 | #### Malware Analysis
232 |
233 |
234 |
235 | ### To-Do
236 | - Utilize Data Models to speed up searches
237 | - Auto-extract indicators inside of malware
238 | - TOR Exit Node Identifier
239 |
240 | ### Credits
241 | - https://github.com/kennethreitz for Requests
242 | - http://virustotal.com/ for their awesome app and API we use
243 | - Michel Oosterhof for the Cowrie Honeypot
244 |
--------------------------------------------------------------------------------
/sensor.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #Tango Sensor Install
3 | #Should be compatible with Ubuntu and Debian
4 |
5 |
6 | #Disclaimer. Continues for yes, quits for no.
7 | while true; do
8 | read -p "[!] You are about to install Cowrie and the Splunk Universal Forwarder. By running this installer, you accept Splunk's EULA. Do you wish to proceed? (Yes/No)" yn
9 | case $yn in
10 | [Yy]* ) break;;
11 | [Nn]* ) exit;;
12 | * ) echo "Please answer Yes or No.";;
13 | esac
14 | done
15 |
16 | ########################################
17 |
18 | #User input variables
19 | #Splunk Indexer hostname/IP address from user
20 | read -e -p "[?] Enter the Splunk Indexer to forward logs to: (example: splunk.test.com:9997) " SPLUNK_INDEXER
21 |
22 | #Sensor hostname from user
23 | read -e -p "[?] Enter Sensor name. (example: hp-US-Las_Vegas-01) " HOST_NAME
24 |
25 | #SSH Port number from user
26 | read -e -p "[?] Enter new SSH port number, since Kippo will listen on default SSH port. (example: 1337) " SSH_PORT
27 |
28 | ########################################
29 |
30 | # Logging setup. This is done to log all the output from commands executed in the script to a file.
31 | #This provides us troubleshooting data if the script fails.
32 | logfile=/var/log/tango_install.log
33 | mkfifo ${logfile}.pipe
34 | tee < ${logfile}.pipe $logfile &
35 | exec &> ${logfile}.pipe
36 | rm ${logfile}.pipe
37 |
38 | ########################################
39 |
40 | #metasploit-like print statements. Status messages, error messages, good status returns.
41 | # I added in a notification print for areas users should definitely pay attention to.
42 |
43 | function print_status ()
44 | {
45 | echo -e "\x1B[01;34m[*]\x1B[0m $1"
46 | }
47 |
48 | function print_good ()
49 | {
50 | echo -e "\x1B[01;32m[*]\x1B[0m $1"
51 | }
52 |
53 | function print_error ()
54 | {
55 | echo -e "\x1B[01;31m[*]\x1B[0m $1"
56 | }
57 |
58 | function print_notification ()
59 | {
60 | echo -e "\x1B[01;33m[*]\x1B[0m $1"
61 | }
62 | ########################################
63 |
64 | #Script does a lot of error checking. Decided to insert an error check function.
65 | # If a task performed returns a non zero status code, something very likely went wrong.
66 |
67 | function error_check
68 | {
69 |
70 | if [ $? -eq 0 ]; then
71 | print_good "$1 successfully completed."
72 | else
73 | print_error "$1 failed. Please check $logfile for more details."
74 | exit 1
75 | fi
76 |
77 | }
78 |
79 | ########################################
80 |
81 | #BEGIN MAIN#
82 |
83 | ########################################
84 |
85 |
86 |
87 | # These Variables Need to be set! #
88 |
89 | #SPLUNK_INDEXER: This is the box that is going to process your splunk logs.
90 | #Can be a hostname or an IP address. The default port is 9997/tcp. #
91 | #SPLUNK_INDEXER="splunkserver.yourdomain.com:9997"
92 |
93 | #HOST_NAME: This controls what name your kippo server will have when reviewing its
94 | # data in the Tango Splunk App. Use unique names.
95 | # Suggestion: "hp-{country code}-{city}-{number}" such as: hp-US-Las_Vegas-01 #
96 | #HOST_NAME="hp-countrycode-city-01"
97 |
98 |
99 | #SSH_PORT: This port will replace the default SSH port (22), so that Kippo may run on it, and you'll stil be able
100 | # to access the host using SSH.
101 | #SSH_PORT= "1337"
102 |
103 |
104 | ########################################
105 |
106 | # Set the directory we are initially executing the script in.
107 | execdir=`pwd`
108 |
109 | ########################################
110 |
111 | #We need root privs to run most of this, this is a quick check to ensure that we are root. If not, bail.
112 |
113 | print_status "Checking for root privs.."
114 | if [ $(whoami) != "root" ]; then
115 | print_error "This script must be ran with sudo or root privileges."
116 | exit 1
117 | else
118 | print_good "We are root."
119 | fi
120 |
121 | ########################################
122 |
123 | #We check what architecture the system is and download the correct splunk Universal Forwarder for that CPU arch.
124 |
125 | arch=`uname -m`
126 |
127 | if [[ $arch == "x86_64" ]]; then
128 | INSTALL_FILE="splunkforwarder-6.3.0-aa7d4b1ccb80-Linux-x86_64.tgz"
129 | print_notification "System is $arch. Downloading: $INSTALL_FILE to /opt.."
130 | wget -O /opt/splunkforwarder-6.3.0-aa7d4b1ccb80-Linux-x86_64.tgz 'http://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=6.3.0&product=universalforwarder&filename=splunkforwarder-6.3.0-aa7d4b1ccb80-Linux-x86_64.tgz&wget=true' &>> $logfile
131 | error_check 'Splunk Forwarder Download'
132 | elif [[ $arch == "i686" ]]; then
133 | INSTALL_FILE="splunkforwarder-6.3.0-aa7d4b1ccb80-Linux-i686.tgz"
134 | print_notification "System is $arch. Downloading: $INSTALL_FILE to /opt.."
135 | wget -O /opt/splunkforwarder-6.3.0-aa7d4b1ccb80-Linux-i686.tgz 'http://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86&platform=linux&version=6.3.0&product=universalforwarder&filename=splunkforwarder-6.3.0-aa7d4b1ccb80-Linux-i686.tgz&wget=true' &>> $logfile
136 | error_check 'Splunk Forwarder Download'
137 | else
138 | print_error "System arch is not x86_64 or i686. Tango Honeypot is not yet supported on other CPU architectures."
139 | exit 1
140 | fi
141 |
142 | ########################################
143 |
144 | # Based on the OS (Debian or Redhat based), use the OS package mangaer to download required packages
145 |
146 | if [ -f /etc/debian_version ]; then
147 | apt-get -y update &>> $logfile
148 | print_notification "Installing required packages via apt-get.."
149 | apt-get -y install python-dev python-openssl python-pyasn1 authbind git libcurl4-gnutls-dev libssl-dev libffi-dev openssh-server&>> $logfile
150 | error_check 'Apt Package Installation'
151 |
152 | curl "https://bootstrap.pypa.io/get-pip.py" -o "get-pip.py" &>> $logfile
153 | python get-pip.py &>> $logfile
154 | print_notification "Installed pip"
155 | print_notification "Installing required python packages via pip.."
156 | pip install pycrypto cryptography service_identity requests ipwhois twisted &>> $logfile
157 | error_check 'Python pip'
158 | iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 2222
159 | elif [ -f /etc/redhat-release ]; then
160 | yum -y update &>> $logfile
161 | print_notification "Installing required packages via yum.."
162 | yum -y install wget python-devel python-zope-interface unzip git gnutls-devel gcc gcc-c++ &>> $logfile
163 | error_check 'Yum Package Installation'
164 |
165 | print_notification "Installing required python packages via easy_install.."
166 | easy_install pycrypto pyasn1 twisted requests &>> $logfile
167 | error_check 'Python easy_install'
168 | else
169 | print_error "Unable to determine correct package manager to use. This script currently supports apt-based Operating Systems (Debian, Ubuntu, Kali) and yum-based Operating Systems (Redhat, CentOS, etc.) and relies on either /etc/redhat-release or /etc/debian_version being present to determine the correct package manager to use."
170 | exit 1
171 | fi
172 |
173 |
174 | ########################################
175 |
176 | # Adding splunk user for service to run as. Shell is set to /bin/false.
177 |
178 | print_status "Checking for splunk user and group.."
179 |
180 | getent passwd splunk &>> $logfile
181 | if [ $? -eq 0 ]; then
182 | print_status "splunk user exists. Verifying group exists.."
183 | id -g splunk &>> $logfile
184 | if [ $? -eq 0 ]; then
185 | print_notification "splunk group exists."
186 | else
187 | print_notification "splunk group does not exist. Creating.."
188 | groupadd splunk &>> $logfile
189 | usermod -G splunk splunk &>> $logfile
190 | error_check 'Creation of Splunk group and Addition of Splunk user to group'
191 | fi
192 | else
193 | print_status "Creating splunk user and group.."
194 | groupadd splunk &>> $logfile
195 | useradd -g splunk splunk -d /home/splunk -s /bin/false &>> $logfile
196 | mkdir /home/splunk
197 | chown -R splunk:splunk /home/splunk
198 | error_check 'Splunk user and group creation'
199 |
200 | fi
201 |
202 | chown -R splunk:splunk /home/splunk &>> $logfile
203 |
204 | ########################################
205 |
206 | # Adding splunk user for service to run as. Shell is set to /bin/false.
207 |
208 | print_status "Checking for cowrie user and group.."
209 |
210 | getent passwd cowrie &>> $logfile
211 | if [ $? -eq 0 ]; then
212 | print_status "cowrie user exists. Verifying group exists.."
213 | id -g cowrie &>> $logfile
214 | if [ $? -eq 0 ]; then
215 | print_notification "cowrie group exists."
216 | else
217 | print_notification "cowrie group does not exist. Creating.."
218 | groupadd cowrie &>> $logfile
219 | usermod -G cowrie cowrie &>> $logfile
220 | error_check 'Creation of cowrie group and Addition of cowrie user to group'
221 | fi
222 | else
223 | print_status "Creating cowrie user and group.."
224 | groupadd cowrie &>> $logfile
225 | useradd -g cowrie cowrie -d /home/splunk -s /bin/false &>> $logfile
226 | error_check 'Cowrie user and group creation'
227 |
228 | fi
229 |
230 | chown -R splunk:splunk /home/splunk &>> $logfile
231 |
232 | ########################################
233 |
234 | # Installing Cowrie Honeypot
235 |
236 | print_notification "Installing Cowrie Honeypot.."
237 | cd /opt
238 | git clone https://github.com/micheloosterhof/cowrie.git &>> $logfile
239 | error_check "Cloned Cowrie Repository from GitHub"
240 | cd cowrie
241 | cp cowrie.cfg.dist cowrie.cfg &>> $logfile
242 | # Changing the Honeypot name as well as changing the port that Kippo listens on
243 | #sed -i "s/#listen_port = 2222/listen_port = 22/" cowrie.cfg &>> $logfile
244 | #sed -i "s/#\[database_jsonlog\]/\[database_jsonlog\]/" cowrie.cfg &>> $logfile
245 | #sed -i "s/#logfile = log\/kippolog.json/logfile = log\/kippolog.json/" cowrie.cfg &>> $logfile
246 | #sed -i "s/\[output_jsonlog\]/#\[output_jsonlog\]/" cowrie.cfg &>> $logfile
247 | #sed -i "s/logfile = log\/kippo.json/#logfile = log\/kippo.json/" cowrie.cfg &>> $logfile
248 | print_notification "Configured Cowrie Honeypot"
249 |
250 | ########################################
251 |
252 | # Changing Default SSH Port
253 |
254 | # Changing the port that SSH listens on to the variable set above
255 | if [[ $arch == "x86_64" ]]; then
256 | cd /etc/ssh/
257 | sed -i "s/Port 22/Port $SSH_PORT/" sshd_config &>> $logfile
258 | service ssh restart &>> $logfile
259 | error_check 'SSH Service Restarted'
260 | elif [[ $arch == "i686" ]]; then
261 | cd /etc/ssh/
262 | sed -i "s/#Port 22/Port $SSH_PORT/" sshd_config &>> $logfile
263 | service sshd restart &>> $logfile
264 | error_check "SSH Service Restarted"
265 | cd /tmp
266 | git clone https://github.com/tootedom/authbind-centos-rpm.git &>> $logfile
267 | error_check 'Cloned authbind repo from GitHub'
268 | cd authbind-centos-rpm/authbind/RPMS/x86_64/
269 | rpm -i authbind-2.1.1-0.x86_64.rpm &>> $logfile
270 | error_check 'Installed authbind'
271 | else
272 | print_error "System arch is not x86_64 or i686. Tango Honeypot is not yet supported on other CPU architectures."
273 | exit 1
274 | fi
275 |
276 | ########################################
277 |
278 | # Setting up authbind to allow kippo user to bind to privileged port
279 | #print_notification "Configuring Authbind"
280 | #touch /etc/authbind/byport/22 &>> $logfile
281 | #chown cowrie:cowrie /etc/authbind/byport/22 &>> $logfile
282 | chown -R cowrie:cowrie /opt/cowrie &>> $logfile
283 | cd /opt/cowrie
284 | #sed -i "s,twistd -y kippo.tac -l log/kippo.log --pidfile kippo.pid,authbind --deep twistd -y kippo.tac -l log/kippo.log --pidfile kippo.pid," start.sh &>> $logfile
285 | sudo -u cowrie ./start.sh &>> $logfile
286 | error_check "Cowrie started successfully"
287 | #print_notification "Authbind Configured to use Port 22"
288 |
289 | ########################################
290 |
291 | # Installing Splunk Universal Forwarder and setting it to persist on reboot
292 |
293 | print_notification "Installing Splunk Universal Forwarder.."
294 | cd /opt
295 | tar -xzf $INSTALL_FILE &>> $logfile
296 | chown -R splunk:splunk splunkforwarder &>> $logfile
297 | sudo -u splunk /opt/splunkforwarder/bin/splunk start --accept-license --answer-yes --auto-ports --no-prompt &>> $logfile
298 | error_check 'Universal Forwarder Configuration'
299 | /opt/splunkforwarder/bin/splunk enable boot-start -user splunk &>> $logfile
300 | error_check 'Universal Forwarder Install'
301 |
302 | ########################################
303 |
304 | #Check to see if the user tried to execute uf_only outside of the Tango directory. Yell at them if they did.
305 | # Grab tango_input from the Tango directory (if it's there), configure inputs.conf, start up the forwarder. We done here.
306 |
307 | print_notification "Installing tango_input.."
308 |
309 | if [ ! -d "$execdir/tango_input" ]; then
310 | print_error "Unable to find tango_input directory in $execdir. tango_input should be in the same directory as uf_only.sh. Please correct this and run the script again."
311 | exit 1
312 | else
313 | cp -r "$execdir/tango_input" /opt/splunkforwarder/etc/apps &>> $logfile
314 | fi
315 |
316 | print_notification "Configuring /opt/splunkforwarder/etc/apps/tango_input/default/inputs.conf and outputs.conf.."
317 |
318 | cd /opt/splunkforwarder/etc/apps/tango_input/default
319 | sed -i "s/test/$HOST_NAME/" inputs.conf &>> $logfile
320 | sed -i "s/test/$SPLUNK_INDEXER/" outputs.conf &>> $logfile
321 |
322 | chown -R splunk:splunk /opt/splunkforwarder &>> $logfile
323 | /opt/splunkforwarder/bin/splunk restart &>> $logfile
324 | error_check 'Tango_input installation'
325 | sudo -u cowrie chmod 777 /opt/cowrie/log/cowrie.json
326 |
327 | print_notification "If the location of your kippo log files changes or the hostname/ip of the indexer changes, you will need to modify /opt/splunkfowarder/etc/apps/tango_input/default/inputs.conf and outputs.conf respectively."
328 |
329 | print_good "Install Completed. The splunk forwarder should be reporting and sending data to your indexer. Log file is located at /var/log/tango_install.log"
330 |
331 | exit 0
332 |
--------------------------------------------------------------------------------
/tango/appserver/static/appLogo_allblack.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aplura/Tango/38aa3f8cd35f3cf05e6dcfc10c0d068b03e38778/tango/appserver/static/appLogo_allblack.png
--------------------------------------------------------------------------------
/tango/appserver/static/appLogo_allwhite.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aplura/Tango/38aa3f8cd35f3cf05e6dcfc10c0d068b03e38778/tango/appserver/static/appLogo_allwhite.png
--------------------------------------------------------------------------------
/tango/appserver/static/appLogo_black.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aplura/Tango/38aa3f8cd35f3cf05e6dcfc10c0d068b03e38778/tango/appserver/static/appLogo_black.gif
--------------------------------------------------------------------------------
/tango/appserver/static/appLogo_black.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aplura/Tango/38aa3f8cd35f3cf05e6dcfc10c0d068b03e38778/tango/appserver/static/appLogo_black.png
--------------------------------------------------------------------------------
/tango/appserver/static/appLogo_white.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aplura/Tango/38aa3f8cd35f3cf05e6dcfc10c0d068b03e38778/tango/appserver/static/appLogo_white.gif
--------------------------------------------------------------------------------
/tango/appserver/static/appLogo_white.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aplura/Tango/38aa3f8cd35f3cf05e6dcfc10c0d068b03e38778/tango/appserver/static/appLogo_white.png
--------------------------------------------------------------------------------
/tango/appserver/static/application.css:
--------------------------------------------------------------------------------
1 | /* How to use this file
2 |
3 | Any values in application.css will override those from the default.css file. This file allows you to customize the look of your Splunk App. It does not let you change the overall layout. For the most part, use this to change background colors, buttons, navigation, menus, etc. You can change the color of the histogram bars, but the palette for other chart colors is not exposed to CSS yet.
4 |
5 | A note on images:
6 | Alpha channel PNG files are used for a variety of transparency effects (gradient, glass, shadows, etc.) These images will not work on IE6, so you should either provide an alternate image or override the image by using the "underscore" hack, i.e. _background-image:none. To ensure that IE6 does not render alpha channel PNG files, make sure that the override comes after the declaration that contains your PNG. Any image that starts with "overlay" is an alpha channel graphic. As well, the logo images that are PNG format are also alpha channel so you can use on whatever background you like. GIF formats are available and are set as transparent against black and white only.
7 |
8 | A note on background positioning:
9 | We use and image sprite (splIcons.gif) for most of the icons and arrows that appear in the UI. Background-position is used to set different colors. By default, this sprite has black, white, grey, green, and blue versions of arrows. If you want to change these colors, edit the local version of this file (inside this directory). Otherwise, you can choose a different color by adjusting the background position on the selected element.
10 |
11 | */
12 |
13 |
14 | /* Basic Typography
15 | ---------------------------------*/
16 | body, td {
17 | font-family:Arial,Helvetica,sans-serif;
18 | font-size:11px;
19 | color: #111;
20 | }
21 |
22 | input, textarea, select {
23 | font-family:Arial,Helvetica,sans-serif;
24 | font-size:12px;
25 | color: #333;
26 | }
27 |
28 | /* monospaced font */
29 | .splFont-mono {
30 | font-family: Consolas,Monaco,Courier New,monospace;
31 | }
32 |
33 |
34 | /* App header elements
35 | ---------------------------------*/
36 |
37 | /* Application logo
38 |
39 | height and width should be the same as your image. make sure to include some top and buttom margin in the padding.
40 |
41 | Black logo, green >
42 | background-image: url(appLogo_black.png);
43 | Black logo, black >
44 | background-image: url(appLogo_allblack.png);
45 | White logo, green >
46 | background-image: url(appLogo_white.png);
47 | White logo, white >
48 | background-image: url(appLogo_allwhite.png);
49 |
50 | For IE6, use the following images. Note that if you make a background color other than black or white (or close to it) you will need to redo the transparent GIF matte.
51 | White logo, green > for IE6, transparent against black
52 | background-image: url(appLogo_white.gif);
53 | Black logo, green > for IE6, transparent against white
54 | background-image: url(appLogo_black.gif);
55 | */
56 |
57 | .appLogo {
58 | height: 43px;
59 | width: 81px;
60 | background-image: url(appLogo_white.png);
61 | _background-image: url(appLogo_white.gif); /* for IE6 */
62 | background-repeat: no-repeat;
63 | }
64 |
65 | /* the name of your app. line height can be adjusted to fix alignment issues w/ the logo. color is the color of the text. if your logo has the name in it, then you can set this to "display:none; */
66 |
67 | .appHeaderWrapper h1 {
68 | color:;
69 | line-height: 43px;
70 | }
71 |
72 |
73 | /* background-color and/or image of your app */
74 | .appHeaderWrapper {
75 | background-color: #000;
76 | background-image: url(overlay_togradient_large.png);
77 | background-repeat: repeat-x;
78 | background-position: top;
79 | border-bottom-style: ;
80 | border-bottom-width: ;
81 | border-bottom-color: ;
82 | }
83 |
84 | /* color of top-right text */
85 | .appHeaderWrapper {
86 | color: ;
87 | }
88 | /* color of top-right links */
89 | .appHeaderWrapper a {
90 | color:;
91 | }
92 |
93 | /* app menu arrows */
94 | .appHeaderWrapper .splIcon-triangle-3-s {
95 | background-position: ;
96 | }
97 |
98 |
99 | /* loader background */
100 | #loading {
101 | background-color: ;
102 | }
103 |
104 |
105 | /* link colors
106 | ---------------------------------*/
107 | a {
108 | color: ;
109 | }
110 | a.disabled {
111 | color: ;
112 | }
113 |
114 |
115 | /* nav bar and aux links
116 | ---------------------------------*/
117 |
118 | /*
119 | set an overlay effect for your navbar or leave blank for default
120 | background-image: url(overlay_glass_28.png);
121 | background-image: url(overlay_gloss_28.png);
122 | background-image: url(overlay_gradient_28.png);
123 | background-image: url(overlay_reversegradient_28.png);
124 | background-image: url(overlay_reversegradient_light_28.png);
125 | background-image: url(overlay_reversegradientridge_28.png);
126 | background-image: url(overlay_softgradient_28.png);
127 | background-image: url(overlay_white_28.png);
128 | background-image: url(overlay_whiteridge_28.png);
129 | */
130 |
131 | .splHeader-navigation {
132 | background-image: ;
133 | background-repeat: repeat-x;
134 | _background-image: none;
135 | }
136 |
137 | /*--- the default state ---*/
138 | ul.appBarNav li a, ul.appBarNav li a:active, ul.appBarNav li a:visited {
139 | color: ;
140 | }
141 |
142 | /*--- the hover state ---*/
143 | ul.appBarNav li.hasMenu a:hover, ul.appBarNav li a:hover {
144 | color: ;
145 | background-color: ;
146 | background-image: url(overlay_white_28.png);
147 | background-repeat: repeat-x;
148 | _background-image: none; /* for IE6 */
149 | }
150 |
151 | /*--- the open state ---*/
152 | ul.appBarNav li a.menuOpen {
153 | color: ;
154 | background-color: ;
155 | background-image: url(overlay_white_28.png);
156 | background-repeat: repeat-x;
157 | _background-image: none; /* for IE6 */
158 | }
159 |
160 | /*--- link color ---*/
161 | ul.appBarNav li.hasMenu a:hover, ul.appBarNav li a.menuOpen {
162 | color: ;
163 | }
164 |
165 | /* to change arrows, see Menu section, below */
166 |
167 |
168 | /* auxiliary text and links */
169 | .AppBar .auxLinks a {
170 | color: ;
171 | }
172 | .AppBar .auxLinks span {
173 | color: ;
174 | }
175 |
176 | /* Menus
177 | ---------------------------------*/
178 |
179 | /* primary menu */
180 | .splMenu-primary ul {
181 | background-color: ;
182 | }
183 | .splMenu-primary, .splMenu-primary a, .splMenu-primary a:visited, .splMenu-primary a:hover {
184 | color: ;
185 | }
186 | .splMenu-primary .actionsMenuDivider {
187 | }
188 | .splMenu-primary li:hover {
189 | background-color: ;
190 | }
191 |
192 | /* secondary menu, used for apps pulldown */
193 | .splMenu-secondary ul {
194 | background-color: ;
195 | }
196 | .splMenu-secondary, .splMenu-secondary a {
197 | color: ;
198 | }
199 | .splMenu-secondary li.disabled a {
200 | color: ;
201 | }
202 | .splMenu-secondary li:hover {
203 | background-color: ;
204 | }
205 | .splMenu-secondary a:hover {
206 | color: ;
207 | }
208 |
209 | /* actions menu open state */
210 | .TitleBar div.menuOpen {
211 | background-color: ;
212 | color: ;
213 | }
214 |
215 |
216 | /*
217 | Arrow color is changed by adjusting background position. use the following values for these colors:
218 | grey: background-position: -7px -367px;
219 | white: background-position: -27px -367px;
220 | green: background-position: -47px -367px;
221 | black: background-position: -67px -367px;
222 | */
223 |
224 | /* nav arrow, default state */
225 | ul.appBarNav li.hasMenu a span.splIcon-triangle-2-s {
226 | }
227 |
228 | /* hover state */
229 | ul.appBarNav li.hasMenu a:hover span.splIcon-triangle-2-s {
230 | }
231 |
232 | /* open state */
233 | ul.appBarNav li.hasMenu a.menuOpen span.splIcon-triangle-2-s {
234 | }
235 |
236 | /* actions menu open state */
237 | .TitleBar div.menuOpen .splIcon-triangle-4-s {
238 | }
239 |
240 |
241 | /* background colors
242 | ---------------------------------*/
243 |
244 | /* default page color */
245 | body, .splBackground-default,
246 | .graphArea, .resultsArea,
247 | .reportSecondPanel, .reportThirdPanel,
248 | .sidebarCollapsed,
249 | .SearchBar .saTypeaheadWrapper,
250 | .ui-datepicker-links,
251 | .popupContent {
252 | background-color: ;
253 | }
254 |
255 | /* primary background - applies to search controls and primary action panels */
256 | .viewHeader, .mainSearchControls, .splSearchControls-inline,
257 | .SearchBar .saHelpWrapper,
258 | .popupContent {
259 | background-color: ;
260 | }
261 |
262 | /* secondary background - sidebar, other panels */
263 | .splBackground-secondary, .sidebarExpanded,
264 | .fieldValuePopup p.reportLinks {
265 | background-color: ;
266 | }
267 |
268 | /* Specific overrides */
269 | .layoutCellInner .ResultsHeader .splHeader, .layoutCellInner .ResultsHeader .splHeader-secondary {
270 | background: transparent none;
271 | }
272 |
273 | /* Specific overrides */
274 | .popupFooter {
275 | background-color: ;
276 | }
277 |
278 | /* dashboard background color */
279 | body.splTemplate-dashboard {
280 | background-color:;
281 | }
282 |
283 | /* dashboard containers */
284 | .dashboardCell {
285 | background-color: ;
286 | background-image:url(overlay_topgradient.png);
287 | background-repeat:repeat-x;
288 | _background-image: none; /* for IE6 */
289 | }
290 |
291 | /* headers
292 | ---------------------------------*/
293 |
294 | /* default header font color */
295 | .splHeader-dashboard h2, .dashboardContent .ServerSideInclude h2, .dashboardContent .GenericHeader h3, .SearchBar .saRow h4 {
296 | color: ;
297 | }
298 |
299 | /* primary header background color + overlay */
300 | .splHeader-primary,
301 | .TitleBar .splHeader,
302 | .FieldPickerPopup .splHeader-primary {
303 | background-color: ;
304 | background-image:url(overlay_topgradient.png);
305 | background-repeat:repeat-x;
306 | _background-image: none;
307 | }
308 |
309 | /* secondary (i.e. sidebar) header background color + overlay */
310 | .splHeader-secondary {
311 | background-color:;
312 | background-image:url(overlay_topgradient.png);
313 | background-repeat:repeat-x;
314 | _background-image: none;
315 | }
316 |
317 | /* headers w/o any overlay */
318 | .FlashTimeline .splHeader-primary {
319 | background-color:;
320 | background-image: none;
321 | }
322 |
323 | /* borders
324 | ---------------------------------*/
325 |
326 | /* ALL elements with a generic border attribute */
327 | * {
328 | border-color: #ccc;
329 | }
330 |
331 | /* refactor to remove these in default.css since they have specific color declarations; should be same value as * elements, above */
332 | .splMenu-primary ul,
333 | .splMenu-secondary ul,
334 | .Paginator a:hover {
335 | border-color: ;
336 | }
337 |
338 | /* specific overrides */
339 |
340 | .fieldValuePopup table tr.fieldNameHeaderRow th {
341 | border-bottom:1px solid #ccc;
342 | }
343 |
344 | /* horixontal rules in the sidebar */
345 | .splDivider, .SuggestedFieldViewer .splBorder-n {
346 | border-color: #ccc;
347 | }
348 |
349 |
350 |
351 |
352 | /* search controls
353 | ---------------------------------*/
354 |
355 | /* search button color; background-position of 0 0 is black, -40px 0 is white */
356 | input.searchButton {
357 | background-color: ;
358 | background-position:-40px 0;
359 | }
360 |
361 | .SearchBar .assistantActivator {
362 | background-color: ;
363 | }
364 |
365 |
366 |
367 | /* Flash timeline and charts
368 | ---------------------------------*/
369 |
370 | /* All flash charts */
371 | /*
372 | background-color -> controls bgcolor
373 | border-left-color -> controls foregroundColor
374 | color -> controls fontColor
375 | controls and and font color get screened via an alpha layer, so should probably be set to all black or white, depending on main background
376 | */
377 | div.FlashChart {
378 | background-color: ;
379 | color: ;
380 | border-left-color: ;
381 | }
382 |
383 | /* flash timeline specific */
384 | /*
385 | background-color -> controls bgcolor
386 | border-left-color -> controls foregroundColor
387 | color -> controls fontColor
388 | border-right-color -> controls seriesColor
389 | controls and and font color get screened via an alpha layer, so should probably be set to all black or white, depending on main background
390 | */
391 | div.FlashTimeline {
392 | background-color: ;
393 | border-left-color: ;
394 | color: ;
395 | /* the color of the histogram bar. border-right-color = fill */
396 | border-right-color: ;
397 | }
398 |
399 | /* popup bar chart; should be same color as flash timeline */
400 | .splBarGraphBar {
401 | background-color:;
402 | }
403 |
404 |
405 |
406 |
407 | /* buttons
408 | ---------------------------------*/
409 |
410 | .splButton-primary {
411 | background-color: ;
412 | color: ;
413 | }
414 | .splButton-primary:hover {
415 | background-color: ;
416 | }
417 | .splButton-secondary {
418 | background-color:;
419 | color: ;
420 | }
421 | .splButton-secondary:hover {
422 | background-color: ;
423 | }
424 |
425 | /* form elements
426 | _________________________________*/
427 |
428 | fieldset legend {
429 | color: ;
430 | }
431 | fieldset legend span {
432 | color: ;
433 | }
434 | p.exampleText {
435 | color: ;
436 | }
437 | p.fieldsetHelpText {
438 | color: ;
439 | }
440 |
441 | /*-- disabled and read-only form elements --*/
442 |
443 | label.disabledLabel {
444 | color: ;
445 | }
446 | select option[disabled] {
447 | color: ;
448 | }
449 | input.readonly {
450 | background-color: ;
451 | }
452 |
453 |
454 | input[disabled]{
455 | background-color: transparent;
456 | border-color: transparent;
457 | color: ;
458 | }
459 |
460 | /* Icons
461 | ---------------------------------*/
462 | .splIcon-events-list, .splIcon-events-table, .splIcon-results-table {
463 | /*--
464 | master icon file. edit the local file and include this stanza if you want to override the defaults
465 | background-image: url(splIcons.gif);
466 |
467 | --*/
468 | }
469 |
470 | /*-- background color for icons --*/
471 | .splIcon {
472 | background-color: #999;
473 | }
474 |
475 | /*-- switchers that use icons --*/
476 |
477 | .ButtonSwitcher ul li.selected, .ButtonSwitcher ul li.selected:hover,
478 | .EventsViewer .default .actions,
479 | div.FlashTimeline a.logScaleSelected span, div.FlashTimeline a.linScaleSelected span {
480 | border: 1px solid #999;
481 | background-color: #999;
482 | }
483 |
484 | /*-- paginator uses similar styles --*/
485 |
486 | .Paginator .active a, .Paginator .active a:hover {
487 | background-color: #999;
488 | border-color: #999;
489 | color: #fff;
490 | }
491 |
492 | /*-- arrow icons --*/
493 | .splIcon-arrow-n, .splIcon-arrow-e, .splIcon-arrow-s, .splIcon-arrow-w {
494 | background-color: #999;
495 | }
496 |
497 | /* triangles. keep this last to avoid getting background colors in the arrows! */
498 | /* Note: to separate color from implementation, we're using a numbering system to differentiate colors.
499 | 1=grey,2=white,3=green,4=black,5=blue. If the icon sprite changes, the number mapping to colors would be different */
500 | .splIcon-triangle,
501 | .splIcon-triangle-1-n, .splIcon-triangle-1-s, .splIcon-triangle-1-e, .splIcon-triangle-1-w,
502 | .splIcon-triangle-2-n, .splIcon-triangle-2-s, .splIcon-triangle-2-e, .splIcon-triangle-2-w,
503 | .splIcon-triangle-3-n, .splIcon-triangle-3-s, .splIcon-triangle-3-e, .splIcon-triangle-3-w,
504 | .splIcon-triangle-4-n, .splIcon-triangle-4-s, .splIcon-triangle-4-e, .splIcon-triangle-4-w,
505 | .splIcon-triangle-5-n, .splIcon-triangle-5-s, .splIcon-triangle-5-e, .splIcon-triangle-5-w {
506 | background-color:transparent;
507 | }
508 | .splIcon-triangle-large {
509 | background-color:transparent;
510 | }
511 |
512 |
513 | /* tables
514 | ------------------------------*/
515 | table.splTable {
516 | border-color: ;
517 | }
518 | table.splTable th {
519 | border-color: ;
520 | }
521 | table.splTable th a {
522 | color: ;
523 | }
524 | table.splTable td {
525 | border-color: ;
526 | }
527 |
528 |
529 |
530 | /* highlight colors
531 | ---------------------------------*/
532 | /*-- event items --*/
533 | .EventsViewer .default .a, .EventsViewer .default .h, .EventsViewer .default .fields .v:hover, .EventsViewer .default .fields .tg:hover {
534 | background-color: ;
535 | }
536 |
537 | /*-- row highlighting for tables --*/
538 | table.splTable tr:hover td {
539 | background-color:;
540 | }
541 | .mouseoverHighlight, .mouseoverHightlight td {
542 | background-color:;
543 | }
544 |
545 | /*-- matching search terms --*/
546 | .SimpleEventsViewer span.searchTermHighlight {
547 | background-color:;
548 | }
549 |
550 | /* MultiFieldViewer + SuggestedFieldViewer, i.e. highlight in the fields sidebar */
551 | .MultiFieldViewer .fieldTabs .mouseoverHighlight,
552 | .MultiFieldViewer .fieldTabs .selected,
553 | .SuggestedFieldViewer .fieldTabs .mouseoverHighlight,
554 | .SuggestedFieldViewer .fieldTabs .selected {
555 | background-color:;
556 | }
557 |
558 | /* field picker popup hover row */
559 | .FieldPickerPopup .fpFieldList tbody tr:hover, .FieldPickerPopup .fpFieldList tbody tr.mouseoverHighlight {
560 | background-color: ;
561 | }
562 |
563 |
564 |
565 | /* date picker
566 | ---------------------------------*/
567 | .ui-datepicker-current-day {
568 | background-color: ;
569 | }
570 |
571 | .ui-datepicker-links {
572 | background-image: url(overlay_gradient.png) repeat-x 0 0;
573 | _background-image: none;
574 | }
575 |
576 | /* popups
577 | ---------------------------------*/
578 | .splHeader-popup {
579 | background-color: #000;
580 | background-image: url(overlay_gradient.png);
581 | background-repeat: repeat-x;
582 | _background-image: none;
583 | }
584 |
585 | .splHeader-popup h2 {
586 | color:#FFF;
587 | }
588 |
589 | .popupContainer {
590 | border-color: ;
591 | }
592 |
593 | /* modal overlay */
594 | .splOverlay, .splOverlay-white {
595 | background-color: #000;
596 | opacity:0.8;
597 | filter:alpha(opacity=80);
598 | }
599 | .splOverlay-white {
600 | background-color:#FFF;
601 | }
602 |
603 | /* Misc
604 | ---------------------------------*/
605 |
606 | /* resize handle */
607 | .ui-resizable-s {
608 | background-color:#ccc !important;
609 | }
610 |
611 | /* loading image for jobs */
612 | .JobStatus .output .running h2,
613 | .JobStatus .output .runningReport h2,
614 | .JobStatus .output .finalizing h2 {
615 | /*
616 | loader background must match the same color as the background of your output div. leave blank to use the default loader, or download a custom image from www.ajaxload.info, name it loader.gif and include this line:
617 |
618 | background-image: url(loader.gif);
619 | */
620 | }
621 |
622 |
623 | /* remove the gradient at top of event and results area */
624 | .EventsViewer, .SimpleResultsTableResults {
625 | background-image: none;
626 | }
627 |
--------------------------------------------------------------------------------
/tango/appserver/static/bg_hash_grey.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aplura/Tango/38aa3f8cd35f3cf05e6dcfc10c0d068b03e38778/tango/appserver/static/bg_hash_grey.gif
--------------------------------------------------------------------------------
/tango/appserver/static/loader.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aplura/Tango/38aa3f8cd35f3cf05e6dcfc10c0d068b03e38778/tango/appserver/static/loader.gif
--------------------------------------------------------------------------------
/tango/appserver/static/overlay_bottomgradient_10.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aplura/Tango/38aa3f8cd35f3cf05e6dcfc10c0d068b03e38778/tango/appserver/static/overlay_bottomgradient_10.png
--------------------------------------------------------------------------------
/tango/appserver/static/overlay_bottomgradient_18.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aplura/Tango/38aa3f8cd35f3cf05e6dcfc10c0d068b03e38778/tango/appserver/static/overlay_bottomgradient_18.png
--------------------------------------------------------------------------------
/tango/appserver/static/overlay_bottomgradient_large.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aplura/Tango/38aa3f8cd35f3cf05e6dcfc10c0d068b03e38778/tango/appserver/static/overlay_bottomgradient_large.png
--------------------------------------------------------------------------------
/tango/appserver/static/overlay_bottomgradient_soft.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aplura/Tango/38aa3f8cd35f3cf05e6dcfc10c0d068b03e38778/tango/appserver/static/overlay_bottomgradient_soft.png
--------------------------------------------------------------------------------
/tango/appserver/static/overlay_glass_28.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aplura/Tango/38aa3f8cd35f3cf05e6dcfc10c0d068b03e38778/tango/appserver/static/overlay_glass_28.png
--------------------------------------------------------------------------------
/tango/appserver/static/overlay_gloss_28.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aplura/Tango/38aa3f8cd35f3cf05e6dcfc10c0d068b03e38778/tango/appserver/static/overlay_gloss_28.png
--------------------------------------------------------------------------------
/tango/appserver/static/overlay_gradient.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aplura/Tango/38aa3f8cd35f3cf05e6dcfc10c0d068b03e38778/tango/appserver/static/overlay_gradient.png
--------------------------------------------------------------------------------
/tango/appserver/static/overlay_gradient_25.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aplura/Tango/38aa3f8cd35f3cf05e6dcfc10c0d068b03e38778/tango/appserver/static/overlay_gradient_25.png
--------------------------------------------------------------------------------
/tango/appserver/static/overlay_gradient_28.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aplura/Tango/38aa3f8cd35f3cf05e6dcfc10c0d068b03e38778/tango/appserver/static/overlay_gradient_28.png
--------------------------------------------------------------------------------
/tango/appserver/static/overlay_gradient_4.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aplura/Tango/38aa3f8cd35f3cf05e6dcfc10c0d068b03e38778/tango/appserver/static/overlay_gradient_4.png
--------------------------------------------------------------------------------
/tango/appserver/static/overlay_gradient_50.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aplura/Tango/38aa3f8cd35f3cf05e6dcfc10c0d068b03e38778/tango/appserver/static/overlay_gradient_50.png
--------------------------------------------------------------------------------
/tango/appserver/static/overlay_innerleftshadow.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aplura/Tango/38aa3f8cd35f3cf05e6dcfc10c0d068b03e38778/tango/appserver/static/overlay_innerleftshadow.png
--------------------------------------------------------------------------------
/tango/appserver/static/overlay_innershadow_4.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aplura/Tango/38aa3f8cd35f3cf05e6dcfc10c0d068b03e38778/tango/appserver/static/overlay_innershadow_4.png
--------------------------------------------------------------------------------
/tango/appserver/static/overlay_reversegradient_28.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aplura/Tango/38aa3f8cd35f3cf05e6dcfc10c0d068b03e38778/tango/appserver/static/overlay_reversegradient_28.png
--------------------------------------------------------------------------------
/tango/appserver/static/overlay_reversegradient_4.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aplura/Tango/38aa3f8cd35f3cf05e6dcfc10c0d068b03e38778/tango/appserver/static/overlay_reversegradient_4.png
--------------------------------------------------------------------------------
/tango/appserver/static/overlay_reversegradient_light_28.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aplura/Tango/38aa3f8cd35f3cf05e6dcfc10c0d068b03e38778/tango/appserver/static/overlay_reversegradient_light_28.png
--------------------------------------------------------------------------------
/tango/appserver/static/overlay_reversegradientridge_28.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aplura/Tango/38aa3f8cd35f3cf05e6dcfc10c0d068b03e38778/tango/appserver/static/overlay_reversegradientridge_28.png
--------------------------------------------------------------------------------
/tango/appserver/static/overlay_softgradient_28.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aplura/Tango/38aa3f8cd35f3cf05e6dcfc10c0d068b03e38778/tango/appserver/static/overlay_softgradient_28.png
--------------------------------------------------------------------------------
/tango/appserver/static/overlay_togradient_large.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aplura/Tango/38aa3f8cd35f3cf05e6dcfc10c0d068b03e38778/tango/appserver/static/overlay_togradient_large.png
--------------------------------------------------------------------------------
/tango/appserver/static/overlay_topInnerShadow_35.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aplura/Tango/38aa3f8cd35f3cf05e6dcfc10c0d068b03e38778/tango/appserver/static/overlay_topInnerShadow_35.png
--------------------------------------------------------------------------------
/tango/appserver/static/overlay_topgradient.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aplura/Tango/38aa3f8cd35f3cf05e6dcfc10c0d068b03e38778/tango/appserver/static/overlay_topgradient.png
--------------------------------------------------------------------------------
/tango/appserver/static/overlay_topgradient_beige_soft.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aplura/Tango/38aa3f8cd35f3cf05e6dcfc10c0d068b03e38778/tango/appserver/static/overlay_topgradient_beige_soft.png
--------------------------------------------------------------------------------
/tango/appserver/static/overlay_topgradient_soft.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aplura/Tango/38aa3f8cd35f3cf05e6dcfc10c0d068b03e38778/tango/appserver/static/overlay_topgradient_soft.png
--------------------------------------------------------------------------------
/tango/appserver/static/overlay_white_28.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aplura/Tango/38aa3f8cd35f3cf05e6dcfc10c0d068b03e38778/tango/appserver/static/overlay_white_28.png
--------------------------------------------------------------------------------
/tango/appserver/static/overlay_whiteridge_28.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aplura/Tango/38aa3f8cd35f3cf05e6dcfc10c0d068b03e38778/tango/appserver/static/overlay_whiteridge_28.png
--------------------------------------------------------------------------------
/tango/appserver/static/single.css:
--------------------------------------------------------------------------------
1 | .single-trend {
2 | position: relative;
3 | top: -15px;
4 | text-align: center;
5 | font-size: 18px;
6 | color: #888;
7 | }
8 | .single-trend i {
9 | font-size: 28px;
10 | vertical-align: text-bottom;
11 | }
12 | .single-trend.nochange, .single-trend.nochange i {
13 | font-size: 14px;
14 | }
15 | .single-trend.increase {
16 | color: #F03B4E;
17 | }
18 | .single-trend.decrease {
19 | color: #40EBBB;
20 | }
21 | .table .table, .table-striped>tbody>tr>td {
22 | color: #131B23;
23 | }
24 |
--------------------------------------------------------------------------------
/tango/appserver/static/single_trend.css:
--------------------------------------------------------------------------------
1 | .single-trend {
2 | position: relative;
3 | top: -15px;
4 | text-align: center;
5 | font-size: 18px;
6 | color: #888;
7 | }
8 | .single-trend i {
9 | font-size: 28px;
10 | vertical-align: text-bottom;
11 | }
12 | .single-trend.nochange, .single-trend.nochange i {
13 | font-size: 14px;
14 | }
15 | .single-trend.increase {
16 | color: #F03B4E;
17 | }
18 | .single-trend.decrease {
19 | color: #40EBBB;
20 | }
21 | .table .table, .table-striped>tbody>tr>td {
22 | color: #131B23;
23 | }
24 | .single-value .single-result {
25 | color: #40EBBB;
26 | }
27 |
--------------------------------------------------------------------------------
/tango/appserver/static/single_trend.js:
--------------------------------------------------------------------------------
1 | require([
2 | 'jquery',
3 | 'underscore',
4 | 'splunkjs/mvc',
5 | 'splunkjs/mvc/simplesplunkview',
6 | 'splunkjs/mvc/simplexml/element/single',
7 | 'splunkjs/mvc/simplexml/ready!'
8 | ], function($, _, mvc, SimpleSplunkView, SingleElement) {
9 | // Custom view to annotate a single value element with a trend indicator
10 | var SingleValueTrendIndicator = SimpleSplunkView.extend({
11 | // Override fetch settings
12 | outputMode: 'json',
13 | returnCount: 2,
14 | // Default options
15 | options: {
16 | changeFieldType: 'text'
17 | },
18 | // Icon CSS classes
19 | icons: {
20 | increase: 'icon-triangle-up-small',
21 | decrease: 'icon-triangle-down-small'
22 | },
23 | // Template for trend indicator
24 | template: _.template(
25 | '
