Sentinel View 1.0 Release
Highly anticipated release of Sentinel Viev have come to life. It wasn’t a breeze due to issues with time-expensive database queries. The upgrade was conducted in spirit of optimizing the ever-growing database. Although Martin Prudek, the author of major changes is not part of the team, his effort left everlasting mark on the project. Another former colleague, Vojta Myslivec, have been unforgettable helping hand in regard to the database end and it’s improvement.
Figure 1: sentinel
What is the Sentinel View
It is our pleasure to provide the data that flow to our database as part of Sentinel project. That is what the Sentinel View is made for. It is able to provide Turris users with data collected specifically on their device or from devices that run Sentinel instance all over the world.
new responsive front-end
option to filter data on passed intervals
basic categories upgrade and more data
My Device page
caching, aggregation (on back-end)
New data, new appearance
The look of Sentinel View have been upgraded. Not only that it looks way better but also behaves responsive, improves small screen menu and provides better table view on mobile screen.
Figure 2: mobile
As the multidimensional graphs on former Sentinel View had been hard to read due to high count of items, we stripped their count to seven for better experience.
Another important feature is option to view data by passed time interval. Specific options are following:
last 12 hours
last three months (a quarter of a year)
Figure 3: passwords
For each table or graph (and especially for the data in longer-term options) the data are pre-cached so there are no specific database queries on back-end for every http request. We’ll circle back to that later in the article. Each map view is also dependent on selected interval.
The graph Number of unique attackers have been added on the overview page. Some data were split to new categories for the sake of clarity and to show more detailed information. You may appreciate Incidents page with graph Top Traps by recorded incidents as starting point.
Figure 4: incidents
Another insightful change is addition of Ports page, with tables listing count of top protocol port combinations.
Figure 5: ports
The page My Devices is the one that should catch your interest the most. This page serves to visualize data for specific user devices using device token as identifier.
The token can be obtained using following command on console of Turris router:
uci get sentinel.main.device_token
We plan to integrate it into routers web interface in one of the following releases.
Figure 6: mydevice
What you don’t see
Significant changes were performed on back-end. Former reliance on InfluxDB was dismissed after half a year due to time expensive queries. The cornerstone of Sentinel View is undoubtedly PostgreSQL with timescale extension.
For each category there is specific table in database with joins on necessary minimal cases. Each table is aggregated after finishing it’s cycle. For example passwords_hourly aggregates from parent table passwords_quarterly (as a quarter of an hour) each hour. From these tables either on timely basis or on user query triggered on My Devices page the data are being cached and displayed to you - our users.
To wrap it up
We do not end here. Knowing that Sentinel View is literally the face of our project it is handy that we are now able to implement changes that were delayed or sidetracked by this change. We plan following patches to be released in following months:
Dynamic Firewall real time visualization
have I been pawned (Turris edition)
auto fill My Device page from Foris
Help hints to each graph/table
We hope to get any feedback from interested users and make the future of Sentinel View as accessible as possible.
Author: Filip Hron