C2 Overview
C2 (Command and Control) consists of C2 Server and C2 Agents (clients). MiNiFi agents implementing the C2 protocol are able to communicate with the C2 server. Currently an HTTP/HTTPS RESTFul paradigm exists to support C2 capabilities to MiNiFi C2 agents. At the core of the protocol we find the periodic heartbeat from clients to server. Every command and control mechanism is driven and triggered by the responses to the heartbeat messages. Building on top of this "flipped" direction the C2 Server doesn't need to be aware of the clients location beforehand, it will be notified by them via the first heartbeat messages.
C2 Operations
Agents are controlled via operation (and operand) combinations sent in the heartbeat responses.
C2 Agent → C2 Server
| Operation Name | Description |
|---|---|
| HEARTBEAT | Heartbeat provides status and operational capabilities to C2 server(s) |
| ACKNOWLEDGE | Used by MiNiFi C2 agents to acknowledge the receipt and execution of a C2 server requested operation |
C2 Server → C2 Agent
| Operation Name | Operand Name | Arguments | Description |
|---|---|---|---|
| DESCRIBE | MANIFEST | N/A | Requesting manifest information from the agent |
| UPDATE | CONFIGURATION |
| Initiating flow configuration update on the agent side. Steps:
|
Reference Implementations
| Name | Location | |
|---|---|---|
| C2 Protocol | API | https://github.com/apache/nifi/tree/main/c2/c2-protocol/c2-protocol-api (C2Heartbeat is the main entry point) |
| Component | https://github.com/apache/nifi/tree/main/c2/c2-protocol/c2-protocol-component-api | |
| C2 Server | MiNiFi C2 Service | https://github.com/apache/nifi/tree/main/minifi/minifi-c2 |
| C2 Client | CPP Client | https://github.com/apache/nifi-minifi-cpp/ |
| Java Client | https://github.com/apache/nifi/tree/main/minifi |