Components

The Envoy server container has 3 main components:

• searchhead - serves the web interface and provides an API server that can be used by scripts or other processes.
• indexer - internal component that receives data from the connector and stores it. It will also forward to dataproc for further processing.
• dataproc - data processing component, that enriches the data (currently only with geolocation from RIPE) and performs additional calculations and data mining. It receives data from the indexer, and uses the searchhead API to perform actions and queries on the system.
• connector - component responsible for fetching and parsing data source providers.

The Envoy configuration file is:

• /etc/envoy/envoyconfig.yml - configuration file generated inside the container. If you run the above docker run command, you can access it from your local machine at /tmp/envoy/config/envoyconfig.yml. The documentation for the config file is here.