Documentation
¶
Index ¶
- Constants
- func FalconClient(ctx context.Context, conf *Config, r fdk.Request) (*client.CrowdStrikeAPISpecification, error)
- func GenerateID(key string) (string, error)
- func NewAPIError(code int, msg string) fdk.APIError
- func NewFQLQuery(filters []Filter) (string, error)
- func NewFQLSort(field string, direction Direction) (string, error)
- func NewValidationError(code ValidationErrorCode, msg string) fdk.APIError
- func NextRun(schedule *Schedule, startTime time.Time) (time.Time, error)
- type ActionType
- type Audit
- type AuditResponse
- type Config
- type Direction
- type Filter
- type InstallSoftwareAction
- type Job
- type JobResponse
- type JobsResponse
- type Operator
- type Paging
- type RTRAction
- type RemoveFileAction
- type Schedule
- type SearchObjectsRequest
- type SearchObjectsResponse
- type SearchType
- type TargetHost
- type UpsertJobRequest
- type UpsertJobResponse
- type ValidationErrorCode
- type WorkflowsInfo
Constants ¶
View Source
const ( // EQ equals. EQ Operator = "" // NEQ not equals. NEQ = "!" // GT greater than. GT = ">" // GTE greater than or equal to. GTE = ">=" // LT less than. LT = "<" // LTE less than or equal to. LTE = "<=" // MATCH match. MATCH = "~" // NMATCH not match. NMATCH = "!~" )
View Source
const ( RunNowTimeCyclesFormat = "%d %d */1 * *" DateFormat = "%02d-%02d-%d" // 8-28-2023 InstallSoftware ActionType = "installSoftware" RemoveFile ActionType = "removeFile" )
Variables ¶
This section is empty.
Functions ¶
func FalconClient ¶
func FalconClient(ctx context.Context, conf *Config, r fdk.Request) (*client.CrowdStrikeAPISpecification, error)
FalconClient returns a new instance of the GoFalcon client. If the client cannot be created or if there is no access token in the request, an error is returned.
func GenerateID ¶
GenerateID creates a consistent value when writing or retrieving targets
func NewFQLQuery ¶
NewFQLQuery constructs a new FQL query, and-ing all the filter arguments together.
func NewFQLSort ¶
NewFQLSort constructs a new FQL sort string.
func NewValidationError ¶
func NewValidationError(code ValidationErrorCode, msg string) fdk.APIError
NewValidationError creates a new msaspec.Error using the code and the message
Types ¶
type ActionType ¶
type ActionType string
ActionType determines the type of activity the job needs to do
func (ActionType) String ¶
func (a ActionType) String() string
String method converts enum to string
type Audit ¶
type Audit struct {
JobName string `json:"job_name,omitempty" description:"JobName is name of the job created/updated."`
ModifiedAt *time.Time `json:"modified_at,omitempty" description:"ModifiedAt time of the job modified at."`
Version int `json:"version" description:"Version of the job."`
ModifiedBy string `json:"modified_by,omitempty" description:"ModifiedBy is username of the person modified the job"`
Action string `json:"action" description:"Handle indicates if the job was created or edited."`
ID string `json:"id" description:"ID of the audit log."`
JobID string `json:"job_id" description:"JobID is id of the job."`
}
Audit log for the job been created and modified
type AuditResponse ¶
type AuditResponse struct {
Resources []Audit `json:"resources" description:"Resources is the list of Audit Info from custom storage."`
Meta *Paging `json:"meta,omitempty" description:"Meta is the pagination information."`
}
AuditResponse holds the response of all the audit logs in descending order of creation.
type Config ¶
type Config struct {
Cloud falcon.CloudType
JobsCollection string
AuditLogsCollection string
RemoveSystemWorkflowTemplateID string
RemoveConditionNodeID string
InstallSystemWorkflowTemplateID string
InstallConditionNodeID string
BuildQSystemWorkflowTemplateID string
ExecutionNotifierWorkflow string
}
type Direction ¶
type Direction int
Direction indicates if a sort operation should be ascending or descending.
type Filter ¶
type Filter struct {
// Field is the name of the field on which to filter.
Field string
// Value is the value of the filter query.
Value string
// Op is the comparison operator.
Op Operator
}
Filter is an FQL filter request.
type InstallSoftwareAction ¶
type InstallSoftwareAction struct {
InstallFilePath string `json:"install_file_path" description:""`
CommandSwitch string `json:"command_switch" description:"CommandSwitch command need to be run during installing the file."`
FileName string `json:"file_name" description:"FileName indicates the file to be installed on the sensor."`
}
InstallSoftwareAction contains the file path to be install on a sensor.
type Job ¶
type Job struct {
UserID string `json:"user_id" description:"UserID is the ID of the user who submitted the request."`
UserName string `json:"user_name" description:"UserName is the username or email of the user who submitted the request."`
ID string `json:"id,omitempty" description:"ID identifies a job"`
Name string `json:"name" description:"Name is the name of the job."`
Description string `json:"description,omitempty" description:"Description is the description of the job."`
Version int `json:"version" description:"Version of the job"`
Draft bool `json:"draft" description:"Draft indicates if the the job provisioned or not."`
Notifications []string `json:"notifications" description:"Notifications is a list of email addresses to notify regarding this job."`
Tags []string `json:"tags" description:"Tags is a list of tags to assign to this job."`
HostCount int `json:"host_count" description:"HostCount gives estimates number of host targeted for this job."`
Action *RTRAction `json:"action" description:"Handle contains information about the RTR put file or command."`
Schedule *Schedule `json:"schedule" description:"Schedule defines when this job should execute."`
WSchedule *Schedule `json:"wschedule" description:"Schedule defines when this job should execute in workflow format."`
Target *TargetHost `json:"target" description:"Target defines the systems against which the action should be performed."`
Workflows *WorkflowsInfo `json:"workflows" description:"Workflows created for this job"`
RunNow bool `json:"run_now" description:"Indicates if we need to run the workflow now."`
TotalRecurrences int `json:"total_recurrences" description:"TotalRecurrences is number of times job needs to be run."`
RunCount int `json:"run_count" description:"RunCount is number of time job has ran."`
NextRun *time.Time `json:"next_run,omitempty" description:"NextRun indicates the next time the job will run."`
LastRun *time.Time `json:"last_run,omitempty" description:"LastRun indicates the last time the job ran."`
OutputFormat []string `json:"output_format" description:"OutputFormat determines the user expecting the output format to be in."`
CreatedAt *time.Time `json:"created_at,omitempty" description:"CreatedAt indicates the time at which job was created."`
UpdatedAt *time.Time `json:"updated_at,omitempty" description:"UpdatedAt indicates the time at which jon was updated last."`
DeletedAt *time.Time `json:"deleted_at,omitempty" description:"DeletedAt indicates the time at which job was deleted"`
}
Job holds the information regarding the job
type JobResponse ¶
type JobResponse struct {
Resource Job `json:"resource" description:"Resource indicates Job details."`
}
JobResponse holds the job info.
type JobsResponse ¶
type JobsResponse struct {
Resources []Job `json:"resources" description:"resources is list of Jobs in the custom storage"`
Meta *Paging `json:"meta" description:"meta is the pagination info."`
}
JobsResponse holds the response from the Handle.Jobs() function.
type Paging ¶
type Paging struct {
Next string `json:"next,omitempty" description:"Next is the marker to the next page."`
Prev string `json:"prev,omitempty" description:"Prev is the marker to the previous page."`
Total int `json:"total,omitempty" description:"Total is the total number of records available."`
Limit int `json:"limit,omitempty" description:"Limit is the total number of records to be queried per page."`
Count int `json:"count,omitempty" description:"Count is the total of record in a given page."`
}
Paging paging metadata
type RTRAction ¶
type RTRAction struct {
Type ActionType `json:"type" description:"Type indicates the type of activity the job needs to run."`
InstallSoftwareAction
RemoveFileAction
}
RTRAction indicates the RTR action the job needs to do.
type RemoveFileAction ¶
type RemoveFileAction struct {
RemoveFileName string `json:"remove_file_name" description:"RemoveFileName indicates the name file to be removed."`
RemoveFilePath string `json:"remove_file_path" description:"RemoveFilePath indicates the path of the file to be removed."`
}
RemoveFileAction indicates the file path and name to be removed from the sensor
type Schedule ¶
type Schedule struct {
TimeCycle string `` /* 134-byte string literal not displayed */
Start string `json:"start_date,omitempty" description:"Start date in mm-dd-yyyy format"`
End string `json:"end_date,omitempty" description:"End date in mm-dd-yyyy format"`
Timezone string `json:"-" description:"Timezone label from IANA timezone database, for example, America/Los_Angeles"`
SkipConcurrent bool `json:"skip_concurrent" description:"Flag indicating if concurrent execution of scheduled workflow should be skipped or not"`
}
Schedule contains the cron job expression along with start and end date for the job.
type SearchObjectsRequest ¶
type SearchObjectsRequest struct {
// Collection is the name of the collection.
Collection string
// Filter is the FQL filter.
Filter string
// Limit is the maximum number of records to be returned.
Limit int
// Offset is the records offset.
Offset int
// Sort is the FQL sort string.
Sort string
}
SearchObjectsRequest is a request to locate objects matching the provided filter.
type SearchObjectsResponse ¶
type SearchObjectsResponse struct {
// ObjectKeys contains the keys of objects which match the search response.
ObjectKeys []string
// Offset is the next value to present to the API get back the next page of results.
Offset int
// Total is the total number of records which match the filter.
Total int
}
SearchObjectsResponse contains the results of the search.
type SearchType ¶
type SearchType string
SearchType determines if the action needs to check if registry key or file exist.
func (SearchType) String ¶
func (a SearchType) String() string
String method converts enum to string
type TargetHost ¶
type TargetHost struct {
HostGroups []string `json:"host_groups" description:"HostGroups indicates the list of host groups."`
Hosts []string `json:"hosts" description:"Hosts indicates the list of host."`
OfflineQueueing bool `json:"offline_queueing" description:"OfflineQueueing indicates if need to target host which are offline."`
}
TargetHost is the list of hostgroups/host the job needs to run against.
type UpsertJobRequest ¶
type UpsertJobRequest struct {
Job
}
UpsertJobRequest holds info of the job.
func (*UpsertJobRequest) Validate ¶
func (ujr *UpsertJobRequest) Validate() []fdk.APIError
Validate returns back any errors present in
type UpsertJobResponse ¶
type UpsertJobResponse struct {
Resource string `json:"resource" description:""`
}
UpsertJobResponse holds the response when querying a job.
type ValidationErrorCode ¶
type ValidationErrorCode int
ValidationErrorCode is the error code assigned to a specific validation error
const ( // JobNameIsRequired error code if job name is absent. JobNameIsRequired ValidationErrorCode = iota + 1001 // NotificationEmailsRequired error code if emails are absent. NotificationEmailsRequired // JobNameChangedError error code if the name of the job changed. JobNameChangedError // JobIDGenerationFailure error code for the ID generation failure. JobIDGenerationFailure JobScheduleIsIncorrect InvalidJobUpdateOperation InvalidJobTarget InvalidActionType InvalidActionConfig )
Operation validation errors
type WorkflowsInfo ¶
type WorkflowsInfo struct {
ScheduleWorkflow string `json:"scheduled_workflow" description:"ScheduleWorkflow is the main workflow which runs the activity on an sensor"`
NotifierWorkflow string `` /* 141-byte string literal not displayed */
}
WorkflowsInfo indicates the workflow created for the job
Source Files
Click to show internal directories.
Click to hide internal directories.