cdr

package
v0.0.498 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 15, 2024 License: Apache-2.0 Imports: 1 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Attributes

type Attributes struct {
	MfaAuthenticated string `json:"mfaAuthenticated,omitempty"`
	CreationDate     string `json:"creationDate,omitempty"`
}

type CdrAlert

type CdrAlert struct {
	// CloudMetadata is the metadata of the cloud
	CloudMetadata `json:"cloudMetadata,omitempty"`
	// EventData is the event data
	EventData `json:"eventData,omitempty"`
	// RuleName is the name of the rule
	RuleName string `json:"ruleName,omitempty"`
	// RuleID is the unique identifier of the rule
	RuleID string `json:"ruleID,omitempty"`
	// Description is the description of the rule
	Description string `json:"description,omitempty"`
	// Priority is the severity of the rule
	Priority string `json:"priority,omitempty"`
	// Tags is the tags of the rule
	Tags []string `json:"tags,omitempty"`
	// Message is the failure message
	Message string `json:"message,omitempty"`
	// MitreTactic is the MITRE ATT&CK tactic
	MitreTactic string `json:"mitreTactic,omitempty"`
	// MitreTechnique is the MITRE ATT&CK technique
	MitreTechnique string `json:"mitreTechnique,omitempty"`
}

type CdrAlertBatch

type CdrAlertBatch struct {
	// CustomerGUID is the unique identifier of the customer
	CustomerGUID string `json:"customerGUID,omitempty"`
	// CloudAccountID is the unique identifier of the cloud account
	CloudAccountID string `json:"cloudAccountID,omitempty"`
	// RuleFailures is the list of rule failures
	RuleFailures []CdrAlert `json:"ruleFailures,omitempty"`
}

type CloudMetadata

type CloudMetadata struct {
	// Provider is the cloud provider
	Provider CloudProvider `json:"provider,omitempty"`
	// SourceService is the source service (e.g cloudtrail, cloudwatch, etc)
	SourceService CloudService `json:"sourceService,omitempty"`
}

type CloudProvider

type CloudProvider string

Cloud providers

const (
	// AWS is the AWS cloud provider
	AWS CloudProvider = "aws"
)

type CloudService

type CloudService string

Cloud services

const (
	// CloudTrail is the cloudtrail service
	CloudTrail CloudService = "cloudtrail"
)

type CloudTrailEvent

type CloudTrailEvent struct {
	EventVersion        string                 `json:"eventVersion"`
	UserIdentity        UserIdentity           `json:"userIdentity"`
	EventTime           time.Time              `json:"eventTime"`
	EventSource         string                 `json:"eventSource"`
	EventName           string                 `json:"eventName"`
	AWSRegion           string                 `json:"awsRegion"`
	SourceIPAddress     string                 `json:"sourceIPAddress"`
	UserAgent           string                 `json:"userAgent"`
	ErrorCode           string                 `json:"errorCode,omitempty"`
	ErrorMessage        string                 `json:"errorMessage,omitempty"`
	RequestParameters   map[string]interface{} `json:"requestParameters,omitempty"`
	ResponseElements    map[string]interface{} `json:"responseElements,omitempty"`
	AdditionalEventData map[string]interface{} `json:"additionalEventData,omitempty"`
	RequestID           string                 `json:"requestId"`
	EventID             string                 `json:"eventId"`
	EventType           string                 `json:"eventType"`
	APIVersion          string                 `json:"apiVersion,omitempty"`
	ReadOnly            bool                   `json:"readOnly"`
	ManagementEvent     bool                   `json:"managementEvent"`
	Resources           []Resource             `json:"resources,omitempty"`
	RecipientAccountId  string                 `json:"recipientAccountId,omitempty"`
	SharedEventID       string                 `json:"sharedEventId,omitempty"`
	VpcEndpointId       string                 `json:"vpcEndpointId,omitempty"`
	TLSDetails          *TLSDetails            `json:"tlsDetails,omitempty"`
	ServiceEventDetails map[string]interface{} `json:"serviceEventDetails,omitempty"`
}

type CustomerDetails

type CustomerDetails struct {
	// CustomerGUID is the unique identifier of the customer account
	CustomerGUID string `json:"customerGUID"`
	// AccessKey is the access key of the customer account
	AccessKey string `json:"accessKey"`
}

type EventData

type EventData struct {
	// AWSCloudTrail cloudtrail event
	AWSCloudTrail *CloudTrailEvent `json:"awsCloudTrail,omitempty"`
}

The types corresponds to the SourceService type

type OnBehalfOf

type OnBehalfOf struct {
	UserId           string `json:"userId"`
	IdentityStoreArn string `json:"identityStoreArn"`
}

type Resource

type Resource struct {
	ResourceType string `json:"resourceType"`
	ResourceName string `json:"resourceName,omitempty"`
	ResourceARN  string `json:"ARN,omitempty"`
}

type SessionContext

type SessionContext struct {
	SessionIssuer *SessionIssuer `json:"sessionIssuer,omitempty"`
	Attributes    *Attributes    `json:"attributes,omitempty"`
}

type SessionIssuer

type SessionIssuer struct {
	Type        string `json:"type"`
	PrincipalID string `json:"principalId"`
	ARN         string `json:"arn"`
	AccountID   string `json:"accountId"`
	UserName    string `json:"userName"`
}

type TLSDetails

type TLSDetails struct {
	TLSVersion               string `json:"tlsVersion,omitempty"`
	CipherSuite              string `json:"cipherSuite,omitempty"`
	ClientProvidedHostHeader string `json:"clientProvidedHostHeader,omitempty"`
}

type UserIdentity

type UserIdentity struct {
	Type           string          `json:"type"`
	PrincipalID    string          `json:"principalId"`
	ARN            string          `json:"arn,omitempty"`
	AccountID      string          `json:"accountId"`
	AccessKeyID    string          `json:"accessKeyId,omitempty"`
	UserName       string          `json:"userName,omitempty"`
	InvokedBy      string          `json:"invokedBy,omitempty"`
	SessionContext *SessionContext `json:"sessionContext,omitempty"`
	OnBehalfOf     *OnBehalfOf     `json:"onBehalfOf,omitempty"`
	CredentialId   string          `json:"credentialId,omitempty"`
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL