exporters

package
v0.0.40 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 13, 2024 License: Apache-2.0 Imports: 21 Imported by: 0

README

KubeCop exporters package

This package contains the exporters for the KubeCop project.

Exporters

The following exporters are available:

Alertmanager

The Alertmanager exporter is used to send alerts to the Alertmanager. The Alertmanager will then send the alerts to the configured receivers. This exporter supports multiple Alertmanagers. The alerts will be sent to all configured Alertmanagers. To enable the Alertmanager exporter, set the following environment variables:

  • ALERTMANAGER_URLS: The URLs of the Alertmanagers. Example: localhost:9093 or localhost:9093,localhost:9094
STD OUT

The STD OUT exporter is used to print the alerts to the standard output. This exporter is enabled by default. To disable the STD OUT exporter, set the following environment variable:

  • STDOUT_ENABLED: Set to false to disable the STD OUT exporter.
SYSLOG

The SYSLOG exporter is used to send the alerts to a syslog server. This exporter is disabled by default. NOTE: The SYSLOG messages format is RFC 5424. To enable the SYSLOG exporter, set the following environment variables:

  • SYSLOG_HOST: The host of the syslog server. Example: localhost:514
  • SYSLOG_PROTOCOL: The protocol of the syslog server. Example: tcp or udp
CSV

The CSV exporter is used to write the alerts to a CSV file. This exporter is disabled by default. To enable the CSV exporter, set the following environment variables:

  • EXPORTER_CSV_RULE_PATH: The path to the CSV file of the failed rules. Example: /tmp/alerts.csv
  • EXPORTER_CSV_MALWARE_PATH: The path to the CSV file of the malwares found. Example: /tmp/malware.csv
HTTP endpoint

The HTTP endpoint exporter is used to send the alerts to an HTTP endpoint. This exporter is disabled by default. To enable the HTTP endpoint exporter, set the following environment variables:

  • HTTP_ENDPOINT_URL: The URL of the HTTP endpoint. Example: http://localhost:8080/alerts This will send a POST request to the specified URL with the alerts as the body. The alerts are limited to 10000 per minute. If the limit is reached, the exporter will stop sending alerts for the rest of the minute and will send a system alert to the configured HTTP endpoint.

Documentation

Index

Constants

View Source
const (
	// AlertManagerURLs separator delimiter.
	AlertManagerSepartorDelimiter = ","
)

Variables

This section is empty.

Functions

func PriorityToStatus

func PriorityToStatus(priority int) string

Types

type AlertManagerExporter

type AlertManagerExporter struct {
	Host     string
	NodeName string
	// contains filtered or unexported fields
}

func InitAlertManagerExporter

func InitAlertManagerExporter(alertmanagerURL string) *AlertManagerExporter

func (*AlertManagerExporter) SendMalwareAlert added in v0.0.19

func (ame *AlertManagerExporter) SendMalwareAlert(malwareDescription scan.MalwareDescription)

func (*AlertManagerExporter) SendRuleAlert added in v0.0.19

func (ame *AlertManagerExporter) SendRuleAlert(failedRule rule.RuleFailure)

type CsvExporter added in v0.0.17

type CsvExporter struct {
	CsvRulePath    string
	CsvMalwarePath string
}

CsvExporter is an exporter that sends alerts to csv

func InitCsvExporter added in v0.0.17

func InitCsvExporter(csvRulePath, csvMalwarePath string) *CsvExporter

InitCsvExporter initializes a new CsvExporter

func (*CsvExporter) SendMalwareAlert added in v0.0.19

func (ce *CsvExporter) SendMalwareAlert(malwareDescription scan.MalwareDescription)

func (*CsvExporter) SendRuleAlert added in v0.0.19

func (ce *CsvExporter) SendRuleAlert(failedRule rule.RuleFailure)

SendRuleAlert sends an alert to csv

type Exporter

type Exporter interface {
	// SendRuleAlert sends an alert on failed rule to the exporter
	SendRuleAlert(failedRule rule.RuleFailure)
	// SendMalwareAlert sends an alert on malware detection to the exporter.
	SendMalwareAlert(scan.MalwareDescription)
}

generic exporter interface

type ExporterBus added in v0.0.22

type ExporterBus struct {
	// contains filtered or unexported fields
}

func InitExporters

func InitExporters(exportersConfig ExportersConfig) ExporterBus

InitExporters initializes all exporters.

func (*ExporterBus) SendMalwareAlert added in v0.0.22

func (e *ExporterBus) SendMalwareAlert(malwareDescription scan.MalwareDescription)

func (*ExporterBus) SendRuleAlert added in v0.0.22

func (e *ExporterBus) SendRuleAlert(failedRule rule.RuleFailure)

type ExportersConfig

type ExportersConfig struct {
	StdoutExporter           *bool               `yaml:"stdoutExporter"`
	AlertManagerExporterUrls string              `yaml:"alertManagerExporterUrls"`
	SyslogExporter           string              `yaml:"syslogExporterURL"`
	CsvRuleExporterPath      string              `yaml:"CsvRuleExporterPath"`
	CsvMalwareExporterPath   string              `yaml:"CsvMalwareExporterPath"`
	HTTPExporterConfig       *HTTPExporterConfig `yaml:"httpExporterConfig"`
}

type HTTPAlert added in v0.0.37

type HTTPAlert struct {
	RuleAlert     `json:",inline"`
	MalwareAlert  `json:",inline"`
	RuleName      string `json:"ruleName"`
	Message       string `json:"message"`
	ContainerID   string `json:"containerID,omitempty"`
	ContainerName string `json:"containerName,omitempty"`
	PodNamespace  string `json:"podNamespace,omitempty"`
	PodName       string `json:"podName,omitempty"`
	HostName      string `json:"hostName"`
	NodeName      string `json:"nodeName"`
}

type HTTPAlertsList added in v0.0.37

type HTTPAlertsList struct {
	Kind       string             `json:"kind"`
	ApiVersion string             `json:"apiVersion"`
	Spec       HTTPAlertsListSpec `json:"spec"`
}

type HTTPAlertsListSpec added in v0.0.37

type HTTPAlertsListSpec struct {
	Alerts []HTTPAlert `json:"alerts"`
}

type HTTPExporter added in v0.0.37

type HTTPExporter struct {
	Host     string
	NodeName string
	// contains filtered or unexported fields
}

we will have a CRD-like json struct to send in the HTTP request

func InitHTTPExporter added in v0.0.37

func InitHTTPExporter(config HTTPExporterConfig) (*HTTPExporter, error)

InitHTTPExporter initializes an HTTPExporter with the given URL, headers, timeout, and method

func (*HTTPExporter) SendMalwareAlert added in v0.0.37

func (exporter *HTTPExporter) SendMalwareAlert(malwareDescription scan.MalwareDescription)

func (*HTTPExporter) SendRuleAlert added in v0.0.37

func (exporter *HTTPExporter) SendRuleAlert(failedRule rule.RuleFailure)

type HTTPExporterConfig added in v0.0.37

type HTTPExporterConfig struct {
	// URL is the URL to send the HTTP request to
	URL string `json:"url"`
	// Headers is a map of headers to send in the HTTP request
	Headers map[string]string `json:"headers"`
	// Timeout is the timeout for the HTTP request
	TimeoutSeconds int `json:"timeoutSeconds"`
	// Method is the HTTP method to use for the HTTP request
	Method             string `json:"method"`
	MaxAlertsPerMinute int    `json:"maxAlertsPerMinute"`
}

func (*HTTPExporterConfig) Validate added in v0.0.37

func (config *HTTPExporterConfig) Validate() error

type MalwareAlert added in v0.0.37

type MalwareAlert struct {
	MalwareName        string `json:"malwareName,omitempty"`
	MalwareDescription string `json:"malwareDescription,omitempty"`
	// Path to the file that was infected
	Path string `json:"path,omitempty"`
	// Hash of the file that was infected
	Hash string `json:"hash,omitempty"`
	// Size of the file that was infected
	Size string `json:"size,omitempty"`
	// Is part of the image
	IsPartOfImage bool `json:"isPartOfImage,omitempty"`
	// K8s resource that was infected
	Resource schema.GroupVersionResource `json:"resource,omitempty"`
	// K8s container image that was infected
	ContainerImage string `json:"containerImage,omitempty"`
}

type RuleAlert added in v0.0.37

type RuleAlert struct {
	Severity       int    `json:"severity,omitempty"`    // PriorityToStatus(failedRule.Priority()),
	ProcessName    string `json:"processName,omitempty"` // failedRule.Event().Comm,
	FixSuggestions string `json:"fixSuggestions,omitempty"`
	PID            uint32 `json:"pid,omitempty"`
	PPID           uint32 `json:"ppid,omitempty"` //  Parent Process ID
	UID            uint32 `json:"uid,omitempty"`  // User ID of the process
	GID            uint32 `json:"gid,omitempty"`  // Group ID of the process
}

type StdoutExporter

type StdoutExporter struct {
	// contains filtered or unexported fields
}

func InitStdoutExporter

func InitStdoutExporter(useStdout *bool) *StdoutExporter

func (*StdoutExporter) SendMalwareAlert added in v0.0.19

func (exporter *StdoutExporter) SendMalwareAlert(malwareDescription scan.MalwareDescription)

func (*StdoutExporter) SendRuleAlert added in v0.0.19

func (exporter *StdoutExporter) SendRuleAlert(failedRule rule.RuleFailure)

type SyslogExporter added in v0.0.14

type SyslogExporter struct {
	// contains filtered or unexported fields
}

SyslogExporter is an exporter that sends alerts to syslog

func InitSyslogExporter added in v0.0.14

func InitSyslogExporter(syslogHost string) *SyslogExporter

InitSyslogExporter initializes a new SyslogExporter

func (*SyslogExporter) SendMalwareAlert added in v0.0.19

func (se *SyslogExporter) SendMalwareAlert(malwareDescription scan.MalwareDescription)

SendMalwareAlert sends an alert to syslog (RFC 5424) - https://tools.ietf.org/html/rfc5424

func (*SyslogExporter) SendRuleAlert added in v0.0.19

func (se *SyslogExporter) SendRuleAlert(failedRule rule.RuleFailure)

SendRuleAlert sends an alert to syslog (RFC 5424) - https://tools.ietf.org/html/rfc5424

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL