stratus

package
v2.12.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 8, 2024 License: Apache-2.0 Imports: 6 Imported by: 3

Documentation

Index

Constants

View Source
const (
	AttackTechniqueStatusCold      = "COLD"
	AttackTechniqueStatusWarm      = "WARM"
	AttackTechniqueStatusDetonated = "DETONATED"
)
View Source
const (
	AWS        = "AWS"
	Kubernetes = "kubernetes"
	Azure      = "azure"
	GCP        = "GCP"
)

Variables

This section is empty.

Functions

func EnsureAuthenticated

func EnsureAuthenticated(platform Platform) error

EnsureAuthenticated ensures that the current user is properly authenticated against a specific platform

Types

type AttackTechnique

type AttackTechnique struct {
	// Short identifier, e.g. aws.persistence.create-iam-user
	ID string `yaml:"id"`

	// Friendly-looking short name
	FriendlyName string `yaml:"name"`

	// Full description (multi-line)
	Description string `yaml:"-"`

	// Pointer and leads for detection opportunities (multi-line)
	Detection string `yaml:"-"`

	// Indicates if the technique is expected to be slow to warm-up or detonate
	IsSlow bool `yaml:"isSlow"`

	// MITRE ATT&CK Tactics to which this technique maps
	// see https://attack.mitre.org/techniques/enterprise/
	MitreAttackTactics []mitreattack.Tactic `yaml:"mitreAttackTactics"`

	// The platform of the technique, e.g. AWS
	Platform Platform `yaml:"platform"`

	// Terraform code to apply to create the necessary prerequisites for the technique to be detonated
	PrerequisitesTerraformCode []byte `yaml:"-"`

	// Detonation function
	// Parameters are the Terraform outputs
	Detonate func(params map[string]string, providerFactory CloudProviders) error `yaml:"-"`

	// Indicates if the detonation function is idempotent, i.e. if it can be run multiple times without reverting it
	IsIdempotent bool `yaml:"isIdempotent"`

	// Reversion function, to revert the side effects of a detonation
	Revert func(params map[string]string, providerFactory CloudProviders) error `yaml:"-"`
}

func (AttackTechnique) String

func (m AttackTechnique) String() string

type AttackTechniqueFilter

type AttackTechniqueFilter struct {
	Platform Platform
	Tactic   mitreattack.Tactic
}

type AttackTechniqueState

type AttackTechniqueState string

type CloudProviders added in v2.5.0

type CloudProviders interface {
	AWS() *providers.AWSProvider
	K8s() *providers.K8sProvider
	Azure() *providers.AzureProvider
	GCP() *providers.GCPProvider
}

CloudProviders provides a unified interface to access the various cloud providers SDKs

type CloudProvidersImpl added in v2.5.0

type CloudProvidersImpl struct {
	UniqueCorrelationID uuid.UUID
	AWSProvider         *providers.AWSProvider
	K8sProvider         *providers.K8sProvider
	AzureProvider       *providers.AzureProvider
	GCPProvider         *providers.GCPProvider
}

func (CloudProvidersImpl) AWS added in v2.5.0

func (CloudProvidersImpl) Azure added in v2.5.0

func (CloudProvidersImpl) GCP added in v2.5.0

func (CloudProvidersImpl) K8s added in v2.5.0

type Platform

type Platform string

func PlatformFromString

func PlatformFromString(name string) (Platform, error)

func (Platform) FormatName added in v2.4.9

func (p Platform) FormatName() (string, error)

func (Platform) MarshalYAML added in v2.4.9

func (p Platform) MarshalYAML() (interface{}, error)

MarshalYAML implements the Marshaler interface from "gopkg.in/yaml.v3". It uses the formatted name when marshalling to YAML. From "azure" to "Azure", etc.

func (Platform) UnmarshalYAML added in v2.4.9

func (p Platform) UnmarshalYAML(node *yaml.Node) error

UnmarshalYAML implements the Marshaler interface from "gopkg.in/yaml.v3". It does the reverse operation defined on MarshalYAML. It mutates Platform from "Azure" to "azure".

type Registry

type Registry struct {
	// contains filtered or unexported fields
}

func GetRegistry

func GetRegistry() *Registry

func NewRegistry

func NewRegistry() Registry

func (*Registry) GetAttackTechniqueByName

func (m *Registry) GetAttackTechniqueByName(name string) *AttackTechnique

func (*Registry) GetAttackTechniques

func (m *Registry) GetAttackTechniques(filter *AttackTechniqueFilter) []*AttackTechnique

func (*Registry) ListAttackTechniques

func (m *Registry) ListAttackTechniques() []*AttackTechnique

func (*Registry) RegisterAttackTechnique

func (m *Registry) RegisterAttackTechnique(technique *AttackTechnique)

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL