Documentation ¶
Index ¶
Constants ¶
View Source
const ( AttackTechniqueStatusCold = "COLD" AttackTechniqueStatusWarm = "WARM" AttackTechniqueStatusDetonated = "DETONATED" )
View Source
const ( AWS = "AWS" Kubernetes = "kubernetes" Azure = "azure" GCP = "GCP" )
Variables ¶
This section is empty.
Functions ¶
func EnsureAuthenticated ¶
EnsureAuthenticated ensures that the current user is properly authenticated against a specific platform
Types ¶
type AttackTechnique ¶
type AttackTechnique struct { // Short identifier, e.g. aws.persistence.create-iam-user ID string `yaml:"id"` // Friendly-looking short name FriendlyName string `yaml:"name"` // Full description (multi-line) Description string `yaml:"-"` // Pointer and leads for detection opportunities (multi-line) Detection string `yaml:"-"` // Indicates if the technique is expected to be slow to warm-up or detonate IsSlow bool `yaml:"isSlow"` // MITRE ATT&CK Tactics to which this technique maps // see https://attack.mitre.org/techniques/enterprise/ MitreAttackTactics []mitreattack.Tactic `yaml:"mitreAttackTactics"` // The platform of the technique, e.g. AWS Platform Platform `yaml:"platform"` // Terraform code to apply to create the necessary prerequisites for the technique to be detonated PrerequisitesTerraformCode []byte `yaml:"-"` // Detonation function // Parameters are the Terraform outputs Detonate func(params map[string]string, providerFactory CloudProviders) error `yaml:"-"` // Indicates if the detonation function is idempotent, i.e. if it can be run multiple times without reverting it IsIdempotent bool `yaml:"isIdempotent"` // Reversion function, to revert the side effects of a detonation Revert func(params map[string]string, providerFactory CloudProviders) error `yaml:"-"` }
func (AttackTechnique) String ¶
func (m AttackTechnique) String() string
type AttackTechniqueFilter ¶
type AttackTechniqueFilter struct { Platform Platform Tactic mitreattack.Tactic }
type AttackTechniqueState ¶
type AttackTechniqueState string
type CloudProviders ¶ added in v2.5.0
type CloudProviders interface { AWS() *providers.AWSProvider K8s() *providers.K8sProvider Azure() *providers.AzureProvider GCP() *providers.GCPProvider }
CloudProviders provides a unified interface to access the various cloud providers SDKs
type CloudProvidersImpl ¶ added in v2.5.0
type CloudProvidersImpl struct { UniqueCorrelationID uuid.UUID AWSProvider *providers.AWSProvider K8sProvider *providers.K8sProvider AzureProvider *providers.AzureProvider GCPProvider *providers.GCPProvider }
func (CloudProvidersImpl) AWS ¶ added in v2.5.0
func (m CloudProvidersImpl) AWS() *providers.AWSProvider
func (CloudProvidersImpl) Azure ¶ added in v2.5.0
func (m CloudProvidersImpl) Azure() *providers.AzureProvider
func (CloudProvidersImpl) GCP ¶ added in v2.5.0
func (m CloudProvidersImpl) GCP() *providers.GCPProvider
func (CloudProvidersImpl) K8s ¶ added in v2.5.0
func (m CloudProvidersImpl) K8s() *providers.K8sProvider
type Platform ¶
type Platform string
func PlatformFromString ¶
func (Platform) FormatName ¶ added in v2.4.9
func (Platform) MarshalYAML ¶ added in v2.4.9
MarshalYAML implements the Marshaler interface from "gopkg.in/yaml.v3". It uses the formatted name when marshalling to YAML. From "azure" to "Azure", etc.
func (Platform) UnmarshalYAML ¶ added in v2.4.9
UnmarshalYAML implements the Marshaler interface from "gopkg.in/yaml.v3". It does the reverse operation defined on MarshalYAML. It mutates Platform from "Azure" to "azure".
type Registry ¶
type Registry struct {
// contains filtered or unexported fields
}
func GetRegistry ¶
func GetRegistry() *Registry
func NewRegistry ¶
func NewRegistry() Registry
func (*Registry) GetAttackTechniqueByName ¶
func (m *Registry) GetAttackTechniqueByName(name string) *AttackTechnique
func (*Registry) GetAttackTechniques ¶
func (m *Registry) GetAttackTechniques(filter *AttackTechniqueFilter) []*AttackTechnique
func (*Registry) ListAttackTechniques ¶
func (m *Registry) ListAttackTechniques() []*AttackTechnique
func (*Registry) RegisterAttackTechnique ¶
func (m *Registry) RegisterAttackTechnique(technique *AttackTechnique)
Source Files ¶
Click to show internal directories.
Click to hide internal directories.