stratus

package
v2.19.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 6, 2024 License: Apache-2.0 Imports: 6 Imported by: 3

Documentation

Index

Constants

View Source 
const (
	AttackTechniqueStatusCold      = "COLD"
	AttackTechniqueStatusWarm      = "WARM"
	AttackTechniqueStatusDetonated = "DETONATED"
)
View Source 
const (
	AWS        = "AWS"
	EKS        = "EKS"
	Kubernetes = "kubernetes"
	Azure      = "azure"
	EntraID    = "entra-id"
	GCP        = "GCP"
)

Variables

This section is empty.

Functions

func EnsureAuthenticated 

func EnsureAuthenticated(platform Platform) error

EnsureAuthenticated ensures that the current user is properly authenticated against a specific platform

Types

type AttackTechnique 

type AttackTechnique struct {
	// Short identifier, e.g. aws.persistence.create-iam-user
	ID string `yaml:"id"`

	// Friendly-looking short name
	FriendlyName string `yaml:"name"`

	// Full description (multi-line)
	Description string `yaml:"-"`

	// Pointer and leads for detection opportunities (multi-line)
	Detection string `yaml:"-"`

	// Indicates if the technique is expected to be slow to warm-up or detonate
	IsSlow bool `yaml:"isSlow"`

	// MITRE ATT&CK Tactics to which this technique maps
	// see https://attack.mitre.org/techniques/enterprise/
	MitreAttackTactics []mitreattack.Tactic `yaml:"mitreAttackTactics"`

	// The platform of the technique, e.g. AWS
	Platform Platform `yaml:"platform"`

	// Terraform code to apply to create the necessary prerequisites for the technique to be detonated
	PrerequisitesTerraformCode []byte `yaml:"-"`

	// Detonation function
	// Parameters are the Terraform outputs
	Detonate func(params map[string]string, providerFactory CloudProviders) error `yaml:"-"`

	// Indicates if the detonation function is idempotent, i.e. if it can be run multiple times without reverting it
	IsIdempotent bool `yaml:"isIdempotent"`

	// Reversion function, to revert the side effects of a detonation
	Revert func(params map[string]string, providerFactory CloudProviders) error `yaml:"-"`
}

func (AttackTechnique) String 

func (m AttackTechnique) String() string

type AttackTechniqueFilter 

type AttackTechniqueFilter struct {
	Platform Platform
	Tactic   mitreattack.Tactic
}

type AttackTechniqueState 

type AttackTechniqueState string

type CloudProviders added in v2.5.0 

type CloudProviders interface {
	AWS() *providers.AWSProvider
	K8s() *providers.K8sProvider
	Azure() *providers.AzureProvider
	EntraId() *providers.EntraIdProvider
	GCP() *providers.GCPProvider
	EKS() *providers.EKSProvider
}

CloudProviders provides a unified interface to access the various cloud providers SDKs

type CloudProvidersImpl added in v2.5.0 

type CloudProvidersImpl struct {
	UniqueCorrelationID uuid.UUID
	AWSProvider         *providers.AWSProvider
	K8sProvider         *providers.K8sProvider
	AzureProvider       *providers.AzureProvider
	GCPProvider         *providers.GCPProvider
	EKSProvider         *providers.EKSProvider
	EntraIdProvider     *providers.EntraIdProvider
}

func (CloudProvidersImpl) AWS added in v2.5.0 

func (m CloudProvidersImpl) AWS() *providers.AWSProvider

func (CloudProvidersImpl) Azure added in v2.5.0 

func (m CloudProvidersImpl) Azure() *providers.AzureProvider

func (CloudProvidersImpl) EKS added in v2.16.0 

func (m CloudProvidersImpl) EKS() *providers.EKSProvider

func (CloudProvidersImpl) EntraId added in v2.17.0 

func (m CloudProvidersImpl) EntraId() *providers.EntraIdProvider

func (CloudProvidersImpl) GCP added in v2.5.0 

func (m CloudProvidersImpl) GCP() *providers.GCPProvider

func (CloudProvidersImpl) K8s added in v2.5.0 

func (m CloudProvidersImpl) K8s() *providers.K8sProvider

type Platform 

type Platform string

func PlatformFromString 

func PlatformFromString(name string) (Platform, error)

func (Platform) FormatName added in v2.4.9 

func (p Platform) FormatName() (string, error)

func (Platform) MarshalYAML added in v2.4.9 

func (p Platform) MarshalYAML() (interface{}, error)

MarshalYAML implements the Marshaler interface from "gopkg.in/yaml.v3". It uses the formatted name when marshalling to YAML. From "azure" to "Azure", etc.

func (Platform) UnmarshalYAML added in v2.4.9 

func (p Platform) UnmarshalYAML(node *yaml.Node) error

UnmarshalYAML implements the Marshaler interface from "gopkg.in/yaml.v3". It does the reverse operation defined on MarshalYAML. It mutates Platform from "Azure" to "azure".

type Registry 

type Registry struct {
	// contains filtered or unexported fields
}

func GetRegistry 

func GetRegistry() *Registry

func NewRegistry 

func NewRegistry() Registry

func (*Registry) GetAttackTechniqueByName 

func (m *Registry) GetAttackTechniqueByName(name string) *AttackTechnique

func (*Registry) GetAttackTechniques 

func (m *Registry) GetAttackTechniques(filter *AttackTechniqueFilter) []*AttackTechnique

func (*Registry) ListAttackTechniques 

func (m *Registry) ListAttackTechniques() []*AttackTechnique

func (*Registry) RegisterAttackTechnique 

func (m *Registry) RegisterAttackTechnique(technique *AttackTechnique)

Source Files

View all Source files

Directories

Path Synopsis
mocks

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.