threatintel

package
v0.0.0-...-dd46dfa Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 20, 2024 License: Apache-2.0 Imports: 31 Imported by: 6

Documentation

Index

Constants

View Source 
const (

	// database types
	DBTypeVulnerability = "vulnerability"
	DBTypeSecrets       = "secret"
	DBTypeMalware       = "malware"
	DBTypePosture       = "posture"

	VulnerabilityRuleJSONFileName = "vulnerability.json"
)
View Source 
const (
	Version3 = "3"
	Version5 = "5"
)
View Source 
const (
	MalwareRulesStore = "malware"
)
View Source 
const (
	SecretsRulesStore = "secrets"
)

Variables

View Source 
var (
	ListingJSON          = "listing.json"
	VulnerabilityDBStore = "vulnerability"
	ListingPath          = path.Join(VulnerabilityDBStore, ListingJSON)
)
View Source 
var ErrDatabaseNotFound = errors.New("database type not found")
View Source 
var (
	PostureControlsStore = "posture"
)

Functions

func DeepfenceRule2json 

func DeepfenceRule2json(input []DeepfenceRule) []map[string]any

func DeleteFileMinio 

func DeleteFileMinio(ctx context.Context, fName string) error

func DownloadAndPopulateCloudControls 

func DownloadAndPopulateCloudControls(ctx context.Context, entry Entry) error

func DownloadMalwareRules 

func DownloadMalwareRules(ctx context.Context, entry Entry) error

func DownloadSecretsRules 

func DownloadSecretsRules(ctx context.Context, entry Entry) error

func DownloadVulnerabilityDB 

func DownloadVulnerabilityDB(ctx context.Context, info Entry) error

func ExportYaraRules 

func ExportYaraRules(outDir string, rules []DeepfenceRule, extra []string)

func ExposeFile 

func ExposeFile(ctx context.Context, fName string, consoleURL string, ttlCache *ttlcache.Cache[string, string]) (string, error)

func ExtractDFRules2NativeRules 

func ExtractDFRules2NativeRules(inpath, outdir string) error

func FetchCloudPostureControlsURL 

func FetchCloudPostureControlsURL(ctx context.Context, consoleURL string, ttlCache *ttlcache.Cache[string, string]) (string, string, error)

func FetchMalwareRulesInfo 

func FetchMalwareRulesInfo(ctx context.Context) (path, hash string, err error)

func FetchMalwareRulesURL 

func FetchMalwareRulesURL(ctx context.Context, consoleURL string, ttlCache *ttlcache.Cache[string, string]) (string, string, error)

func FetchPostureControlsInfo 

func FetchPostureControlsInfo(ctx context.Context) (path, hash string, err error)

func FetchSecretsRulesInfo 

func FetchSecretsRulesInfo(ctx context.Context) (path, hash string, err error)

func FetchSecretsRulesURL 

func FetchSecretsRulesURL(ctx context.Context, consoleURL string, ttlCache *ttlcache.Cache[string, string]) (string, string, error)

func IngestMalwareRules 

func IngestMalwareRules(ctx context.Context, content []byte) error

func IngestSecretRules 

func IngestSecretRules(ctx context.Context, content []byte) error

func ProcessTarGz 

func ProcessTarGz(content []byte, processFile func(header *tar.Header, reader io.Reader) error) error

func TriggerLoadCloudControls 

func TriggerLoadCloudControls(ctx context.Context) error

func UpdateMalwareRulesInfo 

func UpdateMalwareRulesInfo(ctx context.Context, hash, path string) error

func UpdatePostureControlsInfo 

func UpdatePostureControlsInfo(ctx context.Context, hash, path string) error

func UpdateSecretsRulesInfo 

func UpdateSecretsRulesInfo(ctx context.Context, hash, path string) error

func UploadToMinio 

func UploadToMinio(ctx context.Context, fb []byte, dbPath, fName string) (string, string, error)

func VulnDBUpdateListing 

func VulnDBUpdateListing(ctx context.Context, newFile, newFileCheckSum string, buildTime time.Time) error

Types

type Artefact 

type Artefact struct {
	Name    string `json:"name"`
	Type    string `json:"type"`
	Content []byte `json:"content"`
}

type DBUploadRequest 

type DBUploadRequest struct {
	Database multipart.File `formData:"database" json:"database" validate:"required" required:"true"`
}

type Database 

type Database struct {
	Built    time.Time `json:"built"`
	Version  int       `json:"version"`
	URL      string    `json:"url"`
	Checksum string    `json:"checksum"`
}

type DeepfenceRule 

type DeepfenceRule struct {
	RuleID      string `json:"rule_id"`
	Type        string `json:"type"`
	Payload     string `json:"payload"`
	Severity    string `json:"severity"`
	Description string `json:"description"`
}

type Entry 

type Entry struct {
	Built    time.Time `json:"built"`
	Version  string    `json:"version"`
	Type     string    `json:"type"`
	URL      string    `json:"url"`
	Checksum string    `json:"checksum"`
}

type FeedsBundle 

type FeedsBundle struct {
	Version      string       `json:"version"`
	CreatedAt    int64        `json:"created_at"`
	ScannerFeeds ScannerFeeds `json:"scanner_feeds"`
	TracerFeeds  TracerFeeds  `json:"tracer_feeds"`
	Extra        []string     `json:"extra"`
}

func NewFeeds 

func NewFeeds(createdAt int64, version string) *FeedsBundle

func (*FeedsBundle) AddCloudComplianceRules 

func (fb *FeedsBundle) AddCloudComplianceRules(df []DeepfenceRule)

func (*FeedsBundle) AddComplianceRules 

func (fb *FeedsBundle) AddComplianceRules(df []DeepfenceRule)

func (*FeedsBundle) AddFilesystemRules 

func (fb *FeedsBundle) AddFilesystemRules(df []DeepfenceRule)

func (*FeedsBundle) AddMalwareRules 

func (fb *FeedsBundle) AddMalwareRules(df []DeepfenceRule)

func (*FeedsBundle) AddNetworkRules 

func (fb *FeedsBundle) AddNetworkRules(df ...DeepfenceRule)

func (*FeedsBundle) AddProcessRules 

func (fb *FeedsBundle) AddProcessRules(df []DeepfenceRule)

func (*FeedsBundle) AddSecretRules 

func (fb *FeedsBundle) AddSecretRules(df []DeepfenceRule)

func (*FeedsBundle) AddTracerArtefacts 

func (fb *FeedsBundle) AddTracerArtefacts(df []Artefact)

func (*FeedsBundle) AddVulnerabilityRules 

func (fb *FeedsBundle) AddVulnerabilityRules(df []DeepfenceRule)

func (*FeedsBundle) RemoveAllTypeNetworkRules 

func (fb *FeedsBundle) RemoveAllTypeNetworkRules(t string)

type Listing 

type Listing struct {
	Available map[string][]Entry `json:"available"`
}

func (*Listing) GetLatest 

func (l *Listing) GetLatest(version, dbType string) (Entry, error)

func (*Listing) GetLatestN 

func (l *Listing) GetLatestN(version string, dbType ...string) ([]Entry, error)

type ScannerFeeds 

type ScannerFeeds struct {
	VulnerabilityRules   []DeepfenceRule `json:"vulnerability_rules"`
	SecretRules          []DeepfenceRule `json:"secret_rules"`
	MalwareRules         []DeepfenceRule `json:"malware_rules"`
	ComplianceRules      []DeepfenceRule `json:"compliance_rules"`
	CloudComplianceRules []DeepfenceRule `json:"cloud_compliance_rules"`
}

type TracerFeeds 

type TracerFeeds struct {
	NetworkRules      []DeepfenceRule `json:"network_rules"`
	FilesystemRules   []DeepfenceRule `json:"filesystem_rules"`
	ProcessRules      []DeepfenceRule `json:"process_rules"`
	ExternalArtefacts []Artefact      `json:"external_artefacts"`
}

type VulnerabilityDBListing 

type VulnerabilityDBListing struct {
	Available map[string][]Database `json:"available"`
}

func LoadListing 

func LoadListing(d []byte) (*VulnerabilityDBListing, error)

func NewVulnerabilityDBListing 

func NewVulnerabilityDBListing() *VulnerabilityDBListing

func (*VulnerabilityDBListing) Append 

func (v *VulnerabilityDBListing) Append(db Database, version string)

func (*VulnerabilityDBListing) Bytes 

func (v *VulnerabilityDBListing) Bytes() ([]byte, error)

func (*VulnerabilityDBListing) Latest 

func (v *VulnerabilityDBListing) Latest(version string) *Database

func (*VulnerabilityDBListing) LatestN 

func (v *VulnerabilityDBListing) LatestN(version string, num int) (latest []Database, oldest []Database)

func (*VulnerabilityDBListing) Set 

func (v *VulnerabilityDBListing) Set(dbs []Database, version string)

func (*VulnerabilityDBListing) Sort 

func (v *VulnerabilityDBListing) Sort(version string)

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.