Documentation ¶
Index ¶
- Constants
- Variables
- func CreateReferenceListUpdateMask(updateLines, updateDescription bool) string
- func GenerateDefaultBasePaths(region string) map[string]string
- type AzureBlobStoreFeedConfiguration
- type AzureBlobStoreFeedFeedAuthentication
- type BaseFeed
- type ChronicleAPIError
- type Client
- func (cli *Client) ChangeAlertingRule(id string, alertingEnabled bool) error
- func (cli *Client) ChangeEnableFeed(id string, enabled bool) error
- func (cli *Client) ChangeLiveRule(id string, liveEnabled bool) error
- func (cli *Client) CreateFeed(displayName, logType, namespace string, labels []Label, ...) (string, error)
- func (cli *Client) CreateReferenceList(referenceList ReferenceList) (string, error)
- func (cli *Client) CreateRule(rule Rule) (string, error)
- func (cli *Client) CreateRuleVersion(rule Rule) error
- func (cli *Client) CreateSubject(subject Subject) error
- func (cli *Client) DeleteRule(id string) error
- func (cli *Client) DeleteSubject(name string) error
- func (cli *Client) DestroyFeed(name string) error
- func (cli *Client) GetCredentials(clientScopes []string, accessToken, credentials, envVariable string) (*googleoauth.Credentials, error)
- func (cli *Client) GetReferenceList(name string) (*ReferenceList, error)
- func (cli *Client) GetRule(id string) (*Rule, error)
- func (cli *Client) GetSubject(name string) (*Subject, error)
- func (cli *Client) ReadFeed(name string) (*BaseFeed, *ConcreteFeedConfiguration, error)
- func (cli *Client) UpdateFeed(name, displayName, logType, namespace string, labels []Label, ...) error
- func (cli *Client) UpdateReferenceList(referenceList ReferenceList, updateLines, updateDescription bool) (*ReferenceList, error)
- func (cli *Client) UpdateSubject(subject Subject) error
- func (cli *Client) VerifyYARARule(yaraRule string) (bool, error)
- func (cli *Client) WithAlertBasePath(uri string) *Client
- func (cli *Client) WithAliasBasePath(uri string) *Client
- func (cli *Client) WithArtifactBasePath(uri string) *Client
- func (cli *Client) WithAssetBasePath(uri string) *Client
- func (cli *Client) WithEventsBasePath(uri string) *Client
- func (cli *Client) WithFeedManagementBasePath(uri string) *Client
- func (cli *Client) WithIOCBasePath(uri string) *Client
- func (cli *Client) WithRuleBasePath(uri string) *Client
- func (cli *Client) WithSubjectsBasePath(uri string) *Client
- type ClientRateLimiters
- type ConcreteFeedConfiguration
- type FeedDetails
- type GCPBucketFeedConfiguration
- type Label
- type MicrosoftOffice365ManagementActivityFeedAuthentication
- type MicrosoftOffice365ManagementActivityFeedConfiguration
- type OktaSystemLogAuthenticationHeaderKeyValues
- type OktaSystemLogFeedAuthentication
- type OktaSystemLogFeedConfiguration
- type OktaUsersAuthenticationHeaderKeyValues
- type OktaUsersFeedAuthentication
- type OktaUsersFeedConfiguration
- type Option
- func WithBackstoryAPIAccessToken(accesstoken string) Option
- func WithBackstoryAPICredentials(credentials string) Option
- func WithBackstoryAPIEnvVar() Option
- func WithBigQueryAPIAccessToken(accesstoken string) Option
- func WithBigQueryAPICredentials(credentials string) Option
- func WithBigQueryAPIEnvVar() Option
- func WithForwarderAPIAccessToken(accesstoken string) Option
- func WithForwarderAPICredentials(credentials string) Option
- func WithForwarderAPIEnvVar() Option
- func WithIngestionAPIAccessToken(accesstoken string) Option
- func WithIngestionAPICredentials(credentials string) Option
- func WithIngestionAPIEnvVar() Option
- func WithRequestAttempts(attempts uint) Option
- func WithRequestTimeout(timeout time.Duration) Option
- type Permission
- type ProofpointSIEMFeedAuthentication
- type ProofpointSIEMFeedConfiguration
- type QualysVMFeedAuthentication
- type QualysVMFeedConfiguration
- type ReferenceList
- type ReferenceListContentType
- type ReferenceListResponseContenType
- type ReferenceListResponseCreateTime
- type Role
- type Rule
- type S3FeedAuthentication
- type S3FeedConfiguration
- type SQSFeedAuthentication
- type SQSFeedAuthenticationCred
- type SQSFeedConfiguration
- type Subject
- type ThinkstCanaryAuthenticationHeaderKeyValues
- type ThinkstCanaryFeedAuthentication
- type ThinkstCanaryFeedConfiguration
- type YARALValidation
Constants ¶
View Source
const ( BigQueryAPIEnvVar = "CHRONICLE_BIGQUERY_CREDENTIALS" BackstoryAPIEnvVar = "CHRONICLE_BACKSTORY_CREDENTIALS" IngestionAPIEnvVar = "CHRONICLE_INGESTION_CREDENTIALS" ForwarderAPIEnvVar = "CHRONICLE_FORWARDER_CREDENTIALS" ChronicleRegionEnvVar = "CHRONICLE_REGION" )
View Source
const ( RegionUS = "us" RegionEurope = "europe" RegionEuropeWest2 = "europe-west2" RegionAsiaSouthEast1 = "asia-southeast1" )
View Source
const ( SearchAPIKey = "SerachAPI" DetectionEngineAPIKey = "DetectionEngineAPI" FeedManagementAPIKey = "FeedManagementAPI" IngestionAPIKey = "IngestionAPI" GCTIAPIKey = "GCTIAPI" RBACAPIKey = "RBACAPI" ReferenceListsAPIKey = "ReferenceListsAPI" )
View Source
const ( EventsBasePathKey = "Events" AlertBasePathKey = "Alert" ArtifactBasePathKey = "Artifact" AliasBasePathKey = "Alias" AssetBasePathKey = "Asset" IOCBasePathKey = "IOC" RuleBasePathKey = "rules" FeedManagementBasePathKey = "Feed" SubjectsBasePathKey = "Subjects" ReferenceListsPathKey = "ReferenceLists" )
View Source
const ( FeedSourceTypeAPI = "API" FeedSourceTypeAzureBlobStore = "AZURE_BLOBSTORE" FeedSourceTypeGCS = "GOOGLE_CLOUD_STORAGE" FeedSourceTypeS3 = "AMAZON_S3" FeedSourceTypeSQS = "AMAZON_SQS" FeedSourceTypeHTTP = "HTTP" )
View Source
const APIDomain = "googleapis.com"
View Source
const (
AzureBlobStoreFeedConfigurationPropertyKey = "azureBlobStoreSettings"
)
View Source
const (
GCPBucketFeedConfigurationPropertyKey = "gcsSettings"
)
View Source
const (
MicrosoftOffice365ManagementActivityFeedLogType = "OFFICE_365"
)
View Source
const (
OktaSystemLogFeedLogType = "OKTA"
)
View Source
const (
OktaUsersFeedLogType = "OKTA_USER_CONTEXT"
)
View Source
const (
ProofpointSIEMFeedLogType = "PROOFPOINT_MAIL"
)
View Source
const (
QualysVMFeedLogType = "QUALYS_VM"
)
View Source
const (
ThinkstCanaryFeedLogType = "THINKST_CANARY"
)
Variables ¶
View Source
var EnvAPICrendetialsVar = []string{BigQueryAPIEnvVar, BackstoryAPIEnvVar, IngestionAPIEnvVar, ForwarderAPIEnvVar}
View Source
var RegionalSubDomains = map[string]map[string]string{ SearchAPIKey: { RegionUS: "backstory", RegionEurope: "europe-backstory", RegionEuropeWest2: "europe-west2-backstory", RegionAsiaSouthEast1: "asia-southeast1-backstory", }, DetectionEngineAPIKey: { RegionUS: "backstory", RegionEurope: "europe-backstory", RegionEuropeWest2: "europe-west2-backstory", RegionAsiaSouthEast1: "asia-southeast1-backstory", }, FeedManagementAPIKey: { RegionUS: "backstory", RegionEurope: "europe-backstory", RegionEuropeWest2: "europe-west2-backstory", RegionAsiaSouthEast1: "asia-southeast1-backstory", }, IngestionAPIKey: { RegionUS: "malachiteingestion-pa", RegionEurope: "europe-malachiteingestion-pa", RegionEuropeWest2: "europe-west2-malachiteingestion-pa", RegionAsiaSouthEast1: "asia-southeast1-malachiteingestion-pa", }, GCTIAPIKey: { RegionUS: "backstory", RegionEurope: "backstory", RegionEuropeWest2: "backstory", RegionAsiaSouthEast1: "backstory", }, RBACAPIKey: { RegionUS: "backstory", RegionEurope: "europe-backstory", RegionEuropeWest2: "europe-west2-backstory", RegionAsiaSouthEast1: "asia-southeast1-backstory", }, ReferenceListsAPIKey: { RegionUS: "backstory", RegionEurope: "europe-backstory", RegionEuropeWest2: "europe-west2-backstory", RegionAsiaSouthEast1: "asia-southeast1-backstory", }, }
View Source
var Regions = []string{RegionUS, RegionEurope, RegionEuropeWest2, RegionAsiaSouthEast1}
Functions ¶
Types ¶
type AzureBlobStoreFeedConfiguration ¶
type AzureBlobStoreFeedConfiguration struct { URI string `json:"azureUri,omitempty"` SourceType string `json:"sourceType,omitempty"` SourceDeleteOptions string `json:"sourceDeletionOption,omitempty"` Authentication AzureBlobStoreFeedFeedAuthentication `json:"authentication,omitempty"` }
type AzureBlobStoreFeedFeedAuthentication ¶
type AzureBlobStoreFeedFeedAuthentication struct { SASToken string `json:"sasToken,omitempty"` }
type BaseFeed ¶
type BaseFeed struct { Name string `json:"name,omitempty"` DisplayName string `json:"display_name,omitempty"` Details FeedDetails `json:"details,omitempty"` State string `json:"feedState,omitempty"` }
type ChronicleAPIError ¶
type ChronicleAPIError struct { Message string `json:"message"` Result string `json:"result"` HTTPStatusCode int }
func (*ChronicleAPIError) Error ¶
func (c *ChronicleAPIError) Error() string
type Client ¶
type Client struct { EventsBasePath string AlertBasePath string ArtifactBasePath string AliasBasePath string AssetBasePath string IOCBasePath string RuleBasePath string FeedManagementBasePath string SubjectsBasePath string ReferenceListsBasePath string // contains filtered or unexported fields }
func (*Client) ChangeAlertingRule ¶
func (*Client) ChangeEnableFeed ¶
func (*Client) ChangeLiveRule ¶
func (*Client) CreateFeed ¶
func (*Client) CreateReferenceList ¶
func (cli *Client) CreateReferenceList(referenceList ReferenceList) (string, error)
func (*Client) CreateRuleVersion ¶
func (*Client) CreateSubject ¶
func (*Client) DeleteRule ¶
func (*Client) DeleteSubject ¶
func (*Client) DestroyFeed ¶
func (*Client) GetCredentials ¶
func (cli *Client) GetCredentials(clientScopes []string, accessToken, credentials, envVariable string) (*googleoauth.Credentials, error)
func (*Client) GetReferenceList ¶
func (cli *Client) GetReferenceList(name string) (*ReferenceList, error)
func (*Client) ReadFeed ¶
func (cli *Client) ReadFeed(name string) (*BaseFeed, *ConcreteFeedConfiguration, error)
func (*Client) UpdateFeed ¶
func (cli *Client) UpdateFeed(name, displayName, logType, namespace string, labels []Label, conf ConcreteFeedConfiguration) error
func (*Client) UpdateReferenceList ¶
func (cli *Client) UpdateReferenceList(referenceList ReferenceList, updateLines, updateDescription bool) (*ReferenceList, error)
func (*Client) UpdateSubject ¶
func (*Client) WithAlertBasePath ¶
func (*Client) WithAliasBasePath ¶
func (*Client) WithArtifactBasePath ¶
func (*Client) WithAssetBasePath ¶
func (*Client) WithEventsBasePath ¶
func (*Client) WithFeedManagementBasePath ¶
func (*Client) WithIOCBasePath ¶
func (*Client) WithRuleBasePath ¶
func (*Client) WithSubjectsBasePath ¶
type ClientRateLimiters ¶
type ClientRateLimiters struct { FeedManagementCreateFeed *rate.Limiter FeedManagementGetFeed *rate.Limiter FeedManagementListFeeds *rate.Limiter FeedManagementUpdateFeed *rate.Limiter FeedManagementDeleteFeed *rate.Limiter FeedManagementEnableFeed *rate.Limiter DetectionCreateRule *rate.Limiter DetectionCreateRuleVersion *rate.Limiter DetectionGetRule *rate.Limiter DetectionUpdateRule *rate.Limiter DetectionDeleteRule *rate.Limiter DetectionEnableLiveRule *rate.Limiter DetectionEnableAlertingRule *rate.Limiter DetectionVerifyYARARule *rate.Limiter RBACCreateSubject *rate.Limiter RBACGetSubject *rate.Limiter RBACUpdateSubject *rate.Limiter RBACDeleteSubject *rate.Limiter ReferenceListsCreateList *rate.Limiter ReferenceListsGetList *rate.Limiter ReferenceListsUpdateList *rate.Limiter }
func NewClientRateLimiters ¶
func NewClientRateLimiters() *ClientRateLimiters
type ConcreteFeedConfiguration ¶
type ConcreteFeedConfiguration interface {
// contains filtered or unexported methods
}
type FeedDetails ¶
type MicrosoftOffice365ManagementActivityFeedConfiguration ¶
type MicrosoftOffice365ManagementActivityFeedConfiguration struct { TenantID string `json:"tenantId,omitempty"` ContentType string `json:"contentType,omitempty"` Hostname string `json:"hostname,omitempty"` Authentication MicrosoftOffice365ManagementActivityFeedAuthentication `json:"authentication,omitempty"` }
type OktaSystemLogFeedAuthentication ¶
type OktaSystemLogFeedAuthentication struct {
HeaderKeyValues []OktaSystemLogAuthenticationHeaderKeyValues `json:"headerKeyValues,omitempty"`
}
type OktaSystemLogFeedConfiguration ¶
type OktaSystemLogFeedConfiguration struct { Hostname string `json:"hostname,omitempty"` Authentication OktaSystemLogFeedAuthentication `json:"authentication,omitempty"` }
type OktaUsersFeedAuthentication ¶
type OktaUsersFeedAuthentication struct {
HeaderKeyValues []OktaUsersAuthenticationHeaderKeyValues `json:"headerKeyValues,omitempty"`
}
type OktaUsersFeedConfiguration ¶
type OktaUsersFeedConfiguration struct { Hostname string `json:"hostname,omitempty"` ManagerIDReferenceField string `json:"managerIdReferenceField,omitempty"` Authentication OktaUsersFeedAuthentication `json:"authentication,omitempty"` }
type Option ¶
func WithBackstoryAPIEnvVar ¶
func WithBackstoryAPIEnvVar() Option
func WithBigQueryAPIEnvVar ¶
func WithBigQueryAPIEnvVar() Option
func WithForwarderAPIEnvVar ¶
func WithForwarderAPIEnvVar() Option
func WithIngestionAPIEnvVar ¶
func WithIngestionAPIEnvVar() Option
func WithRequestAttempts ¶
func WithRequestTimeout ¶
type Permission ¶
type ProofpointSIEMFeedConfiguration ¶
type ProofpointSIEMFeedConfiguration struct {
Authentication ProofpointSIEMFeedAuthentication `json:"authentication,omitempty"`
}
type QualysVMFeedConfiguration ¶
type QualysVMFeedConfiguration struct { Hostname string `json:"hostname,omitempty"` Authentication QualysVMFeedAuthentication `json:"authentication,omitempty"` }
type ReferenceList ¶
type ReferenceList struct { Name string `json:"name"` Description string `json:"description,omitempty"` Lines []string `json:"lines,omitempty"` ContentType ReferenceListContentType `json:"content_type,omitempty"` CreateTime string `json:"create_time,omitempty"` }
type ReferenceListContentType ¶
type ReferenceListContentType string
const ReferenceListContentTypeCIDR ReferenceListContentType = "CIDR"
const ReferenceListContentTypeDefault ReferenceListContentType = "CONTENT_TYPE_DEFAULT_STRING"
const ReferenceListContentTypeREGEX ReferenceListContentType = "REGEX"
type ReferenceListResponseContenType ¶
type ReferenceListResponseContenType struct {
ContentType ReferenceListContentType `json:"contentType,omitempty"`
}
type ReferenceListResponseCreateTime ¶
type ReferenceListResponseCreateTime struct {
CreateTime string `json:"createTime,omitempty"`
}
type Rule ¶
type Rule struct { Text string `json:"ruleText"` ID string `json:"ruleId,omitempty"` VersionID string `json:"versionId,omitempty"` Name string `json:"ruleName,omitempty"` Metadata map[string]string `json:"metadata,omitempty"` Type string `json:"ruleType,omitempty"` VersionCreateTime string `json:"versionCreateTime,omitempty"` CompilationState string `json:"compilationState,omitempty"` CompilationError string `json:"compilationError,omitempty"` LiveEnabled bool `json:"liveRuleEnabled,omitempty"` AlertingEnabled bool `json:"alertingEnabled,omitempty"` }
type S3FeedAuthentication ¶
type S3FeedConfiguration ¶
type S3FeedConfiguration struct { URI string `json:"s3Uri,omitempty"` SourceType string `json:"sourceType,omitempty"` SourceDeleteOptions string `json:"sourceDeletionOption,omitempty"` Authentication S3FeedAuthentication `json:"authentication,omitempty"` }
type SQSFeedAuthentication ¶
type SQSFeedAuthentication struct { SQSAuthentication SQSFeedAuthenticationCred `json:"sqsAccessKeySecretAuth,omitempty"` S3Authentication *SQSFeedAuthenticationCred `json:"additionalS3AccessKeySecretAuth,omitempty"` }
type SQSFeedConfiguration ¶
type SQSFeedConfiguration struct { Queue string `json:"queue,omitempty"` Region string `json:"region,omitempty"` AccountNumber string `json:"accountNumber,omitempty"` SourceDeleteOptions string `json:"sourceDeletionOption,omitempty"` Authentication SQSFeedAuthentication `json:"authentication,omitempty"` }
type ThinkstCanaryFeedAuthentication ¶
type ThinkstCanaryFeedAuthentication struct {
HeaderKeyValues []ThinkstCanaryAuthenticationHeaderKeyValues `json:"headerKeyValues,omitempty"`
}
type ThinkstCanaryFeedConfiguration ¶
type ThinkstCanaryFeedConfiguration struct { Hostname string `json:"hostname,omitempty"` Authentication ThinkstCanaryFeedAuthentication `json:"authentication,omitempty"` }
type YARALValidation ¶
Source Files ¶
- client.go
- endpoints.go
- error.go
- feed.go
- feed_amazon_s3.go
- feed_amazon_sqs.go
- feed_azure_blobstore.go
- feed_google_cloud_storage_bucket.go
- feed_microsoft_office_365_management_activity.go
- feed_okta_system_log.go
- feed_okta_users.go
- feed_proofpoint_siem.go
- feed_qualys_vm.go
- feed_thinkst_canary.go
- reference_list.go
- rule.go
- subject.go
- transport.go
- util.go
Click to show internal directories.
Click to hide internal directories.