Documentation
¶
Index ¶
- Constants
- type AcceleratedQueryReadResponse
- type ApiActionsRequest
- type ApiDataResponse
- type ApiDistributedCarveRequest
- type ApiDistributedQueryRequest
- type ApiErrorResponse
- type ApiGenericResponse
- type ApiLoginRequest
- type ApiLoginResponse
- type ApiNodeGenericRequest
- type ApiQueriesResponse
- type CarveBlockRequest
- type CarveBlockResponse
- type CarveInitRequest
- type CarveInitResponse
- type CertRequest
- type ConfigRequest
- type ConfigResponse
- type EnrollRequest
- type EnrollResponse
- type FlagsRequest
- type GenericRequest
- type GenericResponse
- type JSONConfigurationAPI
- type JSONConfigurationAdmin
- type JSONConfigurationHeaders
- type JSONConfigurationJWT
- type JSONConfigurationTLS
- type KafkaConfiguration
- type KafkaSASLConfigurations
- type LogDecorations
- type LogGenericData
- type LogRequest
- type LogResponse
- type LogResultData
- type LogStatusData
- type OSVersionTable
- type OsqueryInfoTable
- type OsqueryTable
- type PlatformInfoTable
- type QueryCarveScheduled
- type QueryReadRequest
- type QueryReadResponse
- type QueryWriteData
- type QueryWriteMessages
- type QueryWriteQueries
- type QueryWriteRequest
- type QueryWriteResponse
- type QueryWriteStatuses
- type S3Configuration
- type ScriptRequest
- type StringInt
- type SystemInfoTable
- type VerifyRequest
- type VerifyResponse
Constants ¶
const ( StatusLog string = "status" ResultLog string = "result" QueryLog string = "query" )
Types of log types
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AcceleratedQueryReadResponse ¶
type AcceleratedQueryReadResponse struct {
Queries queries.QueryReadQueries `json:"queries"`
NodeInvalid bool `json:"node_invalid"`
Accelerate int `json:"accelerate"`
}
AcceleratedQueryReadResponse for accelerated on-demand queries from nodes https://github.com/osquery/osquery/blob/master/osquery/distributed/distributed.cpp#L219-L231
type ApiActionsRequest ¶
type ApiActionsRequest struct {
Certificate string `json:"certificate"`
MacPkgURL string `json:"url_mac_pkg"`
MsiPkgURL string `json:"url_msi_pkg"`
RpmPkgURL string `json:"url_rpm_pkg"`
DebPkgURL string `json:"url_deb_pkg"`
}
ApiActionsRequest to receive action requests
type ApiDataResponse ¶
type ApiDataResponse struct {
Data string `json:"data"`
}
ApiDataResponse to be returned to API requests for generic data
type ApiDistributedCarveRequest ¶
type ApiDistributedCarveRequest struct {
UUID string `json:"uuid"`
Path string `json:"path"`
ExpHours int `json:"exp_hours"`
}
ApiDistributedCarveRequest to receive query requests
type ApiDistributedQueryRequest ¶
type ApiDistributedQueryRequest struct {
UUIDs []string `json:"uuid_list"`
Platforms []string `json:"platform_list"`
Environments []string `json:"environment_list"`
Hosts []string `json:"host_list"`
Query string `json:"query"`
Hidden bool `json:"hidden"`
ExpHours int `json:"exp_hours"`
}
ApiDistributedQueryRequest to receive query requests
type ApiErrorResponse ¶
type ApiErrorResponse struct {
Error string `json:"error"`
}
ApiErrorResponse to be returned to API requests with the error message
type ApiGenericResponse ¶
type ApiGenericResponse struct {
Message string `json:"message"`
}
ApiGenericResponse to be returned to API requests for anything
type ApiLoginRequest ¶
type ApiLoginRequest struct {
Username string `json:"username"`
Password string `json:"password"`
ExpHours int `json:"exp_hours"`
}
ApiLoginRequest to receive login requests
type ApiLoginResponse ¶
type ApiLoginResponse struct {
Token string `json:"token"`
}
ApiLoginResponse to be returned to API login requests with the generated token
type ApiNodeGenericRequest ¶
type ApiNodeGenericRequest struct {
UUID string `json:"uuid"`
}
ApiNodeGenericRequest to receive generic node requests
type ApiQueriesResponse ¶
type ApiQueriesResponse struct {
Name string `json:"query_name"`
}
ApiQueriesResponse to be returned to API requests for queries
type CarveBlockRequest ¶
type CarveBlockRequest struct {
BlockID int `json:"block_id"`
SessionID string `json:"session_id"`
RequestID string `json:"request_id"`
Data string `json:"data"`
}
CarveBlockRequest received to begin a carve
type CarveBlockResponse ¶
type CarveBlockResponse struct {
Success bool `json:"success"`
}
CarveBlockResponse for osquery nodes
type CarveInitRequest ¶
type CarveInitRequest struct {
BlockCount int `json:"block_count"`
BlockSize int `json:"block_size"`
CarveSize int `json:"carve_size"`
CarveID string `json:"carve_id"`
RequestID string `json:"request_id"`
NodeKey string `json:"node_key"`
}
CarveInitRequest received to begin a carve
type CarveInitResponse ¶
type CarveInitResponse struct {
Success bool `json:"success"`
SessionID string `json:"session_id"`
}
CarveInitResponse for osquery nodes
type ConfigRequest ¶
type ConfigRequest GenericRequest
ConfigRequest received when nodes request configuration
type ConfigResponse ¶
type ConfigResponse GenericResponse
ConfigResponse for configuration requests from nodes
type EnrollRequest ¶
type EnrollRequest struct {
EnrollSecret string `json:"enroll_secret"`
HostIdentifier string `json:"host_identifier"`
PlatformType string `json:"platform_type"`
HostDetails struct {
EnrollOSVersion OSVersionTable `json:"os_version"`
EnrollOsqueryInfo OsqueryInfoTable `json:"osquery_info"`
EnrollSystemInfo SystemInfoTable `json:"system_info"`
EnrollPlatformInfo PlatformInfoTable `json:"platform_info"`
} `json:"host_details"`
}
EnrollRequest received when nodes enroll
type EnrollResponse ¶
type EnrollResponse struct {
NodeKey string `json:"node_key"`
NodeInvalid bool `json:"node_invalid"`
}
EnrollResponse to be returned to agents
type FlagsRequest ¶
type FlagsRequest struct {
Secret string `json:"secret"`
SecrefFile string `json:"secretFile"`
CertFile string `json:"certFile"`
}
FlagsRequest to retrieve flags
type GenericRequest ¶
type GenericRequest struct {
NodeKey string `json:"node_key"`
}
GenericRequest to some endpoints
type GenericResponse ¶
type GenericResponse struct {
NodeInvalid bool `json:"node_invalid"`
}
GenericResponse for osquery nodes
type JSONConfigurationAPI ¶
type JSONConfigurationAPI struct {
Listener string `json:"listener"`
Port string `json:"port"`
LogLevel string `json:"logLevel"`
LogFormat string `json:"logFormat"`
Host string `json:"host"`
Auth string `json:"auth"`
Carver string `json:"carver"`
}
JSONConfigurationAPI to hold API service configuration values
type JSONConfigurationAdmin ¶
type JSONConfigurationAdmin struct {
Listener string `json:"listener"`
Port string `json:"port"`
LogLevel string `json:"logLevel"`
LogFormat string `json:"logFormat"`
Host string `json:"host"`
Auth string `json:"auth"`
Logger string `json:"logger"`
Carver string `json:"carver"`
SessionKey string `json:"sessionKey"`
}
JSONConfigurationAdmin to hold admin service configuration values
type JSONConfigurationHeaders ¶
type JSONConfigurationHeaders struct {
TrustedPrefix string `json:"trustedPrefix"`
AdminGroup string `json:"adminGroup"`
UserGroup string `json:"userGroup"`
Email string `json:"email"`
UserName string `json:"userName"`
FirstName string `json:"firstName"`
LastName string `json:"lastName"`
DisplayName string `json:"displayName"`
DistinguishedName string `json:"distinguishedName"`
Groups string `json:"groups"`
DefaultEnv string `json:"defaultEnv"`
}
JSONConfigurationHeaders to keep all headers details for auth
type JSONConfigurationJWT ¶
type JSONConfigurationJWT struct {
JWTSecret string `json:"jwtSecret"`
HoursToExpire int `json:"hoursToExpire"`
}
JSONConfigurationJWT to hold all JWT configuration values
type JSONConfigurationTLS ¶
type JSONConfigurationTLS struct {
Listener string `json:"listener"`
Port string `json:"port"`
LogLevel string `json:"logLevel"`
LogFormat string `json:"logFormat"`
MetricsListener string `json:"metricsListener"`
MetricsPort string `json:"metricsPort"`
MetricsEnabled bool `json:"metricsEnabled"`
Host string `json:"host"`
Auth string `json:"auth"`
Logger string `json:"logger"`
Carver string `json:"carver"`
}
JSONConfigurationTLS to hold TLS service configuration values
type KafkaConfiguration ¶
type KafkaSASLConfigurations ¶
type LogDecorations ¶
type LogDecorations struct {
Username string `json:"username"`
OsqueryUser string `json:"osquery_user"`
LocalHostname string `json:"local_hostname"`
Hostname string `json:"hostname"`
OsqueryVersion string `json:"osquery_version"`
ConfigHash string `json:"config_hash"`
DaemonHash string `json:"osquery_md5"`
}
LogDecorations for decorations field in node logs requests
type LogGenericData ¶
type LogGenericData struct {
HostIdentifier string `json:"hostIdentifier"`
Decorations LogDecorations `json:"decorations"`
Version string `json:"version"`
}
LogGenericData to parse both status and result logs
type LogRequest ¶
type LogRequest struct {
NodeKey string `json:"node_key"`
LogType string `json:"log_type"`
Data json.RawMessage `json:"data"`
}
LogRequest received to process logs
type LogResultData ¶
type LogResultData struct {
Name string `json:"name"`
Epoch int64 `json:"epoch"`
Action string `json:"action"`
Columns json.RawMessage `json:"columns"`
Counter int `json:"counter"`
UnixTime StringInt `json:"unixTime"`
Decorations LogDecorations `json:"decorations"`
CalendarTime string `json:"calendarTime"`
HostIdentifier string `json:"hostIdentifier"`
}
LogResultData to be used processing result logs from nodes
type LogStatusData ¶
type LogStatusData struct {
Line StringInt `json:"line"`
Message string `json:"message"`
Version string `json:"version"`
Filename string `json:"filename"`
Severity StringInt `json:"severity"`
UnixTime StringInt `json:"unixTime"`
Decorations LogDecorations `json:"decorations"`
CalendarTime string `json:"calendarTime"`
HostIdentifier string `json:"hostIdentifier"`
}
LogStatusData to be used processing status logs from nodes
type OSVersionTable ¶
type OSVersionTable struct {
ID string `json:"_id"`
Codename string `json:"codename"`
Major string `json:"major"`
Minor string `json:"minor"`
Name string `json:"name"`
Patch string `json:"patch"`
Platform string `json:"platform"`
PlatformLike string `json:"platform_like"`
Version string `json:"version"`
}
OSVersionTable provided on enrollment, table os_version
type OsqueryInfoTable ¶
type OsqueryInfoTable struct {
BuildDistro string `json:"build_distro"`
BuildPlatform string `json:"build_platform"`
ConfigHash string `json:"config_hash"`
ConfigValid string `json:"config_valid"`
Extension string `json:"extensions"`
InstanceID string `json:"instance_id"`
PID string `json:"pid"`
StartTime string `json:"start_time"`
UUID string `json:"uuid"`
Version string `json:"version"`
Watcher string `json:"watcher"`
}
OsqueryInfoTable provided on enrollment, table osquery_info
type OsqueryTable ¶
type OsqueryTable struct {
Name string `json:"name"`
URL string `json:"url"`
Platforms []string `json:"platforms"`
Filter string
}
OsqueryTable to show tables to query
type PlatformInfoTable ¶
type PlatformInfoTable struct {
Address string `json:"address"`
Date string `json:"date"`
Extra string `json:"extra"`
Revision string `json:"revision"`
Size string `json:"size"`
Vendor string `json:"vendor"`
Version string `json:"version"`
VolumeSize string `json:"volume_size"`
}
PlatformInfoTable provided on enrollment, table platform_info
type QueryCarveScheduled ¶
type QueryCarveScheduled struct {
Time string `json:"time"`
SHA256 string `json:"sha256"`
Size string `json:"size"`
Path string `json:"path"`
Status string `json:"status"`
CarveGUID string `json:"carve_guid"`
RequestID string `json:"request_id"`
Carve string `json:"carve"`
}
QueryCarveScheduled to receive confirmation for scheduled carved file
type QueryReadRequest ¶
type QueryReadRequest GenericRequest
QueryReadRequest received to get on-demand queries
type QueryReadResponse ¶
type QueryReadResponse struct {
Queries queries.QueryReadQueries `json:"queries"`
NodeInvalid bool `json:"node_invalid"`
}
QueryReadResponse for on-demand queries from nodes
type QueryWriteData ¶
type QueryWriteData struct {
Name string `json:"name"`
Result json.RawMessage `json:"result"`
Status int `json:"status"`
Message string `json:"message"`
}
QueryWriteData to store result of on-demand queries
type QueryWriteMessages ¶
QueryWriteMessages to hold the on-demand queries messages
type QueryWriteQueries ¶
type QueryWriteQueries map[string]json.RawMessage
QueryWriteQueries to hold the on-demand queries results
type QueryWriteRequest ¶
type QueryWriteRequest struct {
Queries QueryWriteQueries `json:"queries"`
Statuses QueryWriteStatuses `json:"statuses"`
Messages QueryWriteMessages `json:"messages"`
NodeKey string `json:"node_key"`
}
QueryWriteRequest to receive on-demand queries results
type QueryWriteResponse ¶
type QueryWriteResponse GenericResponse
QueryWriteResponse for on-demand queries results from nodes
type QueryWriteStatuses ¶
QueryWriteStatuses to hold the on-demand queries statuses
type S3Configuration ¶
type S3Configuration struct {
Bucket string `json:"bucket"`
Region string `json:"region"`
AccessKey string `json:"accessKey"`
SecretAccessKey string `json:"secretAccesKey"`
}
S3Configuration to hold all S3 configuration values
type ScriptRequest ¶
type ScriptRequest struct {
Secret string `json:"secret"`
SecrefFile string `json:"secretFile"`
FlagsFile string `json:"flagsFile"`
Certificate string `json:"certificate"`
}
ScriptRequest to retrieve script
type StringInt ¶
type StringInt int
StringInt to parse numbers that could be strings
func (*StringInt) UnmarshalJSON ¶
UnmarshalJSON implements the json.Unmarshaler interface, which allows us to ingest values of any json type as an int and run our custom conversion
type SystemInfoTable ¶
type SystemInfoTable struct {
ComputerName string `json:"computer_name"`
CPUBrand string `json:"cpu_brand"`
CPULogicalCores string `json:"cpu_logical_cores"`
CPUPhysicalCores string `json:"cpu_physical_cores"`
CPUSubtype string `json:"cpu_subtype"`
CPUType string `json:"cpu_type"`
HardwareModel string `json:"hardware_model"`
HardwareSerial string `json:"hardware_serial"`
HardwareVendor string `json:"hardware_vendor"`
HardwareVersion string `json:"hardware_version"`
Hostname string `json:"hostname"`
LocalHostname string `json:"local_hostname"`
PhysicalMemory string `json:"physical_memory"`
UUID string `json:"uuid"`
}
SystemInfoTable provided on enrollment, table system_info
type VerifyResponse ¶
type VerifyResponse struct {
Flags string `json:"flags"`
Certificate string `json:"certificate"`
OsqueryVersion string `json:"osquery_version"`
}
VerifyResponse for verify requests from osctrld
Source Files