Documentation
¶
Index ¶
- Variables
- type CloudCompliance
- type CloudComplianceScanStatus
- type CloudResource
- type Compliance
- type ComplianceData
- type ComplianceRule
- type ComplianceScanStatus
- type ComplianceStats
- type Malware
- type MalwareScanStatus
- type MetaRules
- type Secret
- type SecretScanStatus
- type Vulnerability
- type VulnerabilityData
- type VulnerabilityRule
- type VulnerabilityScanStatus
Constants ¶
This section is empty.
Variables ¶
View Source
var ( ScanStatusField = map[utils.Neo4jScanType]string{ utils.NEO4JSecretScan: "secret_scan_status", utils.NEO4JVulnerabilityScan: "vulnerability_scan_status", utils.NEO4JMalwareScan: "malware_scan_status", utils.NEO4JComplianceScan: "compliance_scan_status", utils.NEO4JCloudComplianceScan: "cloud_compliance_scan_status", } LatestScanIDField = map[utils.Neo4jScanType]string{ utils.NEO4JSecretScan: "secret_latest_scan_id", utils.NEO4JVulnerabilityScan: "vulnerability_latest_scan_id", utils.NEO4JMalwareScan: "malware_latest_scan_id", utils.NEO4JComplianceScan: "compliance_latest_scan_id", utils.NEO4JCloudComplianceScan: "cloud_compliance_latest_scan_id", } ScanCountField = map[utils.Neo4jScanType]string{ utils.NEO4JSecretScan: "secrets_count", utils.NEO4JVulnerabilityScan: "vulnerabilities_count", utils.NEO4JMalwareScan: "malwares_count", utils.NEO4JComplianceScan: "compliances_count", utils.NEO4JCloudComplianceScan: "cloud_compliances_count", } )
View Source
var (
TopologyCloudResourceTypes = []string{
"aws_ec2_instance", "aws_eks_cluster", "aws_s3_bucket", "aws_lambda_function",
"aws_ecs_task", "aws_ecs_cluster", "aws_ecr_repository", "aws_ecrpublic_repository",
"aws_ecs_task", "aws_rds_db_instance", "aws_rds_db_cluster", "aws_ec2_application_load_balancer",
"aws_ec2_classic_load_balancer", "aws_ec2_network_load_balancer",
"gcp_compute_instance", "gcp_sql_database_instance", "gcp_storage_bucket", "gcp_compute_disk",
"azure_compute_virtual_machine", "azure_app_service_function_app", "azure_storage_queue",
"azure_storage_table", "azure_storage_container",
}
)
Functions ¶
This section is empty.
Types ¶
type CloudCompliance ¶
type CloudCompliance struct {
DocID string `json:"doc_id"`
Timestamp string `json:"@timestamp"`
Count int `json:"count,omitempty"`
Reason string `json:"reason"`
Resource string `json:"resource"`
Status string `json:"status"`
Region string `json:"region"`
AccountID string `json:"account_id"`
Group string `json:"group"`
Service string `json:"service"`
Title string `json:"title"`
ComplianceCheckType string `json:"compliance_check_type"`
CloudProvider string `json:"cloud_provider"`
ScanID string `json:"scan_id"`
Type string `json:"type"`
ControlID string `json:"control_id"`
Description string `json:"description"`
Severity string `json:"severity"`
}
func (CloudCompliance) ToMap ¶
func (c CloudCompliance) ToMap() map[string]interface{}
type CloudComplianceScanStatus ¶
type CloudComplianceScanStatus struct {
Timestamp time.Time `json:"@timestamp"`
ComplianceCheckTypes []string `json:"compliance_check_types"`
Result ComplianceStats `json:"result" nested_json:"true"`
ScanID string `json:"scan_id"`
ScanMessage string `json:"scan_message"`
ScanStatus string `json:"scan_status"`
Type string `json:"type"`
TotalChecks int `json:"total_checks"`
}
type CloudResource ¶
type CloudResource struct {
AccountID string `json:"account_id"`
Arn string `json:"arn"`
BlockPublicAcls bool `json:"block_public_acls,omitempty"`
BlockPublicPolicy bool `json:"block_public_policy,omitempty"`
BucketPolicyIsPublic bool `json:"bucket_policy_is_public,omitempty"`
CloudProvider string `json:"cloud_provider,omitempty"`
ClusterArn string `json:"cluster_arn,omitempty"`
ClusterName string `json:"cluster_name,omitempty"`
RestrictPublicBuckets bool `json:"restrict_public_buckets,omitempty"`
ID string `json:"id"`
IgnorePublicAcls bool `json:"ignore_public_acls,omitempty"`
Name string `json:"name"`
HostName string `json:"host_name"`
Region string `json:"region"`
ResourceID string `json:"resource_id"`
IsEgress bool `json:"is_egress"`
InstanceID string `json:"instance_id"`
NetworkMode string `json:"network_mode,omitempty"`
Scheme string `json:"scheme,omitempty"`
DDClusterIDentifier string `json:"db_cluster_identifier,omitempty"`
Connectivity string `json:"connectivity,omitempty"`
Group string `json:"group,omitempty"`
ServiceName string `json:"service_name,omitempty"`
TaskArn string `json:"task_arn,omitempty"`
TaskDefinitionArn string `json:"task_definition_arn,omitempty"`
LastStatus string `json:"last_status"`
VpcID string `json:"vpc_id,omitempty"`
AllowBlobPublicAccess bool `json:"allow_blob_public_access,omitempty"`
PublicAccess string `json:"public_access,omitempty"`
GroupID string `json:"group_id,omitempty"`
CidrIpv4 string `json:"cidr_ipv4,omitempty"`
PublicNetworkAccess string `json:"public_network_access,omitempty"`
StorageAccountName string `json:"storage_account_name,omitempty"`
IamInstanceProfileArn string `json:"iam_instance_profile_arn,omitempty"`
IamInstanceProfileID string `json:"iam_instance_profile_id,omitempty"`
PublicIPAddress string `json:"public_ip_address"`
PrivateIPAddress string `json:"private_ip_address,omitempty"`
InstanceType string `json:"instance_type,omitempty"`
PrivateDNSName string `json:"private_dns_name,omitempty"`
Tags *json.RawMessage `json:"tags,omitempty"`
PolicyStd *json.RawMessage `json:"policy_std,omitempty"`
Containers *json.RawMessage `json:"containers,omitempty"`
TaskDefinition *json.RawMessage `json:"task_definition,omitempty"`
VpcOptions *json.RawMessage `json:"vpc_options,omitempty"`
Policy *json.RawMessage `json:"policy,omitempty"`
PublicIps *json.RawMessage `json:"public_ips,omitempty"`
NetworkInterfaces *json.RawMessage `json:"network_interfaces,omitempty"`
IamPolicy *json.RawMessage `json:"iam_policy,omitempty"`
IPConfiguration *json.RawMessage `json:"ip_configuration,omitempty"`
IngressSettings string `json:"ingress_settings,omitempty"`
SecurityGroups *json.RawMessage `json:"security_groups,omitempty"`
VpcSecurityGroups *json.RawMessage `json:"vpc_security_groups,omitempty"`
ContainerDefinitions *json.RawMessage `json:"container_definitions,omitempty"`
EventNotificationConfiguration *json.RawMessage `json:"event_notification_configuration,omitempty"`
ResourceVpcConfig *json.RawMessage `json:"resource_vpc_config,omitempty"`
NetworkConfiguration *json.RawMessage `json:"network_configuration,omitempty"`
AttachedPolicyArns *json.RawMessage `json:"attached_policy_arns"`
CreateDate string `json:"create_date,omitempty"`
Groups *json.RawMessage `json:"groups"`
InlinePolicies *json.RawMessage `json:"inline_policies"`
Path string `json:"path"`
UserID string `json:"user_id"`
AccessLevel string `json:"access_level"`
Action string `json:"action"`
Description string `json:"description"`
Privilege string `json:"privilege"`
OrganizationID string `json:"organization_id"`
OrganizationMasterAccountArn string `json:"organization_master_account_arn"`
OrganizationMasterAccountEmail string `json:"organization_master_account_email"`
TargetHealthDescriptions *json.RawMessage `json:"target_health_descriptions"`
InstanceProfileArns *json.RawMessage `json:"instance_profile_arns"`
Instances *json.RawMessage `json:"instances"`
TargetGroupArn string `json:"target_group_arn"`
VpcSecurityGroupIDs *json.RawMessage `json:"vpc_security_group_ids"`
Users *json.RawMessage `json:"users"`
UserGroups *json.RawMessage `json:"user-groups"`
ResourcesVpcConfig *json.RawMessage `json:"resources_vpc_config"`
}
func (*CloudResource) ToMap ¶
func (c *CloudResource) ToMap() (map[string]interface{}, error)
type Compliance ¶
type Compliance struct {
Type string `json:"type"`
TestCategory string `json:"test_category"`
TestNumber string `json:"test_number"`
TestInfo string `json:"description"`
RemediationScript string `json:"remediation_script,omitempty"`
RemediationAnsible string `json:"remediation_ansible,omitempty"`
RemediationPuppet string `json:"remediation_puppet,omitempty"`
Resource string `json:"resource"`
TestRationale string `json:"test_rationale"`
TestSeverity string `json:"test_severity"`
TestDesc string `json:"test_desc"`
Status string `json:"status"`
ComplianceCheckType string `json:"compliance_check_type"`
ScanID string `json:"scan_id"`
NodeID string `json:"node_id"`
NodeType string `json:"node_type"`
}
func (Compliance) Split ¶
func (c Compliance) Split() (ComplianceData, ComplianceRule)
type ComplianceData ¶
type ComplianceData struct {
Type string `json:"type"`
RemediationScript string `json:"remediation_script,omitempty"`
RemediationAnsible string `json:"remediation_ansible,omitempty"`
RemediationPuppet string `json:"remediation_puppet,omitempty"`
Resource string `json:"resource"`
TestSeverity string `json:"test_severity"`
Status string `json:"status"`
ComplianceCheckType string `json:"compliance_check_type"`
NodeID string `json:"node_id"`
NodeType string `json:"node_type"`
}
type ComplianceRule ¶
type ComplianceScanStatus ¶
type ComplianceStats ¶
type Malware ¶
type Malware struct {
FileSevScore float64 `json:"file_sev_score"`
ImageLayerID string `json:"image_layer_id"`
MetaRules MetaRules `json:"meta_rules"`
SeverityScore int `json:"severity_score"`
RuleName string `json:"rule_name"`
StringsToMatch []string `json:"strings_to_match"`
FileSeverity string `json:"file_severity"`
CompleteFilename string `json:"complete_filename"`
Meta []string `json:"meta"`
Summary string `json:"summary"`
Class string `json:"class"`
ScanID string `json:"scan_id"`
Timestamp time.Time `json:"timestamp"`
}
type MalwareScanStatus ¶
type MetaRules ¶
type MetaRules struct {
RuleID string `json:"rule_id"`
RuleName string `json:"rule_name"`
Author string `json:"author"`
Date string `json:"date"`
Description string `json:"description"`
Filetype string `json:"filetype"`
Info string `json:"info"`
Version string `json:"version"`
Reference string `json:"reference"`
FileSeverity string `json:"file_severity"`
}
type Secret ¶
type Secret struct {
ImageLayerID string `json:"ImageLayerId"`
Match struct {
StartingIndex int `json:"starting_index"`
RelativeStartingIndex int `json:"relative_starting_index"`
RelativeEndingIndex int `json:"relative_ending_index"`
FullFilename string `json:"full_filename"`
MatchedContent string `json:"matched_content"`
} `json:"Match"`
Rule struct {
ID int `json:"id"`
Name string `json:"name"`
Part string `json:"part"`
SignatureToMatch string `json:"signature_to_match"`
} `json:"Rule"`
Severity struct {
Level string `json:"level"`
Score float64 `json:"score"`
} `json:"Severity"`
ScanID string `json:"scan_id"`
}
type SecretScanStatus ¶
type Vulnerability ¶
type Vulnerability struct {
ScanID string `json:"scan_id"`
CveID string `json:"cve_id"`
CveType string `json:"cve_type"`
CveSeverity string `json:"cve_severity"`
CveCausedByPackage string `json:"cve_caused_by_package"`
CveCausedByPackagePath string `json:"cve_caused_by_package_path"`
CveContainerLayer string `json:"cve_container_layer"`
CveFixedIn string `json:"cve_fixed_in"`
CveLink string `json:"cve_link"`
CveDescription string `json:"cve_description"`
CveCvssScore float64 `json:"cve_cvss_score"`
CveOverallScore float64 `json:"cve_overall_score"`
CveAttackVector string `json:"cve_attack_vector"`
URLs []string `json:"urls"`
ExploitPOC string `json:"exploit_poc"`
ParsedAttackVector string `json:"parsed_attack_vector"`
ExploitabilityScore int `json:"exploitability_score"`
InitExploitabilityScore int `json:"init_exploitability_score"`
HasLiveConnection bool `json:"has_live_connection"`
}
func (Vulnerability) Split ¶
func (c Vulnerability) Split() (VulnerabilityData, VulnerabilityRule)
type VulnerabilityData ¶
type VulnerabilityData struct {
CveID string `json:"cve_id"`
CveSeverity string `json:"cve_severity"`
CveCausedByPackage string `json:"cve_caused_by_package"`
CveCausedByPackagePath string `json:"cve_caused_by_package_path"`
CveContainerLayer string `json:"cve_container_layer"`
CveLink string `json:"cve_link"`
ExploitabilityScore int `json:"exploitability_score"`
InitExploitabilityScore int `json:"init_exploitability_score"`
HasLiveConnection bool `json:"has_live_connection"`
}
type VulnerabilityRule ¶
type VulnerabilityRule struct {
CveID string `json:"cve_id"`
CveType string `json:"cve_type"`
CveSeverity string `json:"cve_severity"`
CveFixedIn string `json:"cve_fixed_in"`
CveLink string `json:"cve_link"`
CveDescription string `json:"cve_description"`
CveCvssScore float64 `json:"cve_cvss_score"`
CveOverallScore float64 `json:"cve_overall_score"`
CveAttackVector string `json:"cve_attack_vector"`
URLs []string `json:"urls"`
ExploitPOC string `json:"exploit_poc"`
ParsedAttackVector string `json:"parsed_attack_vector"`
}
type VulnerabilityScanStatus ¶
Source Files
Click to show internal directories.
Click to hide internal directories.