Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func PriorityToStatus ¶
Types ¶
type AlertManagerExporter ¶
type AlertManagerExporter struct { Host string NodeName string // contains filtered or unexported fields }
func InitAlertManagerExporter ¶
func InitAlertManagerExporter(alertManagerURL string) *AlertManagerExporter
func (*AlertManagerExporter) SendMalwareAlert ¶
func (ame *AlertManagerExporter) SendMalwareAlert(malwareResult malwaremanager.MalwareResult)
func (*AlertManagerExporter) SendRuleAlert ¶
func (ame *AlertManagerExporter) SendRuleAlert(failedRule ruleengine.RuleFailure)
type CsvExporter ¶
CsvExporter is an exporter that sends alerts to csv
func InitCsvExporter ¶
func InitCsvExporter(csvRulePath, csvMalwarePath string) *CsvExporter
InitCsvExporter initializes a new CsvExporter
func (*CsvExporter) SendMalwareAlert ¶
func (ce *CsvExporter) SendMalwareAlert(malwareResult malwaremanager.MalwareResult)
func (*CsvExporter) SendRuleAlert ¶
func (ce *CsvExporter) SendRuleAlert(failedRule ruleengine.RuleFailure)
SendRuleAlert sends an alert to csv
type Exporter ¶
type Exporter interface { // SendRuleAlert sends an alert on failed rule to the exporter SendRuleAlert(failedRule ruleengine.RuleFailure) // SendMalwareAlert sends an alert on malware detection to the exporter. SendMalwareAlert(malwareResult malwaremanager.MalwareResult) }
generic exporter interface
type ExporterBus ¶
type ExporterBus struct {
// contains filtered or unexported fields
}
This file will contain the single point of contact for all exporters, it will be used by the engine to send alerts to all exporters.
func InitExporters ¶
func InitExporters(exportersConfig ExportersConfig, clusterName string, nodeName string, cloudMetadata *armotypes.CloudMetadata) *ExporterBus
InitExporters initializes all exporters.
func (*ExporterBus) SendMalwareAlert ¶
func (e *ExporterBus) SendMalwareAlert(malwareResult malwaremanager.MalwareResult)
func (*ExporterBus) SendRuleAlert ¶
func (e *ExporterBus) SendRuleAlert(failedRule ruleengine.RuleFailure)
type ExporterMock ¶
type ExporterMock struct{}
func (*ExporterMock) SendMalwareAlert ¶
func (e *ExporterMock) SendMalwareAlert(_ malwaremanager.MalwareResult)
func (*ExporterMock) SendRuleAlert ¶
func (e *ExporterMock) SendRuleAlert(_ ruleengine.RuleFailure)
type ExportersConfig ¶
type ExportersConfig struct { StdoutExporter *bool `mapstructure:"stdoutExporter"` HTTPExporterConfig *HTTPExporterConfig `mapstructure:"httpExporterConfig"` SyslogExporter string `mapstructure:"syslogExporterURL"` CsvRuleExporterPath string `mapstructure:"CsvRuleExporterPath"` CsvMalwareExporterPath string `mapstructure:"CsvMalwareExporterPath"` AlertManagerExporterUrls []string `mapstructure:"alertManagerExporterUrls"` }
type HTTPAlertsList ¶
type HTTPAlertsList struct { Kind string `json:"kind"` ApiVersion string `json:"apiVersion"` Spec HTTPAlertsListSpec `json:"spec"` }
type HTTPAlertsListSpec ¶
type HTTPAlertsListSpec struct { Alerts []apitypes.RuntimeAlert `json:"alerts"` ProcessTree apitypes.ProcessTree `json:"processTree"` CloudMetadata apitypes.CloudMetadata `json:"cloudMetadata"` }
type HTTPExporter ¶
type HTTPExporter struct { Host string `json:"host"` NodeName string `json:"nodeName"` ClusterName string `json:"clusterName"` // contains filtered or unexported fields }
we will have a CRD-like json struct to send in the HTTP request
func InitHTTPExporter ¶
func InitHTTPExporter(config HTTPExporterConfig, clusterName string, nodeName string, cloudMetadata *apitypes.CloudMetadata) (*HTTPExporter, error)
InitHTTPExporter initializes an HTTPExporter with the given URL, headers, timeout, and method
func (*HTTPExporter) SendMalwareAlert ¶
func (exporter *HTTPExporter) SendMalwareAlert(malwareResult malwaremanager.MalwareResult)
func (*HTTPExporter) SendRuleAlert ¶
func (exporter *HTTPExporter) SendRuleAlert(failedRule ruleengine.RuleFailure)
type HTTPExporterConfig ¶
type HTTPExporterConfig struct { // URL is the URL to send the HTTP request to URL string `json:"url"` // Headers is a map of headers to send in the HTTP request Headers map[string]string `json:"headers"` // Timeout is the timeout for the HTTP request TimeoutSeconds int `json:"timeoutSeconds"` // Method is the HTTP method to use for the HTTP request Method string `json:"method"` MaxAlertsPerMinute int `json:"maxAlertsPerMinute"` }
func (*HTTPExporterConfig) Validate ¶
func (config *HTTPExporterConfig) Validate() error
type StdoutExporter ¶
type StdoutExporter struct {
// contains filtered or unexported fields
}
func InitStdoutExporter ¶
func InitStdoutExporter(useStdout *bool, cloudmetadata *apitypes.CloudMetadata) *StdoutExporter
func (*StdoutExporter) SendMalwareAlert ¶
func (exporter *StdoutExporter) SendMalwareAlert(malwareResult malwaremanager.MalwareResult)
func (*StdoutExporter) SendRuleAlert ¶
func (exporter *StdoutExporter) SendRuleAlert(failedRule ruleengine.RuleFailure)
type SyslogExporter ¶
type SyslogExporter struct {
// contains filtered or unexported fields
}
SyslogExporter is an exporter that sends alerts to syslog
func InitSyslogExporter ¶
func InitSyslogExporter(syslogHost string) *SyslogExporter
InitSyslogExporter initializes a new SyslogExporter
func (*SyslogExporter) SendMalwareAlert ¶
func (se *SyslogExporter) SendMalwareAlert(malwareResult malwaremanager.MalwareResult)
SendMalwareAlert sends an alert to syslog (RFC 5424) - https://tools.ietf.org/html/rfc5424
func (*SyslogExporter) SendRuleAlert ¶
func (se *SyslogExporter) SendRuleAlert(failedRule ruleengine.RuleFailure)
SendRuleAlert sends an alert to syslog (RFC 5424) - https://tools.ietf.org/html/rfc5424