exporters

package
v0.2.173 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 8, 2024 License: Apache-2.0 Imports: 24 Imported by: 0

README

KubeCop exporters package

This package contains the exporters for the KubeCop project.

Exporters

The following exporters are available:

Alertmanager

The Alertmanager exporter is used to send alerts to the Alertmanager. The Alertmanager will then send the alerts to the configured receivers. This exporter supports multiple Alertmanagers. The alerts will be sent to all configured Alertmanagers. To enable the Alertmanager exporter, set the following environment variables:

  • ALERTMANAGER_URLS: The URLs of the Alertmanagers. Example: localhost:9093 or localhost:9093,localhost:9094
STD OUT

The STD OUT exporter is used to print the alerts to the standard output. This exporter is enabled by default. To disable the STD OUT exporter, set the following environment variable:

  • STDOUT_ENABLED: Set to false to disable the STD OUT exporter.
SYSLOG

The SYSLOG exporter is used to send the alerts to a syslog server. This exporter is disabled by default. NOTE: The SYSLOG messages format is RFC 5424. To enable the SYSLOG exporter, set the following environment variables:

  • SYSLOG_HOST: The host of the syslog server. Example: localhost:514
  • SYSLOG_PROTOCOL: The protocol of the syslog server. Example: tcp or udp
CSV

The CSV exporter is used to write the alerts to a CSV file. This exporter is disabled by default. To enable the CSV exporter, set the following environment variables:

  • EXPORTER_CSV_RULE_PATH: The path to the CSV file of the failed rules. Example: /tmp/alerts.csv
  • EXPORTER_CSV_MALWARE_PATH: The path to the CSV file of the malwares found. Example: /tmp/malware.csv
HTTP endpoint

The HTTP endpoint exporter is used to send the alerts to an HTTP endpoint. This exporter is disabled by default. To enable the HTTP endpoint exporter, set the following environment variables:

  • HTTP_ENDPOINT_URL: The URL of the HTTP endpoint. Example: http://localhost:8080/alerts This will send a POST request to the specified URL with the alerts as the body. The alerts are limited to 10000 per minute. If the limit is reached, the exporter will stop sending alerts for the rest of the minute and will send a system alert to the configured HTTP endpoint.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func PriorityToStatus

func PriorityToStatus(priority int) string

Types

type AlertManagerExporter

type AlertManagerExporter struct {
	Host     string
	NodeName string
	// contains filtered or unexported fields
}

func InitAlertManagerExporter

func InitAlertManagerExporter(alertManagerURL string) *AlertManagerExporter

func (*AlertManagerExporter) SendMalwareAlert

func (ame *AlertManagerExporter) SendMalwareAlert(malwareResult malwaremanager.MalwareResult)

func (*AlertManagerExporter) SendRuleAlert

func (ame *AlertManagerExporter) SendRuleAlert(failedRule ruleengine.RuleFailure)

type CsvExporter

type CsvExporter struct {
	CsvRulePath    string
	CsvMalwarePath string
}

CsvExporter is an exporter that sends alerts to csv

func InitCsvExporter

func InitCsvExporter(csvRulePath, csvMalwarePath string) *CsvExporter

InitCsvExporter initializes a new CsvExporter

func (*CsvExporter) SendMalwareAlert

func (ce *CsvExporter) SendMalwareAlert(malwareResult malwaremanager.MalwareResult)

func (*CsvExporter) SendRuleAlert

func (ce *CsvExporter) SendRuleAlert(failedRule ruleengine.RuleFailure)

SendRuleAlert sends an alert to csv

type Exporter

type Exporter interface {
	// SendRuleAlert sends an alert on failed rule to the exporter
	SendRuleAlert(failedRule ruleengine.RuleFailure)
	// SendMalwareAlert sends an alert on malware detection to the exporter.
	SendMalwareAlert(malwareResult malwaremanager.MalwareResult)
}

generic exporter interface

type ExporterBus

type ExporterBus struct {
	// contains filtered or unexported fields
}

This file will contain the single point of contact for all exporters, it will be used by the engine to send alerts to all exporters.

func InitExporters

func InitExporters(exportersConfig ExportersConfig, clusterName string, nodeName string, cloudMetadata *armotypes.CloudMetadata) *ExporterBus

InitExporters initializes all exporters.

func (*ExporterBus) SendMalwareAlert

func (e *ExporterBus) SendMalwareAlert(malwareResult malwaremanager.MalwareResult)

func (*ExporterBus) SendRuleAlert

func (e *ExporterBus) SendRuleAlert(failedRule ruleengine.RuleFailure)

type ExporterMock

type ExporterMock struct{}

func (*ExporterMock) SendMalwareAlert

func (e *ExporterMock) SendMalwareAlert(_ malwaremanager.MalwareResult)

func (*ExporterMock) SendRuleAlert

func (e *ExporterMock) SendRuleAlert(_ ruleengine.RuleFailure)

type ExportersConfig

type ExportersConfig struct {
	StdoutExporter           *bool               `mapstructure:"stdoutExporter"`
	HTTPExporterConfig       *HTTPExporterConfig `mapstructure:"httpExporterConfig"`
	SyslogExporter           string              `mapstructure:"syslogExporterURL"`
	CsvRuleExporterPath      string              `mapstructure:"CsvRuleExporterPath"`
	CsvMalwareExporterPath   string              `mapstructure:"CsvMalwareExporterPath"`
	AlertManagerExporterUrls []string            `mapstructure:"alertManagerExporterUrls"`
}

type HTTPAlertsList

type HTTPAlertsList struct {
	Kind       string             `json:"kind"`
	ApiVersion string             `json:"apiVersion"`
	Spec       HTTPAlertsListSpec `json:"spec"`
}

type HTTPAlertsListSpec

type HTTPAlertsListSpec struct {
	Alerts        []apitypes.RuntimeAlert `json:"alerts"`
	ProcessTree   apitypes.ProcessTree    `json:"processTree"`
	CloudMetadata apitypes.CloudMetadata  `json:"cloudMetadata"`
}

type HTTPExporter

type HTTPExporter struct {
	Host        string `json:"host"`
	NodeName    string `json:"nodeName"`
	ClusterName string `json:"clusterName"`
	// contains filtered or unexported fields
}

we will have a CRD-like json struct to send in the HTTP request

func InitHTTPExporter

func InitHTTPExporter(config HTTPExporterConfig, clusterName string, nodeName string, cloudMetadata *apitypes.CloudMetadata) (*HTTPExporter, error)

InitHTTPExporter initializes an HTTPExporter with the given URL, headers, timeout, and method

func (*HTTPExporter) SendMalwareAlert

func (exporter *HTTPExporter) SendMalwareAlert(malwareResult malwaremanager.MalwareResult)

func (*HTTPExporter) SendRuleAlert

func (exporter *HTTPExporter) SendRuleAlert(failedRule ruleengine.RuleFailure)

type HTTPExporterConfig

type HTTPExporterConfig struct {
	// URL is the URL to send the HTTP request to
	URL string `json:"url"`
	// Headers is a map of headers to send in the HTTP request
	Headers map[string]string `json:"headers"`
	// Timeout is the timeout for the HTTP request
	TimeoutSeconds int `json:"timeoutSeconds"`
	// Method is the HTTP method to use for the HTTP request
	Method             string `json:"method"`
	MaxAlertsPerMinute int    `json:"maxAlertsPerMinute"`
}

func (*HTTPExporterConfig) Validate

func (config *HTTPExporterConfig) Validate() error

type StdoutExporter

type StdoutExporter struct {
	// contains filtered or unexported fields
}

func InitStdoutExporter

func InitStdoutExporter(useStdout *bool, cloudmetadata *apitypes.CloudMetadata) *StdoutExporter

func (*StdoutExporter) SendMalwareAlert

func (exporter *StdoutExporter) SendMalwareAlert(malwareResult malwaremanager.MalwareResult)

func (*StdoutExporter) SendRuleAlert

func (exporter *StdoutExporter) SendRuleAlert(failedRule ruleengine.RuleFailure)

type SyslogExporter

type SyslogExporter struct {
	// contains filtered or unexported fields
}

SyslogExporter is an exporter that sends alerts to syslog

func InitSyslogExporter

func InitSyslogExporter(syslogHost string) *SyslogExporter

InitSyslogExporter initializes a new SyslogExporter

func (*SyslogExporter) SendMalwareAlert

func (se *SyslogExporter) SendMalwareAlert(malwareResult malwaremanager.MalwareResult)

SendMalwareAlert sends an alert to syslog (RFC 5424) - https://tools.ietf.org/html/rfc5424

func (*SyslogExporter) SendRuleAlert

func (se *SyslogExporter) SendRuleAlert(failedRule ruleengine.RuleFailure)

SendRuleAlert sends an alert to syslog (RFC 5424) - https://tools.ietf.org/html/rfc5424

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL