README
¶
KubeCop exporters package
This package contains the exporters for the KubeCop project.
Exporters
The following exporters are available:
- Alertmanager
- STD OUT
- SYSLOG
- CSV
- HTTP endpoint
Alertmanager
The Alertmanager exporter is used to send alerts to the Alertmanager. The Alertmanager will then send the alerts to the configured receivers. This exporter supports multiple Alertmanagers. The alerts will be sent to all configured Alertmanagers. To enable the Alertmanager exporter, set the following environment variables:
ALERTMANAGER_URLS
: The URLs of the Alertmanagers. Example:localhost:9093
orlocalhost:9093,localhost:9094
STD OUT
The STD OUT exporter is used to print the alerts to the standard output. This exporter is enabled by default. To disable the STD OUT exporter, set the following environment variable:
STDOUT_ENABLED
: Set tofalse
to disable the STD OUT exporter.
SYSLOG
The SYSLOG exporter is used to send the alerts to a syslog server. This exporter is disabled by default. NOTE: The SYSLOG messages format is RFC 5424. To enable the SYSLOG exporter, set the following environment variables:
SYSLOG_HOST
: The host of the syslog server. Example:localhost:514
SYSLOG_PROTOCOL
: The protocol of the syslog server. Example:tcp
orudp
CSV
The CSV exporter is used to write the alerts to a CSV file. This exporter is disabled by default. To enable the CSV exporter, set the following environment variables:
EXPORTER_CSV_RULE_PATH
: The path to the CSV file of the failed rules. Example:/tmp/alerts.csv
EXPORTER_CSV_MALWARE_PATH
: The path to the CSV file of the malwares found. Example:/tmp/malware.csv
HTTP endpoint
The HTTP endpoint exporter is used to send the alerts to an HTTP endpoint. This exporter is disabled by default. To enable the HTTP endpoint exporter, set the following environment variables:
HTTP_ENDPOINT_URL
: The URL of the HTTP endpoint. Example:http://localhost:8080/alerts
This will send a POST request to the specified URL with the alerts as the body. The alerts are limited to 10000 per minute. If the limit is reached, the exporter will stop sending alerts for the rest of the minute and will send a system alert to the configured HTTP endpoint.
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func PriorityToStatus ¶
Types ¶
type AlertManagerExporter ¶
type AlertManagerExporter struct { Host string NodeName string // contains filtered or unexported fields }
func InitAlertManagerExporter ¶
func InitAlertManagerExporter(alertManagerURL string) *AlertManagerExporter
func (*AlertManagerExporter) SendMalwareAlert ¶
func (ame *AlertManagerExporter) SendMalwareAlert(malwareResult malwaremanager.MalwareResult)
func (*AlertManagerExporter) SendRuleAlert ¶
func (ame *AlertManagerExporter) SendRuleAlert(failedRule ruleengine.RuleFailure)
type CsvExporter ¶
CsvExporter is an exporter that sends alerts to csv
func InitCsvExporter ¶
func InitCsvExporter(csvRulePath, csvMalwarePath string) *CsvExporter
InitCsvExporter initializes a new CsvExporter
func (*CsvExporter) SendMalwareAlert ¶
func (ce *CsvExporter) SendMalwareAlert(malwareResult malwaremanager.MalwareResult)
func (*CsvExporter) SendRuleAlert ¶
func (ce *CsvExporter) SendRuleAlert(failedRule ruleengine.RuleFailure)
SendRuleAlert sends an alert to csv
type Exporter ¶
type Exporter interface { // SendRuleAlert sends an alert on failed rule to the exporter SendRuleAlert(failedRule ruleengine.RuleFailure) // SendMalwareAlert sends an alert on malware detection to the exporter. SendMalwareAlert(malwareResult malwaremanager.MalwareResult) }
generic exporter interface
type ExporterBus ¶
type ExporterBus struct {
// contains filtered or unexported fields
}
This file will contain the single point of contact for all exporters, it will be used by the engine to send alerts to all exporters.
func InitExporters ¶
func InitExporters(exportersConfig ExportersConfig, clusterName string, nodeName string, cloudMetadata *armotypes.CloudMetadata) *ExporterBus
InitExporters initializes all exporters.
func (*ExporterBus) SendMalwareAlert ¶
func (e *ExporterBus) SendMalwareAlert(malwareResult malwaremanager.MalwareResult)
func (*ExporterBus) SendRuleAlert ¶
func (e *ExporterBus) SendRuleAlert(failedRule ruleengine.RuleFailure)
type ExporterMock ¶
type ExporterMock struct{}
func (*ExporterMock) SendMalwareAlert ¶
func (e *ExporterMock) SendMalwareAlert(_ malwaremanager.MalwareResult)
func (*ExporterMock) SendRuleAlert ¶
func (e *ExporterMock) SendRuleAlert(_ ruleengine.RuleFailure)
type ExportersConfig ¶
type ExportersConfig struct { StdoutExporter *bool `mapstructure:"stdoutExporter"` HTTPExporterConfig *HTTPExporterConfig `mapstructure:"httpExporterConfig"` SyslogExporter string `mapstructure:"syslogExporterURL"` CsvRuleExporterPath string `mapstructure:"CsvRuleExporterPath"` CsvMalwareExporterPath string `mapstructure:"CsvMalwareExporterPath"` AlertManagerExporterUrls []string `mapstructure:"alertManagerExporterUrls"` }
type HTTPAlertsList ¶
type HTTPAlertsList struct { Kind string `json:"kind"` ApiVersion string `json:"apiVersion"` Spec HTTPAlertsListSpec `json:"spec"` }
type HTTPAlertsListSpec ¶
type HTTPAlertsListSpec struct { Alerts []apitypes.RuntimeAlert `json:"alerts"` ProcessTree apitypes.ProcessTree `json:"processTree"` CloudMetadata apitypes.CloudMetadata `json:"cloudMetadata"` }
type HTTPExporter ¶
type HTTPExporter struct { Host string `json:"host"` NodeName string `json:"nodeName"` ClusterName string `json:"clusterName"` // contains filtered or unexported fields }
we will have a CRD-like json struct to send in the HTTP request
func InitHTTPExporter ¶
func InitHTTPExporter(config HTTPExporterConfig, clusterName string, nodeName string, cloudMetadata *apitypes.CloudMetadata) (*HTTPExporter, error)
InitHTTPExporter initializes an HTTPExporter with the given URL, headers, timeout, and method
func (*HTTPExporter) SendMalwareAlert ¶
func (exporter *HTTPExporter) SendMalwareAlert(malwareResult malwaremanager.MalwareResult)
func (*HTTPExporter) SendRuleAlert ¶
func (exporter *HTTPExporter) SendRuleAlert(failedRule ruleengine.RuleFailure)
type HTTPExporterConfig ¶
type HTTPExporterConfig struct { // URL is the URL to send the HTTP request to URL string `json:"url"` // Headers is a map of headers to send in the HTTP request Headers map[string]string `json:"headers"` // Timeout is the timeout for the HTTP request TimeoutSeconds int `json:"timeoutSeconds"` // Method is the HTTP method to use for the HTTP request Method string `json:"method"` MaxAlertsPerMinute int `json:"maxAlertsPerMinute"` }
func (*HTTPExporterConfig) Validate ¶
func (config *HTTPExporterConfig) Validate() error
type StdoutExporter ¶
type StdoutExporter struct {
// contains filtered or unexported fields
}
func InitStdoutExporter ¶
func InitStdoutExporter(useStdout *bool, cloudmetadata *apitypes.CloudMetadata) *StdoutExporter
func (*StdoutExporter) SendMalwareAlert ¶
func (exporter *StdoutExporter) SendMalwareAlert(malwareResult malwaremanager.MalwareResult)
func (*StdoutExporter) SendRuleAlert ¶
func (exporter *StdoutExporter) SendRuleAlert(failedRule ruleengine.RuleFailure)
type SyslogExporter ¶
type SyslogExporter struct {
// contains filtered or unexported fields
}
SyslogExporter is an exporter that sends alerts to syslog
func InitSyslogExporter ¶
func InitSyslogExporter(syslogHost string) *SyslogExporter
InitSyslogExporter initializes a new SyslogExporter
func (*SyslogExporter) SendMalwareAlert ¶
func (se *SyslogExporter) SendMalwareAlert(malwareResult malwaremanager.MalwareResult)
SendMalwareAlert sends an alert to syslog (RFC 5424) - https://tools.ietf.org/html/rfc5424
func (*SyslogExporter) SendRuleAlert ¶
func (se *SyslogExporter) SendRuleAlert(failedRule ruleengine.RuleFailure)
SendRuleAlert sends an alert to syslog (RFC 5424) - https://tools.ietf.org/html/rfc5424