README
¶
KubeCop exporters package
This package contains the exporters for the KubeCop project.
Exporters
The following exporters are available:
- Alertmanager
- STD OUT
- SYSLOG
- CSV
- HTTP endpoint
Alertmanager
The Alertmanager exporter is used to send alerts to the Alertmanager. The Alertmanager will then send the alerts to the configured receivers. This exporter supports multiple Alertmanagers. The alerts will be sent to all configured Alertmanagers. To enable the Alertmanager exporter, set the following environment variables:
ALERTMANAGER_URLS
: The URLs of the Alertmanagers. Example:localhost:9093
orlocalhost:9093,localhost:9094
STD OUT
The STD OUT exporter is used to print the alerts to the standard output. This exporter is enabled by default. To disable the STD OUT exporter, set the following environment variable:
STDOUT_ENABLED
: Set tofalse
to disable the STD OUT exporter.
SYSLOG
The SYSLOG exporter is used to send the alerts to a syslog server. This exporter is disabled by default. NOTE: The SYSLOG messages format is RFC 5424. To enable the SYSLOG exporter, set the following environment variables:
SYSLOG_HOST
: The host of the syslog server. Example:localhost:514
SYSLOG_PROTOCOL
: The protocol of the syslog server. Example:tcp
orudp
CSV
The CSV exporter is used to write the alerts to a CSV file. This exporter is disabled by default. To enable the CSV exporter, set the following environment variables:
EXPORTER_CSV_RULE_PATH
: The path to the CSV file of the failed rules. Example:/tmp/alerts.csv
EXPORTER_CSV_MALWARE_PATH
: The path to the CSV file of the malwares found. Example:/tmp/malware.csv
HTTP endpoint
The HTTP endpoint exporter is used to send the alerts to an HTTP endpoint. This exporter is disabled by default. To enable the HTTP endpoint exporter, set the following environment variables:
HTTP_ENDPOINT_URL
: The URL of the HTTP endpoint. Example:http://localhost:8080/alerts
This will send a POST request to the specified URL with the alerts as the body. The alerts are limited to 10000 per minute. If the limit is reached, the exporter will stop sending alerts for the rest of the minute and will send a system alert to the configured HTTP endpoint.
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func PriorityToStatus ¶
Types ¶
type AlertManagerExporter ¶
type AlertManagerExporter struct { Host string NodeName string // contains filtered or unexported fields }
func InitAlertManagerExporter ¶
func InitAlertManagerExporter(alertManagerURL string) *AlertManagerExporter
func (*AlertManagerExporter) SendMalwareAlert ¶
func (ame *AlertManagerExporter) SendMalwareAlert(malwareResult malwaremanager.MalwareResult)
func (*AlertManagerExporter) SendRuleAlert ¶
func (ame *AlertManagerExporter) SendRuleAlert(failedRule ruleengine.RuleFailure)
type AlertType ¶ added in v0.2.197
type AlertType string
const (
AlertTypeLimitReached AlertType = "AlertLimitReached"
)
type CsvExporter ¶
CsvExporter is an exporter that sends alerts to csv
func InitCsvExporter ¶
func InitCsvExporter(csvRulePath, csvMalwarePath string) *CsvExporter
InitCsvExporter initializes a new CsvExporter
func (*CsvExporter) SendMalwareAlert ¶
func (ce *CsvExporter) SendMalwareAlert(malwareResult malwaremanager.MalwareResult)
func (*CsvExporter) SendRuleAlert ¶
func (ce *CsvExporter) SendRuleAlert(failedRule ruleengine.RuleFailure)
SendRuleAlert sends an alert to csv
type Exporter ¶
type Exporter interface { // SendRuleAlert sends an alert on failed rule to the exporter SendRuleAlert(failedRule ruleengine.RuleFailure) // SendMalwareAlert sends an alert on malware detection to the exporter. SendMalwareAlert(malwareResult malwaremanager.MalwareResult) }
generic exporter interface
type ExporterBus ¶
type ExporterBus struct {
// contains filtered or unexported fields
}
This file will contain the single point of contact for all exporters, it will be used by the engine to send alerts to all exporters.
func InitExporters ¶
func InitExporters(exportersConfig ExportersConfig, clusterName string, nodeName string, cloudMetadata *armotypes.CloudMetadata) *ExporterBus
InitExporters initializes all exporters.
func (*ExporterBus) SendMalwareAlert ¶
func (e *ExporterBus) SendMalwareAlert(malwareResult malwaremanager.MalwareResult)
func (*ExporterBus) SendRuleAlert ¶
func (e *ExporterBus) SendRuleAlert(failedRule ruleengine.RuleFailure)
type ExporterMock ¶
type ExporterMock struct{}
func (*ExporterMock) SendMalwareAlert ¶
func (e *ExporterMock) SendMalwareAlert(_ malwaremanager.MalwareResult)
func (*ExporterMock) SendRuleAlert ¶
func (e *ExporterMock) SendRuleAlert(_ ruleengine.RuleFailure)
type ExportersConfig ¶
type ExportersConfig struct { StdoutExporter *bool `mapstructure:"stdoutExporter"` HTTPExporterConfig *HTTPExporterConfig `mapstructure:"httpExporterConfig"` SyslogExporter string `mapstructure:"syslogExporterURL"` CsvRuleExporterPath string `mapstructure:"CsvRuleExporterPath"` CsvMalwareExporterPath string `mapstructure:"CsvMalwareExporterPath"` AlertManagerExporterUrls []string `mapstructure:"alertManagerExporterUrls"` }
type HTTPAlertsList ¶
type HTTPAlertsList struct { Kind string `json:"kind"` APIVersion string `json:"apiVersion"` Spec HTTPAlertsListSpec `json:"spec"` }
type HTTPAlertsListSpec ¶
type HTTPAlertsListSpec struct { Alerts []apitypes.RuntimeAlert `json:"alerts"` ProcessTree apitypes.ProcessTree `json:"processTree"` CloudMetadata apitypes.CloudMetadata `json:"cloudMetadata"` }
type HTTPExporter ¶
type HTTPExporter struct {
// contains filtered or unexported fields
}
func NewHTTPExporter ¶ added in v0.2.197
func NewHTTPExporter(config HTTPExporterConfig, clusterName, nodeName string, cloudMetadata *apitypes.CloudMetadata) (*HTTPExporter, error)
NewHTTPExporter creates a new HTTPExporter instance
func (*HTTPExporter) SendMalwareAlert ¶
func (e *HTTPExporter) SendMalwareAlert(malwareResult malwaremanager.MalwareResult)
SendMalwareAlert implements the Exporter interface
func (*HTTPExporter) SendRuleAlert ¶
func (e *HTTPExporter) SendRuleAlert(failedRule ruleengine.RuleFailure)
SendRuleAlert implements the Exporter interface
type HTTPExporterConfig ¶
type StdoutExporter ¶
type StdoutExporter struct {
// contains filtered or unexported fields
}
func InitStdoutExporter ¶
func InitStdoutExporter(useStdout *bool, cloudmetadata *apitypes.CloudMetadata) *StdoutExporter
func (*StdoutExporter) SendMalwareAlert ¶
func (exporter *StdoutExporter) SendMalwareAlert(malwareResult malwaremanager.MalwareResult)
func (*StdoutExporter) SendRuleAlert ¶
func (exporter *StdoutExporter) SendRuleAlert(failedRule ruleengine.RuleFailure)
type SyslogExporter ¶
type SyslogExporter struct {
// contains filtered or unexported fields
}
SyslogExporter is an exporter that sends alerts to syslog
func InitSyslogExporter ¶
func InitSyslogExporter(syslogHost string) *SyslogExporter
InitSyslogExporter initializes a new SyslogExporter
func (*SyslogExporter) SendMalwareAlert ¶
func (se *SyslogExporter) SendMalwareAlert(malwareResult malwaremanager.MalwareResult)
SendMalwareAlert sends an alert to syslog (RFC 5424) - https://tools.ietf.org/html/rfc5424
func (*SyslogExporter) SendRuleAlert ¶
func (se *SyslogExporter) SendRuleAlert(failedRule ruleengine.RuleFailure)
SendRuleAlert sends an alert to syslog (RFC 5424) - https://tools.ietf.org/html/rfc5424