api

package
v0.1.17 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 10, 2020 License: Apache-2.0 Imports: 17 Imported by: 4

README

Go API Client

A Golang API client for interacting with the Lacework API.

Usage

Download the library into your $GOPATH:

$ go get github.com/lacework/go-sdk/api

Import the library into your tool:

import "github.com/lacework/go-sdk/api"
Requirements

To interact with Lacework's API you need to have:

  1. A Lacework account
  2. Either API access keys or token for authentication
Examples

Create a new Lacework client that will automatically generate a new access token from the provided set of API keys, then hit the external/integrations endpoint to list all available integrations from you account.

lacework, err := api.NewClient("account",
	api.WithTokenFromKeys("KEY", "SECRET"),
)
if err != nil {
	log.Fatal(err)
}

integrations, err := lacework.Integrations.List()
if err != nil {
	log.Fatal(err)
}

// Output: 
// CUSTOMER_123456B DATADOG
// CUSTOMER_123456A CONT_VULN_CFG
// CUSTOMER_123456C PAGER_DUTY_API
fmt.Println(integrations.String())

Documentation

Index

Constants

View Source 
const (
	// type that defines a non-existing integration
	NoneIntegration integrationType = iota

	// AWS Config integration type
	AwsCfgIntegration

	// AWS CloudTrail integration type
	AwsCloudTrailIntegration

	// GCP Config integration type
	GcpCfgIntegration

	// GCP Audit Log integration type
	GcpAuditLogIntegration

	// Azure Config integration type
	AzureCfgIntegration

	// Azure Activity Log integration type
	AzureActivityLogIntegration

	// Container registry integration type
	ContainerRegistryIntegration
)
View Source 
const (
	// type that defines a non-existing registry
	NoneRegistry registryType = iota
	DockerHubRegistry
	DockerV2Registry
)
View Source 
const (
	// Project level integration with GCP
	GcpProjectIntegration gcpResourceLevel = iota

	// Organization level integration with GCP
	GcpOrganizationIntegration
)

Variables

View Source 
var IntegrationTypes = map[integrationType]string{
	NoneIntegration:              "NONE",
	AwsCfgIntegration:            "AWS_CFG",
	AwsCloudTrailIntegration:     "AWS_CT_SQS",
	GcpCfgIntegration:            "GCP_CFG",
	GcpAuditLogIntegration:       "GCP_AT_SES",
	AzureCfgIntegration:          "AZURE_CFG",
	AzureActivityLogIntegration:  "AZURE_AL_SEQ",
	ContainerRegistryIntegration: "CONT_VULN_CFG",
}

IntegrationTypes is the list of available integration types

View Source 
var RegistryTypes = map[registryType]string{
	NoneRegistry:      "NONE",
	DockerHubRegistry: "DOCKERHUB",
	DockerV2Registry:  "V2_REGISTRY",
}

RegistryTypes is the list of available registry types

View Source 
var ValidVulSeverities = []string{"critical", "high", "medium", "low", "info"}

ValidVulSeverities is a list of all valid severities in a vulnerability report

Functions

func FindIntegrationType 

func FindIntegrationType(t string) (integrationType, bool)

FindIntegrationType looks up inside the list of available integration types the matching type from the provided string, if none, returns NoneIntegration

Types

type AwsIntegration 

type AwsIntegration struct {
	Data AwsIntegrationData `json:"DATA"`
	// contains filtered or unexported fields
}

func NewAwsCfgIntegration 

func NewAwsCfgIntegration(name string, data AwsIntegrationData) AwsIntegration

NewAwsCfgIntegration returns an instance of AwsIntegration of type AWS_CFG

func NewAwsCloudTrailIntegration 

func NewAwsCloudTrailIntegration(name string, data AwsIntegrationData) AwsIntegration

NewAwsCloudTrailIntegration returns an instance of AwsIntegration of type AWS_CT_SQS

func NewAwsIntegration 

func NewAwsIntegration(name string, iType integrationType, data AwsIntegrationData) AwsIntegration

NewAwsIntegration returns an instance of AwsIntegration with the provided integration type, name and data. The type can only be AwsCfgIntegration or AwsCloudTrailIntegration

Basic usage: Initialize a new AwsIntegration struct, then 

           use the new instance to do CRUD operations

client, err := api.NewClient("account")
if err != nil {
  return err
}

aws := api.NewAwsIntegration("foo",
  api.AwsCfgIntegration,
  api.AwsIntegrationData{
    Credentials: api.AwsIntegrationCreds {
      RoleArn: "arn:aws:XYZ",
      ExternalID: "1",
    },
  },
)

client.Integrations.CreateAws(aws)

func (AwsIntegration) StateString added in v0.1.7 

func (c AwsIntegration) StateString() string

func (AwsIntegration) Status added in v0.1.3 

func (c AwsIntegration) Status() string

type AwsIntegrationCreds 

type AwsIntegrationCreds struct {
	RoleArn    string `json:"ROLE_ARN" mapstructure:"ROLE_ARN"`
	ExternalID string `json:"EXTERNAL_ID" mapstructure:"EXTERNAL_ID"`
}

type AwsIntegrationData 

type AwsIntegrationData struct {
	Credentials AwsIntegrationCreds `json:"CROSS_ACCOUNT_CREDENTIALS" mapstructure:"CROSS_ACCOUNT_CREDENTIALS"`

	// QueueUrl is a field that exists and is required for the AWS_CT_SQS integration,
	// though, it doesn't exist for AWS_CFG integrations, that's why we omit it if empty
	QueueUrl string `json:"QUEUE_URL,omitempty" mapstructure:"QUEUE_URL"`
}

type AwsIntegrationsResponse 

type AwsIntegrationsResponse struct {
	Data    []AwsIntegration `json:"data"`
	Ok      bool             `json:"ok"`
	Message string           `json:"message"`
}

type AzureIntegration 

type AzureIntegration struct {
	Data AzureIntegrationData `json:"DATA"`
	// contains filtered or unexported fields
}

func NewAzureActivityLogIntegration 

func NewAzureActivityLogIntegration(name string, data AzureIntegrationData) AzureIntegration

NewAzureActivityLogIntegration returns an instance of AzureIntegration of type AZURE_AL_SEQ

func NewAzureCfgIntegration 

func NewAzureCfgIntegration(name string, data AzureIntegrationData) AzureIntegration

NewAzureCfgIntegration returns an instance of AzureIntegration of type AZURE_CFG

func NewAzureIntegration 

func NewAzureIntegration(name string, iType integrationType, data AzureIntegrationData) AzureIntegration

NewAzureIntegration returns an instance of AzureIntegration with the provided integration type, name and data. The type can only be AzureCfgIntegration or AzureActivityLogIntegration

Basic usage: Initialize a new AzureIntegration struct, then 

           use the new instance to do CRUD operations

client, err := api.NewClient("account")
if err != nil {
  return err
}

azure := api.NewAzureIntegration("bar",
  api.AzureActivityLogIntegration,
  api.AzureIntegrationData{
    TenantID: "tenant_id",
    QueueUrl: "https://abc.queue.core.windows.net/123",
    Credentials: api.AzureIntegrationCreds{
      ClientID: "client_id",
      ClientSecret: "secret",
    },
  },
)
if err != nil {
  return err
}

client.Integrations.CreateAzure(azure)

func (AzureIntegration) StateString added in v0.1.7 

func (c AzureIntegration) StateString() string

func (AzureIntegration) Status added in v0.1.3 

func (c AzureIntegration) Status() string

type AzureIntegrationCreds 

type AzureIntegrationCreds struct {
	ClientID     string `json:"CLIENT_ID" mapstructure:"CLIENT_ID"`
	ClientSecret string `json:"CLIENT_SECRET" mapstructure:"CLIENT_SECRET"`
}

type AzureIntegrationData 

type AzureIntegrationData struct {
	Credentials AzureIntegrationCreds `json:"CREDENTIALS" mapstructure:"CREDENTIALS"`
	TenantID    string                `json:"TENANT_ID" mapstructure:"TENANT_ID"`

	// QueueUrl is a field that exists and is required for the AWS_CT_SQS integration,
	// though, it doesn't exist for AZURE_CFG integrations, that's why we omit it if empty
	QueueUrl string `json:"QUEUE_URL,omitempty" mapstructure:"QUEUE_URL"`
}

type AzureIntegrationsResponse 

type AzureIntegrationsResponse struct {
	Data    []AzureIntegration `json:"data"`
	Ok      bool               `json:"ok"`
	Message string             `json:"message"`
}

type Client 

type Client struct {
	Events          *EventsService
	Compliance      *ComplianceService
	Integrations    *IntegrationsService
	Vulnerabilities *VulnerabilitiesService
	// contains filtered or unexported fields
}

func NewClient 

func NewClient(account string, opts ...Option) (*Client, error)

New generates a new Lacework API client

Example of basic usage 

lacework, err := api.NewClient("demo")
if err == nil {
    lacework.Integrations.List()
}

func (*Client) ApiVersion 

func (c *Client) ApiVersion() string

ApiVersion returns the API client version

func (*Client) Do 

func (c *Client) Do(req *http.Request) (*http.Response, error)

Do calls request.Do() directly

func (*Client) DoDecoder 

func (c *Client) DoDecoder(req *http.Request, v interface{}) (*http.Response, error)

DoDecoder is used to execute (aka Do) the http request and decode it into the provided interface, all at once

func (*Client) GenerateToken 

func (c *Client) GenerateToken() (response tokenResponse, err error)

GenerateToken generates a new access token

func (*Client) GenerateTokenWithKeys 

func (c *Client) GenerateTokenWithKeys(keyID, secretKey string) (tokenResponse, error)

GenerateTokenWithKeys generates a new access token with the provided keys

func (*Client) NewRequest 

func (c *Client) NewRequest(method string, apiURL string, body io.Reader) (*http.Request, error)

NewRequest generates a new http request

func (*Client) RequestDecoder 

func (c *Client) RequestDecoder(method, path string, body io.Reader, v interface{}) error

RequestDecoder performs an http request on an endpoint, and decodes the response into the provided interface, all at once

func (*Client) RequestEncoderDecoder added in v0.1.3 

func (c *Client) RequestEncoderDecoder(method, path string, data, v interface{}) error

RequestEncoderDecoder leverages RequestDecoder and performs an http request that first encodes the provider 'data' as a JSON Reader and passes it as the body to the request

func (*Client) URL 

func (c *Client) URL() string

URL returns the base url configured

type CompAzureSubscriptions added in v0.1.12 

type CompAzureSubscriptions struct {
	Tenant        string   `json:"tenant"`
	Subscriptions []string `json:"subscriptions"`
}

type CompGcpProjects added in v0.1.12 

type CompGcpProjects struct {
	Organization string   `json:"organization"`
	Projects     []string `json:"projects"`
}

type ComplianceAwsReport added in v0.1.12 

type ComplianceAwsReport struct {
	ReportTitle     string                     `json:"reportTitle"`
	ReportType      string                     `json:"reportType"`
	ReportTime      time.Time                  `json:"reportTime"`
	AccountID       string                     `json:"accountId"`
	AccountAlias    string                     `json:"accountAlias"`
	Summary         []ComplianceSummary        `json:"summary"`
	Recommendations []ComplianceRecommendation `json:"recommendations"`
}

type ComplianceAwsReportConfig added in v0.1.12 

type ComplianceAwsReportConfig struct {
	AccountID string
	Type      string
}

type ComplianceAzureReport added in v0.1.12 

type ComplianceAzureReport struct {
	ReportTitle      string                     `json:"reportTitle"`
	ReportType       string                     `json:"reportType"`
	ReportTime       time.Time                  `json:"reportTime"`
	TenantID         string                     `json:"tenantId"`
	TenantName       string                     `json:"tenantName"`
	SubscriptionID   string                     `json:"subscriptionId"`
	SubscriptionName string                     `json:"subscriptionName"`
	Summary          []ComplianceSummary        `json:"summary"`
	Recommendations  []ComplianceRecommendation `json:"recommendations"`
}

type ComplianceAzureReportConfig added in v0.1.12 

type ComplianceAzureReportConfig struct {
	TenantID       string
	SubscriptionID string
	Type           string
}

type ComplianceGcpReport added in v0.1.12 

type ComplianceGcpReport struct {
	ReportTitle      string                     `json:"reportTitle"`
	ReportType       string                     `json:"reportType"`
	ReportTime       time.Time                  `json:"reportTime"`
	OrganizationID   string                     `json:"organizationId"`
	OrganizationName string                     `json:"organizationName"`
	ProjectID        string                     `json:"projectId"`
	ProjectName      string                     `json:"projectName"`
	Summary          []ComplianceSummary        `json:"summary"`
	Recommendations  []ComplianceRecommendation `json:"recommendations"`
}

type ComplianceGcpReportConfig added in v0.1.12 

type ComplianceGcpReportConfig struct {
	OrganizationID string
	ProjectID      string
	Type           string
}

type ComplianceRecommendation added in v0.1.12 

type ComplianceRecommendation struct {
	RecID                 string                `json:"rec_id"`
	AssessedResourceCount int                   `json:"assessed_resource_count"`
	ResourceCount         int                   `json:"resource_count"`
	Category              string                `json:"category"`
	InfoLink              string                `json:"info_link"`
	Service               string                `json:"service"`
	Severity              int                   `json:"severity"`
	Status                string                `json:"status"`
	Suppressions          []string              `json:"suppressions"`
	Title                 string                `json:"title"`
	Violations            []ComplianceViolation `json:"violations"`
}

func (*ComplianceRecommendation) SeverityString added in v0.1.12 

func (r *ComplianceRecommendation) SeverityString() string

type ComplianceService added in v0.1.12 

type ComplianceService struct {
	// contains filtered or unexported fields
}

ComplianceService is a service that interacts with the compliance endpoints from the Lacework Server

func (*ComplianceService) DownloadAwsReportPDF added in v0.1.12 

func (svc *ComplianceService) DownloadAwsReportPDF(filepath string, config ComplianceAwsReportConfig) error

func (*ComplianceService) DownloadAzureReportPDF added in v0.1.12 

func (svc *ComplianceService) DownloadAzureReportPDF(filepath string, config ComplianceAzureReportConfig) error

func (*ComplianceService) DownloadGcpReportPDF added in v0.1.12 

func (svc *ComplianceService) DownloadGcpReportPDF(filepath string, config ComplianceGcpReportConfig) error

func (*ComplianceService) GetAwsReport added in v0.1.12 

func (svc *ComplianceService) GetAwsReport(config ComplianceAwsReportConfig) (
	response complianceAwsReportResponse,
	err error,
)

func (*ComplianceService) GetAzureReport added in v0.1.12 

func (svc *ComplianceService) GetAzureReport(config ComplianceAzureReportConfig) (
	response complianceAzureReportResponse,
	err error,
)

func (*ComplianceService) GetGcpReport added in v0.1.12 

func (svc *ComplianceService) GetGcpReport(config ComplianceGcpReportConfig) (
	response complianceGcpReportResponse,
	err error,
)

func (*ComplianceService) ListAzureSubscriptions added in v0.1.12 

func (svc *ComplianceService) ListAzureSubscriptions(tenantID string) (
	response compAzureSubsResponse,
	err error,
)

func (*ComplianceService) ListGcpProjects added in v0.1.12 

func (svc *ComplianceService) ListGcpProjects(orgID string) (
	response compGcpProjectsResponse,
	err error,
)

func (*ComplianceService) RunAwsReport added in v0.1.12 

func (svc *ComplianceService) RunAwsReport(accountID string) (
	response map[string]interface{},
	err error,
)

func (*ComplianceService) RunAzureReport added in v0.1.12 

func (svc *ComplianceService) RunAzureReport(tenantID string) (
	response complianceRunAzureReportResponse,
	err error,
)

func (*ComplianceService) RunGcpReport added in v0.1.12 

func (svc *ComplianceService) RunGcpReport(projectID string) (
	response complianceRunGcpReportResponse,
	err error,
)

type ComplianceSummary added in v0.1.12 

type ComplianceSummary struct {
	AssessedResourceCount     int `json:"assessed_resource_count"`
	NumCompliant              int `json:"num_compliant"`
	NumNotCompliant           int `json:"num_not_compliant"`
	NumRecommendations        int `json:"num_recommendations"`
	NumSeverity1NonCompliance int `json:"num_severity_1_non_compliance"`
	NumSeverity2NonCompliance int `json:"num_severity_2_non_compliance"`
	NumSeverity3NonCompliance int `json:"num_severity_3_non_compliance"`
	NumSeverity4NonCompliance int `json:"num_severity_4_non_compliance"`
	NumSeverity5NonCompliance int `json:"num_severity_5_non_compliance"`
	NumSuppressed             int `json:"num_suppressed"`
	SuppressedResourceCount   int `json:"suppressed_resource_count"`
	ViolatedResourceCount     int `json:"violated_resource_count"`
}

type ComplianceViolation added in v0.1.12 

type ComplianceViolation struct {
	Region   string   `json:"region"`
	Resource string   `json:"resource"`
	Reasons  []string `json:"reasons"`
}

type ContainerRegCreds added in v0.1.9 

type ContainerRegCreds struct {
	Username string `json:"USERNAME" mapstructure:"USERNAME"`
	Password string `json:"PASSWORD" mapstructure:"PASSWORD"`
	// @afiune this is for docker V2 registry
	SSL bool `json:"SSL,omitempty" mapstructure:"SSL"`
}

type ContainerRegData added in v0.1.9 

type ContainerRegData struct {
	Credentials    ContainerRegCreds `json:"CREDENTIALS" mapstructure:"CREDENTIALS"`
	RegistryType   string            `json:"REGISTRY_TYPE" mapstructure:"REGISTRY_TYPE"`
	RegistryDomain string            `json:"REGISTRY_DOMAIN" mapstructure:"REGISTRY_DOMAIN"`
	LimitByTag     string            `json:"LIMIT_BY_TAG" mapstructure:"LIMIT_BY_TAG"`
	LimitByLabel   string            `json:"LIMIT_BY_LABEL" mapstructure:"LIMIT_BY_LABEL"`
	LimitByRep     string            `json:"LIMIT_BY_REP,omitempty" mapstructure:"LIMIT_BY_REP"`
	LimitNumImg    int               `json:"LIMIT_NUM_IMG"` // @afiune we can't parse this field
}

type ContainerRegIntResponse added in v0.1.9 

type ContainerRegIntResponse struct {
	Data    []ContainerRegIntegration `json:"data"`
	Ok      bool                      `json:"ok"`
	Message string                    `json:"message"`
}

@afiune we can't use this response since the request sent to the Server is different from the one it returns as a response. :( If we enable this struct we will get the following error:

json: cannot unmarshal string into Go struct field 

ContainerRegData.data.DATA.LIMIT_NUM_IMG of type int

type ContainerRegIntegration added in v0.1.9 

type ContainerRegIntegration struct {
	Data ContainerRegData `json:"DATA"`
	// contains filtered or unexported fields
}

func NewContainerRegIntegration added in v0.1.9 

func NewContainerRegIntegration(name string, data ContainerRegData) ContainerRegIntegration

NewContainerRegIntegration returns an instance of ContainerRegIntegration with the provided name and data.

Basic usage: Create a Docker Hub integration 

client, err := api.NewClient("account")
if err != nil {
  return err
}

docker := api.NewContainerRegIntegration("foo",
  api.ContainerRegData{
    Credentials: api.ContainerRegCreds {
      Username: "techally",
      Password: "secret",
    },
    RegistryType: api.DockerHubRegistry.String(),
    RegistryDomain: "index.docker.io",
    LimitByTag: "*",
    LimitByLabel: "*",
    LimitNumImg: "5",
  },
)

client.Integrations.CreateContainerRegistry(docker)

func (ContainerRegIntegration) StateString added in v0.1.9 

func (c ContainerRegIntegration) StateString() string

func (ContainerRegIntegration) Status added in v0.1.9 

func (c ContainerRegIntegration) Status() string

type Event added in v0.1.6 

type Event struct {
	EventID   string    `json:"event_id"`
	EventType string    `json:"event_type"`
	Severity  string    `json:"severity"`
	StartTime time.Time `json:"start_time"`
	EndTime   time.Time `json:"end_time"`
}

func (*Event) SeverityString added in v0.1.6 

func (e *Event) SeverityString() string

type EventAPIEntity added in v0.1.11 

type EventAPIEntity struct {
	Service string `json:"service"`
	Api     string `json:"api"`
}

type EventApplicationEntity added in v0.1.11 

type EventApplicationEntity struct {
	Application       string    `json:"application"`
	HasExternalConns  int32     `json:"has_external_conns"`
	IsClient          int32     `json:"is_client"`
	IsServer          int32     `json:"is_server"`
	EarliestKnownTime time.Time `json:"earliest_known_time"`
}

type EventCTUserEntity added in v0.1.11 

type EventCTUserEntity struct {
	Username    string   `json:"username"`
	AccountID   string   `json:"account_id"`
	Mfa         int32    `json:"mfa"`
	ApiList     []string `json:"api_list"`
	RegionList  []string `json:"region_list"`
	PrincipalID string   `json:"principal_id"`
}

type EventContainerEntity added in v0.1.11 

type EventContainerEntity struct {
	ImageRepo        string    `json:"image_repo"`
	ImageTag         string    `json:"image_tag"`
	HasExternalConns int32     `json:"has_external_conns"`
	IsClient         int32     `json:"is_client"`
	IsServer         int32     `json:"is_server"`
	FirstSeenTime    time.Time `json:"first_seen_time"`
	PodNamespace     string    `json:"pod_namespace"`
	PodIpAddr        string    `json:"pod_ip_addr"`
}

type EventCustomRuleEntity added in v0.1.11 

type EventCustomRuleEntity struct {
	LastUpdatedTime time.Time `json:"last_updated_time"`
	LastUpdatedUser string    `json:"last_updated_user"`
	DisplayFilter   string    `json:"display_filter"`
	RuleGuid        string    `json:"rule_guid"`
}

type EventDetails added in v0.1.6 

type EventDetails struct {
	EventID    string         `json:"event_id"`
	EventActor string         `json:"event_actor"`
	EventModel string         `json:"event_model"`
	EventType  string         `json:"event_type"`
	StartTime  time.Time      `json:"start_time"`
	EndTime    time.Time      `json:"end_time"`
	EntityMap  EventEntityMap `json:"entity_map"`
}

type EventDetailsResponse added in v0.1.6 

type EventDetailsResponse struct {
	Events []EventDetails `json:"data"`
}

type EventDnsNameEntity added in v0.1.11 

type EventDnsNameEntity struct {
	Hostname      string  `json:"hostname"`
	PortList      []int32 `json:"port_list"`
	TotalInBytes  float32 `json:"total_in_bytes"`
	TotalOutBytes float32 `json:"total_out_bytes"`
}

type EventEntityMap added in v0.1.6 

type EventEntityMap struct {
	User            []EventUserEntity            `json:"user,omitempty"`
	Application     []EventApplicationEntity     `json:"application,omitempty"`
	Machine         []EventMachineEntity         `json:"machine,omitempty"`
	Container       []EventContainerEntity       `json:"container,omitempty"`
	DnsName         []EventDnsNameEntity         `json:"DnsName,omitempty"`   // @afiune not in standard
	IpAddress       []EventIpAddressEntity       `json:"IpAddress,omitempty"` // @afiune not in standard
	Process         []EventProcessEntity         `json:"process,omitempty"`
	FileDataHash    []EventFileDataHashEntity    `json:"FileDataHash,omitempty"`    // @afiune not in standard
	FileExePath     []EventFileExePathEntity     `json:"FileExePath,omitempty"`     // @afiune not in standard
	SourceIpAddress []EventSourceIpAddressEntity `json:"SourceIpAddress,omitempty"` // @afiune not in standard
	API             []EventAPIEntity             `json:"api,omitempty"`
	Region          []EventRegionEntity          `json:"region,omitempty"`
	CTUser          []EventCTUserEntity          `json:"ct_user,omitempty"`
	Resource        []EventResourceEntity        `json:"resource,omitempty"`
	RecID           []EventRecIDEntity           `json:"RecId,omitempty"`           // @afiune not in standard
	CustomRule      []EventCustomRuleEntity      `json:"CustomRule,omitempty"`      // @afiune not in standard
	NewViolation    []EventNewViolationEntity    `json:"NewViolation,omitempty"`    // @afiune not in standard
	ViolationReason []EventViolationReasonEntity `json:"ViolationReason,omitempty"` // @afiune not in standard
}

type EventFileDataHashEntity added in v0.1.11 

type EventFileDataHashEntity struct {
	FiledataHash  string    `json:"filedata_hash"`
	MachineCount  int32     `json:"machine_count"`
	ExePathList   []string  `json:"exe_path_list"`
	FirstSeenTime time.Time `json:"first_seen_time"`
	IsKnownBad    int32     `json:"is_known_bad"`
}

type EventFileExePathEntity added in v0.1.11 

type EventFileExePathEntity struct {
	ExePath          string    `json:"exe_path"`
	FirstSeenTime    time.Time `json:"first_seen_time"`
	LastFiledataHash string    `json:"last_filedata_hash"`
	LastPackageName  string    `json:"last_package_name"`
	LastVersion      string    `json:"last_version"`
	LastFileOwner    string    `json:"last_file_owner"`
}

type EventIpAddressEntity added in v0.1.11 

type EventIpAddressEntity struct {
	IpAddress     string        `json:"ip_address"`
	TotalInBytes  float32       `json:"total_in_bytes"`
	TotalOutBytes float32       `json:"total_out_bytes"`
	ThreatTags    string        `json:"threat_tags"`
	ThreatSource  []interface{} `json:"threat_source"` // @afiune this field could be anything...
	Country       string        `json:"country"`
	Region        string        `json:"region"`
	PortList      []int32       `json:"port_list"`
	FirstSeenTime time.Time     `json:"first_seen_time"`
}

type EventMachineEntity added in v0.1.11 

type EventMachineEntity struct {
	Hostname          string  `json:"hostname"`
	ExternalIp        string  `json:"external_ip"`
	InstanceID        string  `json:"instance_id"`
	InstanceName      string  `json:"instance_name"`
	CpuPercentage     float32 `json:"cpu_percentage"`
	InternalIpAddress string  `json:"internal_ip_address"`
}

type EventNewViolationEntity added in v0.1.11 

type EventNewViolationEntity struct {
	RecID    string `json:"rec_id"`
	Reason   string `json:"reason"`
	Resource string `json:"resource"`
}

type EventProcessEntity added in v0.1.11 

type EventProcessEntity struct {
	Hostname         string    `json:"hostname"`
	ProcessID        int32     `json:"process_id"`
	ProcessStartTime time.Time `json:"process_start_time"`
	Cmdline          string    `json:"cmdline"`
	CpuPercentage    float32   `json:"cpu_percentage"`
}

type EventRecIDEntity added in v0.1.11 

type EventRecIDEntity struct {
	RecID        string `json:"rec_id"`
	AccountID    string `json:"account_id"`
	AccountAlias string `json:"account_alias"`
	Title        string `json:"title"`
	Status       string `json:"status"`
	EvalType     string `json:"eval_type"`
	EvalGuid     string `json:"eval_guid"`
}

type EventRegionEntity added in v0.1.11 

type EventRegionEntity struct {
	Region      string   `json:"region"`
	AccountList []string `json:"account_list"`
}

type EventResourceEntity added in v0.1.11 

type EventResourceEntity struct {
	Name string `json:"name"`
	// @afiune the API documentation says this field is a string, but there are
	// many events that has this field as a number, boolean, etc.  :sadpanda:
	Value interface{} `json:"value"`
}

type EventSourceIpAddressEntity added in v0.1.11 

type EventSourceIpAddressEntity struct {
	IpAddress string `json:"ip_address"`
	Region    string `json:"region"`
	Country   string `json:"country"`
}

type EventUserEntity added in v0.1.11 

type EventUserEntity struct {
	MachineHostname string `json:"machine_hostname"`
	Username        string `json:"username"`
}

type EventViolationReasonEntity added in v0.1.11 

type EventViolationReasonEntity struct {
	RecID  string `json:"rec_id"`
	Reason string `json:"reason"`
}

type EventsCount added in v0.1.6 

type EventsCount struct {
	Critical int
	High     int
	Medium   int
	Low      int
	Info     int
	Total    int
}

type EventsResponse added in v0.1.6 

type EventsResponse struct {
	Events []Event `json:"data"`
}

func (*EventsResponse) GetEventsCount added in v0.1.6 

func (er *EventsResponse) GetEventsCount() EventsCount

type EventsService added in v0.1.6 

type EventsService struct {
	// contains filtered or unexported fields
}

EventsService is a service that interacts with the Events endpoints from the Lacework Server

func (*EventsService) Details added in v0.1.6 

func (svc *EventsService) Details(eventID string) (response EventDetailsResponse, err error)

Details returns details about the specified event_id

func (*EventsService) List added in v0.1.6 

func (svc *EventsService) List() (EventsResponse, error)

List leverages ListRange and returns a list of events from the last 7 days

func (*EventsService) ListRange added in v0.1.6 

func (svc *EventsService) ListRange(start, end time.Time) (
	response EventsResponse,
	err error,
)

ListRange returns a list of Lacework events during the specified date range

Requirements and specifications: * The dates format should be: yyyy-MM-ddTHH:mm:ssZ (example 2019-07-11T21:11:00Z) * The START_TIME and END_TIME must be specified in UTC * The difference between the START_TIME and END_TIME must not be greater than 7 days * The START_TIME must be less than or equal to three months from current date * The number of records produced is limited to 5000

type GcpCredentials 

type GcpCredentials struct {
	ClientID     string `json:"CLIENT_ID" mapstructure:"CLIENT_ID"`
	ClientEmail  string `json:"CLIENT_EMAIL" mapstructure:"CLIENT_EMAIL"`
	PrivateKeyID string `json:"PRIVATE_KEY_ID" mapstructure:"PRIVATE_KEY_ID"`
	PrivateKey   string `json:"PRIVATE_KEY" mapstructure:"PRIVATE_KEY"`
}

type GcpIntegration 

type GcpIntegration struct {
	Data GcpIntegrationData `json:"DATA"`
	// contains filtered or unexported fields
}

func NewGcpAuditLogIntegration 

func NewGcpAuditLogIntegration(name string, data GcpIntegrationData) GcpIntegration

NewGcpAuditLogIntegration returns an instance of GcpIntegration of type GCP_AT_SES

func NewGcpCfgIntegration 

func NewGcpCfgIntegration(name string, data GcpIntegrationData) GcpIntegration

NewGcpCfgIntegration returns an instance of GcpIntegration of type GCP_CFG

func NewGcpIntegration 

func NewGcpIntegration(name string, iType integrationType, data GcpIntegrationData) GcpIntegration

NewGcpIntegration returns an instance of GcpIntegration with the provided integration type, name and data. The type can only be GcpCfgIntegration or GcpAuditLogIntegration

Basic usage: Initialize a new GcpIntegration struct, then 

           use the new instance to do CRUD operations

client, err := api.NewClient("account")
if err != nil {
  return err
}

gcp := api.NewGcpIntegration("abc",
  api.GcpCfgIntegration,
  api.GcpIntegrationData{
    ID: "1234",
    IDType: api.GcpProjectIntegration.String(),
    Credentials: api.GcpCredentials{
      ClientID: "id",
      ClientEmail: "email",
      PrivateKeyID: "key_id",
      PrivateKey: "key",
    },
  },
)

client.Integrations.CreateGcp(gcp)

func (GcpIntegration) StateString added in v0.1.7 

func (c GcpIntegration) StateString() string

func (GcpIntegration) Status added in v0.1.3 

func (c GcpIntegration) Status() string

type GcpIntegrationData 

type GcpIntegrationData struct {
	ID          string         `json:"ID"`
	IDType      string         `json:"ID_TYPE" mapstructure:"ID_TYPE"`
	Credentials GcpCredentials `json:"CREDENTIALS" mapstructure:"CREDENTIALS"`

	// SubscriptionName is a field that exists and is required for the GCP_AT_SES
	// integration, though, it doesn't exist for GCP_CFG integrations, that's why
	// we omit it if empty
	SubscriptionName string `json:"SUBSCRIPTION_NAME,omitempty" mapstructure:"SUBSCRIPTION_NAME"`
}

type GcpIntegrationsResponse 

type GcpIntegrationsResponse struct {
	Data    []GcpIntegration `json:"data"`
	Ok      bool             `json:"ok"`
	Message string           `json:"message"`
}

type IntegrationState added in v0.1.6 

type IntegrationState struct {
	Ok                 bool   `json:"ok"`
	LastUpdatedTime    string `json:"lastUpdatedTime"`
	LastSuccessfulTime string `json:"lastSuccessfulTime"`
}

type IntegrationsService 

type IntegrationsService struct {
	// contains filtered or unexported fields
}

IntegrationsService is a service that interacts with the integrations endpoints from the Lacework Server

func (*IntegrationsService) CreateAws 

func (svc *IntegrationsService) CreateAws(integration AwsIntegration) (
	response AwsIntegrationsResponse,
	err error,
)

CreateAws creates a single AWS integration on the Lacework Server

func (*IntegrationsService) CreateAzure 

func (svc *IntegrationsService) CreateAzure(integration AzureIntegration) (
	response AzureIntegrationsResponse,
	err error,
)

CreateAzure creates a single Azure integration on the Lacework Server

func (*IntegrationsService) CreateContainerRegistry added in v0.1.9 

func (svc *IntegrationsService) CreateContainerRegistry(integration ContainerRegIntegration) (
	response map[string]interface{},

	err error,
)

CreateContainerRegistry creates a container registry integration on the Lacework Server

func (*IntegrationsService) CreateGcp 

func (svc *IntegrationsService) CreateGcp(data GcpIntegration) (
	response GcpIntegrationsResponse,
	err error,
)

CreateGcp creates a single Gcp integration on the Lacework Server

func (*IntegrationsService) Delete 

func (svc *IntegrationsService) Delete(guid string) (
	response RawIntegrationsResponse,
	err error,
)

Delete deletes a single integration matching the integration guid on the Lacework Server the returned integration contains the 'Data' field raw (map of interfaces)

func (*IntegrationsService) DeleteAws 

func (svc *IntegrationsService) DeleteAws(guid string) (
	response AwsIntegrationsResponse,
	err error,
)

DeleteAws deletes a single AWS integration matching the integration guid on the Lacework Server

func (*IntegrationsService) DeleteAzure 

func (svc *IntegrationsService) DeleteAzure(guid string) (
	response AzureIntegrationsResponse,
	err error,
)

DeleteAzure deletes a single Azure integration matching the integration on the Lacework Server

func (*IntegrationsService) DeleteGcp 

func (svc *IntegrationsService) DeleteGcp(guid string) (
	response GcpIntegrationsResponse,
	err error,
)

DeleteGcp deletes a single Gcp integration matching the integration guid on the Lacework Server

func (*IntegrationsService) Get 

func (svc *IntegrationsService) Get(guid string) (
	response RawIntegrationsResponse,
	err error,
)

Get gets a single integration matching the integration guid on the Lacework Server, the returned integration contains the 'Data' field raw (map of interfaces)

func (*IntegrationsService) GetAws 

func (svc *IntegrationsService) GetAws(guid string) (
	response AwsIntegrationsResponse,
	err error,
)

GetAws gets a single AWS integration matching the integration guid on the Lacework Server

func (*IntegrationsService) GetAzure 

func (svc *IntegrationsService) GetAzure(guid string) (
	response AzureIntegrationsResponse,
	err error,
)

GetAzure gets a single Azure integration matching the integration guid on the Lacework Server

func (*IntegrationsService) GetGcp 

func (svc *IntegrationsService) GetGcp(guid string) (
	response GcpIntegrationsResponse,
	err error,
)

GetGcp gets a single Gcp integration matching the integration guid on the Lacework Server

func (*IntegrationsService) GetSchema 

func (svc *IntegrationsService) GetSchema(iType integrationType) (
	response map[string]interface{},
	err error,
)

GetSchema get the integration schema for the provided integration type

func (*IntegrationsService) List 

func (svc *IntegrationsService) List() (response RawIntegrationsResponse, err error)

List lists the external integrations available on the Lacework Server

func (*IntegrationsService) ListAwsCfg 

func (svc *IntegrationsService) ListAwsCfg() (response AwsIntegrationsResponse, err error)

ListAwsCfg lists the AWS_CFG external integrations available on the Lacework Server

func (*IntegrationsService) ListAwsCloudTrail 

func (svc *IntegrationsService) ListAwsCloudTrail() (response AwsIntegrationsResponse, err error)

ListAwsCloudTrail lists the AWS_CT_SQS external integrations available on the Lacework Server

func (*IntegrationsService) ListAzureActivityLog 

func (svc *IntegrationsService) ListAzureActivityLog() (
	response AzureIntegrationsResponse, err error,
)

ListAzureActivityLog lists the AZURE_AL_SEQ external integrations available on the Lacework Server

func (*IntegrationsService) ListAzureCfg 

func (svc *IntegrationsService) ListAzureCfg() (
	response AzureIntegrationsResponse, err error,
)

ListAzureCfg lists the AZURE_CFG external integrations available on the Lacework Server

func (*IntegrationsService) ListByType 

func (svc *IntegrationsService) ListByType(iType integrationType) (response RawIntegrationsResponse, err error)

ListByType lists the external integrations from the provided type that are available on the Lacework Server

func (*IntegrationsService) ListGcpAuditLog 

func (svc *IntegrationsService) ListGcpAuditLog() (response GcpIntegrationsResponse, err error)

ListGcpAuditLog lists the GCP_AT_SES external integrations available on the Lacework Server

func (*IntegrationsService) ListGcpCfg 

func (svc *IntegrationsService) ListGcpCfg() (response GcpIntegrationsResponse, err error)

ListGcpCfg lists the GCP_CFG external integrations available on the Lacework Server

func (*IntegrationsService) UpdateAws 

func (svc *IntegrationsService) UpdateAws(data AwsIntegration) (
	response AwsIntegrationsResponse,
	err error,
)

UpdateAws updates a single AWS integration on the Lacework Server

func (*IntegrationsService) UpdateAzure 

func (svc *IntegrationsService) UpdateAzure(data AzureIntegration) (
	response AzureIntegrationsResponse,
	err error,
)

UpdateAzure updates a single Azure integration on the Lacework Server

func (*IntegrationsService) UpdateGcp 

func (svc *IntegrationsService) UpdateGcp(data GcpIntegration) (
	response GcpIntegrationsResponse,
	err error,
)

UpdateGcp updates a single Gcp integration on the Lacework Server

type Option 

type Option interface {
	// contains filtered or unexported methods
}

func WithApiKeys 

func WithApiKeys(id, secret string) Option

WithApiKeys sets the key_id and secret used to generate API access tokens

func WithApiV2 

func WithApiV2() Option

WithApiV2 configures the client to use the API version 2 (/api/v2)

func WithExpirationTime 

func WithExpirationTime(t int) Option

WithExpirationTime configures the token expiration time

func WithLogFile added in v0.1.2 

func WithLogFile(filename string) Option

WithLogFile configures the client to write messages to the provided file

func WithLogLevel added in v0.1.1 

func WithLogLevel(level string) Option

WithLogLevel sets the log level of the client, available: info or debug

func WithLogLevelAndFile added in v0.1.2 

func WithLogLevelAndFile(level, filename string) Option

WithLogLevelAndFile sets the log level of the client and writes the log messages to the provided file

func WithLogLevelAndWriter added in v0.1.2 

func WithLogLevelAndWriter(level string, w io.Writer) Option

WithLogLevelAndWriter sets the log level of the client and writes the log messages to the provided io.Writer

func WithLogWriter added in v0.1.2 

func WithLogWriter(w io.Writer) Option

WithLogWriter configures the client to log messages to the provided io.Writer

func WithToken 

func WithToken(token string) Option

WithToken sets the token used to authenticate the API requests

func WithTokenFromKeys 

func WithTokenFromKeys(id, secret string) Option

WithTokenFromKeys sets the API access keys and triggers a new token generation NOTE: Order matters when using this option, use it at the end of a NewClient() func

func WithURL 

func WithURL(baseURL string) Option

WithURL sets the base URL, this options is only available for test purposes

type RawIntegration 

type RawIntegration struct {
	Data map[string]interface{} `json:"DATA"`
	// contains filtered or unexported fields
}

func (RawIntegration) StateString added in v0.1.7 

func (c RawIntegration) StateString() string

func (RawIntegration) Status added in v0.1.3 

func (c RawIntegration) Status() string

type RawIntegrationsResponse 

type RawIntegrationsResponse struct {
	Data    []RawIntegration `json:"data"`
	Ok      bool             `json:"ok"`
	Message string           `json:"message"`
}

type VulContainerImage added in v0.1.8 

type VulContainerImage struct {
	ImageInfo   *vulContainerImageInfo   `json:"image_info,omitempty"`
	ImageLayers []vulContainerImageLayer `json:"image_layers,omitempty"`
}

type VulContainerReport added in v0.1.3 

type VulContainerReport struct {
	TotalVulnerabilities    int32              `json:"total_vulnerabilities"`
	CriticalVulnerabilities int32              `json:"critical_vulnerabilities"`
	HighVulnerabilities     int32              `json:"high_vulnerabilities"`
	MediumVulnerabilities   int32              `json:"medium_vulnerabilities"`
	LowVulnerabilities      int32              `json:"low_vulnerabilities"`
	InfoVulnerabilities     int32              `json:"info_vulnerabilities"`
	FixableVulnerabilities  int32              `json:"fixable_vulnerabilities"`
	LastEvaluationTime      string             `json:"last_evaluation_time,omitempty"`
	Image                   *VulContainerImage `json:"image,omitempty"`

	// @afiune these two parameters, Status and Message will appear when
	// the vulnerability scan is still running. ugh. why?
	Status  string `json:"status,omitempty"`
	Message string `json:"message,omitempty"`

	// ScanStatus is a property that will appear when the vulnerability scan finished
	// running, this status indicates whether the scan finished successfully or not
	ScanStatus string `json:"scan_status,omitempty"`
}

func (*VulContainerReport) VulFixableCount added in v0.1.3 

func (report *VulContainerReport) VulFixableCount(severity string) int32

type VulContainerReportResponse added in v0.1.3 

type VulContainerReportResponse struct {
	Data    VulContainerReport `json:"data"`
	Ok      bool               `json:"ok"`
	Message string             `json:"message"`
}

func (*VulContainerReportResponse) CheckStatus added in v0.1.3 

func (res *VulContainerReportResponse) CheckStatus() string

type VulnerabilitiesService added in v0.1.3 

type VulnerabilitiesService struct {
	// contains filtered or unexported fields
}

VulnerabilitiesService is a service that interacts with the vulnerabilities endpoints from the Lacework Server

func (*VulnerabilitiesService) ReportFromDigest added in v0.1.3 

func (svc *VulnerabilitiesService) ReportFromDigest(imageDigest string) (
	response VulContainerReportResponse,
	err error,
)

func (*VulnerabilitiesService) ReportFromID added in v0.1.3 

func (svc *VulnerabilitiesService) ReportFromID(imageID string) (
	response VulContainerReportResponse,
	err error,
)

func (*VulnerabilitiesService) Scan added in v0.1.3 

func (svc *VulnerabilitiesService) Scan(registry, repository, tagOrHash string) (
	response vulScanResponse,
	err error,
)

Scan triggers a vulnerability scan to the provider registry, repository, and tag provided. This function calls the underlaying API endpoint that assumes that the container repository has been already integrated with the platform.

func (*VulnerabilitiesService) ScanStatus added in v0.1.3 

func (svc *VulnerabilitiesService) ScanStatus(requestID string) (
	response vulScanStatusResponse,
	err error,
)

Source Files

View all Source files

Directories

Path Synopsis
_examples
token-generation

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.