api

package
v0.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 11, 2021 License: Apache-2.0 Imports: 20 Imported by: 4

README

Go API Client

A Golang API client for interacting with the Lacework API.

Usage

Download the library into your $GOPATH:

$ go get github.com/lacework/go-sdk/api

Import the library into your tool:

import "github.com/lacework/go-sdk/api"

Requirements

To interact with Lacework's API you need to have:

  1. A Lacework account
  2. Either API access keys or token for authentication

Examples

Create a new Lacework client that will automatically generate a new access token from the provided set of API keys, then hit the /external/integrations endpoint to list all available integrations from your account:

package main

import (
	"fmt"
	"log"

	"github.com/lacework/go-sdk/api"
)

func main() {
	lacework, err := api.NewClient("account",
		api.WithTokenFromKeys("KEY", "SECRET"),
	)
	if err != nil {
		log.Fatal(err)
	}

	integrations, err := lacework.Integrations.List()
	if err != nil {
		log.Fatal(err)
	}

	// Output:
	// CUSTOMER_123456B DATADOG
	// CUSTOMER_123456A CONT_VULN_CFG
	// CUSTOMER_123456C PAGER_DUTY_API
	fmt.Println(integrations.String())
}

Look at the examples/ folder for more examples.

Documentation

Index

Constants

View Source
const (

	// Alpha
	ApiLQL            = "external/lql"
	ApiLQLCompile     = "external/lql/compile"
	ApiLQLDataSources = "external/lql/dataSources"
	ApiLQLDescribe    = "external/lql/describe"
	ApiLQLQuery       = "external/lql/query"
)
View Source
const (
	// The list of valid inputs for DatadogSite field
	DatadogSiteEu  datadogSite = "eu"
	DatadogSiteCom datadogSite = "com"

	// The list of valid inputs for DatadogService field
	DatadogServiceLogsDetails   datadogService = "Logs Detail"
	DatadogServiceEventsSummary datadogService = "Events Summary"
	DatadogServiceLogsSummary   datadogService = "Logs Summary"
)
View Source
const (
	JiraCloudAlertType  = "JIRA_CLOUD"
	JiraServerAlertType = "JIRA_SERVER"
)
View Source
const (
	// The list of valid inputs for QRadar Communication Type field
	QRadarCommHttps           qradarComm = "HTTPS"
	QRadarCommHttpsSelfSigned qradarComm = "HTTPS Self Signed Cert"
)
View Source
const (
	// type that defines a non-existing integration
	NoneIntegration integrationType = iota

	// AWS Config integration type
	AwsCfgIntegration

	// AWS CloudTrail integration type
	AwsCloudTrailIntegration

	// AWS S3 channel integration type
	AwsS3ChannelIntegration

	// Datadog channel integration type
	DatadogChannelIntegration

	// GCP Config integration type
	GcpCfgIntegration

	// GCP Audit Log integration type
	GcpAuditLogIntegration

	// GCP Pub Sub alert channel integration type
	GcpPubSubChannelIntegration

	// New Relic Insights alert channel integration type
	NewRelicChannelIntegration

	// Azure Config integration type
	AzureCfgIntegration

	// Azure Activity Log integration type
	AzureActivityLogIntegration

	// Cisco Webex integration type
	CiscoWebexChannelIntegration

	// Container registry integration type
	ContainerRegistryIntegration

	// Microsoft Teams channel integration type
	MicrosoftTeamsChannelIntegration

	// QRadar channel integration type
	QRadarChannelIntegration

	// Slack channel integration type
	SlackChannelIntegration

	// Sevice Now alert channel integration type
	ServiceNowChannelIntegration

	// Splunk channel integration type
	SplunkIntegration

	// AWS CloudWatch integration type
	AwsCloudWatchIntegration

	// Pager Duty integration type
	PagerDutyIntegration

	// Jira integration type
	JiraIntegration

	// VictorOps channel integration type
	VictorOpsChannelIntegration

	// Webhook channel integration type
	WebhookIntegration
)
View Source
const (
	// type that defines a non-existing registry
	NoneRegistry registryType = iota
	DockerHubRegistry
	DockerV2Registry
	EcrRegistry
	GcrRegistry
)
View Source
const (
	AwsEcrIAM ecrAuthType = iota
	AwsEcrAccessKey
)
View Source
const (
	// Project level integration with GCP
	GcpProjectIntegration gcpResourceLevel = iota

	// Organization level integration with GCP
	GcpOrganizationIntegration
)
View Source
const DefaultTokenExpiryTime = 3600
View Source
const (
	LQLQueryTranslateError string = "unable to translate query blob"
)
View Source
const Version = "0.7.0"

Version is the semver coming from the VERSION file

Variables

View Source
var AlertLevels = map[AlertLevel]string{
	CriticalAlertLevel: "Critical",
	HighAlertLevel:     "High",
	MediumAlertLevel:   "Medium",
	LowAlertLevel:      "Low",
	AllAlertLevel:      "All",
}

AlertLevels is the list of available alert levels

View Source
var AwsEcrAuthTypes = map[ecrAuthType]string{
	AwsEcrIAM:       "AWS_IAM",
	AwsEcrAccessKey: "AWS_ACCESS_KEY",
}

AwsEcrAuthTypes is the list of available ECR auth types

View Source
var IntegrationTypes = map[integrationType]string{
	NoneIntegration:                  "NONE",
	AwsCfgIntegration:                "AWS_CFG",
	AwsCloudTrailIntegration:         "AWS_CT_SQS",
	AwsS3ChannelIntegration:          "AWS_S3",
	CiscoWebexChannelIntegration:     "CISCO_SPARK_WEBHOOK",
	DatadogChannelIntegration:        "DATADOG",
	GcpCfgIntegration:                "GCP_CFG",
	GcpAuditLogIntegration:           "GCP_AT_SES",
	GcpPubSubChannelIntegration:      "GCP_PUBSUB",
	NewRelicChannelIntegration:       "NEW_RELIC_INSIGHTS",
	AzureCfgIntegration:              "AZURE_CFG",
	AzureActivityLogIntegration:      "AZURE_AL_SEQ",
	ContainerRegistryIntegration:     "CONT_VULN_CFG",
	QRadarChannelIntegration:         "IBM_QRADAR",
	MicrosoftTeamsChannelIntegration: "MICROSOFT_TEAMS",
	SlackChannelIntegration:          "SLACK_CHANNEL",
	SplunkIntegration:                "SPLUNK_HEC",
	ServiceNowChannelIntegration:     "SERVICE_NOW_REST",
	AwsCloudWatchIntegration:         "CLOUDWATCH_EB",
	PagerDutyIntegration:             "PAGER_DUTY_API",
	JiraIntegration:                  "JIRA",
	VictorOpsChannelIntegration:      "VICTOR_OPS",
	WebhookIntegration:               "WEBHOOK",
}

IntegrationTypes is the list of available integration types

View Source
var RegistryTypes = map[registryType]string{
	NoneRegistry:      "NONE",
	DockerHubRegistry: "DOCKERHUB",
	DockerV2Registry:  "V2_REGISTRY",
	EcrRegistry:       "AWS_ECR",
	GcrRegistry:       "GCP_GCR",
}

RegistryTypes is the list of available registry types

View Source
var ValidComplianceStatus = []string{"non-compliant", "requires-manual-assessment", "suppressed", "compliant", "could-not-assess"}

ValidComplianceStatus is a list of all valid compliance status

View Source
var ValidEventSeverities = []string{"critical", "high", "medium", "low", "info"}

ValidEventSeverities is a list of all valid event severities

View Source
var ValidVulnSeverities = []string{"critical", "high", "medium", "low", "info"}

ValidVulnSeverities is a list of all valid severities in a vulnerability report

Functions

func DatadogService added in v0.2.18

func DatadogService(service string) (datadogService, error)

DatadogService returns the datadogService type for the corresponding string input

func DatadogSite added in v0.2.18

func DatadogSite(site string) (datadogSite, error)

DatadogSite returns the datadogSite type for the corresponding string input

func FindIntegrationType

func FindIntegrationType(t string) (integrationType, bool)

FindIntegrationType looks up inside the list of available integration types the matching type from the provided string, if none, returns NoneIntegration

func QRadarComm added in v0.2.20

func QRadarComm(site string) (qradarComm, error)

QRadarComm returns the qradarComm type for the corresponding string input

func VictorOpsService added in v0.2.19

func VictorOpsService(service string) (datadogService, error)

VictorOpsService returns the datadogService type for the corresponding string input

func VictorOpsSite added in v0.2.19

func VictorOpsSite(site string) (datadogSite, error)

VictorOpsSite returns the datadogSite type for the corresponding string input

Types

type AccountService added in v0.3.0

type AccountService struct {
	// contains filtered or unexported fields
}

AccountService is a service that interacts with Account related endpoints from the Lacework Server

func (*AccountService) GetOrganizationInfo added in v0.3.0

func (svc *AccountService) GetOrganizationInfo() (
	response accountOrganizationInfoResponse,
	err error,
)

type AgentToken added in v0.2.10

type AgentToken struct {
	AccessToken     string           `json:"ACCESS_TOKEN"`
	Account         string           `json:"ACCOUNT"`
	LastUpdatedTime *Json16DigitTime `json:"LAST_UPDATED_TIME"`
	Props           *AgentTokenProps `json:"PROPS,omitempty"`
	TokenAlias      string           `json:"TOKEN_ALIAS"`
	Enabled         string           `json:"TOKEN_ENABLED"`
	Version         string           `json:"VERSION"`
}

func (AgentToken) EnabledInt added in v0.2.10

func (t AgentToken) EnabledInt() int

func (AgentToken) PrettyStatus added in v0.2.10

func (t AgentToken) PrettyStatus() string

@afiune this API returns a string as a boolean, so we have to do this mokeypatch

func (AgentToken) Status added in v0.2.10

func (t AgentToken) Status() bool

type AgentTokenProps added in v0.2.10

type AgentTokenProps struct {
	CreatedTime *Json16DigitTime `json:"CREATED_TIME,omitempty"`
	Description string           `json:"DESCRIPTION,omitempty"`
}

type AgentTokenRequest added in v0.2.10

type AgentTokenRequest struct {
	TokenAlias string           `json:"TOKEN_ALIAS,omitempty"`
	Enabled    int              `json:"TOKEN_ENABLED"`
	Props      *AgentTokenProps `json:"PROPS,omitempty"`
}

type AgentTokensResponse added in v0.2.10

type AgentTokensResponse struct {
	Data    []AgentToken `json:"data"`
	Ok      bool         `json:"ok"`
	Message string       `json:"message"`
}

type AgentsService added in v0.2.10

type AgentsService struct {
	// contains filtered or unexported fields
}

AgentsService is a service that interacts with the Agent Access Tokens endpoints from the Lacework Server

func (*AgentsService) CreateToken added in v0.2.10

func (svc *AgentsService) CreateToken(name, desc string) (response AgentTokensResponse, err error)

CreateToken creates a new agent access token

func (*AgentsService) GetToken added in v0.2.10

func (svc *AgentsService) GetToken(token string) (response AgentTokensResponse, err error)

GetToken returns details about an agent access token

func (*AgentsService) ListTokens added in v0.2.10

func (svc *AgentsService) ListTokens() (response AgentTokensResponse, err error)

ListTokens returns a list of agent access tokens in a Lacework account

func (*AgentsService) UpdateToken added in v0.2.10

func (svc *AgentsService) UpdateToken(token string, data AgentTokenRequest) (
	response AgentTokensResponse,
	err error,
)

UpdateToken updates an agent access token with the provided request data

func (*AgentsService) UpdateTokenStatus added in v0.2.10

func (svc *AgentsService) UpdateTokenStatus(token string, enable bool) (
	response AgentTokensResponse,
	err error,
)

UpdateTokenStatus updates only the status of an agent access token (enable or disable)

type AlertLevel added in v0.1.22

type AlertLevel int

Enum for Alert Severity Levels

const (
	CriticalAlertLevel AlertLevel = 1 // Critical only
	HighAlertLevel     AlertLevel = 2 // High and above
	MediumAlertLevel   AlertLevel = 3 // Medium and above
	LowAlertLevel      AlertLevel = 4 // Low and above
	AllAlertLevel      AlertLevel = 5 // Info and above (which is All of them)
)

func (AlertLevel) Int added in v0.1.22

func (i AlertLevel) Int() int

Int returns the int representation of an alert level

func (AlertLevel) String added in v0.1.22

func (i AlertLevel) String() string

String returns the string representation of an alert level

func (AlertLevel) Valid added in v0.1.22

func (i AlertLevel) Valid() bool

Valid returns whether the AlertLevel is valid or not

type AwsCloudWatchAlertChannel added in v0.1.22

type AwsCloudWatchAlertChannel struct {
	Data AwsCloudWatchData `json:"DATA"`
	// contains filtered or unexported fields
}

func NewAwsCloudWatchAlertChannel added in v0.1.22

func NewAwsCloudWatchAlertChannel(name string, data AwsCloudWatchData) AwsCloudWatchAlertChannel

NewAwsCloudWatchAlertChannel returns an instance of AwsCloudWatchAlertChannel with the provided name and data.

Basic usage: Initialize a new AwsCloudWatchAlertChannel struct, then

           use the new instance to do CRUD operations

client, err := api.NewClient("account")
if err != nil {
  return err
}

awsCloudWatch := api.NewAwsCloudWatchAlertChannel("foo",
  api.AwsCloudWatchData{
    EventBusArn: "arn:aws:events:us-west-2:1234567890:event-bus/default",
  },
)

client.Integrations.CreateAwsCloudWatchAlertChannel(awsCloudWatch)

func (AwsCloudWatchAlertChannel) StateString added in v0.1.22

func (c AwsCloudWatchAlertChannel) StateString() string

func (AwsCloudWatchAlertChannel) Status added in v0.1.22

func (c AwsCloudWatchAlertChannel) Status() string

type AwsCloudWatchData added in v0.1.22

type AwsCloudWatchData struct {
	IssueGrouping string `json:"ISSUE_GROUPING,omitempty" mapstructure:"ISSUE_GROUPING"`
	EventBusArn   string `json:"EVENT_BUS_ARN" mapstructure:"EVENT_BUS_ARN"`
}

type AwsCloudWatchResponse added in v0.1.22

type AwsCloudWatchResponse struct {
	Data    []AwsCloudWatchAlertChannel `json:"data"`
	Ok      bool                        `json:"ok"`
	Message string                      `json:"message"`
}

type AwsCrossAccountCreds added in v0.2.22

type AwsCrossAccountCreds struct {
	RoleArn    string `json:"ROLE_ARN" mapstructure:"ROLE_ARN"`
	ExternalID string `json:"EXTERNAL_ID" mapstructure:"EXTERNAL_ID"`
}

type AwsEcrAccessKeyCreds added in v0.2.22

type AwsEcrAccessKeyCreds struct {
	AccessKeyID     string `json:"ACCESS_KEY_ID" mapstructure:"ACCESS_KEY_ID"`
	SecretAccessKey string `json:"SECRET_ACCESS_KEY" mapstructure:"SECRET_ACCESS_KEY"`
}

type AwsEcrCommonData added in v0.2.22

type AwsEcrCommonData struct {
	AwsAuthType    string `json:"AWS_AUTH_TYPE" mapstructure:"AWS_AUTH_TYPE"`
	RegistryType   string `json:"REGISTRY_TYPE" mapstructure:"REGISTRY_TYPE"`
	RegistryDomain string `json:"REGISTRY_DOMAIN" mapstructure:"REGISTRY_DOMAIN"`
	LimitByTag     string `json:"LIMIT_BY_TAG" mapstructure:"LIMIT_BY_TAG"`
	LimitByLabel   string `json:"LIMIT_BY_LABEL" mapstructure:"LIMIT_BY_LABEL"`
	LimitByRep     string `json:"LIMIT_BY_REP,omitempty" mapstructure:"LIMIT_BY_REP"`
	LimitNumImg    int    `json:"LIMIT_NUM_IMG,omitempty" mapstructure:"LIMIT_NUM_IMG"`
}

type AwsEcrDataWithAccessKeyCreds added in v0.2.22

type AwsEcrDataWithAccessKeyCreds struct {
	Credentials AwsEcrAccessKeyCreds `json:"ACCESS_KEY_CREDENTIALS" mapstructure:"ACCESS_KEY_CREDENTIALS"`
	AwsEcrCommonData
}

type AwsEcrDataWithCrossAccountCreds added in v0.2.22

type AwsEcrDataWithCrossAccountCreds struct {
	Credentials AwsCrossAccountCreds `json:"CROSS_ACCOUNT_CREDENTIALS" mapstructure:"CROSS_ACCOUNT_CREDENTIALS"`
	AwsEcrCommonData
}

type AwsEcrWithAccessKeyIntegration added in v0.2.22

type AwsEcrWithAccessKeyIntegration struct {
	Data AwsEcrDataWithAccessKeyCreds `json:"DATA"`
	// contains filtered or unexported fields
}

func NewAwsEcrWithAccessKeyIntegration added in v0.2.22

func NewAwsEcrWithAccessKeyIntegration(name string, data AwsEcrDataWithAccessKeyCreds) AwsEcrWithAccessKeyIntegration

func (AwsEcrWithAccessKeyIntegration) StateString added in v0.2.22

func (c AwsEcrWithAccessKeyIntegration) StateString() string

func (AwsEcrWithAccessKeyIntegration) Status added in v0.2.22

func (c AwsEcrWithAccessKeyIntegration) Status() string

type AwsEcrWithAccessKeyIntegrationResponse added in v0.2.22

type AwsEcrWithAccessKeyIntegrationResponse struct {
	Data    []AwsEcrWithAccessKeyIntegration `json:"data"`
	Ok      bool                             `json:"ok"`
	Message string                           `json:"message"`
}

type AwsEcrWithCrossAccountIntegration added in v0.2.22

type AwsEcrWithCrossAccountIntegration struct {
	Data AwsEcrDataWithCrossAccountCreds `json:"DATA"`
	// contains filtered or unexported fields
}

func NewAwsEcrWithCrossAccountIntegration added in v0.2.22

func NewAwsEcrWithCrossAccountIntegration(name string, data AwsEcrDataWithCrossAccountCreds) AwsEcrWithCrossAccountIntegration

func (AwsEcrWithCrossAccountIntegration) StateString added in v0.2.22

func (c AwsEcrWithCrossAccountIntegration) StateString() string

func (AwsEcrWithCrossAccountIntegration) Status added in v0.2.22

func (c AwsEcrWithCrossAccountIntegration) Status() string

type AwsEcrWithCrossAccountIntegrationResponse added in v0.2.22

type AwsEcrWithCrossAccountIntegrationResponse struct {
	Data    []AwsEcrWithCrossAccountIntegration `json:"data"`
	Ok      bool                                `json:"ok"`
	Message string                              `json:"message"`
}

type AwsIntegration

type AwsIntegration struct {
	Data AwsIntegrationData `json:"DATA"`
	// contains filtered or unexported fields
}

func NewAwsCfgIntegration

func NewAwsCfgIntegration(name string, data AwsIntegrationData) AwsIntegration

NewAwsCfgIntegration returns an instance of AwsIntegration of type AWS_CFG

func NewAwsCloudTrailIntegration

func NewAwsCloudTrailIntegration(name string, data AwsIntegrationData) AwsIntegration

NewAwsCloudTrailIntegration returns an instance of AwsIntegration of type AWS_CT_SQS

func NewAwsIntegration

func NewAwsIntegration(name string, iType integrationType, data AwsIntegrationData) AwsIntegration

NewAwsIntegration returns an instance of AwsIntegration with the provided integration type, name and data. The type can only be AwsCfgIntegration or AwsCloudTrailIntegration

Basic usage: Initialize a new AwsIntegration struct, then

           use the new instance to do CRUD operations

client, err := api.NewClient("account")
if err != nil {
  return err
}

aws := api.NewAwsIntegration("foo",
  api.AwsCfgIntegration,
  api.AwsIntegrationData{
    Credentials: api.AwsCrossAccountCreds {
      RoleArn: "arn:aws:XYZ",
      ExternalID: "1",
    },
  },
)

client.Integrations.CreateAws(aws)

func (AwsIntegration) StateString added in v0.1.7

func (c AwsIntegration) StateString() string

func (AwsIntegration) Status added in v0.1.3

func (c AwsIntegration) Status() string

type AwsIntegrationData

type AwsIntegrationData struct {
	Credentials AwsCrossAccountCreds `json:"CROSS_ACCOUNT_CREDENTIALS" mapstructure:"CROSS_ACCOUNT_CREDENTIALS"`

	// QueueUrl is a field that exists and is required for the AWS_CT_SQS integration,
	// though, it doesn't exist for AWS_CFG integrations, that's why we omit it if empty
	QueueUrl string `json:"QUEUE_URL,omitempty" mapstructure:"QUEUE_URL"`

	// This field must be a base64 encode with the following format:
	//
	// "data:application/json;name=i.json;base64,[ENCODING]"
	//
	// [ENCODING] is the the base64 encode, use EncodeAccountMappingFile() to encode a JSON mapping file
	AccountMappingFile string `json:"ACCOUNT_MAPPING_FILE,omitempty" mapstructure:"ACCOUNT_MAPPING_FILE"`

	// AwsAccountID is the AWS account that owns the IAM role credentials
	AwsAccountID string `json:"AWS_ACCOUNT_ID,omitempty" mapstructure:"AWS_ACCOUNT_ID"`
}

func (*AwsIntegrationData) DecodeAccountMappingFile added in v0.2.9

func (aws *AwsIntegrationData) DecodeAccountMappingFile() ([]byte, error)

func (*AwsIntegrationData) EncodeAccountMappingFile added in v0.2.9

func (aws *AwsIntegrationData) EncodeAccountMappingFile(mapping []byte)

type AwsIntegrationsResponse

type AwsIntegrationsResponse struct {
	Data    []AwsIntegration `json:"data"`
	Ok      bool             `json:"ok"`
	Message string           `json:"message"`
}

type AwsS3AlertChannel added in v0.2.12

type AwsS3AlertChannel struct {
	Data AwsS3ChannelData `json:"DATA"`
	// contains filtered or unexported fields
}

func NewAwsS3AlertChannel added in v0.2.12

func NewAwsS3AlertChannel(name string, data AwsS3ChannelData) AwsS3AlertChannel

NewAwsS3AlertChannel returns an instance of AwsS3AlertChannel with the provided name and data.

Basic usage: Initialize a new AwsS3AlertChannel struct, then

           use the new instance to do CRUD operations

client, err := api.NewClient("account")
if err != nil {
  return err
}

awsS3Channel := api.NewAwsS3AlertChannel("foo",
  api.AwsS3ChannelData{
    Credentials: api.AwsS3Creds{
      ExternalID:  "1234",
      RoleArn:     "arn:aws:iam::account-id:role/role-name-with-path",
      BucketArn:   "arn:aws:s3:::bucket_name/key_name",
    },
  },
)

client.Integrations.CreateAwsS3AlertChannel(awsS3Channel)

func (AwsS3AlertChannel) StateString added in v0.2.12

func (c AwsS3AlertChannel) StateString() string

func (AwsS3AlertChannel) Status added in v0.2.12

func (c AwsS3AlertChannel) Status() string

type AwsS3AlertChannelResponse added in v0.2.12

type AwsS3AlertChannelResponse struct {
	Data    []AwsS3AlertChannel `json:"data"`
	Ok      bool                `json:"ok"`
	Message string              `json:"message"`
}

type AwsS3ChannelData added in v0.2.12

type AwsS3ChannelData struct {
	Credentials AwsS3Creds `json:"S3_CROSS_ACCOUNT_CREDENTIALS" mapstructure:"S3_CROSS_ACCOUNT_CREDENTIALS"`
}

type AwsS3Creds added in v0.2.12

type AwsS3Creds struct {
	ExternalID string `json:"EXTERNAL_ID" mapstructure:"EXTERNAL_ID"`
	RoleArn    string `json:"ROLE_ARN" mapstructure:"ROLE_ARN"`
	BucketArn  string `json:"BUCKET_ARN" mapstructure:"BUCKET_ARN"`
}

type AzureIntegration

type AzureIntegration struct {
	Data AzureIntegrationData `json:"DATA"`
	// contains filtered or unexported fields
}

func NewAzureActivityLogIntegration

func NewAzureActivityLogIntegration(name string, data AzureIntegrationData) AzureIntegration

NewAzureActivityLogIntegration returns an instance of AzureIntegration of type AZURE_AL_SEQ

func NewAzureCfgIntegration

func NewAzureCfgIntegration(name string, data AzureIntegrationData) AzureIntegration

NewAzureCfgIntegration returns an instance of AzureIntegration of type AZURE_CFG

func NewAzureIntegration

func NewAzureIntegration(name string, iType integrationType, data AzureIntegrationData) AzureIntegration

NewAzureIntegration returns an instance of AzureIntegration with the provided integration type, name and data. The type can only be AzureCfgIntegration or AzureActivityLogIntegration

Basic usage: Initialize a new AzureIntegration struct, then

           use the new instance to do CRUD operations

client, err := api.NewClient("account")
if err != nil {
  return err
}

azure := api.NewAzureIntegration("bar",
  api.AzureActivityLogIntegration,
  api.AzureIntegrationData{
    TenantID: "tenant_id",
    QueueUrl: "https://abc.queue.core.windows.net/123",
    Credentials: api.AzureIntegrationCreds{
      ClientID: "client_id",
      ClientSecret: "secret",
    },
  },
)
if err != nil {
  return err
}

client.Integrations.CreateAzure(azure)

func (AzureIntegration) StateString added in v0.1.7

func (c AzureIntegration) StateString() string

func (AzureIntegration) Status added in v0.1.3

func (c AzureIntegration) Status() string

type AzureIntegrationCreds

type AzureIntegrationCreds struct {
	ClientID     string `json:"CLIENT_ID" mapstructure:"CLIENT_ID"`
	ClientSecret string `json:"CLIENT_SECRET" mapstructure:"CLIENT_SECRET"`
}

type AzureIntegrationData

type AzureIntegrationData struct {
	Credentials AzureIntegrationCreds `json:"CREDENTIALS" mapstructure:"CREDENTIALS"`
	TenantID    string                `json:"TENANT_ID" mapstructure:"TENANT_ID"`

	// QueueUrl is a field that exists and is required for the AWS_CT_SQS integration,
	// though, it doesn't exist for AZURE_CFG integrations, that's why we omit it if empty
	QueueUrl string `json:"QUEUE_URL,omitempty" mapstructure:"QUEUE_URL"`
}

type AzureIntegrationsResponse

type AzureIntegrationsResponse struct {
	Data    []AzureIntegration `json:"data"`
	Ok      bool               `json:"ok"`
	Message string             `json:"message"`
}

type CiscoWebexAlertChannel added in v0.2.19

type CiscoWebexAlertChannel struct {
	Data CiscoWebexChannelData `json:"DATA"`
	// contains filtered or unexported fields
}

func NewCiscoWebexAlertChannel added in v0.2.19

func NewCiscoWebexAlertChannel(name string, data CiscoWebexChannelData) CiscoWebexAlertChannel

NewCiscoWebexAlertChannel returns an instance of CiscoWebexAlertChannel with the provided name and data.

Basic usage: Initialize a new CiscoWebexAlertChannel struct, then

           use the new instance to do CRUD operations

client, err := api.NewClient("account")
if err != nil {
  return err
}

ciscoWebexChannel := api.NewCiscoWebexAlertChannel("foo",
  api.CiscoWebexChannelData{
    WebhookURL: "https://webexapis.com/v1/webhooks/incoming/api-token",
  },
)

client.Integrations.CreateCiscoWebexAlertChannel(ciscoWebexChannel)

func (CiscoWebexAlertChannel) StateString added in v0.2.19

func (c CiscoWebexAlertChannel) StateString() string

func (CiscoWebexAlertChannel) Status added in v0.2.19

func (c CiscoWebexAlertChannel) Status() string

type CiscoWebexAlertChannelResponse added in v0.2.19

type CiscoWebexAlertChannelResponse struct {
	Data    []CiscoWebexAlertChannel `json:"data"`
	Ok      bool                     `json:"ok"`
	Message string                   `json:"message"`
}

type CiscoWebexChannelData added in v0.2.19

type CiscoWebexChannelData struct {
	WebhookURL string `json:"WEBHOOK" mapstructure:"WEBHOOK"`
}

type Client

type Client struct {
	LQL             *LQLService
	Account         *AccountService
	Agents          *AgentsService
	Events          *EventsService
	Compliance      *ComplianceService
	Integrations    *IntegrationsService
	Vulnerabilities *VulnerabilitiesService
	// contains filtered or unexported fields
}

func NewClient

func NewClient(account string, opts ...Option) (*Client, error)

New generates a new Lacework API client

Example of basic usage

lacework, err := api.NewClient("demo")
if err == nil {
    lacework.Integrations.List()
}

func (*Client) ApiVersion

func (c *Client) ApiVersion() string

ApiVersion returns the API client version

func (*Client) Do

func (c *Client) Do(req *http.Request) (*http.Response, error)

Do calls request.Do() directly

func (*Client) DoDecoder

func (c *Client) DoDecoder(req *http.Request, v interface{}) (*http.Response, error)

DoDecoder is used to execute (aka Do) the http request and decode it into the provided interface, all at once

func (*Client) GenerateToken

func (c *Client) GenerateToken() (response TokenResponse, err error)

GenerateToken generates a new access token

func (*Client) GenerateTokenWithKeys

func (c *Client) GenerateTokenWithKeys(keyID, secretKey string) (TokenResponse, error)

GenerateTokenWithKeys generates a new access token with the provided keys

func (*Client) NewRequest

func (c *Client) NewRequest(method string, apiURL string, body io.Reader) (*http.Request, error)

NewRequest generates a new http request

func (*Client) RequestDecoder

func (c *Client) RequestDecoder(method, path string, body io.Reader, v interface{}) error

RequestDecoder performs an http request on an endpoint, and decodes the response into the provided interface, all at once

func (*Client) RequestEncoderDecoder added in v0.1.3

func (c *Client) RequestEncoderDecoder(method, path string, data, v interface{}) error

RequestEncoderDecoder leverages RequestDecoder and performs an http request that first encodes the provider 'data' as a JSON Reader and passes it as the body to the request

func (*Client) TokenExpired added in v0.2.21

func (c *Client) TokenExpired() bool

func (*Client) URL

func (c *Client) URL() string

URL returns the base url configured

func (*Client) ValidAuth added in v0.2.13

func (c *Client) ValidAuth() bool

ValidAuth verifies that the client has valid authentication

type CompAzureSubscriptions added in v0.1.12

type CompAzureSubscriptions struct {
	Tenant        string   `json:"tenant"`
	Subscriptions []string `json:"subscriptions"`
}

type CompGcpProjects added in v0.1.12

type CompGcpProjects struct {
	Organization string   `json:"organization"`
	Projects     []string `json:"projects"`
}

type ComplianceAwsReport added in v0.1.12

type ComplianceAwsReport struct {
	ReportTitle     string                     `json:"reportTitle"`
	ReportType      string                     `json:"reportType"`
	ReportTime      time.Time                  `json:"reportTime"`
	AccountID       string                     `json:"accountId"`
	AccountAlias    string                     `json:"accountAlias"`
	Summary         []ComplianceSummary        `json:"summary"`
	Recommendations []ComplianceRecommendation `json:"recommendations"`
}

type ComplianceAwsReportConfig added in v0.1.12

type ComplianceAwsReportConfig struct {
	AccountID string
	Type      string
}

type ComplianceAzureReport added in v0.1.12

type ComplianceAzureReport struct {
	ReportTitle      string                     `json:"reportTitle"`
	ReportType       string                     `json:"reportType"`
	ReportTime       time.Time                  `json:"reportTime"`
	TenantID         string                     `json:"tenantId"`
	TenantName       string                     `json:"tenantName"`
	SubscriptionID   string                     `json:"subscriptionId"`
	SubscriptionName string                     `json:"subscriptionName"`
	Summary          []ComplianceSummary        `json:"summary"`
	Recommendations  []ComplianceRecommendation `json:"recommendations"`
}

type ComplianceAzureReportConfig added in v0.1.12

type ComplianceAzureReportConfig struct {
	TenantID       string
	SubscriptionID string
	Type           string
}

type ComplianceGcpReport added in v0.1.12

type ComplianceGcpReport struct {
	ReportTitle      string                     `json:"reportTitle"`
	ReportType       string                     `json:"reportType"`
	ReportTime       time.Time                  `json:"reportTime"`
	OrganizationID   string                     `json:"organizationId"`
	OrganizationName string                     `json:"organizationName"`
	ProjectID        string                     `json:"projectId"`
	ProjectName      string                     `json:"projectName"`
	Summary          []ComplianceSummary        `json:"summary"`
	Recommendations  []ComplianceRecommendation `json:"recommendations"`
}

type ComplianceGcpReportConfig added in v0.1.12

type ComplianceGcpReportConfig struct {
	OrganizationID string
	ProjectID      string
	Type           string
}

type ComplianceRecommendation added in v0.1.12

type ComplianceRecommendation struct {
	RecID                 string                `json:"rec_id"`
	AssessedResourceCount int                   `json:"assessed_resource_count"`
	ResourceCount         int                   `json:"resource_count"`
	Category              string                `json:"category"`
	InfoLink              string                `json:"info_link"`
	Service               string                `json:"service"`
	Severity              int                   `json:"severity"`
	Status                string                `json:"status"`
	Suppressions          []string              `json:"suppressions"`
	Title                 string                `json:"title"`
	Violations            []ComplianceViolation `json:"violations"`
}

func (*ComplianceRecommendation) SeverityString added in v0.1.12

func (r *ComplianceRecommendation) SeverityString() string

type ComplianceService added in v0.1.12

type ComplianceService struct {
	// contains filtered or unexported fields
}

ComplianceService is a service that interacts with the compliance endpoints from the Lacework Server

func (*ComplianceService) DownloadAwsReportPDF added in v0.1.12

func (svc *ComplianceService) DownloadAwsReportPDF(filepath string, config ComplianceAwsReportConfig) error

func (*ComplianceService) DownloadAzureReportPDF added in v0.1.12

func (svc *ComplianceService) DownloadAzureReportPDF(filepath string, config ComplianceAzureReportConfig) error

func (*ComplianceService) DownloadGcpReportPDF added in v0.1.12

func (svc *ComplianceService) DownloadGcpReportPDF(filepath string, config ComplianceGcpReportConfig) error

func (*ComplianceService) GetAwsReport added in v0.1.12

func (svc *ComplianceService) GetAwsReport(config ComplianceAwsReportConfig) (
	response complianceAwsReportResponse,
	err error,
)

func (*ComplianceService) GetAzureReport added in v0.1.12

func (svc *ComplianceService) GetAzureReport(config ComplianceAzureReportConfig) (
	response complianceAzureReportResponse,
	err error,
)

func (*ComplianceService) GetGcpReport added in v0.1.12

func (svc *ComplianceService) GetGcpReport(config ComplianceGcpReportConfig) (
	response complianceGcpReportResponse,
	err error,
)

func (*ComplianceService) ListAzureSubscriptions added in v0.1.12

func (svc *ComplianceService) ListAzureSubscriptions(tenantID string) (
	response compAzureSubsResponse,
	err error,
)

func (*ComplianceService) ListGcpProjects added in v0.1.12

func (svc *ComplianceService) ListGcpProjects(orgID string) (
	response compGcpProjectsResponse,
	err error,
)

func (*ComplianceService) RunAwsReport added in v0.1.12

func (svc *ComplianceService) RunAwsReport(accountID string) (
	response map[string]interface{},
	err error,
)

func (*ComplianceService) RunAzureReport added in v0.1.12

func (svc *ComplianceService) RunAzureReport(tenantID string) (
	response complianceRunAzureReportResponse,
	err error,
)

func (*ComplianceService) RunGcpReport added in v0.1.12

func (svc *ComplianceService) RunGcpReport(projectID string) (
	response complianceRunGcpReportResponse,
	err error,
)

func (*ComplianceService) RunIntegrationReport added in v0.2.6

func (svc *ComplianceService) RunIntegrationReport(intgGuid string) (
	response map[string]interface{},
	err error,
)

type ComplianceSummary added in v0.1.12

type ComplianceSummary struct {
	AssessedResourceCount     int `json:"assessed_resource_count"`
	NumCompliant              int `json:"num_compliant"`
	NumNotCompliant           int `json:"num_not_compliant"`
	NumRecommendations        int `json:"num_recommendations"`
	NumSeverity1NonCompliance int `json:"num_severity_1_non_compliance"`
	NumSeverity2NonCompliance int `json:"num_severity_2_non_compliance"`
	NumSeverity3NonCompliance int `json:"num_severity_3_non_compliance"`
	NumSeverity4NonCompliance int `json:"num_severity_4_non_compliance"`
	NumSeverity5NonCompliance int `json:"num_severity_5_non_compliance"`
	NumSuppressed             int `json:"num_suppressed"`
	SuppressedResourceCount   int `json:"suppressed_resource_count"`
	ViolatedResourceCount     int `json:"violated_resource_count"`
}

type ComplianceViolation added in v0.1.12

type ComplianceViolation struct {
	Region   string   `json:"region"`
	Resource string   `json:"resource"`
	Reasons  []string `json:"reasons"`
}

type ContainerRegCreds added in v0.1.9

type ContainerRegCreds struct {
	// for docker hub registry (DOCKERHUB)
	Username string `json:"USERNAME,omitempty" mapstructure:"USERNAME"`
	Password string `json:"PASSWORD,omitempty" mapstructure:"PASSWORD"`

	// for docker V2 registry (V2_REGISTRY)
	SSL bool `json:"SSL,omitempty" mapstructure:"SSL"`

	// for GCR registry (GCP_GCR)
	ClientEmail  string `json:"CLIENT_EMAIL,omitempty" mapstructure:"CLIENT_EMAIL"`
	ClientID     string `json:"CLIENT_ID,omitempty" mapstructure:"CLIENT_ID"`
	PrivateKey   string `json:"PRIVATE_KEY,omitempty" mapstructure:"PRIVATE_KEY"`
	PrivateKeyID string `json:"PRIVATE_KEY_ID,omitempty" mapstructure:"PRIVATE_KEY_ID"`
}

type ContainerRegData added in v0.1.9

type ContainerRegData struct {
	// @afiune the container registry schema contains a few different DATA types,
	// and because of that we are adding ALL fields that we could possibly have
	// for ALL container registry types (look at the variable RegistryTypes) with
	// the exception of AWS_ECR, this integration has a different credentials field
	// and because of that we have to define it separately
	Credentials  ContainerRegCreds `json:"CREDENTIALS" mapstructure:"CREDENTIALS"`
	RegistryType string            `json:"REGISTRY_TYPE" mapstructure:"REGISTRY_TYPE"`

	// for GCP_GCR integrations, the registry domain has to be one of:
	// => [ "gcr.io", "us.gcr.io", "eu.gcr.io", "asia.gcr.io" ]
	RegistryDomain string `json:"REGISTRY_DOMAIN" mapstructure:"REGISTRY_DOMAIN"`
	LimitByTag     string `json:"LIMIT_BY_TAG" mapstructure:"LIMIT_BY_TAG"`
	LimitByLabel   string `json:"LIMIT_BY_LABEL" mapstructure:"LIMIT_BY_LABEL"`
	LimitByRep     string `json:"LIMIT_BY_REP,omitempty" mapstructure:"LIMIT_BY_REP"`
	LimitNumImg    int    `json:"LIMIT_NUM_IMG,omitempty" mapstructure:"LIMIT_NUM_IMG"`
}

type ContainerRegIntResponse added in v0.1.9

type ContainerRegIntResponse struct {
	Data    []ContainerRegIntegration `json:"data"`
	Ok      bool                      `json:"ok"`
	Message string                    `json:"message"`
}

type ContainerRegIntegration added in v0.1.9

type ContainerRegIntegration struct {
	Data ContainerRegData `json:"DATA"`
	// contains filtered or unexported fields
}

func NewContainerRegIntegration added in v0.1.9

func NewContainerRegIntegration(name string, data ContainerRegData) ContainerRegIntegration

NewContainerRegIntegration returns an instance of ContainerRegIntegration with the provided name and data.

Basic usage: Create a Docker Hub integration

client, err := api.NewClient("account")
if err != nil {
  return err
}

docker := api.NewContainerRegIntegration("foo",
  api.ContainerRegData{
    Credentials: api.ContainerRegCreds {
      Username: "techally",
      Password: "secret",
    },
    RegistryType: api.DockerHubRegistry.String(),
    RegistryDomain: "index.docker.io",
    LimitByTag: "*",
    LimitByLabel: "*",
    LimitNumImg: "5",
  },
)

client.Integrations.CreateContainerRegistry(docker)

func NewDockerHubRegistryIntegration added in v0.2.1

func NewDockerHubRegistryIntegration(name string, data ContainerRegData) ContainerRegIntegration

func NewDockerV2RegistryIntegration added in v0.2.1

func NewDockerV2RegistryIntegration(name string, data ContainerRegData) ContainerRegIntegration

func NewGcrRegistryIntegration added in v0.2.1

func NewGcrRegistryIntegration(name string, data ContainerRegData) ContainerRegIntegration

func (ContainerRegIntegration) StateString added in v0.1.9

func (c ContainerRegIntegration) StateString() string

func (ContainerRegIntegration) Status added in v0.1.9

func (c ContainerRegIntegration) Status() string

type ContainerVulnerability added in v0.7.0

type ContainerVulnerability struct {
	Name        string                 `json:"name"`
	Description string                 `json:"description"`
	Severity    string                 `json:"severity"`
	Link        string                 `json:"link"`
	FixVersion  string                 `json:"fix_version"`
	Metadata    map[string]interface{} `json:"metadata"`
}

func (*ContainerVulnerability) CVSSv2Score added in v0.7.0

func (v *ContainerVulnerability) CVSSv2Score() float64

func (*ContainerVulnerability) CVSSv3Score added in v0.7.0

func (v *ContainerVulnerability) CVSSv3Score() float64

type ContainerVulnerabilityService added in v0.2.0

type ContainerVulnerabilityService struct {
	// contains filtered or unexported fields
}

ContainerVulnerabilityService is a service that interacts with the vulnerabilities endpoints for the container space from the Lacework Server

func (*ContainerVulnerabilityService) AssessmentFromImageDigest added in v0.2.0

func (svc *ContainerVulnerabilityService) AssessmentFromImageDigest(imageDigest string) (
	response VulnContainerAssessmentResponse,
	err error,
)

ListAssessments leverages ListAssessmentsDateRange and returns a list of assessments from the last 7 days

func (*ContainerVulnerabilityService) AssessmentFromImageID added in v0.2.0

func (svc *ContainerVulnerabilityService) AssessmentFromImageID(imageID string) (
	response VulnContainerAssessmentResponse,
	err error,
)

func (*ContainerVulnerabilityService) ListAssessments added in v0.2.0

ListAssessments leverages ListAssessmentsDateRange and returns a list of assessments from the last 7 days

func (*ContainerVulnerabilityService) ListAssessmentsDateRange added in v0.2.0

func (svc *ContainerVulnerabilityService) ListAssessmentsDateRange(start, end time.Time) (
	response VulnContainerAssessmentsResponse,
	err error,
)

ListAssessmentsDateRange returns a list of container assessments during the specified date range

func (*ContainerVulnerabilityService) Scan added in v0.2.0

func (svc *ContainerVulnerabilityService) Scan(registry, repository, tagOrHash string) (
	response vulnContainerScanResponse,
	err error,
)

Scan triggers a container vulnerability scan to the provider registry, repository, and tag provided. This function calls the underlaying API endpoint that assumes that the container repository has been already integrated with the platform.

func (*ContainerVulnerabilityService) ScanStatus added in v0.2.0

func (svc *ContainerVulnerabilityService) ScanStatus(requestID string) (
	response vulnContainerScanStatusResponse,
	err error,
)

type DatadogAlertChannel added in v0.2.18

type DatadogAlertChannel struct {
	Data DatadogChannelData `json:"DATA"`
	// contains filtered or unexported fields
}

func NewDatadogAlertChannel added in v0.2.18

func NewDatadogAlertChannel(name string, data DatadogChannelData) DatadogAlertChannel

NewDatadogAlertChannel returns an instance of DatadogAlertChannel with the provided name and data.

Basic usage: Initialize a new DatadogAlertChannel struct, then

             use the new instance to do CRUD operations

  client, err := api.NewClient("account")
  if err != nil {
    return err
  }

  datadog := api.NewDatadogAlertChannel("foo",
  api.DatadogChannelData{
		DatadogSite:    api.DatadogSiteEu,
 		DatadogService: api.DatadogServiceEventsSummary,
	  	ApiKey:      	"datadog-key",
  },
  )

  client.Integrations.CreateDatadogAlertChannel(datadogChannel)

func (DatadogAlertChannel) StateString added in v0.2.18

func (c DatadogAlertChannel) StateString() string

func (DatadogAlertChannel) Status added in v0.2.18

func (c DatadogAlertChannel) Status() string

type DatadogAlertChannelResponse added in v0.2.18

type DatadogAlertChannelResponse struct {
	Data    []DatadogAlertChannel `json:"data"`
	Ok      bool                  `json:"ok"`
	Message string                `json:"message"`
}

type DatadogChannelData added in v0.2.18

type DatadogChannelData struct {
	DatadogSite    datadogSite    `json:"DATADOG_SITE,omitempty" mapstructure:"DATADOG_SITE"`
	DatadogService datadogService `json:"DATADOG_TYPE,omitempty" mapstructure:"DATADOG_TYPE"`
	ApiKey         string         `json:"API_KEY" mapstructure:"API_KEY"`
}

type Event added in v0.1.6

type Event struct {
	EventID   string    `json:"event_id"`
	EventType string    `json:"event_type"`
	Severity  string    `json:"severity"`
	StartTime time.Time `json:"start_time"`
	EndTime   time.Time `json:"end_time"`
}

func (*Event) SeverityString added in v0.1.6

func (e *Event) SeverityString() string

type EventAPIEntity added in v0.1.11

type EventAPIEntity struct {
	Service string `json:"service"`
	Api     string `json:"api"`
}

type EventApplicationEntity added in v0.1.11

type EventApplicationEntity struct {
	Application       string    `json:"application"`
	HasExternalConns  int32     `json:"has_external_conns"`
	IsClient          int32     `json:"is_client"`
	IsServer          int32     `json:"is_server"`
	EarliestKnownTime time.Time `json:"earliest_known_time"`
}

type EventCTUserEntity added in v0.1.11

type EventCTUserEntity struct {
	Username    string   `json:"username"`
	AccountID   string   `json:"account_id"`
	Mfa         int32    `json:"mfa"`
	ApiList     []string `json:"api_list"`
	RegionList  []string `json:"region_list"`
	PrincipalID string   `json:"principal_id"`
}

type EventContainerEntity added in v0.1.11

type EventContainerEntity struct {
	ImageRepo        string    `json:"image_repo"`
	ImageTag         string    `json:"image_tag"`
	HasExternalConns int32     `json:"has_external_conns"`
	IsClient         int32     `json:"is_client"`
	IsServer         int32     `json:"is_server"`
	FirstSeenTime    time.Time `json:"first_seen_time"`
	PodNamespace     string    `json:"pod_namespace"`
	PodIpAddr        string    `json:"pod_ip_addr"`
}

type EventCustomRuleEntity added in v0.1.11

type EventCustomRuleEntity struct {
	LastUpdatedTime time.Time `json:"last_updated_time"`
	LastUpdatedUser string    `json:"last_updated_user"`
	DisplayFilter   string    `json:"display_filter"`
	RuleGuid        string    `json:"rule_guid"`
}

type EventDetails added in v0.1.6

type EventDetails struct {
	EventID    string         `json:"event_id"`
	EventActor string         `json:"event_actor"`
	EventModel string         `json:"event_model"`
	EventType  string         `json:"event_type"`
	StartTime  time.Time      `json:"start_time"`
	EndTime    time.Time      `json:"end_time"`
	EntityMap  EventEntityMap `json:"entity_map"`
}

type EventDetailsResponse added in v0.1.6

type EventDetailsResponse struct {
	Events []EventDetails `json:"data"`
}

type EventDnsNameEntity added in v0.1.11

type EventDnsNameEntity struct {
	Hostname      string  `json:"hostname"`
	PortList      []int32 `json:"port_list"`
	TotalInBytes  float32 `json:"total_in_bytes"`
	TotalOutBytes float32 `json:"total_out_bytes"`
}

type EventEntityMap added in v0.1.6

type EventEntityMap struct {
	User            []EventUserEntity            `json:"user,omitempty"`
	Application     []EventApplicationEntity     `json:"application,omitempty"`
	Machine         []EventMachineEntity         `json:"machine,omitempty"`
	Container       []EventContainerEntity       `json:"container,omitempty"`
	DnsName         []EventDnsNameEntity         `json:"DnsName,omitempty"`   // @afiune not in standard
	IpAddress       []EventIpAddressEntity       `json:"IpAddress,omitempty"` // @afiune not in standard
	Process         []EventProcessEntity         `json:"process,omitempty"`
	FileDataHash    []EventFileDataHashEntity    `json:"FileDataHash,omitempty"`    // @afiune not in standard
	FileExePath     []EventFileExePathEntity     `json:"FileExePath,omitempty"`     // @afiune not in standard
	SourceIpAddress []EventSourceIpAddressEntity `json:"SourceIpAddress,omitempty"` // @afiune not in standard
	API             []EventAPIEntity             `json:"api,omitempty"`
	Region          []EventRegionEntity          `json:"region,omitempty"`
	CTUser          []EventCTUserEntity          `json:"ct_user,omitempty"`
	Resource        []EventResourceEntity        `json:"resource,omitempty"`
	RecID           []EventRecIDEntity           `json:"RecId,omitempty"`           // @afiune not in standard
	CustomRule      []EventCustomRuleEntity      `json:"CustomRule,omitempty"`      // @afiune not in standard
	NewViolation    []EventNewViolationEntity    `json:"NewViolation,omitempty"`    // @afiune not in standard
	ViolationReason []EventViolationReasonEntity `json:"ViolationReason,omitempty"` // @afiune not in standard
}

type EventFileDataHashEntity added in v0.1.11

type EventFileDataHashEntity struct {
	FiledataHash  string    `json:"filedata_hash"`
	MachineCount  int32     `json:"machine_count"`
	ExePathList   []string  `json:"exe_path_list"`
	FirstSeenTime time.Time `json:"first_seen_time"`
	IsKnownBad    int32     `json:"is_known_bad"`
}

type EventFileExePathEntity added in v0.1.11

type EventFileExePathEntity struct {
	ExePath          string    `json:"exe_path"`
	FirstSeenTime    time.Time `json:"first_seen_time"`
	LastFiledataHash string    `json:"last_filedata_hash"`
	LastPackageName  string    `json:"last_package_name"`
	LastVersion      string    `json:"last_version"`
	LastFileOwner    string    `json:"last_file_owner"`
}

type EventIpAddressEntity added in v0.1.11

type EventIpAddressEntity struct {
	IpAddress     string        `json:"ip_address"`
	TotalInBytes  float32       `json:"total_in_bytes"`
	TotalOutBytes float32       `json:"total_out_bytes"`
	ThreatTags    string        `json:"threat_tags"`
	ThreatSource  []interface{} `json:"threat_source"` // @afiune this field could be anything...
	Country       string        `json:"country"`
	Region        string        `json:"region"`
	PortList      []int32       `json:"port_list"`
	FirstSeenTime time.Time     `json:"first_seen_time"`
}

type EventMachineEntity added in v0.1.11

type EventMachineEntity struct {
	Hostname          string  `json:"hostname"`
	ExternalIp        string  `json:"external_ip"`
	InstanceID        string  `json:"instance_id"`
	InstanceName      string  `json:"instance_name"`
	CpuPercentage     float32 `json:"cpu_percentage"`
	InternalIpAddress string  `json:"internal_ip_address"`
}

type EventNewViolationEntity added in v0.1.11

type EventNewViolationEntity struct {
	RecID    string `json:"rec_id"`
	Reason   string `json:"reason"`
	Resource string `json:"resource"`
}

type EventProcessEntity added in v0.1.11

type EventProcessEntity struct {
	Hostname         string    `json:"hostname"`
	ProcessID        int32     `json:"process_id"`
	ProcessStartTime time.Time `json:"process_start_time"`
	Cmdline          string    `json:"cmdline"`
	CpuPercentage    float32   `json:"cpu_percentage"`
}

type EventRecIDEntity added in v0.1.11

type EventRecIDEntity struct {
	RecID        string `json:"rec_id"`
	AccountID    string `json:"account_id"`
	AccountAlias string `json:"account_alias"`
	Title        string `json:"title"`
	Status       string `json:"status"`
	EvalType     string `json:"eval_type"`
	EvalGuid     string `json:"eval_guid"`
}

type EventRegionEntity added in v0.1.11

type EventRegionEntity struct {
	Region      string   `json:"region"`
	AccountList []string `json:"account_list"`
}

type EventResourceEntity added in v0.1.11

type EventResourceEntity struct {
	Name string `json:"name"`
	// @afiune the API documentation says this field is a string, but there are
	// many events that has this field as a number, boolean, etc.  :sadpanda:
	Value interface{} `json:"value"`
}

type EventSourceIpAddressEntity added in v0.1.11

type EventSourceIpAddressEntity struct {
	IpAddress string `json:"ip_address"`
	Region    string `json:"region"`
	Country   string `json:"country"`
}

type EventUserEntity added in v0.1.11

type EventUserEntity struct {
	MachineHostname string `json:"machine_hostname"`
	Username        string `json:"username"`
}

type EventViolationReasonEntity added in v0.1.11

type EventViolationReasonEntity struct {
	RecID  string `json:"rec_id"`
	Reason string `json:"reason"`
}

type EventsCount added in v0.1.6

type EventsCount struct {
	Critical int
	High     int
	Medium   int
	Low      int
	Info     int
	Total    int
}

type EventsResponse added in v0.1.6

type EventsResponse struct {
	Events []Event `json:"data"`
}

func (*EventsResponse) GetEventsCount added in v0.1.6

func (er *EventsResponse) GetEventsCount() EventsCount

type EventsService added in v0.1.6

type EventsService struct {
	// contains filtered or unexported fields
}

EventsService is a service that interacts with the Events endpoints from the Lacework Server

func (*EventsService) Details added in v0.1.6

func (svc *EventsService) Details(eventID string) (response EventDetailsResponse, err error)

Details returns details about the specified event_id

func (*EventsService) List added in v0.1.6

func (svc *EventsService) List() (EventsResponse, error)

List leverages ListDateRange and returns a list of events from the last 7 days

func (*EventsService) ListDateRange added in v0.1.21

func (svc *EventsService) ListDateRange(start, end time.Time) (
	response EventsResponse,
	err error,
)

ListDateRange returns a list of Lacework events during the specified date range

Requirements and specifications: * The dates format should be: yyyy-MM-ddTHH:mm:ssZ (example 2019-07-11T21:11:00Z) * The START_TIME and END_TIME must be specified in UTC * The difference between the START_TIME and END_TIME must not be greater than 7 days * The START_TIME must be less than or equal to three months from current date * The number of records produced is limited to 5000

type GcpCredentials

type GcpCredentials struct {
	ClientID     string `json:"CLIENT_ID" mapstructure:"CLIENT_ID"`
	ClientEmail  string `json:"CLIENT_EMAIL" mapstructure:"CLIENT_EMAIL"`
	PrivateKeyID string `json:"PRIVATE_KEY_ID" mapstructure:"PRIVATE_KEY_ID"`
	PrivateKey   string `json:"PRIVATE_KEY" mapstructure:"PRIVATE_KEY"`
}

type GcpIntegration

type GcpIntegration struct {
	Data GcpIntegrationData `json:"DATA"`
	// contains filtered or unexported fields
}

func NewGcpAuditLogIntegration

func NewGcpAuditLogIntegration(name string, data GcpIntegrationData) GcpIntegration

NewGcpAuditLogIntegration returns an instance of GcpIntegration of type GCP_AT_SES

func NewGcpCfgIntegration

func NewGcpCfgIntegration(name string, data GcpIntegrationData) GcpIntegration

NewGcpCfgIntegration returns an instance of GcpIntegration of type GCP_CFG

func NewGcpIntegration

func NewGcpIntegration(name string, iType integrationType, data GcpIntegrationData) GcpIntegration

NewGcpIntegration returns an instance of GcpIntegration with the provided integration type, name and data. The type can only be GcpCfgIntegration or GcpAuditLogIntegration

Basic usage: Initialize a new GcpIntegration struct, then

           use the new instance to do CRUD operations

client, err := api.NewClient("account")
if err != nil {
  return err
}

gcp := api.NewGcpIntegration("abc",
  api.GcpCfgIntegration,
  api.GcpIntegrationData{
    ID: "1234",
    IDType: api.GcpProjectIntegration.String(),
    Credentials: api.GcpCredentials{
      ClientID: "id",
      ClientEmail: "email",
      PrivateKeyID: "key_id",
      PrivateKey: "key",
    },
  },
)

client.Integrations.CreateGcp(gcp)

func (GcpIntegration) StateString added in v0.1.7

func (c GcpIntegration) StateString() string

func (GcpIntegration) Status added in v0.1.3

func (c GcpIntegration) Status() string

type GcpIntegrationData

type GcpIntegrationData struct {
	ID          string         `json:"ID"`
	IDType      string         `json:"ID_TYPE" mapstructure:"ID_TYPE"`
	Credentials GcpCredentials `json:"CREDENTIALS" mapstructure:"CREDENTIALS"`

	// SubscriptionName is a field that exists and is required for the GCP_AT_SES
	// integration, though, it doesn't exist for GCP_CFG integrations, that's why
	// we omit it if empty
	SubscriptionName string `json:"SUBSCRIPTION_NAME,omitempty" mapstructure:"SUBSCRIPTION_NAME"`
}

type GcpIntegrationsResponse

type GcpIntegrationsResponse struct {
	Data    []GcpIntegration `json:"data"`
	Ok      bool             `json:"ok"`
	Message string           `json:"message"`
}

type GcpPubSubAlertChannel added in v0.2.15

type GcpPubSubAlertChannel struct {
	Data GcpPubSubChannelData `json:"DATA"`
	// contains filtered or unexported fields
}

func NewGcpPubSubAlertChannel added in v0.2.15

func NewGcpPubSubAlertChannel(name string, data GcpPubSubChannelData) GcpPubSubAlertChannel

NewGcpPubSubAlertChannel returns an instance of GcpPubSubAlertChannel with the provided name and data.

Basic usage: Initialize a new GcpPubSubAlertChannel struct, then

             use the new instance to do CRUD operations

  client, err := api.NewClient("account")
  if err != nil {
    return err
  }

	gcpPubSubChannel := api.NewGcpPubSubAlertChannel("foo",
		api.GcpPubSubChannelData{
			ProjectID:     "my-sample-project-191923",
			TopicID:       "mytopic",
			IssueGrouping: "Resources",
			Credentials: api.GcpCredentials{
				ClientID:     "client_id",
				ClientEmail:  "foo@example.iam.gserviceaccount.com",
				PrivateKey:   "priv_key",
				PrivateKeyID: "p_key_id",
			},
		},
		)

  client.Integrations.CreateGcpPubSubAlertChannel(gcpPubSubChannel)

func (GcpPubSubAlertChannel) StateString added in v0.2.15

func (c GcpPubSubAlertChannel) StateString() string

func (GcpPubSubAlertChannel) Status added in v0.2.15

func (c GcpPubSubAlertChannel) Status() string

type GcpPubSubAlertChannelResponse added in v0.2.15

type GcpPubSubAlertChannelResponse struct {
	Data    []GcpPubSubAlertChannel `json:"data"`
	Ok      bool                    `json:"ok"`
	Message string                  `json:"message"`
}

type GcpPubSubChannelData added in v0.2.15

type GcpPubSubChannelData struct {
	ProjectID     string         `json:"PROJECT_ID" mapstructure:"PROJECT_ID"`
	TopicID       string         `json:"TOPIC_ID" mapstructure:"TOPIC_ID"`
	IssueGrouping string         `json:"ISSUE_GROUPING,omitempty" mapstructure:"ISSUE_GROUPING"`
	Credentials   GcpCredentials `json:"CREDENTIALS" mapstructure:"CREDENTIALS"`
}

type HostScanPackageVulnDetails added in v0.2.2

type HostScanPackageVulnDetails struct {
	CVEProps struct {
		CveBatchID  string `json:"cve_batch_id"`
		Description string `json:"description"`
		Link        string `json:"link"`
		Metadata    struct {
			NVD struct {
				CVSSv2 struct {
					PublishedDateTime string  `json:"PublishedDateTime"`
					Score             float64 `json:"Score"`
					Vectors           string  `json:"Vectors"`
				} `json:"CVSSv2"`
				CVSSv3 struct {
					ExploitabilityScore float64 `json:"ExploitabilityScore"`
					ImpactScore         float64 `json:"ImpactScore"`
					Score               float64 `json:"Score"`
					Vectors             string  `json:"Vectors"`
				} `json:"CVSSv3"`
			} `json:"NVD"`
		} `json:"metadata"`
	} `json:"CVE_PROPS"`
	FeatureKey struct {
		Name      string `json:"name"`
		Namespace string `json:"namespace"`
	} `json:"FEATURE_KEY"`
	FixInfo   HostScanPackageVulnFixInfo `json:"FIX_INFO"`
	OsPkgInfo struct {
		Namespace     string `json:"namespace"`
		Os            string `json:"os"`
		OsVer         string `json:"os_ver"`
		Pkg           string `json:"pkg"`
		PkgVer        string `json:"pkg_ver"`
		VersionFormat string `json:"version_format"`
	} `json:"OS_PKG_INFO"`
	Props struct {
		EvalAlgo string `json:"eval_algo"`
	} `json:"PROPS"`
	Severity string `json:"SEVERITY"`
	Summary  struct {
		EvalCreatedTime          string `json:"eval_created_time"`
		EvalStatus               string `json:"eval_status"`
		NumFixableVuln           int    `json:"num_fixable_vuln"`
		NumFixableVulnBySeverity struct {
			Num1 int `json:"1"`
			Num2 int `json:"2"`
			Num3 int `json:"3"`
			Num4 int `json:"4"`
			Num5 int `json:"5"`
		} `json:"num_fixable_vuln_by_severity"`
		NumTotal          int `json:"num_total"`
		NumVuln           int `json:"num_vuln"`
		NumVulnBySeverity struct {
			Num1 int `json:"1"`
			Num2 int `json:"2"`
			Num3 int `json:"3"`
			Num4 int `json:"4"`
			Num5 int `json:"5"`
		} `json:"num_vuln_by_severity"`
	} `json:"SUMMARY"`
	VulnID string `json:"VULN_ID"`
}

func (*HostScanPackageVulnDetails) HasFix added in v0.2.10

func (v *HostScanPackageVulnDetails) HasFix() bool

func (*HostScanPackageVulnDetails) Match added in v0.2.10

func (v *HostScanPackageVulnDetails) Match() bool

func (*HostScanPackageVulnDetails) ScoreString added in v0.2.2

func (scanPkg *HostScanPackageVulnDetails) ScoreString() string

type HostScanPackageVulnFixInfo added in v0.4.0

type HostScanPackageVulnFixInfo struct {
	CompareResult               int    `json:"compare_result"`
	EvalStatus                  string `json:"eval_status"`
	FixAvailable                int    `json:"fix_available"`
	FixedVersion                string `json:"fixed_version"`
	FixedVersionComparisonInfos []struct {
		CurrFixVer                         string `json:"curr_fix_ver"`
		IsCurrFixVerGreaterThanOtherFixVer string `json:"is_curr_fix_ver_greater_than_other_fix_ver"`
		OtherFixVer                        string `json:"other_fix_ver"`
	} `json:"fixed_version_comparison_infos"`
	FixedVersionComparisonScore int    `json:"fixed_version_comparison_score"`
	MaxPrefixMatchingLenScore   int    `json:"max_prefix_matching_len_score"`
	VersionInstalled            string `json:"version_installed"`
}

type HostVulnCVE added in v0.2.0

type HostVulnCVE struct {
	ID       string             `json:"cve_id"`
	Packages []HostVulnPackage  `json:"packages"`
	Summary  HostVulnCveSummary `json:"summary"`
}

type HostVulnCounts added in v0.2.0

type HostVulnCounts struct {
	Critical     int32
	CritFixable  int32
	High         int32
	HighFixable  int32
	Medium       int32
	MedFixable   int32
	Low          int32
	LowFixable   int32
	Info         int32
	InfoFixable  int32
	Total        int32
	TotalFixable int32
}

func (*HostVulnCounts) HighestFixableSeverity added in v0.4.0

func (h *HostVulnCounts) HighestFixableSeverity() string

HighestFixableSeverity returns the highest fixable severity level vulnerability

func (*HostVulnCounts) HighestSeverity added in v0.4.0

func (h *HostVulnCounts) HighestSeverity() string

HighestSeverity returns the highest severity level vulnerability

func (*HostVulnCounts) TotalFixableVulnerabilities added in v0.4.0

func (h *HostVulnCounts) TotalFixableVulnerabilities() int32

TotalFixableVulnerabilities returns the total number of vulnerabilities that have a fix available

type HostVulnCveSummary added in v0.2.0

type HostVulnCveSummary struct {
	Severity             HostVulnSeverityCounts `json:"severity"`
	TotalVulnerabilities int                    `json:"total_vulnerabilities"`
	LastEvaluationTime   Json16DigitTime        `json:"last_evaluation_time"`
}

type HostVulnDetail added in v0.2.0

type HostVulnDetail struct {
	Details  hostVulnHostDetail `json:"host"`
	Packages []HostVulnPackage  `json:"packages"`
	Summary  HostVulnCveSummary `json:"summary"`
}

type HostVulnHostAssessment added in v0.2.0

type HostVulnHostAssessment struct {
	Host hostVulnHostDetail `json:"host"`
	CVEs []HostVulnCVE      `json:"vulnerabilities"`
}

func (*HostVulnHostAssessment) VulnerabilityCounts added in v0.2.0

func (assessment *HostVulnHostAssessment) VulnerabilityCounts() HostVulnCounts

type HostVulnPackage added in v0.2.0

type HostVulnPackage struct {
	Name                string `json:"name"`
	Namespace           string `json:"namespace"`
	Severity            string `json:"severity"`
	Status              string `json:"status,omitempty"`
	VulnerabilityStatus string `json:"vulnerability_status,omitempty"`
	Version             string `json:"version"`
	HostCount           string `json:"host_count"`
	PackageStatus       string `json:"package_status"`
	CveLink             string `json:"cve_link"`
	CvssScore           string `json:"cvss_score"`
	CvssV2Score         string `json:"cvss_v_2_score"`
	CvssV3Score         string `json:"cvss_v_3_score"`
	//FirstSeenTime time.Time `json:"first_seen_time"`
	FixAvailable string `json:"fix_available"`
	FixedVersion string `json:"fixed_version"`
}

type HostVulnScanPkgManifestResponse added in v0.2.3

type HostVulnScanPkgManifestResponse struct {
	Vulns   []HostScanPackageVulnDetails `json:"data"`
	Ok      bool                         `json:"ok"`
	Message string                       `json:"message"`
}

func (*HostVulnScanPkgManifestResponse) CleanResponse added in v0.2.10

func (scanPkgManifest *HostVulnScanPkgManifestResponse) CleanResponse()

CleanResponse will go over all the vulnerabilities from a package-manifest scan and remove the non-matching ones, leaving only the vulnerabilities that matter

func (*HostVulnScanPkgManifestResponse) VulnerabilityCounts added in v0.2.3

func (scanPkgManifest *HostVulnScanPkgManifestResponse) VulnerabilityCounts() HostVulnCounts

type HostVulnSeverityCounts added in v0.2.0

type HostVulnSeverityCounts struct {
	Critical *HostVulnSeverityCountsDetails `json:"Critical"`
	High     *HostVulnSeverityCountsDetails `json:"High"`
	Medium   *HostVulnSeverityCountsDetails `json:"Medium"`
	Low      *HostVulnSeverityCountsDetails `json:"Low"`
	Info     *HostVulnSeverityCountsDetails `json:"Info"`
}

func (*HostVulnSeverityCounts) VulnerabilityCounts added in v0.2.0

func (counts *HostVulnSeverityCounts) VulnerabilityCounts() HostVulnCounts

type HostVulnSeverityCountsDetails added in v0.4.0

type HostVulnSeverityCountsDetails struct {
	Fixable         int32 `json:"fixable"`
	Vulnerabilities int32 `json:"vulnerabilities"`
}

type HostVulnerabilityService added in v0.2.0

type HostVulnerabilityService struct {
	// contains filtered or unexported fields
}

HostVulnerabilityService is a service that interacts with the vulnerabilities endpoints for the host space from the Lacework Server

func (*HostVulnerabilityService) GetHostAssessment added in v0.2.0

func (svc *HostVulnerabilityService) GetHostAssessment(id string) (
	response hostVulnHostResponse,
	err error,
)

func (*HostVulnerabilityService) ListCves added in v0.2.0

func (svc *HostVulnerabilityService) ListCves() (
	response hostVulnListCvesResponse,
	err error,
)

func (*HostVulnerabilityService) ListHostsWithCVE added in v0.2.0

func (svc *HostVulnerabilityService) ListHostsWithCVE(id string) (
	response hostVulnListHostsResponse,
	err error,
)

func (*HostVulnerabilityService) Scan added in v0.2.0

func (svc *HostVulnerabilityService) Scan(manifest *PackageManifest) (
	response HostVulnScanPkgManifestResponse,
	err error,
)

Scan requests an on-demand vulnerability assessment of your software packages to determine if the packages contain any common vulnerabilities and exposures

NOTE: Only packages managed by a package manager for supported OS's are reported

type IntegrationState added in v0.1.6

type IntegrationState struct {
	Ok                 bool   `json:"ok"`
	LastUpdatedTime    string `json:"lastUpdatedTime"`
	LastSuccessfulTime string `json:"lastSuccessfulTime"`
}

type IntegrationsService

type IntegrationsService struct {
	// contains filtered or unexported fields
}

IntegrationsService is a service that interacts with the integrations endpoints from the Lacework Server

func (*IntegrationsService) CreateAws

func (svc *IntegrationsService) CreateAws(integration AwsIntegration) (
	response AwsIntegrationsResponse,
	err error,
)

CreateAws creates a single AWS integration on the Lacework Server

func (*IntegrationsService) CreateAwsCloudWatchAlertChannel added in v0.1.22

func (svc *IntegrationsService) CreateAwsCloudWatchAlertChannel(integration AwsCloudWatchAlertChannel) (
	response AwsCloudWatchResponse,
	err error,
)

CreateAwsCloudWatchAlertChannel creates a AWS CloudWatch alert channel on the Lacework Server

func (*IntegrationsService) CreateAwsEcrWithAccessKey added in v0.2.22

func (svc *IntegrationsService) CreateAwsEcrWithAccessKey(integration AwsEcrWithAccessKeyIntegration) (
	response AwsEcrWithAccessKeyIntegrationResponse,
	err error,
)

CreateAwsEcrWithAccessKey creates an AWS_ECR integration using an AWS Access Key as authenticatin method to access the registry

func (*IntegrationsService) CreateAwsEcrWithCrossAccount added in v0.2.22

func (svc *IntegrationsService) CreateAwsEcrWithCrossAccount(integration AwsEcrWithCrossAccountIntegration) (
	response AwsEcrWithCrossAccountIntegrationResponse,
	err error,
)

CreateAwsEcrWithCrossAccount creates an AWS_ECR integration using an IAM Role as authenticatin method to access the registry

func (*IntegrationsService) CreateAwsS3AlertChannel added in v0.2.12

func (svc *IntegrationsService) CreateAwsS3AlertChannel(integration AwsS3AlertChannel) (
	response AwsS3AlertChannelResponse,
	err error,
)

CreateAwsS3AlertChannel creates an AWS_S3 alert channel integration on the Lacework Server

func (*IntegrationsService) CreateAzure

func (svc *IntegrationsService) CreateAzure(integration AzureIntegration) (
	response AzureIntegrationsResponse,
	err error,
)

CreateAzure creates a single Azure integration on the Lacework Server

func (*IntegrationsService) CreateCiscoWebexAlertChannel added in v0.2.19

func (svc *IntegrationsService) CreateCiscoWebexAlertChannel(integration CiscoWebexAlertChannel) (
	response CiscoWebexAlertChannelResponse,
	err error,
)

CreateCiscoWebexAlertChannel creates a ciscoWebex alert channel integration on the Lacework Server

func (*IntegrationsService) CreateContainerRegistry added in v0.1.9

func (svc *IntegrationsService) CreateContainerRegistry(integration ContainerRegIntegration) (
	response ContainerRegIntResponse,
	err error,
)

CreateContainerRegistry creates a container registry integration on the Lacework Server

func (*IntegrationsService) CreateDatadogAlertChannel added in v0.2.18

func (svc *IntegrationsService) CreateDatadogAlertChannel(integration DatadogAlertChannel) (
	response DatadogAlertChannelResponse,
	err error,
)

CreateDatadogAlertChannel creates a datadog alert channel integration on the Lacework Server

func (*IntegrationsService) CreateGcp

func (svc *IntegrationsService) CreateGcp(data GcpIntegration) (
	response GcpIntegrationsResponse,
	err error,
)

CreateGcp creates a single Gcp integration on the Lacework Server

func (*IntegrationsService) CreateGcpPubSubAlertChannel added in v0.2.15

func (svc *IntegrationsService) CreateGcpPubSubAlertChannel(integration GcpPubSubAlertChannel) (
	response GcpPubSubAlertChannelResponse,
	err error,
)

CreateGcpPubSubAlertChannel creates an GCP_PUBSUB alert channel integration on the Lacework Server

func (*IntegrationsService) CreateJiraAlertChannel added in v0.1.24

func (svc *IntegrationsService) CreateJiraAlertChannel(integration JiraAlertChannel) (
	response JiraAlertChannelResponse,
	err error,
)

CreateJiraAlertChannel creates a jira alert channel integration on the Lacework Server

func (*IntegrationsService) CreateMicrosoftTeamsAlertChannel added in v0.2.19

func (svc *IntegrationsService) CreateMicrosoftTeamsAlertChannel(integration MicrosoftTeamsAlertChannel) (
	response MicrosoftTeamsAlertChannelResponse,
	err error,
)

CreateMicrosoftTeamsAlertChannel creates a msTeams alert channel integration on the Lacework Server

func (*IntegrationsService) CreateNewRelicAlertChannel added in v0.2.20

func (svc *IntegrationsService) CreateNewRelicAlertChannel(integration NewRelicAlertChannel) (
	response NewRelicAlertChannelResponse,
	err error,
)

CreateNewRelicAlertChannel creates an NEW_RELIC_INSIGHTS alert channel integration on the Lacework Server

func (*IntegrationsService) CreatePagerDutyAlertChannel added in v0.1.22

func (svc *IntegrationsService) CreatePagerDutyAlertChannel(integration PagerDutyAlertChannel) (
	response PagerDutyAlertChannelResponse,
	err error,
)

CreatePagerDutyAlertChannel creates a pager duty alert channel integration on the Lacework Server

func (*IntegrationsService) CreateQRadarAlertChannel added in v0.2.20

func (svc *IntegrationsService) CreateQRadarAlertChannel(integration QRadarAlertChannel) (
	response QRadarAlertChannelResponse,
	err error,
)

CreateQRadarAlertChannel creates a qradar alert channel integration on the Lacework Server

func (*IntegrationsService) CreateServiceNowAlertChannel added in v0.2.16

func (svc *IntegrationsService) CreateServiceNowAlertChannel(integration ServiceNowAlertChannel) (
	response ServiceNowAlertChannelResponse,
	err error,
)

CreateServiceNowAlertChannel creates a serviceNow alert channel integration on the Lacework Server

func (*IntegrationsService) CreateSlackAlertChannel added in v0.1.22

func (svc *IntegrationsService) CreateSlackAlertChannel(integration SlackAlertChannel) (
	response SlackAlertChannelResponse,
	err error,
)

CreateSlackAlertChannel creates a slack alert channel integration on the Lacework Server

func (*IntegrationsService) CreateSplunkAlertChannel added in v0.2.14

func (svc *IntegrationsService) CreateSplunkAlertChannel(integration SplunkAlertChannel) (
	response SplunkAlertChannelResponse,
	err error,
)

CreateSplunkAlertChannel creates a splunk alert channel integration on the Lacework Server

func (*IntegrationsService) CreateVictorOpsAlertChannel added in v0.2.19

func (svc *IntegrationsService) CreateVictorOpsAlertChannel(integration VictorOpsAlertChannel) (
	response VictorOpsAlertChannelResponse,
	err error,
)

CreateVictorOpsAlertChannel creates a datadog alert channel integration on the Lacework Server

func (*IntegrationsService) CreateWebhookAlertChannel added in v0.2.11

func (svc *IntegrationsService) CreateWebhookAlertChannel(integration WebhookAlertChannel) (
	response WebhookAlertChannelResponse,
	err error,
)

CreateWebhookAlertChannel creates a webhook alert channel integration on the Lacework Server

func (*IntegrationsService) Delete

func (svc *IntegrationsService) Delete(guid string) (
	response RawIntegrationsResponse,
	err error,
)

Delete deletes a single integration matching the integration guid on the Lacework Server the returned integration contains the 'Data' field raw (map of interfaces)

func (*IntegrationsService) DeleteAws

func (svc *IntegrationsService) DeleteAws(guid string) (
	response AwsIntegrationsResponse,
	err error,
)

DeleteAws deletes a single AWS integration matching the integration guid on the Lacework Server

func (*IntegrationsService) DeleteAzure

func (svc *IntegrationsService) DeleteAzure(guid string) (
	response AzureIntegrationsResponse,
	err error,
)

DeleteAzure deletes a single Azure integration matching the integration on the Lacework Server

func (*IntegrationsService) DeleteGcp

func (svc *IntegrationsService) DeleteGcp(guid string) (
	response GcpIntegrationsResponse,
	err error,
)

DeleteGcp deletes a single Gcp integration matching the integration guid on the Lacework Server

func (*IntegrationsService) Get

func (svc *IntegrationsService) Get(guid string) (
	response RawIntegrationsResponse,
	err error,
)

Get gets a single integration matching the integration guid on the Lacework Server, the returned integration contains the 'Data' field raw (map of interfaces)

func (*IntegrationsService) GetAws

func (svc *IntegrationsService) GetAws(guid string) (
	response AwsIntegrationsResponse,
	err error,
)

GetAws gets a single AWS integration matching the integration guid on the Lacework Server

func (*IntegrationsService) GetAwsCloudWatchAlertChannel added in v0.1.22

func (svc *IntegrationsService) GetAwsCloudWatchAlertChannel(guid string) (
	response AwsCloudWatchResponse,
	err error,
)

GetAwsCloudWatchAlertChannel gets a AWS CloudWatch alert channel that matches with the provided integration guid on the Lacework Server

func (*IntegrationsService) GetAwsEcrWithAccessKey added in v0.2.22

func (svc *IntegrationsService) GetAwsEcrWithAccessKey(guid string) (
	response AwsEcrWithAccessKeyIntegrationResponse,
	err error,
)

GetAwsEcrWithAccessKey gets an AWS_ECR integration that matches with the provided integration guid on the Lacework Server

func (*IntegrationsService) GetAwsEcrWithCrossAccount added in v0.2.22

func (svc *IntegrationsService) GetAwsEcrWithCrossAccount(guid string) (
	response AwsEcrWithCrossAccountIntegrationResponse,
	err error,
)

GetAwsEcrWithCrossAccount gets an AWS_ECR integration that matches with the provided integration guid on the Lacework Server

func (*IntegrationsService) GetAwsS3AlertChannel added in v0.2.12

func (svc *IntegrationsService) GetAwsS3AlertChannel(guid string) (
	response AwsS3AlertChannelResponse,
	err error,
)

GetAwsS3AlertChannel gets an AWS_S3 alert channel integration that matches with the provided integration guid on the Lacework Server

func (*IntegrationsService) GetAzure

func (svc *IntegrationsService) GetAzure(guid string) (
	response AzureIntegrationsResponse,
	err error,
)

GetAzure gets a single Azure integration matching the integration guid on the Lacework Server

func (*IntegrationsService) GetCiscoWebexAlertChannel added in v0.2.19

func (svc *IntegrationsService) GetCiscoWebexAlertChannel(guid string) (response CiscoWebexAlertChannelResponse,
	err error)

GetCiscoWebexAlertChannel gets a ciscoWebex alert channel integration that matches with the provided integration guid on the Lacework Server

func (*IntegrationsService) GetContainerRegistry added in v0.1.22

func (svc *IntegrationsService) GetContainerRegistry(guid string) (
	response ContainerRegIntResponse,
	err error,
)

GetContainerRegistry gets a container registry integration that matches with the provided integration guid on the Lacework Server

func (*IntegrationsService) GetDatadogAlertChannel added in v0.2.18

func (svc *IntegrationsService) GetDatadogAlertChannel(guid string) (response DatadogAlertChannelResponse,
	err error)

GetDatadogAlertChannel gets a datadog alert channel integration that matches with the provided integration guid on the Lacework Server

func (*IntegrationsService) GetGcp

func (svc *IntegrationsService) GetGcp(guid string) (
	response GcpIntegrationsResponse,
	err error,
)

GetGcp gets a single Gcp integration matching the integration guid on the Lacework Server

func (*IntegrationsService) GetGcpPubSubAlertChannel added in v0.2.15

func (svc *IntegrationsService) GetGcpPubSubAlertChannel(guid string) (
	response GcpPubSubAlertChannelResponse,
	err error,
)

GetGcpPubSubAlertChannel gets an GCP_PUBSUB alert channel integration that matches with the provided integration guid on the Lacework Server

func (*IntegrationsService) GetJiraAlertChannel added in v0.1.24

func (svc *IntegrationsService) GetJiraAlertChannel(guid string) (
	response JiraAlertChannelResponse,
	err error,
)

GetJiraAlertChannel gets a jira alert channel integration that matches with the provided integration guid on the Lacework Server

func (*IntegrationsService) GetMicrosoftTeamsAlertChannel added in v0.2.19

func (svc *IntegrationsService) GetMicrosoftTeamsAlertChannel(guid string) (response MicrosoftTeamsAlertChannelResponse,
	err error)

GetMicrosoftTeamsAlertChannel gets a msTeams alert channel integration that matches with the provided integration guid on the Lacework Server

func (*IntegrationsService) GetNewRelicAlertChannel added in v0.2.20

func (svc *IntegrationsService) GetNewRelicAlertChannel(guid string) (
	response NewRelicAlertChannelResponse,
	err error,
)

GetNewRelicAlertChannel gets an NEW_RELIC_INSIGHTS alert channel integration that matches with the provided integration guid on the Lacework Server

func (*IntegrationsService) GetPagerDutyAlertChannel added in v0.1.22

func (svc *IntegrationsService) GetPagerDutyAlertChannel(guid string) (
	response PagerDutyAlertChannelResponse,
	err error,
)

GetPagerDutyAlertChannel gets a pager duty alert channel integration that matches with the provided integration guid on the Lacework Server

func (*IntegrationsService) GetQRadarAlertChannel added in v0.2.20

func (svc *IntegrationsService) GetQRadarAlertChannel(guid string) (response QRadarAlertChannelResponse,
	err error)

GetQRadarAlertChannel gets a qradar alert channel integration that matches with the provided integration guid on the Lacework Server

func (*IntegrationsService) GetSchema

func (svc *IntegrationsService) GetSchema(iType integrationType) (
	response map[string]interface{},
	err error,
)

GetSchema get the integration schema for the provided integration type

func (*IntegrationsService) GetServiceNowAlertChannel added in v0.2.16

func (svc *IntegrationsService) GetServiceNowAlertChannel(guid string) (response ServiceNowAlertChannelResponse,
	err error)

GetServiceNowAlertChannel gets a serviceNow alert channel integration that matches with the provided integration guid on the Lacework Server

func (*IntegrationsService) GetSlackAlertChannel added in v0.1.22

func (svc *IntegrationsService) GetSlackAlertChannel(guid string) (
	response SlackAlertChannelResponse,
	err error,
)

GetSlackAlertChannel gets a slack alert channel integration that matches with the provided integration guid on the Lacework Server

func (*IntegrationsService) GetSplunkAlertChannel added in v0.2.14

func (svc *IntegrationsService) GetSplunkAlertChannel(guid string) (response SplunkAlertChannelResponse,
	err error)

GetSplunkAlertChannel gets a splunk alert channel integration that matches with the provided integration guid on the Lacework Server

func (*IntegrationsService) GetVictorOpsAlertChannel added in v0.2.19

func (svc *IntegrationsService) GetVictorOpsAlertChannel(guid string) (response VictorOpsAlertChannelResponse,
	err error)

GetVictorOpsAlertChannel gets a datadog alert channel integration that matches with the provided integration guid on the Lacework Server

func (*IntegrationsService) GetWebhookAlertChannel added in v0.2.11

func (svc *IntegrationsService) GetWebhookAlertChannel(guid string) (response WebhookAlertChannelResponse,
	err error)

GetWebhookAlertChannel gets a webhook alert channel integration that matches with the provided integration guid on the Lacework Server

func (*IntegrationsService) List

func (svc *IntegrationsService) List() (response RawIntegrationsResponse, err error)

List lists the external integrations available on the Lacework Server

func (*IntegrationsService) ListAwsCfg

func (svc *IntegrationsService) ListAwsCfg() (response AwsIntegrationsResponse, err error)

ListAwsCfg lists the AWS_CFG external integrations available on the Lacework Server

func (*IntegrationsService) ListAwsCloudTrail

func (svc *IntegrationsService) ListAwsCloudTrail() (response AwsIntegrationsResponse, err error)

ListAwsCloudTrail lists the AWS_CT_SQS external integrations available on the Lacework Server

func (*IntegrationsService) ListAwsCloudWatchAlertChannel added in v0.1.22

func (svc *IntegrationsService) ListAwsCloudWatchAlertChannel() (response AwsCloudWatchResponse, err error)

ListAwsCloudWatchAlertChannel lists the CLOUDWATCH_EB external integrations available on the Lacework Server

func (*IntegrationsService) ListAwsS3AlertChannel added in v0.2.12

func (svc *IntegrationsService) ListAwsS3AlertChannel() (response AwsS3AlertChannelResponse, err error)

ListAwsS3AlertChannel lists the AWS_S3 external integrations available on the Lacework Server

func (*IntegrationsService) ListAzureActivityLog

func (svc *IntegrationsService) ListAzureActivityLog() (
	response AzureIntegrationsResponse, err error,
)

ListAzureActivityLog lists the AZURE_AL_SEQ external integrations available on the Lacework Server

func (*IntegrationsService) ListAzureCfg

func (svc *IntegrationsService) ListAzureCfg() (
	response AzureIntegrationsResponse, err error,
)

ListAzureCfg lists the AZURE_CFG external integrations available on the Lacework Server

func (*IntegrationsService) ListByType

func (svc *IntegrationsService) ListByType(iType integrationType) (response RawIntegrationsResponse, err error)

ListByType lists the external integrations from the provided type that are available on the Lacework Server

func (*IntegrationsService) ListCiscoWebexAlertChannel added in v0.2.19

func (svc *IntegrationsService) ListCiscoWebexAlertChannel() (response CiscoWebexAlertChannelResponse, err error)

ListCiscoWebexAlertChannel lists the WEBHOOK external integrationS available on the Lacework Server

func (*IntegrationsService) ListContainerRegistryIntegrations added in v0.3.0

func (svc *IntegrationsService) ListContainerRegistryIntegrations() (response ContainerRegIntResponse, err error)

ListContainerRegistryIntegrations lists the CONT_VULN_CFG external integrations available on the Lacework Server

func (*IntegrationsService) ListDatadogAlertChannel added in v0.2.18

func (svc *IntegrationsService) ListDatadogAlertChannel() (response DatadogAlertChannelResponse, err error)

ListDatadogAlertChannel lists the datadog alert channel integrations available on the Lacework Server

func (*IntegrationsService) ListGcpAuditLog

func (svc *IntegrationsService) ListGcpAuditLog() (response GcpIntegrationsResponse, err error)

ListGcpAuditLog lists the GCP_AT_SES external integrations available on the Lacework Server

func (*IntegrationsService) ListGcpCfg

func (svc *IntegrationsService) ListGcpCfg() (response GcpIntegrationsResponse, err error)

ListGcpCfg lists the GCP_CFG external integrations available on the Lacework Server

func (*IntegrationsService) ListGcpPubSubAlertChannel added in v0.2.15

func (svc *IntegrationsService) ListGcpPubSubAlertChannel() (response GcpPubSubAlertChannelResponse, err error)

ListGcpPubSubAlertChannel lists the GCP_PUBSUB external integrations available on the Lacework Server

func (*IntegrationsService) ListJiraAlertChannel added in v0.1.24

func (svc *IntegrationsService) ListJiraAlertChannel() (response JiraAlertChannelResponse, err error)

ListJiraAlertChannel lists the JIRA external integrations available on the Lacework Server

func (*IntegrationsService) ListMicrosoftTeamsAlertChannel added in v0.2.19

func (svc *IntegrationsService) ListMicrosoftTeamsAlertChannel() (response MicrosoftTeamsAlertChannelResponse, err error)

ListMicrosoftTeamsAlertChannel lists the Microsoft Teams external integrations available on the Lacework Server

func (*IntegrationsService) ListNewRelicAlertChannel added in v0.2.20

func (svc *IntegrationsService) ListNewRelicAlertChannel() (response NewRelicAlertChannelResponse, err error)

ListNewRelicAlertChannel lists the NEW_RELIC_INSIGHTS external integrations available on the Lacework Server

func (*IntegrationsService) ListPagerDutyAlertChannel added in v0.1.22

func (svc *IntegrationsService) ListPagerDutyAlertChannel() (response PagerDutyAlertChannelResponse, err error)

ListPagerDutyAlertChannel lists the PAGER_DUTY_API external integrations available on the Lacework Server

func (*IntegrationsService) ListQRadarAlertChannel added in v0.2.20

func (svc *IntegrationsService) ListQRadarAlertChannel() (response QRadarAlertChannelResponse, err error)

ListQRadarAlertChannel lists the qradar alert channel integrations available on the Lacework Server

func (*IntegrationsService) ListServiceNowAlertChannel added in v0.2.16

func (svc *IntegrationsService) ListServiceNowAlertChannel() (response ServiceNowAlertChannelResponse, err error)

ListServiceNowAlertChannel lists the serviceNow alert channel integrations available on the Lacework Server

func (*IntegrationsService) ListSlackAlertChannel added in v0.1.22

func (svc *IntegrationsService) ListSlackAlertChannel() (response SlackAlertChannelResponse, err error)

ListSlackAlertChannel lists the SLACK_CHANNEL external integrations available on the Lacework Server

func (*IntegrationsService) ListSplunkAlertChannel added in v0.2.14

func (svc *IntegrationsService) ListSplunkAlertChannel() (response SplunkAlertChannelResponse, err error)

ListSplunkAlertChannel lists the splunk alert channel integrations available on the Lacework Server

func (*IntegrationsService) ListVictorOpsAlertChannel added in v0.2.19

func (svc *IntegrationsService) ListVictorOpsAlertChannel() (response VictorOpsAlertChannelResponse, err error)

ListVictorOpsAlertChannel lists the datadog alert channel integrations available on the Lacework Server

func (*IntegrationsService) ListWebhookAlertChannel added in v0.2.11

func (svc *IntegrationsService) ListWebhookAlertChannel() (response WebhookAlertChannelResponse, err error)

ListWebhookAlertChannel lists the WEBHOOK external integrationS available on the Lacework Server

func (*IntegrationsService) UpdateAws

func (svc *IntegrationsService) UpdateAws(data AwsIntegration) (
	response AwsIntegrationsResponse,
	err error,
)

UpdateAws updates a single AWS integration on the Lacework Server

func (*IntegrationsService) UpdateAwsCloudWatchAlertChannel added in v0.1.22

func (svc *IntegrationsService) UpdateAwsCloudWatchAlertChannel(data AwsCloudWatchAlertChannel) (
	response AwsCloudWatchResponse,
	err error,
)

UpdateAwsCloudWatchAlertChannel updates a single AWS CloudWatch alert channel

func (*IntegrationsService) UpdateAwsEcrWithAccessKey added in v0.2.22

func (svc *IntegrationsService) UpdateAwsEcrWithAccessKey(integration AwsEcrWithAccessKeyIntegration) (
	response AwsEcrWithAccessKeyIntegrationResponse,
	err error,
)

UpdateAwsEcrWithAccessKey updates a single AWS_ECR integration

func (*IntegrationsService) UpdateAwsEcrWithCrossAccount added in v0.2.22

func (svc *IntegrationsService) UpdateAwsEcrWithCrossAccount(integration AwsEcrWithCrossAccountIntegration) (
	response AwsEcrWithCrossAccountIntegrationResponse,
	err error,
)

UpdateAwsEcrWithCrossAccount updates a single AWS_ECR integration

func (*IntegrationsService) UpdateAwsS3AlertChannel added in v0.2.12

func (svc *IntegrationsService) UpdateAwsS3AlertChannel(data AwsS3AlertChannel) (
	response AwsS3AlertChannelResponse,
	err error,
)

UpdateAwsS3AlertChannel updates a single AWS_S3 alert channel integration

func (*IntegrationsService) UpdateAzure

func (svc *IntegrationsService) UpdateAzure(data AzureIntegration) (
	response AzureIntegrationsResponse,
	err error,
)

UpdateAzure updates a single Azure integration on the Lacework Server

func (*IntegrationsService) UpdateCiscoWebexAlertChannel added in v0.2.19

func (svc *IntegrationsService) UpdateCiscoWebexAlertChannel(data CiscoWebexAlertChannel) (
	response CiscoWebexAlertChannelResponse,
	err error,
)

UpdateCiscoWebexAlertChannel updates a single ciscoWebex alert channel integration

func (*IntegrationsService) UpdateContainerRegistry added in v0.1.22

func (svc *IntegrationsService) UpdateContainerRegistry(integration ContainerRegIntegration) (
	response ContainerRegIntResponse,
	err error,
)

UpdateContainerRegistry updates a single container registry integration

func (*IntegrationsService) UpdateDatadogAlertChannel added in v0.2.18

func (svc *IntegrationsService) UpdateDatadogAlertChannel(data DatadogAlertChannel) (
	response DatadogAlertChannelResponse,
	err error,
)

UpdateDatadogAlertChannel updates a single datadog alert channel integration

func (*IntegrationsService) UpdateGcp

func (svc *IntegrationsService) UpdateGcp(data GcpIntegration) (
	response GcpIntegrationsResponse,
	err error,
)

UpdateGcp updates a single Gcp integration on the Lacework Server

func (*IntegrationsService) UpdateGcpPubSubAlertChannel added in v0.2.15

func (svc *IntegrationsService) UpdateGcpPubSubAlertChannel(data GcpPubSubAlertChannel) (
	response GcpPubSubAlertChannelResponse,
	err error,
)

UpdateGcpPubSubAlertChannel updates a single GCP_PUBSUB alert channel integration

func (*IntegrationsService) UpdateJiraAlertChannel added in v0.1.24

func (svc *IntegrationsService) UpdateJiraAlertChannel(data JiraAlertChannel) (
	response JiraAlertChannelResponse,
	err error,
)

UpdateJiraAlertChannel updates a single jira alert channel integration

func (*IntegrationsService) UpdateMicrosoftTeamsAlertChannel added in v0.2.19

func (svc *IntegrationsService) UpdateMicrosoftTeamsAlertChannel(data MicrosoftTeamsAlertChannel) (
	response MicrosoftTeamsAlertChannelResponse,
	err error,
)

UpdateMicrosoftTeamsAlertChannel updates a single msTeams alert channel integration

func (*IntegrationsService) UpdateNewRelicAlertChannel added in v0.2.20

func (svc *IntegrationsService) UpdateNewRelicAlertChannel(data NewRelicAlertChannel) (
	response NewRelicAlertChannelResponse,
	err error,
)

UpdateNewRelicAlertChannel updates a single NEW_RELIC_INSIGHTS alert channel integration

func (*IntegrationsService) UpdatePagerDutyAlertChannel added in v0.1.22

func (svc *IntegrationsService) UpdatePagerDutyAlertChannel(data PagerDutyAlertChannel) (
	response PagerDutyAlertChannelResponse,
	err error,
)

UpdatePagerDutyAlertChannel updates a single pager duty alert channel integration

func (*IntegrationsService) UpdateQRadarAlertChannel added in v0.2.20

func (svc *IntegrationsService) UpdateQRadarAlertChannel(data QRadarAlertChannel) (
	response QRadarAlertChannelResponse,
	err error,
)

UpdateQRadarAlertChannel updates a single qradar alert channel integration

func (*IntegrationsService) UpdateServiceNowAlertChannel added in v0.2.16

func (svc *IntegrationsService) UpdateServiceNowAlertChannel(data ServiceNowAlertChannel) (
	response ServiceNowAlertChannelResponse,
	err error,
)

UpdateServiceNowAlertChannel updates a single serviceNow alert channel integration

func (*IntegrationsService) UpdateSlackAlertChannel added in v0.1.22

func (svc *IntegrationsService) UpdateSlackAlertChannel(data SlackAlertChannel) (
	response SlackAlertChannelResponse,
	err error,
)

UpdateSlackAlertChannel updates a single slack alert channel integration

func (*IntegrationsService) UpdateSplunkAlertChannel added in v0.2.14

func (svc *IntegrationsService) UpdateSplunkAlertChannel(data SplunkAlertChannel) (
	response SplunkAlertChannelResponse,
	err error,
)

UpdateSplunkAlertChannel updates a single splunk alert channel integration

func (*IntegrationsService) UpdateVictorOpsAlertChannel added in v0.2.19

func (svc *IntegrationsService) UpdateVictorOpsAlertChannel(data VictorOpsAlertChannel) (
	response VictorOpsAlertChannelResponse,
	err error,
)

UpdateVictorOpsAlertChannel updates a single datadog alert channel integration

func (*IntegrationsService) UpdateWebhookAlertChannel added in v0.2.11

func (svc *IntegrationsService) UpdateWebhookAlertChannel(data WebhookAlertChannel) (
	response WebhookAlertChannelResponse,
	err error,
)

UpdateWebhookAlertChannel updates a single webhook alert channel integration

type JiraAlertChannel added in v0.1.24

type JiraAlertChannel struct {
	Data JiraAlertChannelData `json:"DATA"`
	// contains filtered or unexported fields
}

func NewJiraAlertChannel added in v0.1.24

func NewJiraAlertChannel(name string, data JiraAlertChannelData) JiraAlertChannel

NewJiraAlertChannel returns an instance of JiraAlertChannel with the provided name and data.

Basic usage: Initialize a new JiraAlertChannel struct, then

           use the new instance to do CRUD operations

client, err := api.NewClient("account")
if err != nil {
  return err
}

jiraAlert := api.NewJiraAlertChannel("foo",
  api.JiraAlertChannelData{
    JiraType:         api.JiraCloudAlertType,
    JiraUrl:          "mycompany.atlassian.net",
    IssueType:        "Bug",
    ProjectID:        "EXAMPLE",
    Username:         "me",
    ApiToken:         "my-api-token",
    IssueGrouping:    "Resources",
  },
)

client.Integrations.CreateJiraAlertChannel(jiraAlert)

func NewJiraCloudAlertChannel added in v0.1.24

func NewJiraCloudAlertChannel(name string, data JiraAlertChannelData) JiraAlertChannel

NewJiraCloudAlertChannel returns a JiraAlertChannel instance preconfigured as a JIRA_CLOUD type

func NewJiraServerAlertChannel added in v0.1.24

func NewJiraServerAlertChannel(name string, data JiraAlertChannelData) JiraAlertChannel

NewJiraServerAlertChannel returns a JiraAlertChannel instance preconfigured as a JIRA_SERVER type

func (JiraAlertChannel) StateString added in v0.1.24

func (c JiraAlertChannel) StateString() string

func (JiraAlertChannel) Status added in v0.1.24

func (c JiraAlertChannel) Status() string

type JiraAlertChannelData added in v0.1.24

type JiraAlertChannelData struct {
	JiraType      string `json:"JIRA_TYPE" mapstructure:"JIRA_TYPE"`
	JiraUrl       string `json:"JIRA_URL" mapstructure:"JIRA_URL"`
	IssueType     string `json:"ISSUE_TYPE" mapstructure:"ISSUE_TYPE"`
	ProjectID     string `json:"PROJECT_ID" mapstructure:"PROJECT_ID"`
	Username      string `json:"USERNAME" mapstructure:"USERNAME"`
	ApiToken      string `json:"API_TOKEN,omitempty" mapstructure:"API_TOKEN"` // Jira Cloud
	Password      string `json:"PASSWORD,omitempty" mapstructure:"PASSWORD"`   // Jira Server
	IssueGrouping string `json:"ISSUE_GROUPING,omitempty" mapstructure:"ISSUE_GROUPING"`

	// This field must be a base64 encode with the following format:
	//
	// "data:application/json;name=i.json;base64,[ENCODING]"
	//
	// [ENCODING] is the the base64 encode, use EncodeCustomTemplateFile() to encode a JSON template
	CustomTemplateFile string `json:"CUSTOM_TEMPLATE_FILE,omitempty" mapstructure:"CUSTOM_TEMPLATE_FILE"`
}

func (*JiraAlertChannelData) DecodeCustomTemplateFile added in v0.2.1

func (jira *JiraAlertChannelData) DecodeCustomTemplateFile() (string, error)

func (*JiraAlertChannelData) EncodeCustomTemplateFile added in v0.2.1

func (jira *JiraAlertChannelData) EncodeCustomTemplateFile(template string)

type JiraAlertChannelResponse added in v0.1.24

type JiraAlertChannelResponse struct {
	Data    []JiraAlertChannel `json:"data"`
	Ok      bool               `json:"ok"`
	Message string             `json:"message"`
}

type Json16DigitTime added in v0.1.21

type Json16DigitTime time.Time

time type to parse the returned 16 digit time in milliseconds

func (Json16DigitTime) Format added in v0.1.21

func (self Json16DigitTime) Format(s string) string

func (Json16DigitTime) MarshalJSON added in v0.1.21

func (self Json16DigitTime) MarshalJSON() ([]byte, error)

func (Json16DigitTime) ToTime added in v0.1.21

func (self Json16DigitTime) ToTime() time.Time

A few format functions for printing and manipulating the custom date

func (Json16DigitTime) UTC added in v0.1.21

func (self Json16DigitTime) UTC() time.Time

func (*Json16DigitTime) UnmarshalJSON added in v0.1.21

func (self *Json16DigitTime) UnmarshalJSON(b []byte) error

imeplement Marshal and Unmarshal interfaces

type LQLCompileResponse added in v0.6.0

type LQLCompileResponse struct {
	Data    []map[string]interface{} `json:"data"`
	Ok      bool                     `json:"ok"`
	Message string                   `json:"message"`
}

type LQLDataSourcesResponse added in v0.6.0

type LQLDataSourcesResponse struct {
	Data    []string `json:"data"`
	Ok      bool     `json:"ok"`
	Message string   `json:"message"`
}

type LQLDeleteMessage added in v0.6.0

type LQLDeleteMessage struct {
	ID string `json:"lqlDeleted"`
}

type LQLDeleteResponse added in v0.6.0

type LQLDeleteResponse struct {
	Ok      bool             `json:"ok"`
	Message LQLDeleteMessage `json:"message"`
}

type LQLDescribeData added in v0.6.0

type LQLDescribeData struct {
	Complexity  int                     `json:"complexity"`
	MaxDuration int                     `json:"maxDuration"`
	Parameters  []LQLDescribeParameters `json:"parameters"`
	PrimaryKey  []interface{}           `json:"primaryKey"`
	Props       map[string]interface{}  `json:"props"`
	Schema      []LQLDescribeSchema     `json:"schema"`
	Type        string                  `json:"type"`
}

type LQLDescribeParameters added in v0.6.0

type LQLDescribeParameters struct {
	Default  string                 `json:"default"`
	Name     string                 `json:"name"`
	Props    map[string]interface{} `json:"props"`
	Required bool                   `json:"required"`
	Type     string                 `json:"type"`
}

type LQLDescribeResponse added in v0.6.0

type LQLDescribeResponse struct {
	Data    []LQLDescribeData `json:"data"`
	Ok      bool              `json:"ok"`
	Message string            `json:"message"`
}

type LQLDescribeSchema added in v0.6.0

type LQLDescribeSchema struct {
	Name  string                 `json:"name"`
	Props map[string]interface{} `json:"props"`
	Type  string                 `json:"type"`
}

type LQLQuery added in v0.6.0

type LQLQuery struct {
	ID             string `json:"LQL_ID,omitempty"`
	StartTimeRange string `json:"START_TIME_RANGE,omitempty"`
	EndTimeRange   string `json:"END_TIME_RANGE,omitempty"`
	QueryText      string `json:"QUERY_TEXT"`
	// QueryBlob is a special string that supports type conversion
	// back and forth from LQL to JSON
	QueryBlob string `json:"-"`
}

func (*LQLQuery) Translate added in v0.6.0

func (q *LQLQuery) Translate() error

func (*LQLQuery) TranslateQuery added in v0.6.0

func (q *LQLQuery) TranslateQuery() error

func (LQLQuery) TranslateTime added in v0.6.0

func (q LQLQuery) TranslateTime(inTime string) (string, error)

func (*LQLQuery) Validate added in v0.6.0

func (q *LQLQuery) Validate(allowEmptyTimes bool) error

func (LQLQuery) ValidateRange added in v0.6.0

func (q LQLQuery) ValidateRange(allowEmptyTimes bool) (err error)

type LQLQueryResponse added in v0.6.0

type LQLQueryResponse struct {
	Data    []LQLQuery `json:"data"`
	Ok      bool       `json:"ok"`
	Message string     `json:"message"`
}

type LQLService added in v0.1.24

type LQLService struct {
	// contains filtered or unexported fields
}

LQLService is a service that interacts with the LQL endpoints from the Lacework Server

func (*LQLService) CompileQuery added in v0.6.0

func (svc *LQLService) CompileQuery(query string) (
	response LQLCompileResponse,
	err error,
)

func (*LQLService) CreateQuery added in v0.6.0

func (svc *LQLService) CreateQuery(query string) (
	response LQLQueryResponse,
	err error,
)

func (*LQLService) DataSources added in v0.6.0

func (svc *LQLService) DataSources() (
	response LQLDataSourcesResponse,
	err error,
)

func (*LQLService) DeleteQuery added in v0.6.0

func (svc *LQLService) DeleteQuery(queryID string) (
	response LQLDeleteResponse,
	err error,
)

func (*LQLService) Describe added in v0.6.0

func (svc *LQLService) Describe(dataSource string) (
	response LQLDescribeResponse,
	err error,
)

func (*LQLService) GetQueries added in v0.6.0

func (svc *LQLService) GetQueries() (LQLQueryResponse, error)

func (*LQLService) GetQueryByID added in v0.6.0

func (svc *LQLService) GetQueryByID(queryID string) (
	response LQLQueryResponse,
	err error,
)

func (*LQLService) RunQuery added in v0.6.0

func (svc *LQLService) RunQuery(query, start, end string) (
	response map[string]interface{},
	err error,
)

func (*LQLService) UpdateQuery added in v0.6.0

func (svc *LQLService) UpdateQuery(query string) (
	response LQLUpdateResponse,
	err error,
)

type LQLUpdateMessage added in v0.6.0

type LQLUpdateMessage struct {
	ID string `json:"lqlUpdated"`
}

type LQLUpdateResponse added in v0.6.0

type LQLUpdateResponse struct {
	Ok      bool             `json:"ok"`
	Message LQLUpdateMessage `json:"message"`
}

type MicrosoftTeamsAlertChannel added in v0.2.19

type MicrosoftTeamsAlertChannel struct {
	Data MicrosoftTeamsChannelData `json:"DATA"`
	// contains filtered or unexported fields
}

func NewMicrosoftTeamsAlertChannel added in v0.2.19

func NewMicrosoftTeamsAlertChannel(name string, data MicrosoftTeamsChannelData) MicrosoftTeamsAlertChannel

NewMicrosoftTeamsAlertChannel returns an instance of MicrosoftTeamsAlertChannel with the provided name and data.

Basic usage: Initialize a new MicrosoftTeamsAlertChannel struct, then

           use the new instance to do CRUD operations

client, err := api.NewClient("account")
if err != nil {
  return err
}

microsoftTeamsChannel := api.NewMicrosoftTeamsAlertChannel("foo",
  api.MicrosoftTeamsChannelData{
    WebhookURL: "https://outlook.office.com/webhook/api-token",
  },
)

client.Integrations.CreateMicrosoftTeamsAlertChannel(microsoftTeamsChannel)

func (MicrosoftTeamsAlertChannel) StateString added in v0.2.19

func (c MicrosoftTeamsAlertChannel) StateString() string

func (MicrosoftTeamsAlertChannel) Status added in v0.2.19

func (c MicrosoftTeamsAlertChannel) Status() string

type MicrosoftTeamsAlertChannelResponse added in v0.2.19

type MicrosoftTeamsAlertChannelResponse struct {
	Data    []MicrosoftTeamsAlertChannel `json:"data"`
	Ok      bool                         `json:"ok"`
	Message string                       `json:"message"`
}

type MicrosoftTeamsChannelData added in v0.2.19

type MicrosoftTeamsChannelData struct {
	WebhookURL string `json:"TEAMS_URL" mapstructure:"TEAMS_URL"`
}

type NanoTime added in v0.2.0

type NanoTime time.Time

time type to parse the returned time with nano format

Example:

"START_TIME":"2020-08-20T01:00:00+0000"

func (NanoTime) Format added in v0.2.0

func (self NanoTime) Format(s string) string

func (NanoTime) MarshalJSON added in v0.2.0

func (self NanoTime) MarshalJSON() ([]byte, error)

func (NanoTime) ToTime added in v0.2.0

func (self NanoTime) ToTime() time.Time

A few format functions for printing and manipulating the custom date

func (NanoTime) UTC added in v0.2.0

func (self NanoTime) UTC() time.Time

func (*NanoTime) UnmarshalJSON added in v0.2.0

func (self *NanoTime) UnmarshalJSON(b []byte) (err error)

type NewRelicAlertChannel added in v0.2.20

type NewRelicAlertChannel struct {
	Data NewRelicChannelData `json:"DATA"`
	// contains filtered or unexported fields
}

func NewNewRelicAlertChannel added in v0.2.20

func NewNewRelicAlertChannel(name string, data NewRelicChannelData) NewRelicAlertChannel

NewNewRelicAlertChannel returns an instance of NewRelicAlertChannel with the provided name and data.

Basic usage: Initialize a new NewRelicAlertChannel struct, then

             use the new instance to do CRUD operations

  client, err := api.NewClient("account")
  if err != nil {
    return err
  }

	newRelicChannel := api.NewNewRelicAlertChannel("foo",
		api.NewRelicChannelData{
			AccountID: 2338053,
			InsertKey: "x-xx-xxxxxxxxxxxxxxxxxx",
		},
	)

  client.Integrations.CreateNewRelicAlertChannel(newRelicChannel)

func (NewRelicAlertChannel) StateString added in v0.2.20

func (c NewRelicAlertChannel) StateString() string

func (NewRelicAlertChannel) Status added in v0.2.20

func (c NewRelicAlertChannel) Status() string

type NewRelicAlertChannelResponse added in v0.2.20

type NewRelicAlertChannelResponse struct {
	Data    []NewRelicAlertChannel `json:"data"`
	Ok      bool                   `json:"ok"`
	Message string                 `json:"message"`
}

type NewRelicChannelData added in v0.2.20

type NewRelicChannelData struct {
	AccountID int    `json:"ACCOUNT_ID" mapstructure:"ACCOUNT_ID"`
	InsertKey string `json:"INSERT_KEY" mapstructure:"INSERT_KEY"`
}

type Option

type Option interface {
	// contains filtered or unexported methods
}

func WithApiKeys

func WithApiKeys(id, secret string) Option

WithApiKeys sets the key_id and secret used to generate API access tokens

func WithApiV2

func WithApiV2() Option

WithApiV2 configures the client to use the API version 2 (/api/v2)

func WithExpirationTime

func WithExpirationTime(t int) Option

WithExpirationTime configures the token expiration time

func WithHeader added in v0.1.19

func WithHeader(header, value string) Option

WithHeader configures a HTTP Header to pass to every request

func WithLogFile added in v0.1.2

func WithLogFile(filename string) Option

WithLogFile configures the client to write messages to the provided file

func WithLogLevel added in v0.1.1

func WithLogLevel(level string) Option

WithLogLevel sets the log level of the client, available: info or debug

func WithLogLevelAndFile added in v0.1.2

func WithLogLevelAndFile(level, filename string) Option

WithLogLevelAndFile sets the log level of the client and writes the log messages to the provided file

func WithLogLevelAndWriter added in v0.1.2

func WithLogLevelAndWriter(level string, w io.Writer) Option

WithLogLevelAndWriter sets the log level of the client and writes the log messages to the provided io.Writer

func WithLogWriter added in v0.1.2

func WithLogWriter(w io.Writer) Option

WithLogWriter configures the client to log messages to the provided io.Writer

func WithTimeout added in v0.2.19

func WithTimeout(timeout time.Duration) Option

WithTimeout changes the default client timeout

func WithToken

func WithToken(token string) Option

WithToken sets the token used to authenticate the API requests

func WithTokenFromKeys

func WithTokenFromKeys(id, secret string) Option

WithTokenFromKeys sets the API access keys and triggers a new token generation NOTE: Order matters when using this option, use it at the end of a NewClient() func

func WithURL

func WithURL(baseURL string) Option

WithURL sets the base URL, this options is only available for test purposes

type OsPkgInfo added in v0.2.10

type OsPkgInfo struct {
	Os     string `json:"os"`
	OsVer  string `json:"os_ver"`
	Pkg    string `json:"pkg"`
	PkgVer string `json:"pkg_ver"`
}

type PackageManifest added in v0.2.10

type PackageManifest struct {
	OsPkgInfoList []OsPkgInfo `json:"os_pkg_info_list"`
}

PackageManifest is the representation of a package manifest that the Lacework API server expects when executing a scan

{
    "os_pkg_info_list": [
        {
            "os":"Ubuntu",
            "os_ver":"18.04",
            "pkg": "openssl",
            "pkg_ver": "1.1.1-1ubuntu2.1~18.04.6"
        }
    ]
}

type PagerDutyAlertChannel added in v0.1.22

type PagerDutyAlertChannel struct {
	Data PagerDutyData `json:"DATA"`
	// contains filtered or unexported fields
}

func NewPagerDutyAlertChannel added in v0.1.22

func NewPagerDutyAlertChannel(name string, data PagerDutyData) PagerDutyAlertChannel

NewPagerDutyAlertChannel returns an instance of PagerDutyAlertChannel with the provided name and data.

Basic usage: Initialize a new PagerDutyAlertChannel struct, then

           use the new instance to do CRUD operations

client, err := api.NewClient("account")
if err != nil {
  return err
}

pagerduty := api.NewPagerDutyAlertChannel("foo",
  api.PagerDutyData{
    IntegrationKey:   "1234abc8901abc567abc123abc78e012",
  },
)

client.Integrations.CreatePagerDutyAlertChannel(pagerduty)

func (PagerDutyAlertChannel) StateString added in v0.1.22

func (c PagerDutyAlertChannel) StateString() string

func (PagerDutyAlertChannel) Status added in v0.1.22

func (c PagerDutyAlertChannel) Status() string

type PagerDutyAlertChannelResponse added in v0.1.22

type PagerDutyAlertChannelResponse struct {
	Data    []PagerDutyAlertChannel `json:"data"`
	Ok      bool                    `json:"ok"`
	Message string                  `json:"message"`
}

type PagerDutyData added in v0.1.22

type PagerDutyData struct {
	IssueGrouping  string `json:"ISSUE_GROUPING,omitempty" mapstructure:"ISSUE_GROUPING"`
	IntegrationKey string `json:"API_INTG_KEY" mapstructure:"API_INTG_KEY"`
}

type QRadarAlertChannel added in v0.2.20

type QRadarAlertChannel struct {
	Data QRadarChannelData `json:"DATA"`
	// contains filtered or unexported fields
}

func NewQRadarAlertChannel added in v0.2.20

func NewQRadarAlertChannel(name string, data QRadarChannelData) QRadarAlertChannel

NewQRadarAlertChannel returns an instance of QRadarAlertChannel with the provided name and data.

Basic usage: Initialize a new QRadarAlertChannel struct, then

           use the new instance to do CRUD operations

client, err := api.NewClient("account")
if err != nil {
  return err
}

qradarChannel := api.NewQRadarAlertChannel("foo",
  api.QRadarChannelData{
    CommunicationType: "HTTPS",
    HostURL:           "https://qradar-lacework.com",
    HostPort:          8080,
  },
)

client.Integrations.CreateQRadarAlertChannel(qradarChannel)

func (QRadarAlertChannel) StateString added in v0.2.20

func (c QRadarAlertChannel) StateString() string

func (QRadarAlertChannel) Status added in v0.2.20

func (c QRadarAlertChannel) Status() string

type QRadarAlertChannelResponse added in v0.2.20

type QRadarAlertChannelResponse struct {
	Data    []QRadarAlertChannel `json:"data"`
	Ok      bool                 `json:"ok"`
	Message string               `json:"message"`
}

type QRadarChannelData added in v0.2.20

type QRadarChannelData struct {
	CommunicationType qradarComm `json:"QRADAR_COMM_TYPE,omitempty" mapstructure:"QRADAR_COMM_TYPE"`
	HostURL           string     `json:"QRADAR_HOST_URL" mapstructure:"QRADAR_HOST_URL"`
	HostPort          int        `json:"QRADAR_HOST_PORT,omitempty" mapstructure:"QRADAR_HOST_PORT"`
}

type RawIntegration

type RawIntegration struct {
	Data map[string]interface{} `json:"DATA"`
	// contains filtered or unexported fields
}

func (RawIntegration) StateString added in v0.1.7

func (c RawIntegration) StateString() string

func (RawIntegration) Status added in v0.1.3

func (c RawIntegration) Status() string

type RawIntegrationsResponse

type RawIntegrationsResponse struct {
	Data    []RawIntegration `json:"data"`
	Ok      bool             `json:"ok"`
	Message string           `json:"message"`
}

type ServiceNowAlertChannel added in v0.2.16

type ServiceNowAlertChannel struct {
	Data ServiceNowChannelData `json:"DATA"`
	// contains filtered or unexported fields
}

func NewServiceNowAlertChannel added in v0.2.16

func NewServiceNowAlertChannel(name string, data ServiceNowChannelData) ServiceNowAlertChannel

NewServiceNowAlertChannel returns an instance of ServiceNowAlertChannel with the provided name and data.

Basic usage: Initialize a new ServiceNowAlertChannel struct, then

           use the new instance to do CRUD operations

client, err := api.NewClient("account")
if err != nil {
  return err
}

serviceNowChannel := api.NewServiceNowAlertChannel("foo",
  api.ServiceNowChannelData{
    InstanceURL:   "snow-lacework.com",
    Username:      "snow-user",
    Password:      "snow-password",
    IssueGrouping: "Events",
  },
)

client.Integrations.CreateServiceNowAlertChannel(serviceNowChannel)

func (ServiceNowAlertChannel) StateString added in v0.2.16

func (c ServiceNowAlertChannel) StateString() string

func (ServiceNowAlertChannel) Status added in v0.2.16

func (c ServiceNowAlertChannel) Status() string

type ServiceNowAlertChannelResponse added in v0.2.16

type ServiceNowAlertChannelResponse struct {
	Data    []ServiceNowAlertChannel `json:"data"`
	Ok      bool                     `json:"ok"`
	Message string                   `json:"message"`
}

type ServiceNowChannelData added in v0.2.16

type ServiceNowChannelData struct {
	InstanceURL        string `json:"INSTANCE_URL" mapstructure:"INSTANCE_URL"`
	Username           string `json:"USER_NAME" mapstructure:"USER_NAME"`
	Password           string `json:"PASSWORD" mapstructure:"PASSWORD"`
	CustomTemplateFile string `json:"CUSTOM_TEMPLATE_FILE,omitempty" mapstructure:"CUSTOM_TEMPLATE_FILE"`
	IssueGrouping      string `json:"ISSUE_GROUPING,omitempty" mapstructure:"ISSUE_GROUPING"`
}

func (*ServiceNowChannelData) DecodeCustomTemplateFile added in v0.2.21

func (snow *ServiceNowChannelData) DecodeCustomTemplateFile() (string, error)

func (*ServiceNowChannelData) EncodeCustomTemplateFile added in v0.2.21

func (snow *ServiceNowChannelData) EncodeCustomTemplateFile(template string)

type SlackAlertChannel added in v0.1.22

type SlackAlertChannel struct {
	Data SlackChannelData `json:"DATA"`
	// contains filtered or unexported fields
}

func NewSlackAlertChannel added in v0.1.22

func NewSlackAlertChannel(name string, data SlackChannelData) SlackAlertChannel

NewSlackAlertChannel returns an instance of SlackAlertChannel with the provided name and data.

Basic usage: Initialize a new SlackAlertChannel struct, then

           use the new instance to do CRUD operations

client, err := api.NewClient("account")
if err != nil {
  return err
}

slackChannel := api.NewSlackAlertChannel("foo",
  api.SlackChannelData{
    SlackUrl: "https://hooks.slack.com/services/ABCD/12345/abcd1234",
  },
)

client.Integrations.CreateSlackAlertChannel(slackChannel)

func (SlackAlertChannel) StateString added in v0.1.22

func (c SlackAlertChannel) StateString() string

func (SlackAlertChannel) Status added in v0.1.22

func (c SlackAlertChannel) Status() string

type SlackAlertChannelResponse added in v0.1.22

type SlackAlertChannelResponse struct {
	Data    []SlackAlertChannel `json:"data"`
	Ok      bool                `json:"ok"`
	Message string              `json:"message"`
}

type SlackChannelData added in v0.1.21

type SlackChannelData struct {
	SlackUrl string `json:"SLACK_URL" mapstructure:"SLACK_URL"`
}

type SplunkAlertChannel added in v0.2.14

type SplunkAlertChannel struct {
	Data SplunkChannelData `json:"DATA"`
	// contains filtered or unexported fields
}

func NewSplunkAlertChannel added in v0.2.14

func NewSplunkAlertChannel(name string, data SplunkChannelData) SplunkAlertChannel

NewSplunkAlertChannel returns an instance of SplunkAlertChannel with the provided name and data.

Basic usage: Initialize a new SplunkAlertChannel struct, then

           use the new instance to do CRUD operations

client, err := api.NewClient("account")
if err != nil {
  return err
}

splunkChannel := api.NewSplunkAlertChannel("foo",
  api.SplunkChannelData{
    Channel: "channel-name",
    HecToken: "AA111111-11AA-1AA1-11AA-11111AA1111A",
    Host: "localhost",
    Port: 80,
    Ssl: false,
    EventData: api.SplunkEventData{
      Index: "index",
      Source: "source",
     },
  },
)

client.Integrations.CreateSplunkAlertChannel(splunkChannel)

func (SplunkAlertChannel) StateString added in v0.2.14

func (c SplunkAlertChannel) StateString() string

func (SplunkAlertChannel) Status added in v0.2.14

func (c SplunkAlertChannel) Status() string

type SplunkAlertChannelResponse added in v0.2.14

type SplunkAlertChannelResponse struct {
	Data    []SplunkAlertChannel `json:"data"`
	Ok      bool                 `json:"ok"`
	Message string               `json:"message"`
}

type SplunkChannelData added in v0.2.14

type SplunkChannelData struct {
	Channel   string          `json:"CHANNEL,omitempty" mapstructure:"CHANNEL"`
	HecToken  string          `json:"HEC_TOKEN" mapstructure:"HEC_TOKEN"`
	Host      string          `json:"HOST" mapstructure:"HOST"`
	Port      int             `json:"PORT" mapstructure:"PORT"`
	Ssl       bool            `json:"SSL" mapstructure:"SSL"`
	EventData SplunkEventData `json:"EVENT_DATA" mapstructure:"EVENT_DATA"`
}

type SplunkEventData added in v0.2.14

type SplunkEventData struct {
	Index  string `json:"INDEX" mapstructure:"INDEX"`
	Source string `json:"SOURCE" mapstructure:"SOURCE"`
}

type TokenResponse added in v0.1.24

type TokenResponse struct {
	Data    []tokenData `json:"data"`
	Ok      bool        `json:"ok"`
	Message string      `json:"message"`
}

func (TokenResponse) Token added in v0.1.24

func (tr TokenResponse) Token() string

type VictorOpsAlertChannel added in v0.2.19

type VictorOpsAlertChannel struct {
	Data VictorOpsChannelData `json:"DATA"`
	// contains filtered or unexported fields
}

func NewVictorOpsAlertChannel added in v0.2.19

func NewVictorOpsAlertChannel(name string, data VictorOpsChannelData) VictorOpsAlertChannel

NewVictorOpsAlertChannel returns an instance of VictorOpsAlertChannel with the provided name and data.

Basic usage: Initialize a new VictorOpsAlertChannel struct, then

             use the new instance to do CRUD operations

  client, err := api.NewClient("account")
  if err != nil {
    return err
  }

  datadog := api.NewVictorOpsAlertChannel("foo",
    api.VictorOpsChannelData{
		    WebhookURL: "https://alert.victorops.com/integrations/generic/20131114/alert/31e945ee-5cad-44e7-afb0-97c20ea80dd8/database,
    },
  )

  client.Integrations.CreateVictorOpsAlertChannel(datadogChannel)

func (VictorOpsAlertChannel) StateString added in v0.2.19

func (c VictorOpsAlertChannel) StateString() string

func (VictorOpsAlertChannel) Status added in v0.2.19

func (c VictorOpsAlertChannel) Status() string

type VictorOpsAlertChannelResponse added in v0.2.19

type VictorOpsAlertChannelResponse struct {
	Data    []VictorOpsAlertChannel `json:"data"`
	Ok      bool                    `json:"ok"`
	Message string                  `json:"message"`
}

type VictorOpsChannelData added in v0.2.19

type VictorOpsChannelData struct {
	WebhookURL string `json:"INTG_URL" mapstructure:"INTG_URL"`
}

type VulnContainerAssessment added in v0.2.0

type VulnContainerAssessment struct {
	TotalVulnerabilities    int32               `json:"total_vulnerabilities"`
	CriticalVulnerabilities int32               `json:"critical_vulnerabilities"`
	HighVulnerabilities     int32               `json:"high_vulnerabilities"`
	MediumVulnerabilities   int32               `json:"medium_vulnerabilities"`
	LowVulnerabilities      int32               `json:"low_vulnerabilities"`
	InfoVulnerabilities     int32               `json:"info_vulnerabilities"`
	FixableVulnerabilities  int32               `json:"fixable_vulnerabilities"`
	LastEvaluationTime      string              `json:"last_evaluation_time,omitempty"`
	Image                   *VulnContainerImage `json:"image,omitempty"`

	// @afiune these two parameters, Status and Message will appear when
	// the vulnerability scan is still running. ugh. why?
	Status  string `json:"status,omitempty"`
	Message string `json:"message,omitempty"`

	// ScanStatus is a property that will appear when the vulnerability scan finished
	// running, this status indicates whether the scan finished successfully or not
	ScanStatus string `json:"scan_status,omitempty"`
}

func (*VulnContainerAssessment) HighestFixableSeverity added in v0.4.0

func (report *VulnContainerAssessment) HighestFixableSeverity() string

HighestFixableSeverity returns the highest fixable severity level vulnerability in a VulnContainerAssessment

func (*VulnContainerAssessment) HighestSeverity added in v0.4.0

func (report *VulnContainerAssessment) HighestSeverity() string

HighestSeverity returns the highest severity level vulnerability in a VulnContainerAssessment

func (*VulnContainerAssessment) TotalFixableVulnerabilities added in v0.4.0

func (report *VulnContainerAssessment) TotalFixableVulnerabilities() int32

TotalFixableVulnerabilities returns the total number of vulnerabilities that have a fix available

func (*VulnContainerAssessment) VulnFixableCount added in v0.2.0

func (report *VulnContainerAssessment) VulnFixableCount(severity string) int32

type VulnContainerAssessmentResponse added in v0.2.0

type VulnContainerAssessmentResponse struct {
	Data    VulnContainerAssessment `json:"data"`
	Ok      bool                    `json:"ok"`
	Message string                  `json:"message"`
}

func (*VulnContainerAssessmentResponse) CheckStatus added in v0.2.0

func (res *VulnContainerAssessmentResponse) CheckStatus() string

type VulnContainerAssessmentSummary added in v0.2.0

type VulnContainerAssessmentSummary struct {
	EvalGuid                    string   `json:"eval_guid"`
	EvalStatus                  string   `json:"eval_status"`
	EvalType                    string   `json:"eval_type"`
	ImageCreatedTime            NanoTime `json:"image_created_time"`
	ImageDigest                 string   `json:"image_digest"`
	ImageID                     string   `json:"image_id"`
	ImageNamespace              string   `json:"image_namespace"`
	ImageRegistry               string   `json:"image_registry"`
	ImageRepo                   string   `json:"image_repo"`
	ImageScanErrorMsg           string   `json:"image_scan_error_msg"`
	ImageScanStatus             string   `json:"image_scan_status"`
	ImageScanTime               NanoTime `json:"image_scan_time"`
	ImageSize                   string   `json:"image_size"`
	ImageTags                   []string `json:"image_tags"`
	NdvContainers               string   `json:"ndv_containers"`
	NumFixes                    string   `json:"num_fixes"`
	NumVulnerabilitiesSeverity1 string   `json:"num_vulnerabilities_severity_1"`
	NumVulnerabilitiesSeverity2 string   `json:"num_vulnerabilities_severity_2"`
	NumVulnerabilitiesSeverity3 string   `json:"num_vulnerabilities_severity_3"`
	NumVulnerabilitiesSeverity4 string   `json:"num_vulnerabilities_severity_4"`
	NumVulnerabilitiesSeverity5 string   `json:"num_vulnerabilities_severity_5"`
	StartTime                   NanoTime `json:"start_time"`
}

type VulnContainerAssessmentsResponse added in v0.2.0

type VulnContainerAssessmentsResponse struct {
	Assessments []VulnContainerAssessmentSummary `json:"data"`
	Ok          bool                             `json:"ok"`
	Message     string                           `json:"message"`
}

type VulnContainerImage added in v0.2.0

type VulnContainerImage struct {
	ImageInfo   *vulnContainerImageInfo   `json:"image_info,omitempty"`
	ImageLayers []VulnContainerImageLayer `json:"image_layers,omitempty"`
}

type VulnContainerImageLayer added in v0.7.0

type VulnContainerImageLayer struct {
	Hash      string                 `json:"hash"`
	CreatedBy string                 `json:"created_by"`
	Packages  []VulnContainerPackage `json:"packages"`
}

type VulnContainerPackage added in v0.7.0

type VulnContainerPackage struct {
	Name            string                   `json:"name"`
	Namespace       string                   `json:"namescape"`
	Version         string                   `json:"version"`
	Vulnerabilities []ContainerVulnerability `json:"vulnerabilities"`

	// @afiune maybe these fields are host related information and not container
	FixAvailable  string `json:"fix_available,omitempty"`
	FixedVersion  string `json:"fixed_version,omitempty"`
	HostCount     string `json:"host_count,omitempty"`
	Severity      string `json:"severity,omitempty"`
	Status        string `json:"status,omitempty"`
	CveLink       string `json:"cve_link,omitempty"`
	CveScore      string `json:"cve_score,omitempty"`
	CvssV3Score   string `json:"cvss_v3_score,omitempty"`
	CvssV2Score   string `json:"cvss_v2_score,omitempty"`
	FirstSeenTime string `json:"first_seen_time,omitempty"`
}

type VulnerabilitiesService added in v0.1.3

type VulnerabilitiesService struct {
	Host      *HostVulnerabilityService
	Container *ContainerVulnerabilityService
	// contains filtered or unexported fields
}

VulnerabilitiesService is a service that interacts with the vulnerabilities endpoints from the Lacework Server

func NewVulnerabilityService added in v0.2.0

func NewVulnerabilityService(c *Client) *VulnerabilitiesService

type VulnerabilityAssessment added in v0.4.0

type VulnerabilityAssessment interface {
	HighestSeverity() string
	HighestFixableSeverity() string
	TotalFixableVulnerabilities() int32
}

VulnerabilityAssessment is used to provide common functions that are required by host or container vulnerability assessments, this is used to treat them both as equal

type WebhookAlertChannel added in v0.2.11

type WebhookAlertChannel struct {
	Data WebhookChannelData `json:"DATA"`
	// contains filtered or unexported fields
}

func NewWebhookAlertChannel added in v0.2.11

func NewWebhookAlertChannel(name string, data WebhookChannelData) WebhookAlertChannel

NewWebhookAlertChannel returns an instance of WebhookAlertChannel with the provided name and data.

Basic usage: Initialize a new WebhookAlertChannel struct, then

           use the new instance to do CRUD operations

client, err := api.NewClient("account")
if err != nil {
  return err
}

webhookChannel := api.NewWebhookAlertChannel("foo",
  api.WebhookChannelData{
    WebhookUrl: "https://mywebhook.com/?api-token=123",
  },
)

client.Integrations.CreateWebhookAlertChannel(webhookChannel)

func (WebhookAlertChannel) StateString added in v0.2.11

func (c WebhookAlertChannel) StateString() string

func (WebhookAlertChannel) Status added in v0.2.11

func (c WebhookAlertChannel) Status() string

type WebhookAlertChannelResponse added in v0.2.11

type WebhookAlertChannelResponse struct {
	Data    []WebhookAlertChannel `json:"data"`
	Ok      bool                  `json:"ok"`
	Message string                `json:"message"`
}

type WebhookChannelData added in v0.2.11

type WebhookChannelData struct {
	WebhookUrl string `json:"WEBHOOK_URL" mapstructure:"WEBHOOK_URL"`
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL