models

package

v1.0.1-0...-5d367bd Latest Latest Go to latest Published: Jan 18, 2021 License: MIT Imports: 1 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/m-mizutani/uguisu

Links

Open Source Insights

Documentation ¶

Index ¶

type Alert
type CloudTrailAdditionalEventData
type CloudTrailLogObject
type CloudTrailRecord
type CloudTrailSessionContext
type CloudTrailSessionIssuer
type CloudTrailUserIdentity
type Rule
type RuleSet
- func (x *RuleSet) Detect(record *CloudTrailRecord) []*Alert
- func (x *RuleSet) Diagnosis() error
type Severity

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Alert ¶

type Alert struct {
	DetectedBy  Rule
	Title       string
	RuleID      string
	Sev         Severity
	Description string
	Events      []*CloudTrailRecord
}

Alert represents notification data set to Slack

type CloudTrailAdditionalEventData ¶

type CloudTrailAdditionalEventData struct {
	MFAUsed         string
	SamlProviderArn *string `json:"SamlProviderArn,omitempty"`
}

type CloudTrailLogObject ¶

type CloudTrailLogObject struct {
	Records []*CloudTrailRecord `json:"Records"`
}

CloudTrailLogObject represents S3 object data of CloudTrail log

type CloudTrailRecord ¶

type CloudTrailRecord struct {
	EventTime       string                 `json:"eventTime"`
	EventVersion    string                 `json:"eventVersion"`
	UserIdentity    CloudTrailUserIdentity `json:"userIdentity"`
	EventSource     string                 `json:"eventSource"`
	EventName       string                 `json:"eventName"`
	AwsRegion       string                 `json:"awsRegion"`
	SourceIPAddress string                 `json:"sourceIPAddress"`
	UserAgent       string                 `json:"userAgent"`

	ErrorCode    *string `json:"errorCode,omitempty"`
	ErrorMessage *string `json:"errorMessage,omitempty"`

	RequestParameters   map[string]interface{}         `json:"requestParameters,omitempty"`
	ResponseElements    map[string]interface{}         `json:"responseElements,omitempty"`
	AdditionalEventData *CloudTrailAdditionalEventData `json:"additionalEventData,omitempty"`
	RequestID           string                         `json:"requestID"`
	EventID             string                         `json:"eventID"`
	EventType           string                         `json:"eventType"`
	APIVersion          string                         `json:"apiVersion"`
	ManagementEvent     bool                           `json:"managementEvent"`
	ReadOnly            bool                           `json:"readOnly"`
	Resources           interface{}                    `json:"resources,omitempty"`
	RecipientAccountID  string                         `json:"recipientAccountId"`
	ServiceEventDetails map[string]interface{}         `json:"serviceEventDetails"`
	SharedEventID       string                         `json:"sharedEventID"`
	VpcEndpointID       string                         `json:"vpcEndpointId"`
	EventCategory       string                         `json:"eventCategory"`
}

CloudTrailRecord represents one event log of CloudTrail

type CloudTrailSessionContext ¶

type CloudTrailSessionContext struct {
	SessionIssuer *CloudTrailSessionIssuer `json:"sessionIssuer,omitempty"`
}

type CloudTrailSessionIssuer ¶

type CloudTrailSessionIssuer struct {
	Type string `json:"type"`
}

type CloudTrailUserIdentity ¶

type CloudTrailUserIdentity struct {
	AccountID      string                    `json:"accountId"`
	ARN            string                    `json:"arn"`
	InvokedBy      *string                   `json:"invokedBy,omitempty"`
	SessionContext *CloudTrailSessionContext `json:"sessionContext,omitempty"`
	Type           string                    `json:"type"`
}

CloudTrailUserIdentity represents userIdentity field in CloudTrail record

type Rule ¶

type Rule interface {
	ID() string
	Title() string
	Description() string
	Severity() Severity
	Match(record *CloudTrailRecord) bool
}

type RuleSet ¶

type RuleSet struct {
	Rules []Rule
}

RuleSet is collection of Rule and has Detect method for bulk evaluation

func (*RuleSet) Detect ¶

func (x *RuleSet) Detect(record *CloudTrailRecord) []*Alert

Detect is bulk evaluation method of rules in the RuleSet. It returns set of Alert that is matched with a rule. It returns nil (0 length array) if no rule is matched

func (*RuleSet) Diagnosis ¶

func (x *RuleSet) Diagnosis() error

Diagnosis checks consistency of RuleSet. Checking conflict Rule ID for now.

type Severity ¶

type Severity string

const (
	SeverityHigh   Severity = "high"
	SeverityMedium Severity = "medium"
	SeverityLow    Severity = "low"
)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL