module

package
v0.0.2-0...-4ce78c8 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 17, 2021 License: Apache-2.0, Apache-2.0 Imports: 29 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewModule 

func NewModule(cfg *config.Config) (api.Module, error)

NewModule instantiates a runtime security system-probe module

Types

type APIServer 

type APIServer struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

APIServer represents a gRPC server in charge of receiving events sent by the runtime security system-probe module and forwards them to Datadog

func NewAPIServer 

func NewAPIServer(cfg *config.Config, probe *sprobe.Probe, client *statsd.Client) *APIServer

NewAPIServer returns a new gRPC event server

func (*APIServer) Apply 

func (a *APIServer) Apply(ruleIDs []rules.RuleID)

Apply a rule set

func (*APIServer) DumpProcessCache 

func (a *APIServer) DumpProcessCache(ctx context.Context, params *api.DumpProcessCacheParams) (*api.SecurityDumpProcessCacheMessage, error)

DumpProcessCache handle process dump cache requests

func (*APIServer) GetEvents 

func (a *APIServer) GetEvents(params *api.GetEventParams, stream api.SecurityModule_GetEventsServer) error

GetEvents waits for security events

func (*APIServer) GetStats 

func (a *APIServer) GetStats() map[string]int64

GetStats returns a map indexed by ruleIDs that describes the amount of events that were expired or rate limited before reaching

func (*APIServer) SendEvent 

func (a *APIServer) SendEvent(rule *rules.Rule, event Event)

SendEvent forwards events sent by the runtime security module to Datadog

func (*APIServer) SendStats 

func (a *APIServer) SendStats() error

SendStats sends statistics about the number of dropped events

type AgentContext 

type AgentContext struct {
	RuleID        string `json:"ruleId"`
	RuleVersion   string `json:"ruleVersion,omitempty"`
	PolicyName    string `json:"policyName,omitempty"`
	PolicyVersion string `json:"policyVersion,omitempty"`
}

AgentContext serializes the agent context to JSON easyjson:json

func (AgentContext) MarshalEasyJSON 

func (v AgentContext) MarshalEasyJSON(w *jwriter.Writer)

MarshalEasyJSON supports easyjson.Marshaler interface

func (AgentContext) MarshalJSON 

func (v AgentContext) MarshalJSON() ([]byte, error)

MarshalJSON supports json.Marshaler interface

func (*AgentContext) UnmarshalEasyJSON 

func (v *AgentContext) UnmarshalEasyJSON(l *jlexer.Lexer)

UnmarshalEasyJSON supports easyjson.Unmarshaler interface

func (*AgentContext) UnmarshalJSON 

func (v *AgentContext) UnmarshalJSON(data []byte) error

UnmarshalJSON supports json.Unmarshaler interface

type Event 

type Event interface {
	GetTags() []string
	GetType() string
}

Event is the interface that an event must implement to be sent to the backend

type Limit 

type Limit struct {
	Limit int
	Burst int
}

Limit defines rate limiter limit

type Limiter 

type Limiter struct {
	// contains filtered or unexported fields
}

Limiter describes an object that applies limits on the rate of triggering of a rule to ensure we don't overflow with too permissive rules

func NewLimiter 

func NewLimiter(limit rate.Limit, burst int) *Limiter

NewLimiter returns a new rule limiter

type LimiterOpts 

type LimiterOpts struct {
	Limits map[rules.RuleID]Limit
}

LimiterOpts rate limiter options

type Module 

type Module struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

Module represents the system-probe module for the runtime security agent

func (*Module) Close 

func (m *Module) Close()

Close the module

func (*Module) EventDiscarderFound 

func (m *Module) EventDiscarderFound(rs *rules.RuleSet, event eval.Event, field eval.Field, eventType eval.EventType)

EventDiscarderFound is called by the ruleset when a new discarder discovered

func (*Module) GetProbe 

func (m *Module) GetProbe() *sprobe.Probe

GetProbe returns the module's probe

func (*Module) GetRuleSet 

func (m *Module) GetRuleSet() *rules.RuleSet

GetRuleSet returns the set of loaded rules

func (*Module) GetStats 

func (m *Module) GetStats() map[string]interface{}

GetStats returns statistics about the module

func (*Module) HandleCustomEvent 

func (m *Module) HandleCustomEvent(rule *rules.Rule, event *sprobe.CustomEvent)

HandleCustomEvent is called by the probe when an event should be sent to Datadog but doesn't need evaluation

func (*Module) HandleEvent 

func (m *Module) HandleEvent(event *sprobe.Event)

HandleEvent is called by the probe when an event arrives from the kernel

func (*Module) Register 

func (m *Module) Register(httpMux *http.ServeMux) error

Register the runtime security agent module

func (*Module) Reload 

func (m *Module) Reload() error

Reload the rule set

func (*Module) RuleMatch 

func (m *Module) RuleMatch(rule *rules.Rule, event eval.Event)

RuleMatch is called by the ruleset when a rule matches

func (*Module) SendEvent 

func (m *Module) SendEvent(rule *rules.Rule, event Event)

SendEvent sends an event to the backend after checking that the rate limiter allows it for the provided rule

type RateLimiter 

type RateLimiter struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

RateLimiter describes a set of rule rate limiters

func NewRateLimiter 

func NewRateLimiter(client *statsd.Client, opts LimiterOpts) *RateLimiter

NewRateLimiter initializes an empty rate limiter

func (*RateLimiter) Allow 

func (rl *RateLimiter) Allow(ruleID string) bool

Allow returns true if a specific rule shall be allowed to sent a new event

func (*RateLimiter) Apply 

func (rl *RateLimiter) Apply(rules []rules.RuleID)

Apply a set of rules

func (*RateLimiter) GetStats 

func (rl *RateLimiter) GetStats() map[rules.RuleID]RateLimiterStat

GetStats returns a map indexed by ruleIDs that describes the amount of events that were dropped because of the rate limiter

func (*RateLimiter) SendStats 

func (rl *RateLimiter) SendStats() error

SendStats sends statistics about the number of sent and drops events for the set of rules

type RateLimiterStat 

type RateLimiterStat struct {
	// contains filtered or unexported fields
}

RateLimiterStat represents the rate limiting statistics

type RuleEvent 

type RuleEvent struct {
	RuleID string `json:"ruleId"`
	Event  Event  `json:"event"`
}

RuleEvent is a wrapper used to send an event to the backend

type Signal 

type Signal struct {
	*AgentContext `json:"agent"`
	Title         string `json:"title"`
}

Signal - Rule event wrapper used to send an event to the backend easyjson:json

func (Signal) MarshalEasyJSON 

func (v Signal) MarshalEasyJSON(w *jwriter.Writer)

MarshalEasyJSON supports easyjson.Marshaler interface

func (Signal) MarshalJSON 

func (v Signal) MarshalJSON() ([]byte, error)

MarshalJSON supports json.Marshaler interface

func (*Signal) UnmarshalEasyJSON 

func (v *Signal) UnmarshalEasyJSON(l *jlexer.Lexer)

UnmarshalEasyJSON supports easyjson.Unmarshaler interface

func (*Signal) UnmarshalJSON 

func (v *Signal) UnmarshalJSON(data []byte) error

UnmarshalJSON supports json.Unmarshaler interface

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.