forwarder

package

v1.12.0 Latest Latest Go to latest Published: Nov 12, 2020 License: AGPL-3.0 Imports: 21 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/panther-labs/panther

Documentation ¶

Index ¶

Constants
Variables
type Alert
type AlertDedupEvent
- func FromDynamodDBAttribute(input map[string]events.DynamoDBAttributeValue) (event *AlertDedupEvent, err error)
type Handler
- func (h *Handler) Do(oldAlertDedupEvent, newAlertDedupEvent *AlertDedupEvent) (err error)
type RuleCache
- func NewCache(httpClient *http.Client, policyClient *policiesclient.PantherAnalysisAPI) *RuleCache
- func (c *RuleCache) Get(id, version string) (*models.Rule, error)

Constants ¶

View Source

const (
	// The type of an Alert that is triggered because of a rule encountering an error
	RuleErrorType = "RULE_ERROR"
)

Variables ¶

View Source

var (
	StaticLogger = metrics.MustStaticLogger([]metrics.DimensionSet{
		{
			"AnalysisType",
			"Severity",
		},
		{
			"AnalysisType",
			"AnalysisID",
		},
		{
			"AnalysisType",
		},
	}, []metrics.Metric{
		{
			Name: "AlertsCreated",
			Unit: metrics.UnitCount,
		},
	})
	AnalysisTypeDimension = metrics.Dimension{
		Name:  "AnalysisType",
		Value: "Rule",
	}
)

Functions ¶

This section is empty.

Types ¶

type Alert ¶

type Alert struct {
	ID                  string    `dynamodbav:"id,string"`
	TimePartition       string    `dynamodbav:"timePartition,string"`
	Severity            string    `dynamodbav:"severity,string"`
	RuleDisplayName     *string   `dynamodbav:"ruleDisplayName,string"`
	FirstEventMatchTime time.Time `dynamodbav:"firstEventMatchTime,string"`
	LogTypes            []string  `dynamodbav:"logTypes,stringset"`
	Title               string    `dynamodbav:"title,string"` // The alert title. It will be the Python-generated title or a default one if
	// no Python-generated title is available.
	AlertDedupEvent
}

Alert contains all the fields associated to the alert stored in DDB

type AlertDedupEvent ¶

type AlertDedupEvent struct {
	RuleID              string    `dynamodbav:"ruleId,string"`
	RuleVersion         string    `dynamodbav:"ruleVersion,string"`
	DeduplicationString string    `dynamodbav:"dedup,string"`
	CreationTime        time.Time `dynamodbav:"creationTime,string"`
	UpdateTime          time.Time `dynamodbav:"updateTime,string"`
	EventCount          int64     `dynamodbav:"eventCount,number"`
	LogTypes            []string  `dynamodbav:"logTypes,stringset"`
	AlertContext        *string   `dynamodbav:"context,string"`
	Type                *string   `dynamodbav:"-"` // There is no need to store this item in DDB
	GeneratedTitle      *string   `dynamodbav:"-"` // The title that was generated dynamically using Python. Might be null.
	AlertCount          int64     `dynamodbav:"-"` // There is no need to store this item in DDB

}

AlertDedupEvent represents the event stored in the alert dedup DDB table by the rules engine

func FromDynamodDBAttribute ¶

func FromDynamodDBAttribute(input map[string]events.DynamoDBAttributeValue) (event *AlertDedupEvent, err error)

type Handler ¶ added in v1.6.0

type Handler struct {
	SqsClient        sqsiface.SQSAPI
	Cache            *RuleCache
	DdbClient        dynamodbiface.DynamoDBAPI
	AlertTable       string
	AlertingQueueURL string
}

func (*Handler) Do ¶ added in v1.6.0

func (h *Handler) Do(oldAlertDedupEvent, newAlertDedupEvent *AlertDedupEvent) (err error)

type RuleCache ¶ added in v1.6.0

type RuleCache struct {
	// contains filtered or unexported fields
}

s3ClientCacheKey -> S3 client

func NewCache ¶ added in v1.6.0

func NewCache(httpClient *http.Client, policyClient *policiesclient.PantherAnalysisAPI) *RuleCache

func (*RuleCache) Get ¶ added in v1.6.0

func (c *RuleCache) Get(id, version string) (*models.Rule, error)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL