Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct { AnalysisType string `yaml:"AnalysisType"` AutoRemediationID string `yaml:"AutoRemediationID"` AutoRemediationParameters map[string]string `yaml:"AutoRemediationParameters"` DataModelID string `yaml:"DataModelID"` DedupPeriodMinutes int `yaml:"DedupPeriodMinutes"` Description string `yaml:"Description"` DisplayName string `yaml:"DisplayName"` Enabled bool `yaml:"Enabled"` Filename string `yaml:"Filename"` GlobalID string `yaml:"GlobalID"` LogTypes []string `yaml:"LogTypes"` Mappings []Mapping `yaml:"Mappings"` OutputIds []string `yaml:"OutputIds"` PolicyID string `yaml:"PolicyID"` Reference string `yaml:"Reference"` Reports map[string][]string `yaml:"Reports"` ResourceTypes []string `yaml:"ResourceTypes"` RuleID string `yaml:"RuleID"` Runbook string `yaml:"Runbook"` Severity string `yaml:"Severity"` Suppressions []string `yaml:"Suppressions"` Tags []string `yaml:"Tags"` Tests []Test `yaml:"Tests"` Threshold int `yaml:"Threshold"` }
Config defines the file format when parsing a bulk upload.
YAML tags required because the YAML unmarshaller needs them JSON tags not present because the JSON unmarshaller is easy
type Event ¶
type Event struct { Data interface{} `json:"data"` ID string `json:"id"` }
Event is a security log to be analyzed, e.g. a CloudTrail event.
type Mapping ¶ added in v1.13.0
type Mapping struct { Path string `yaml:"Path"` Method string `yaml:"Method"` Name string `yaml:"Name"` }
Mapping converts source log field name to standard field name.
type Policy ¶
type Policy struct { Body string `json:"body"` ID string `json:"id"` ResourceTypes []string `json:"resourceTypes"` }
Policy is a subset of the policy fields needed for analysis, returns True if compliant.
type PolicyEngineInput ¶
type PolicyEngineInput struct { Policies []Policy `json:"policies"` Resources []Resource `json:"resources"` }
PolicyEngineInput is the request format for invoking the panther-policy-engine Lambda function.
type PolicyEngineOutput ¶
type PolicyEngineOutput struct {
Resources []Result `json:"resources"`
}
PolicyEngineOutput is the response format returned by the panther-policy-engine Lambda function.
type PolicyError ¶
type PolicyError struct { ID string `json:"id"` // policy ID which caused runtime error Message string `json:"message"` // error message }
PolicyError indicates an error when evaluating a policy.
type Resource ¶
type Resource struct { Attributes interface{} `json:"attributes"` ID string `json:"id"` Type string `json:"type"` }
Resource is a subset of the resource fields needed for analysis.
type Result ¶
type Result struct { ID string `json:"id"` // resourceID Errored []PolicyError `json:"errored"` Failed []string `json:"failed"` // set of non-compliant policy IDs Passed []string `json:"passed"` // set of compliant policy IDs }
Result is the analysis result for a single resource.
type Rule ¶
type Rule struct { Body string `json:"body"` ID string `json:"id"` LogTypes []string `json:"logTypes"` }
Rule evaluates streaming logs, returning True if an alert should be triggered.
type RuleResult ¶ added in v1.12.0
type RuleResult struct { ID string `json:"id"` RuleID string `json:"ruleId"` RuleOutput bool `json:"ruleOutput"` // Rule function outputs RuleError string `json:"ruleError"` TitleOutput string `json:"titleOutput"` TitleError string `json:"titleError"` DedupOutput string `json:"dedupOutput"` DedupError string `json:"dedupError"` AlertContextOutput string `json:"alertContextOutput"` AlertContextError string `json:"alertContextError"` // Indicates general error in the Python script (import error, syntax error, etc). GenericError string `json:"genericError"` // True if any error (generic or from rule functions) is included in the result. Errored bool `json:"errored"` }
The result of a evaluating a rule with an event.
type RulesEngineInput ¶
RulesEngineInput is the request format when doing event-driven log analysis.
type RulesEngineOutput ¶
type RulesEngineOutput struct {
Results []RuleResult `json:"results"`
}
RulesEngineOutput is the response returned when invoking in log analysis mode.
type Test ¶
type Test struct { ExpectedResult bool `yaml:"ExpectedResult"` Log interface{} `yaml:"Log"` LogType string `yaml:"LogType"` Name string `yaml:"Name"` Resource interface{} `yaml:"Resource"` ResourceType string `yaml:"ResourceType"` }
Test is a unit test definition when parsing policies in a bulk upload.