Documentation ¶
Index ¶
- Constants
- func Validator() (*validator.Validate, error)
- type CheckIntegrationInput
- type DeleteIntegrationInput
- type FullScanInput
- type GetIntegrationTemplateInput
- type LambdaInput
- type ListIntegrationsInput
- type ListLogTypesInput
- type ListLogTypesOutput
- type PutIntegrationInput
- type PutIntegrationSettings
- type S3PrefixLogtypes
- type S3PrefixLogtypesMapping
- type SourceIntegration
- type SourceIntegrationHealth
- type SourceIntegrationItemStatus
- type SourceIntegrationMetadata
- type SourceIntegrationScanInformation
- type SourceIntegrationStatus
- type SourceIntegrationTemplate
- type SqsConfig
- type UpdateIntegrationLastScanEndInput
- type UpdateIntegrationLastScanStartInput
- type UpdateIntegrationSettingsInput
- type UpdateStatusInput
Constants ¶
const ( // IntegrationTypeAWSScan is the integration type for snapshots in customer AWS accounts. IntegrationTypeAWSScan = "aws-scan" // IntegrationTypeAWS3 is the integration type for importing data from customer S3 buckets. IntegrationTypeAWS3 = "aws-s3" // IntegrationTypeSqs is integration type for pulling data from an SQS queue. IntegrationTypeSqs = "aws-sqs" // StatusError is the string set in the database when an error occurs in a scan. StatusError = "error" // StatusOK is the string set in the database when a scan is successful. StatusOK = "ok" // StatusScanning is the status set while a scan is underway. StatusScanning = "scanning" )
Variables ¶
This section is empty.
Functions ¶
Types ¶
type CheckIntegrationInput ¶
type CheckIntegrationInput struct { AWSAccountID string `genericapi:"redact" json:"awsAccountId" validate:"omitempty,len=12,numeric"` IntegrationType string `json:"integrationType" validate:"oneof=aws-scan aws-s3 aws-sqs"` IntegrationLabel string `json:"integrationLabel" validate:"required,integrationLabel"` // Checks for cloudsec integrations EnableCWESetup *bool `json:"enableCWESetup"` EnableRemediation *bool `json:"enableRemediation"` // Checks for log analysis integrations S3Bucket string `json:"s3Bucket"` S3PrefixLogTypes S3PrefixLogtypes `json:"s3PrefixLogTypes,omitempty"` KmsKey string `json:"kmsKey"` // Checks for Sqs configuration SqsConfig *SqsConfig `json:"sqsConfig,omitempty"` }
CheckIntegrationInput is used to check the health of a potential configuration.
type DeleteIntegrationInput ¶
type DeleteIntegrationInput struct {
IntegrationID string `json:"integrationId" validate:"required,uuid4"`
}
DeleteIntegrationInput is used to delete a specific item from the database.
type FullScanInput ¶ added in v1.2.1
type FullScanInput struct {
Integrations []*SourceIntegrationMetadata
}
FullScanInput is used to do a full scan of one or more integrations.
type GetIntegrationTemplateInput ¶
type GetIntegrationTemplateInput struct { AWSAccountID string `genericapi:"redact" json:"awsAccountId" validate:"required,len=12,numeric"` IntegrationType string `json:"integrationType" validate:"oneof=aws-scan aws-s3"` IntegrationLabel string `json:"integrationLabel" validate:"required,integrationLabel"` RemediationEnabled *bool `json:"remediationEnabled"` CWEEnabled *bool `json:"cweEnabled"` Enabled *bool `json:"enabled" validate:"omitempty"` RegionIgnoreList []string `json:"regionIgnoreList" validate:"omitempty"` ResourceTypeIgnoreList []string `json:"resourceTypeIgnoreList" validate:"omitempty"` ResourceRegexIgnoreList []string `json:"resourceRegexIgnoreList" validate:"omitempty"` S3Bucket string `json:"s3Bucket" validate:"omitempty,min=1"` S3Prefix string `json:"s3Prefix" validate:"omitempty,min=1"` KmsKey string `json:"kmsKey" validate:"omitempty,kmsKeyArn"` }
GetIntegrationTemplateInput allows specification of what resources should be enabled/disabled in the template
type LambdaInput ¶
type LambdaInput struct { CheckIntegration *CheckIntegrationInput `json:"integrationHealthCheck"` PutIntegration *PutIntegrationInput `json:"putIntegration"` UpdateIntegrationSettings *UpdateIntegrationSettingsInput `json:"updateIntegrationSettings"` ListIntegrations *ListIntegrationsInput `json:"listIntegrations"` DeleteIntegration *DeleteIntegrationInput `json:"deleteIntegration"` ListLogTypes *ListLogTypesInput `json:"listLogTypes"` GetIntegrationTemplate *GetIntegrationTemplateInput `json:"getIntegrationTemplate"` UpdateIntegrationLastScanEnd *UpdateIntegrationLastScanEndInput `json:"updateIntegrationLastScanEnd"` UpdateIntegrationLastScanStart *UpdateIntegrationLastScanStartInput `json:"updateIntegrationLastScanStart"` FullScan *FullScanInput `json:"fullScan"` UpdateStatus *UpdateStatusInput `json:"updateStatus"` }
LambdaInput is the collection of all possible args to the Lambda function.
type ListIntegrationsInput ¶
type ListIntegrationsInput struct {
IntegrationType *string `json:"integrationType" validate:"omitempty,oneof=aws-scan aws-s3 aws-sqs"`
}
ListIntegrationsInput allows filtering by the IntegrationType field
type ListLogTypesOutput ¶ added in v1.12.0
type ListLogTypesOutput struct {
LogTypes []string `json:"logTypes" validate:"omitempty"`
}
ListLogTypesOutput
type PutIntegrationInput ¶
type PutIntegrationInput struct {
PutIntegrationSettings
}
PutIntegrationInput is used to add one or many integrations.
type PutIntegrationSettings ¶
type PutIntegrationSettings struct { IntegrationLabel string `json:"integrationLabel" validate:"required,integrationLabel,excludesall='<>&\""` IntegrationType string `json:"integrationType" validate:"oneof=aws-scan aws-s3 aws-sqs"` UserID string `json:"userId" validate:"required,uuid4"` AWSAccountID string `genericapi:"redact" json:"awsAccountId" validate:"omitempty,len=12,numeric"` CWEEnabled *bool `json:"cweEnabled"` RemediationEnabled *bool `json:"remediationEnabled"` ScanIntervalMins int `json:"scanIntervalMins" validate:"omitempty,oneof=60 180 360 720 1440"` Enabled *bool `json:"enabled"` RegionIgnoreList []string `json:"regionIgnoreList"` ResourceTypeIgnoreList []string `json:"resourceTypeIgnoreList"` ResourceRegexIgnoreList []string `json:"resourceRegexIgnoreList"` S3Bucket string `json:"s3Bucket"` S3PrefixLogTypes S3PrefixLogtypes `json:"s3PrefixLogTypes,omitempty" validate:"omitempty,min=1"` KmsKey string `json:"kmsKey" validate:"omitempty,kmsKeyArn"` SqsConfig *SqsConfig `json:"sqsConfig,omitempty"` }
PutIntegrationSettings are all the settings for the new integration.
type S3PrefixLogtypes ¶ added in v1.15.0
type S3PrefixLogtypes []S3PrefixLogtypesMapping
func (S3PrefixLogtypes) LogTypes ¶ added in v1.15.0
func (pl S3PrefixLogtypes) LogTypes() []string
func (S3PrefixLogtypes) LongestPrefixMatch ¶ added in v1.15.0
func (pl S3PrefixLogtypes) LongestPrefixMatch(objectKey string) (bestMatch S3PrefixLogtypesMapping, matched bool)
Return the S3PrefixLogtypesMapping whose prefix is the longest one that matches the objectKey.
func (S3PrefixLogtypes) S3Prefixes ¶ added in v1.15.0
func (pl S3PrefixLogtypes) S3Prefixes() []string
type S3PrefixLogtypesMapping ¶ added in v1.15.0
type S3PrefixLogtypesMapping struct { S3Prefix string `json:"prefix"` LogTypes []string `json:"logTypes" validate:"required,min=1"` }
S3PrefixLogtypesMapping contains the logtypes Panther should parse for this s3 prefix.
type SourceIntegration ¶
type SourceIntegration struct { SourceIntegrationMetadata SourceIntegrationStatus SourceIntegrationScanInformation }
SourceIntegration represents a Panther integration with a source.
func (*SourceIntegration) RequiredLogProcessingRole ¶ added in v1.15.0
func (s *SourceIntegration) RequiredLogProcessingRole() string
func (*SourceIntegration) RequiredLogTypes ¶ added in v1.8.0
func (s *SourceIntegration) RequiredLogTypes() (logTypes []string)
Note: Don't use this for classification as the S3 source has different log types per prefix defined.
func (*SourceIntegration) S3Info ¶ added in v1.15.0
func (s *SourceIntegration) S3Info() (bucket string, prefixes []string)
Return the s3 bucket and prefixes configured to hold input data for this source. For an s3 source, bucket and prefixes are user inputs.
type SourceIntegrationHealth ¶
type SourceIntegrationHealth struct { IntegrationType string `json:"integrationType"` // Checks for cloudsec integrations AuditRoleStatus SourceIntegrationItemStatus `json:"auditRoleStatus,omitempty"` CWERoleStatus SourceIntegrationItemStatus `json:"cweRoleStatus,omitempty"` RemediationRoleStatus SourceIntegrationItemStatus `json:"remediationRoleStatus,omitempty"` // Checks for log analysis integrations ProcessingRoleStatus SourceIntegrationItemStatus `json:"processingRoleStatus,omitempty"` S3BucketStatus SourceIntegrationItemStatus `json:"s3BucketStatus,omitempty"` KMSKeyStatus SourceIntegrationItemStatus `json:"kmsKeyStatus,omitempty"` // Checks for Sqs integrations SqsStatus SourceIntegrationItemStatus `json:"sqsStatus"` }
type SourceIntegrationMetadata ¶
type SourceIntegrationMetadata struct { AWSAccountID string `json:"awsAccountId,omitempty"` CreatedAtTime time.Time `json:"createdAtTime,omitempty"` CreatedBy string `json:"createdBy,omitempty"` IntegrationID string `json:"integrationId,omitempty"` IntegrationLabel string `json:"integrationLabel,omitempty"` IntegrationType string `json:"integrationType,omitempty"` RemediationEnabled *bool `json:"remediationEnabled,omitempty"` CWEEnabled *bool `json:"cweEnabled,omitempty"` ScanIntervalMins int `json:"scanIntervalMins,omitempty"` // optional fields for snapshot-poller filtering Enabled *bool `json:"enabled,omitempty"` RegionIgnoreList []string `json:"regionIgnoreList,omitempty"` ResourceTypeIgnoreList []string `json:"resourceTypeIgnoreList,omitempty"` ResourceRegexIgnoreList []string `json:"resourceRegexIgnoreList,omitempty"` // fields specific for an s3 integration (plus AWSAccountID, StackName) S3Bucket string `json:"s3Bucket,omitempty"` S3PrefixLogTypes S3PrefixLogtypes `json:"s3PrefixLogTypes,omitempty"` KmsKey string `json:"kmsKey,omitempty"` LogProcessingRole string `json:"logProcessingRole,omitempty"` StackName string `json:"stackName,omitempty"` SqsConfig *SqsConfig `json:"sqsConfig,omitempty"` }
SourceIntegrationMetadata is general settings and metadata for an integration.
type SourceIntegrationScanInformation ¶
type SourceIntegrationScanInformation struct { LastScanStartTime *time.Time `json:"lastScanStartTime,omitempty"` LastScanEndTime *time.Time `json:"lastScanEndTime,omitempty"` LastScanErrorMessage string `json:"lastScanErrorMessage,omitempty"` }
SourceIntegrationScanInformation is detail about the last snapshot.
type SourceIntegrationStatus ¶
type SourceIntegrationStatus struct { ScanStatus string `json:"scanStatus,omitempty"` EventStatus string `json:"eventStatus,omitempty"` LastEventReceived *time.Time `json:"lastEventReceived,omitempty"` }
SourceIntegrationStatus provides information about the status of a source
type SqsConfig ¶ added in v1.6.0
type SqsConfig struct { // The log types associated with the source. Needs to be set by UI. LogTypes []string `json:"logTypes" validate:"required,min=1"` // The AWS Principals that are allowed to send data to this source. Needs to be set by UI. AllowedPrincipalArns []string `json:"allowedPrincipalArns"` // The ARNS (e.g. SNS topic ARNs) that are allowed to send data to this source. Needs to be set by UI. AllowedSourceArns []string `json:"allowedSourceArns"` // The Panther-internal S3 bucket where the data from this source will be available S3Bucket string `json:"s3Bucket"` // The Role that the log processor can use to access this data LogProcessingRole string `json:"logProcessingRole"` // THe URL of the SQS queue QueueURL string `json:"queueUrl"` }
type UpdateIntegrationLastScanEndInput ¶
type UpdateIntegrationLastScanEndInput struct { ScanStatus string `json:"scanStatus" validate:"oneof=ok error scanning"` IntegrationID string `json:"integrationId" validate:"required,uuid4"` LastScanEndTime time.Time `json:"lastScanEndTime" validate:"required"` EventStatus string `json:"eventStatus"` LastScanErrorMessage string `json:"lastScanErrorMessage"` }
UpdateIntegrationLastScanEndInput is used to update scan information at the end of a scan.
type UpdateIntegrationLastScanStartInput ¶
type UpdateIntegrationLastScanStartInput struct { IntegrationID string `json:"integrationId" validate:"required,uuid4"` LastScanStartTime time.Time `json:"lastScanStartTime" validate:"required"` ScanStatus string `json:"scanStatus" validate:"required,oneof=ok error scanning"` }
UpdateIntegrationLastScanStartInput is used to update scan information at the beginning of a scan.
type UpdateIntegrationSettingsInput ¶
type UpdateIntegrationSettingsInput struct { IntegrationID string `json:"integrationId" validate:"required,uuid4"` IntegrationLabel string `json:"integrationLabel" validate:"required,integrationLabel,excludesall='<>&\""` CWEEnabled *bool `json:"cweEnabled"` RemediationEnabled *bool `json:"remediationEnabled"` ScanIntervalMins int `json:"scanIntervalMins" validate:"omitempty,oneof=60 180 360 720 1440"` Enabled *bool `json:"enabled"` RegionIgnoreList []string `json:"regionIgnoreList"` ResourceTypeIgnoreList []string `json:"resourceTypeIgnoreList"` ResourceRegexIgnoreList []string `json:"resourceRegexIgnoreList"` S3Bucket string `json:"s3Bucket" validate:"omitempty,min=1"` S3PrefixLogTypes S3PrefixLogtypes `json:"s3PrefixLogTypes,omitempty" validate:"omitempty,min=1"` KmsKey string `json:"kmsKey" validate:"omitempty,kmsKeyArn"` SqsConfig *SqsConfig `json:"sqsConfig,omitempty"` }
UpdateIntegrationSettingsInput is used to update integration settings.
type UpdateStatusInput ¶ added in v1.5.1
type UpdateStatusInput struct { IntegrationID string `json:"integrationId" validate:"required,uuid4"` LastEventReceived time.Time `json:"lastEventReceived" validate:"required"` }
Updates the status of an integration Sample request:
{ "updateStatus": { "integrationId": "uuid", "lastEventReceived":"2020-10-10T05:03:01Z" } }