models

package
v1.15.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 5, 2021 License: AGPL-3.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// IntegrationTypeAWSScan is the integration type for snapshots in customer AWS accounts.
	IntegrationTypeAWSScan = "aws-scan"
	// IntegrationTypeAWS3 is the integration type for importing data from customer S3 buckets.
	IntegrationTypeAWS3 = "aws-s3"
	// IntegrationTypeSqs is integration type for pulling data from an SQS queue.
	IntegrationTypeSqs = "aws-sqs"

	// StatusError is the string set in the database when an error occurs in a scan.
	StatusError = "error"
	// StatusOK is the string set in the database when a scan is successful.
	StatusOK = "ok"
	// StatusScanning is the status set while a scan is underway.
	StatusScanning = "scanning"
)

Variables

This section is empty.

Functions

func Validator

func Validator() (*validator.Validate, error)

Validator builds a custom struct validator.

Types

type CheckIntegrationInput

type CheckIntegrationInput struct {
	AWSAccountID     string `genericapi:"redact" json:"awsAccountId" validate:"omitempty,len=12,numeric"`
	IntegrationType  string `json:"integrationType" validate:"oneof=aws-scan aws-s3 aws-sqs"`
	IntegrationLabel string `json:"integrationLabel" validate:"required,integrationLabel"`

	// Checks for cloudsec integrations
	EnableCWESetup    *bool `json:"enableCWESetup"`
	EnableRemediation *bool `json:"enableRemediation"`

	// Checks for log analysis integrations
	S3Bucket         string           `json:"s3Bucket"`
	S3PrefixLogTypes S3PrefixLogtypes `json:"s3PrefixLogTypes,omitempty"`
	KmsKey           string           `json:"kmsKey"`

	// Checks for Sqs configuration
	SqsConfig *SqsConfig `json:"sqsConfig,omitempty"`
}

CheckIntegrationInput is used to check the health of a potential configuration.

type DeleteIntegrationInput

type DeleteIntegrationInput struct {
	IntegrationID string `json:"integrationId" validate:"required,uuid4"`
}

DeleteIntegrationInput is used to delete a specific item from the database.

type FullScanInput added in v1.2.1

type FullScanInput struct {
	Integrations []*SourceIntegrationMetadata
}

FullScanInput is used to do a full scan of one or more integrations.

type GetIntegrationTemplateInput

type GetIntegrationTemplateInput struct {
	AWSAccountID            string   `genericapi:"redact" json:"awsAccountId" validate:"required,len=12,numeric"`
	IntegrationType         string   `json:"integrationType" validate:"oneof=aws-scan aws-s3"`
	IntegrationLabel        string   `json:"integrationLabel" validate:"required,integrationLabel"`
	RemediationEnabled      *bool    `json:"remediationEnabled"`
	CWEEnabled              *bool    `json:"cweEnabled"`
	Enabled                 *bool    `json:"enabled" validate:"omitempty"`
	RegionIgnoreList        []string `json:"regionIgnoreList" validate:"omitempty"`
	ResourceTypeIgnoreList  []string `json:"resourceTypeIgnoreList" validate:"omitempty"`
	ResourceRegexIgnoreList []string `json:"resourceRegexIgnoreList" validate:"omitempty"`
	S3Bucket                string   `json:"s3Bucket" validate:"omitempty,min=1"`
	S3Prefix                string   `json:"s3Prefix" validate:"omitempty,min=1"`
	KmsKey                  string   `json:"kmsKey" validate:"omitempty,kmsKeyArn"`
}

GetIntegrationTemplateInput allows specification of what resources should be enabled/disabled in the template

type LambdaInput

type LambdaInput struct {
	CheckIntegration *CheckIntegrationInput `json:"integrationHealthCheck"`

	PutIntegration            *PutIntegrationInput            `json:"putIntegration"`
	UpdateIntegrationSettings *UpdateIntegrationSettingsInput `json:"updateIntegrationSettings"`
	ListIntegrations          *ListIntegrationsInput          `json:"listIntegrations"`
	DeleteIntegration         *DeleteIntegrationInput         `json:"deleteIntegration"`

	ListLogTypes *ListLogTypesInput `json:"listLogTypes"`

	GetIntegrationTemplate *GetIntegrationTemplateInput `json:"getIntegrationTemplate"`

	UpdateIntegrationLastScanEnd   *UpdateIntegrationLastScanEndInput   `json:"updateIntegrationLastScanEnd"`
	UpdateIntegrationLastScanStart *UpdateIntegrationLastScanStartInput `json:"updateIntegrationLastScanStart"`

	FullScan     *FullScanInput     `json:"fullScan"`
	UpdateStatus *UpdateStatusInput `json:"updateStatus"`
}

LambdaInput is the collection of all possible args to the Lambda function.

type ListIntegrationsInput

type ListIntegrationsInput struct {
	IntegrationType *string `json:"integrationType" validate:"omitempty,oneof=aws-scan aws-s3 aws-sqs"`
}

ListIntegrationsInput allows filtering by the IntegrationType field

type ListLogTypesInput added in v1.12.0

type ListLogTypesInput struct {
}

ListLogTypesInput

type ListLogTypesOutput added in v1.12.0

type ListLogTypesOutput struct {
	LogTypes []string `json:"logTypes" validate:"omitempty"`
}

ListLogTypesOutput

type PutIntegrationInput

type PutIntegrationInput struct {
	PutIntegrationSettings
}

PutIntegrationInput is used to add one or many integrations.

type PutIntegrationSettings

type PutIntegrationSettings struct {
	IntegrationLabel        string           `json:"integrationLabel" validate:"required,integrationLabel,excludesall='<>&\""`
	IntegrationType         string           `json:"integrationType" validate:"oneof=aws-scan aws-s3 aws-sqs"`
	UserID                  string           `json:"userId" validate:"required,uuid4"`
	AWSAccountID            string           `genericapi:"redact" json:"awsAccountId" validate:"omitempty,len=12,numeric"`
	CWEEnabled              *bool            `json:"cweEnabled"`
	RemediationEnabled      *bool            `json:"remediationEnabled"`
	ScanIntervalMins        int              `json:"scanIntervalMins" validate:"omitempty,oneof=60 180 360 720 1440"`
	Enabled                 *bool            `json:"enabled"`
	RegionIgnoreList        []string         `json:"regionIgnoreList"`
	ResourceTypeIgnoreList  []string         `json:"resourceTypeIgnoreList"`
	ResourceRegexIgnoreList []string         `json:"resourceRegexIgnoreList"`
	S3Bucket                string           `json:"s3Bucket"`
	S3PrefixLogTypes        S3PrefixLogtypes `json:"s3PrefixLogTypes,omitempty" validate:"omitempty,min=1"`
	KmsKey                  string           `json:"kmsKey" validate:"omitempty,kmsKeyArn"`

	SqsConfig *SqsConfig `json:"sqsConfig,omitempty"`
}

PutIntegrationSettings are all the settings for the new integration.

type S3PrefixLogtypes added in v1.15.0

type S3PrefixLogtypes []S3PrefixLogtypesMapping

func (S3PrefixLogtypes) LogTypes added in v1.15.0

func (pl S3PrefixLogtypes) LogTypes() []string

func (S3PrefixLogtypes) LongestPrefixMatch added in v1.15.0

func (pl S3PrefixLogtypes) LongestPrefixMatch(objectKey string) (bestMatch S3PrefixLogtypesMapping, matched bool)

Return the S3PrefixLogtypesMapping whose prefix is the longest one that matches the objectKey.

func (S3PrefixLogtypes) S3Prefixes added in v1.15.0

func (pl S3PrefixLogtypes) S3Prefixes() []string

type S3PrefixLogtypesMapping added in v1.15.0

type S3PrefixLogtypesMapping struct {
	S3Prefix string   `json:"prefix"`
	LogTypes []string `json:"logTypes" validate:"required,min=1"`
}

S3PrefixLogtypesMapping contains the logtypes Panther should parse for this s3 prefix.

type SourceIntegration

SourceIntegration represents a Panther integration with a source.

func (*SourceIntegration) RequiredLogProcessingRole added in v1.15.0

func (s *SourceIntegration) RequiredLogProcessingRole() string

func (*SourceIntegration) RequiredLogTypes added in v1.8.0

func (s *SourceIntegration) RequiredLogTypes() (logTypes []string)

Note: Don't use this for classification as the S3 source has different log types per prefix defined.

func (*SourceIntegration) S3Info added in v1.15.0

func (s *SourceIntegration) S3Info() (bucket string, prefixes []string)

Return the s3 bucket and prefixes configured to hold input data for this source. For an s3 source, bucket and prefixes are user inputs.

type SourceIntegrationHealth

type SourceIntegrationHealth struct {
	IntegrationType string `json:"integrationType"`

	// Checks for cloudsec integrations
	AuditRoleStatus       SourceIntegrationItemStatus `json:"auditRoleStatus,omitempty"`
	CWERoleStatus         SourceIntegrationItemStatus `json:"cweRoleStatus,omitempty"`
	RemediationRoleStatus SourceIntegrationItemStatus `json:"remediationRoleStatus,omitempty"`

	// Checks for log analysis integrations
	ProcessingRoleStatus SourceIntegrationItemStatus `json:"processingRoleStatus,omitempty"`
	S3BucketStatus       SourceIntegrationItemStatus `json:"s3BucketStatus,omitempty"`
	KMSKeyStatus         SourceIntegrationItemStatus `json:"kmsKeyStatus,omitempty"`

	// Checks for Sqs integrations
	SqsStatus SourceIntegrationItemStatus `json:"sqsStatus"`
}

type SourceIntegrationItemStatus

type SourceIntegrationItemStatus struct {
	Healthy      bool   `json:"healthy"`
	Message      string `json:"message"`
	ErrorMessage string `json:"rawErrorMessage,omitempty"`
}

type SourceIntegrationMetadata

type SourceIntegrationMetadata struct {
	AWSAccountID       string    `json:"awsAccountId,omitempty"`
	CreatedAtTime      time.Time `json:"createdAtTime,omitempty"`
	CreatedBy          string    `json:"createdBy,omitempty"`
	IntegrationID      string    `json:"integrationId,omitempty"`
	IntegrationLabel   string    `json:"integrationLabel,omitempty"`
	IntegrationType    string    `json:"integrationType,omitempty"`
	RemediationEnabled *bool     `json:"remediationEnabled,omitempty"`
	CWEEnabled         *bool     `json:"cweEnabled,omitempty"`
	ScanIntervalMins   int       `json:"scanIntervalMins,omitempty"`

	// optional fields for snapshot-poller filtering
	Enabled                 *bool    `json:"enabled,omitempty"`
	RegionIgnoreList        []string `json:"regionIgnoreList,omitempty"`
	ResourceTypeIgnoreList  []string `json:"resourceTypeIgnoreList,omitempty"`
	ResourceRegexIgnoreList []string `json:"resourceRegexIgnoreList,omitempty"`

	// fields specific for an s3 integration (plus AWSAccountID, StackName)
	S3Bucket          string           `json:"s3Bucket,omitempty"`
	S3PrefixLogTypes  S3PrefixLogtypes `json:"s3PrefixLogTypes,omitempty"`
	KmsKey            string           `json:"kmsKey,omitempty"`
	LogProcessingRole string           `json:"logProcessingRole,omitempty"`

	StackName string `json:"stackName,omitempty"`

	SqsConfig *SqsConfig `json:"sqsConfig,omitempty"`
}

SourceIntegrationMetadata is general settings and metadata for an integration.

type SourceIntegrationScanInformation

type SourceIntegrationScanInformation struct {
	LastScanStartTime    *time.Time `json:"lastScanStartTime,omitempty"`
	LastScanEndTime      *time.Time `json:"lastScanEndTime,omitempty"`
	LastScanErrorMessage string     `json:"lastScanErrorMessage,omitempty"`
}

SourceIntegrationScanInformation is detail about the last snapshot.

type SourceIntegrationStatus

type SourceIntegrationStatus struct {
	ScanStatus        string     `json:"scanStatus,omitempty"`
	EventStatus       string     `json:"eventStatus,omitempty"`
	LastEventReceived *time.Time `json:"lastEventReceived,omitempty"`
}

SourceIntegrationStatus provides information about the status of a source

type SourceIntegrationTemplate

type SourceIntegrationTemplate struct {
	Body      string `json:"body"`
	StackName string `json:"stackName"`
}

type SqsConfig added in v1.6.0

type SqsConfig struct {
	// The log types associated with the source. Needs to be set by UI.
	LogTypes []string `json:"logTypes" validate:"required,min=1"`
	// The AWS Principals that are allowed to send data to this source. Needs to be set by UI.
	AllowedPrincipalArns []string `json:"allowedPrincipalArns"`
	// The ARNS (e.g. SNS topic ARNs) that are allowed to send data to this source. Needs to be set by UI.
	AllowedSourceArns []string `json:"allowedSourceArns"`

	// The Panther-internal S3 bucket where the data from this source will be available
	S3Bucket string `json:"s3Bucket"`
	// The Role that the log processor can use to access this data
	LogProcessingRole string `json:"logProcessingRole"`
	// THe URL of the SQS queue
	QueueURL string `json:"queueUrl"`
}

type UpdateIntegrationLastScanEndInput

type UpdateIntegrationLastScanEndInput struct {
	ScanStatus           string    `json:"scanStatus" validate:"oneof=ok error scanning"`
	IntegrationID        string    `json:"integrationId" validate:"required,uuid4"`
	LastScanEndTime      time.Time `json:"lastScanEndTime" validate:"required"`
	EventStatus          string    `json:"eventStatus"`
	LastScanErrorMessage string    `json:"lastScanErrorMessage"`
}

UpdateIntegrationLastScanEndInput is used to update scan information at the end of a scan.

type UpdateIntegrationLastScanStartInput

type UpdateIntegrationLastScanStartInput struct {
	IntegrationID     string    `json:"integrationId" validate:"required,uuid4"`
	LastScanStartTime time.Time `json:"lastScanStartTime" validate:"required"`
	ScanStatus        string    `json:"scanStatus" validate:"required,oneof=ok error scanning"`
}

UpdateIntegrationLastScanStartInput is used to update scan information at the beginning of a scan.

type UpdateIntegrationSettingsInput

type UpdateIntegrationSettingsInput struct {
	IntegrationID           string           `json:"integrationId" validate:"required,uuid4"`
	IntegrationLabel        string           `json:"integrationLabel" validate:"required,integrationLabel,excludesall='<>&\""`
	CWEEnabled              *bool            `json:"cweEnabled"`
	RemediationEnabled      *bool            `json:"remediationEnabled"`
	ScanIntervalMins        int              `json:"scanIntervalMins" validate:"omitempty,oneof=60 180 360 720 1440"`
	Enabled                 *bool            `json:"enabled"`
	RegionIgnoreList        []string         `json:"regionIgnoreList"`
	ResourceTypeIgnoreList  []string         `json:"resourceTypeIgnoreList"`
	ResourceRegexIgnoreList []string         `json:"resourceRegexIgnoreList"`
	S3Bucket                string           `json:"s3Bucket" validate:"omitempty,min=1"`
	S3PrefixLogTypes        S3PrefixLogtypes `json:"s3PrefixLogTypes,omitempty" validate:"omitempty,min=1"`
	KmsKey                  string           `json:"kmsKey" validate:"omitempty,kmsKeyArn"`

	SqsConfig *SqsConfig `json:"sqsConfig,omitempty"`
}

UpdateIntegrationSettingsInput is used to update integration settings.

type UpdateStatusInput added in v1.5.1

type UpdateStatusInput struct {
	IntegrationID     string    `json:"integrationId" validate:"required,uuid4"`
	LastEventReceived time.Time `json:"lastEventReceived" validate:"required"`
}

Updates the status of an integration Sample request:

{
	"updateStatus": {
		"integrationId": "uuid",
		"lastEventReceived":"2020-10-10T05:03:01Z"
	}
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL