Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
AnalysisType string `yaml:"AnalysisType"`
AutoRemediationID string `yaml:"AutoRemediationID"`
AutoRemediationParameters map[string]string `yaml:"AutoRemediationParameters"`
DataModelID string `yaml:"DataModelID"`
DedupPeriodMinutes int `yaml:"DedupPeriodMinutes"`
Description string `yaml:"Description"`
DisplayName string `yaml:"DisplayName"`
Enabled bool `yaml:"Enabled"`
Filename string `yaml:"Filename"`
GlobalID string `yaml:"GlobalID"`
LogTypes []string `yaml:"LogTypes"`
Mappings []Mapping `yaml:"Mappings"`
OutputIds []string `yaml:"OutputIds"`
PolicyID string `yaml:"PolicyID"`
Reference string `yaml:"Reference"`
Reports map[string][]string `yaml:"Reports"`
ResourceTypes []string `yaml:"ResourceTypes"`
RuleID string `yaml:"RuleID"`
Runbook string `yaml:"Runbook"`
Severity string `yaml:"Severity"`
Suppressions []string `yaml:"Suppressions"`
Tags []string `yaml:"Tags"`
Tests []Test `yaml:"Tests"`
Threshold int `yaml:"Threshold"`
}
Config defines the file format when parsing a bulk upload.
YAML tags required because the YAML unmarshaller needs them JSON tags not present because the JSON unmarshaller is easy
type Event ¶
type Event struct {
Data interface{} `json:"data"`
ID string `json:"id"`
Mocks map[string]string `json:"mocks"`
}
Event is a security log to be analyzed, e.g. a CloudTrail event.
type Mapping ¶
type Mapping struct {
Path string `yaml:"Path"`
Method string `yaml:"Method"`
Name string `yaml:"Name"`
}
Mapping converts source log field name to standard field name.
type PackConfig ¶ added in v1.16.0
type PackConfig struct {
AnalysisType string `yaml:"AnalysisType"`
Description string `yaml:"Description"`
PackDefinition PackDefinition `yaml:"PackDefinition"`
DisplayName string `yaml:"DisplayName"`
PackID string `yaml:"PackID"`
}
PackConfig is specifically for pack definitions
type PackDefinition ¶ added in v1.16.0
type PackDefinition struct {
IDs []string `yaml:"IDs"`
}
DetectionPattern defines what makes up a pack
type Policy ¶
type Policy struct {
Body string `json:"body"`
ID string `json:"id"`
ResourceTypes []string `json:"resourceTypes"`
}
Policy is a subset of the policy fields needed for analysis, returns True if compliant.
type PolicyEngineInput ¶
type PolicyEngineInput struct {
Policies []Policy `json:"policies"`
Resources []Resource `json:"resources"`
}
PolicyEngineInput is the request format for invoking the panther-policy-engine Lambda function.
type PolicyEngineOutput ¶
type PolicyEngineOutput struct {
Resources []Result `json:"resources"`
}
PolicyEngineOutput is the response format returned by the panther-policy-engine Lambda function.
type PolicyError ¶
type PolicyError struct {
ID string `json:"id"` // policy ID which caused runtime error
Message string `json:"message"` // error message
}
PolicyError indicates an error when evaluating a policy.
type Resource ¶
type Resource struct {
Attributes interface{} `json:"attributes"`
ID string `json:"id"`
Type string `json:"type"`
}
Resource is a subset of the resource fields needed for analysis.
type Result ¶
type Result struct {
ID string `json:"id"` // resourceID
Errored []PolicyError `json:"errored"`
Failed []string `json:"failed"` // set of non-compliant policy IDs
Passed []string `json:"passed"` // set of compliant policy IDs
}
Result is the analysis result for a single resource.
type Rule ¶
type Rule struct {
Body string `json:"body"`
ID string `json:"id"`
LogTypes []string `json:"logTypes"`
}
Rule evaluates streaming logs, returning True if an alert should be triggered.
type RuleResult ¶
type RuleResult struct {
ID string `json:"id"`
RuleID string `json:"ruleId"`
RuleOutput bool `json:"ruleOutput"`
// Rule function outputs
RuleError string `json:"ruleError"`
TitleOutput string `json:"titleOutput"`
TitleError string `json:"titleError"`
DescriptionOutput string `json:"descriptionOutput"`
DescriptionError string `json:"descriptionError"`
ReferenceOutput string `json:"referenceOutput"`
ReferenceError string `json:"referenceError"`
SeverityOutput string `json:"severityOutput"`
SeverityError string `json:"severityError"`
RunbookOutput string `json:"runbookOutput"`
RunbookError string `json:"runbookError"`
DestinationsOutput []string `json:"destinationsOutput"`
DestinationsError string `json:"destinationsError"`
DedupOutput string `json:"dedupOutput"`
DedupError string `json:"dedupError"`
AlertContextOutput string `json:"alertContextOutput"`
AlertContextError string `json:"alertContextError"`
// Indicates general error in the Python script (import error, syntax error, etc).
GenericError string `json:"genericError"`
// True if any error (generic or from rule functions) is included in the result.
Errored bool `json:"errored"`
}
The result of a evaluating a rule with an event.
type RulesEngineInput ¶
RulesEngineInput is the request format when doing event-driven log analysis.
type RulesEngineOutput ¶
type RulesEngineOutput struct {
Results []RuleResult `json:"results"`
}
RulesEngineOutput is the response returned when invoking in log analysis mode.
type Test ¶
type Test struct {
ExpectedResult bool `yaml:"ExpectedResult"`
Log interface{} `yaml:"Log"`
LogType string `yaml:"LogType"`
Name string `yaml:"Name"`
Resource interface{} `yaml:"Resource"`
ResourceType string `yaml:"ResourceType"`
}
Test is a unit test definition when parsing policies in a bulk upload.
Source Files
Directories