Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
AnalysisType string `yaml:"AnalysisType"`
AutoRemediationID string `yaml:"AutoRemediationID"`
AutoRemediationParameters map[string]string `yaml:"AutoRemediationParameters"`
Description string `yaml:"Description"`
DisplayName string `yaml:"DisplayName"`
Enabled bool `yaml:"Enabled"`
Filename string `yaml:"Filename"`
PolicyID string `yaml:"PolicyID"`
RuleID string `yaml:"RuleID"`
GlobalID string `yaml:"GlobalID"`
ResourceTypes []string `yaml:"ResourceTypes"`
LogTypes []string `yaml:"LogTypes"`
Reference string `yaml:"Reference"`
Runbook string `yaml:"Runbook"`
Severity string `yaml:"Severity"`
Suppressions []string `yaml:"Suppressions"`
Tags []string `yaml:"Tags"`
Tests []Test `yaml:"Tests"`
DedupPeriodMinutes int `yaml:"DedupPeriodMinutes"`
}
Config defines the file format when parsing a bulk upload.
YAML tags required because the YAML unmarshaller needs them JSON tags not present because the JSON unmarshaller is easy
type Event ¶
type Event struct {
Data interface{} `json:"data"`
ID string `json:"id"`
Type string `json:"type"`
}
Event is a security log to be analyzed, e.g. a CloudTrail event.
type EventAnalysis ¶
type EventAnalysis struct {
ID string `json:"id"`
Errored []PolicyError `json:"errored"`
Matched []string `json:"matched"` // set of rule IDs which returned True
NotMatched []string `json:"notMatched"` // set of rule IDs which returned False
}
EventAnalysis is the python evaluation for a single event in the input.
type Policy ¶
type Policy struct {
Body string `json:"body"`
ID string `json:"id"`
ResourceTypes []string `json:"resourceTypes"`
}
Policy is a subset of the policy fields needed for analysis, returns True if compliant.
type PolicyEngineInput ¶
type PolicyEngineInput struct {
Policies []Policy `json:"policies"`
Resources []Resource `json:"resources"`
}
PolicyEngineInput is the request format for invoking the panther-policy-engine Lambda function.
type PolicyEngineOutput ¶
type PolicyEngineOutput struct {
Resources []Result `json:"resources"`
}
PolicyEngineOutput is the response format returned by the panther-policy-engine Lambda function.
type PolicyError ¶
type PolicyError struct {
ID string `json:"id"` // policy ID which caused runtime error
Message string `json:"message"` // error message
}
PolicyError indicates an error when evaluating a policy.
type Resource ¶
type Resource struct {
Attributes interface{} `json:"attributes"`
ID string `json:"id"`
Type string `json:"type"`
}
Resource is a subset of the resource fields needed for analysis.
type Result ¶
type Result struct {
ID string `json:"id"` // resourceID
Errored []PolicyError `json:"errored"`
Failed []string `json:"failed"` // set of non-compliant policy IDs
Passed []string `json:"passed"` // set of compliant policy IDs
}
Result is the analysis result for a single resource.
type Rule ¶
type Rule struct {
Body string `json:"body"`
ID string `json:"id"`
LogTypes []string `json:"logTypes"`
}
Rule evaluates streaming logs, returning True if an alert should be triggered.
type RulesEngineInput ¶
RulesEngineInput is the request format when doing event-driven log analysis.
type RulesEngineOutput ¶
type RulesEngineOutput struct {
Events []EventAnalysis `json:"events"`
}
RulesEngineOutput is the response returned when invoking in log analysis mode.
type Test ¶
type Test struct {
ExpectedResult bool `yaml:"ExpectedResult"`
Name string `yaml:"Name"`
Resource interface{} `yaml:"Resource"`
Log interface{} `yaml:"Log"`
ResourceType string `yaml:"ResourceType"`
LogType string `yaml:"LogType"`
}
Test is a unit test definition when parsing policies in a bulk upload.
Source Files
Directories