forwarder

package
v1.9.0-RC1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 23, 2020 License: AGPL-3.0 Imports: 21 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Alert

type Alert struct {
	ID                  string    `dynamodbav:"id,string"`
	TimePartition       string    `dynamodbav:"timePartition,string"`
	Severity            string    `dynamodbav:"severity,string"`
	RuleDisplayName     *string   `dynamodbav:"ruleDisplayName,string"`
	FirstEventMatchTime time.Time `dynamodbav:"firstEventMatchTime,string"`
	LogTypes            []string  `dynamodbav:"logTypes,stringset"`
	Title               string    `dynamodbav:"title,string"` // The alert title. It will be the Python-generated title or a default one if
	// no Python-generated title is available.
	AlertDedupEvent
}

Alert contains all the fields associated to the alert stored in DDB

type AlertDedupEvent

type AlertDedupEvent struct {
	RuleID              string    `dynamodbav:"ruleId,string"`
	RuleVersion         string    `dynamodbav:"ruleVersion,string"`
	DeduplicationString string    `dynamodbav:"dedup,string"`
	CreationTime        time.Time `dynamodbav:"creationTime,string"`
	UpdateTime          time.Time `dynamodbav:"updateTime,string"`
	EventCount          int64     `dynamodbav:"eventCount,number"`
	LogTypes            []string  `dynamodbav:"logTypes,stringset"`
	GeneratedTitle      *string   `dynamodbav:"-"` // The title that was generated dynamically using Python. Might be null.
	AlertCount          int64     `dynamodbav:"-"` // There is no need to store this item in DDB
	ErrorType           *string   `dynamodbav:"-"` // There is no need to store this item in DDB
}

AlertDedupEvent represents the event stored in the alert dedup DDB table by the rules engine

func FromDynamodDBAttribute

func FromDynamodDBAttribute(input map[string]events.DynamoDBAttributeValue) (event *AlertDedupEvent, err error)

type Handler added in v1.6.0

type Handler struct {
	SqsClient        sqsiface.SQSAPI
	Cache            *RuleCache
	DdbClient        dynamodbiface.DynamoDBAPI
	AlertTable       string
	AlertingQueueURL string
}

func (*Handler) Do added in v1.6.0

func (h *Handler) Do(oldAlertDedupEvent, newAlertDedupEvent *AlertDedupEvent) (err error)

type RuleCache added in v1.6.0

type RuleCache struct {
	// contains filtered or unexported fields
}

s3ClientCacheKey -> S3 client

func NewCache added in v1.6.0

func NewCache(httpClient *http.Client, policyClient *policiesclient.PantherAnalysisAPI) *RuleCache

func (*RuleCache) Get added in v1.6.0

func (c *RuleCache) Get(id, version string) (*models.Rule, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL