api

package
v1.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 25, 2021 License: Apache-2.0 Imports: 44 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// UserAgent used by the client
	UserAgent = "Whids-API-Client/1.0"
	// Mega byte size
	Mega = 1 << 20
	// DefaultMaxUploadSize default maximum upload size
	DefaultMaxUploadSize = 100 * Mega
)
View Source 
const (
	// DefaultDirPerm default log directory permissions for forwarder
	DefaultDirPerm = 0700
	// DefaultLogfileSize default forwarder logfile size
	DefaultLogfileSize = logfile.MB * 5
	// DiskSpaceThreshold allow 1GB of queued events
	DiskSpaceThreshold = logfile.GB
	// MinRotationInterval is the minimum rotation interval allowed
	MinRotationInterval = time.Minute
)
View Source 
const (
	// DefaultLogPerm default logfile permission for Manager
	DefaultLogPerm = 0600
	// DefaultManagerLogSize  default size for Manager's logfiles
	DefaultManagerLogSize = logfile.MB * 100
	// DefaultKeySize default size for API key generation
	DefaultKeySize = 64
	// EptAPIDefaultPort default port used by manager's endpoint API
	EptAPIDefaultPort = 1519
	// AdmAPIDefaultPort default port used by manager's admin API
	AdmAPIDefaultPort = 1520
)
View Source 
const (

	// EptAPIServerKeyPath API route used to get server key
	EptAPIServerKeyPath = "/key"
	// EptAPIRulesPath API route used to get Gene rules available in server
	EptAPIRulesPath = "/rules"
	// EptAPIRulesSha256Path API route used to retrieve sha256 of latest batch of Gene rules
	EptAPIRulesSha256Path = "/rules/sha256"
	// EptAPIContainerListPath API route to serve the list of containers available in the Manager
	EptAPIContainerListPath = "/containers"
	// EptAPIContainerPath API route to get a container
	EptAPIContainerPath = "/container/{name}"
	// EptAPIContainerSha256Path API route to serve sha256 of the different containers
	EptAPIContainerSha256Path = "/container/sha256/{name}"

	// EptAPIPostLogsPath API route used to post logs
	EptAPIPostLogsPath = "/logs"
	// EptAPIPostDumpPath API route used to dump things
	EptAPIPostDumpPath = "/upload/dumps"

	// EptAPICommandPath used to GET commands and POST results
	EptAPICommandPath = "/commands"
)

Routes used by Clients

View Source 
const (
	AdmAPIStatsPath         = "/stats"
	AdmAPIRulesPath         = "/rules"
	AdmAPIRulesReloadPath   = "/rules/reload"
	AdmAPIRulesSavePath     = "/rules/save"
	AdmAPIEndpointsPath     = "/endpoints"
	AdmAPIEndpointsByIDPath = AdmAPIEndpointsPath + "/{euuid:" + uuidRe + "}"
	// Command related
	AdmAPIEndpointCommandPath      = AdmAPIEndpointsByIDPath + "/command"
	AdmAPIEndpointCommandFieldPath = AdmAPIEndpointCommandPath + "/{field}"
	// Logs related
	AdmAPIEndpointLogsPath   = AdmAPIEndpointsByIDPath + "/logs"
	AdmAPIEndpointAlertsPath = AdmAPIEndpointsByIDPath + "/alerts"
	// Reports related
	AdmAPIEndpointsReportsPath = AdmAPIEndpointsPath + "/reports"
	AdmAPIEndpointReportPath   = AdmAPIEndpointsByIDPath + "/report"
)

Routes used for Admin API

View Source 
const (
	// ContainRuleName is the name of the Windows firewall rule used to contain endpoint
	ContainRuleName = "EDR containment"
)

Variables

View Source 
var (
	// ErrUnkEndpoint error to return when endpoint is unknown
	ErrUnkEndpoint = fmt.Errorf("Unknown endpoint")
)
View Source 
var (
	// Hostname the client is running on (initialized in init() function)
	Hostname string
)

Functions

func ContainAlias 

func ContainAlias(ip net.IP) *exec.Cmd

ContainAlias is an alias to contain an endpoint

func IPFromRequest 

func IPFromRequest(req *http.Request) (net.IP, error)

IPFromRequest extracts the user IP address from req, if present. source: https://blog.golang.org/context/userip/userip.go

func KeyGen 

func KeyGen(size int) string

KeyGen is an API key generator, supposed to generate an [[:alnum:]] key

func Sha256StringArray 

func Sha256StringArray(array []string) string

Sha256StringArray utility

func UUIDGen 

func UUIDGen() uuid.UUID

UUIDGen generates a random UUID

func UncontainAlias 

func UncontainAlias() *exec.Cmd

UncontainAlias builds a command to uncontain an endpoint NB: implementation must be in line with what is done in ContainAlias

Types

type AdminAPIConfig 

type AdminAPIConfig struct {
	Host  string      `toml:"host" comment:"Hostname or IP address where the API should listen to"`
	Port  int         `toml:"port" comment:"Port used by the API"`
	Users []AdminUser `toml:"users" comment:"List of admin users"`
}

AdminAPIConfig configuration for Administrative API

type AdminAPIResponse 

type AdminAPIResponse struct {
	Data    interface{} `json:"data"`
	Message string      `json:"message"`
	Error   string      `json:"error"`
}

AdminAPIResponse standard structure to encode any response from the AdminAPI

func NewAdminAPIRespError 

func NewAdminAPIRespError(err error) *AdminAPIResponse

NewAdminAPIRespError creates a new response from an error

func NewAdminAPIRespErrorString 

func NewAdminAPIRespErrorString(err string) *AdminAPIResponse

NewAdminAPIRespErrorString creates a new error response from an error

func NewAdminAPIResponse 

func NewAdminAPIResponse(data interface{}) *AdminAPIResponse

NewAdminAPIResponse creates a new response from data

func (*AdminAPIResponse) ToJSON 

func (r *AdminAPIResponse) ToJSON() []byte

ToJSON serializes the response to JSON

func (*AdminAPIResponse) UnmarshalData 

func (r *AdminAPIResponse) UnmarshalData(i interface{}) error

UnmarshalData unmarshals the Data field of the response to an interface

type AdminUser 

type AdminUser struct {
	Identifier string `toml:"identifier"`
	Key        string `toml:"key"`
}

AdminUser structure definition

type AliasEnv 

type AliasEnv struct {
	ManagerIP net.IP
}

AliasEnv is a structure to hold variables needed by aliases

type ClientConfig 

type ClientConfig struct {
	Proto             string `toml:"proto" comment:"Protocol to use to connect to manager (http or https)"`
	Host              string `toml:"host" comment:"Hostname or IP of the manager"`
	Port              int    `toml:"port" comment:"Port at which endpoint API is running on manager server"`
	UUID              string `toml:"endpoint-uuid" comment:"Endpoint UUID configured on manager used to authenticate this endpoint"`
	Key               string `toml:"endpoint-key" comment:"Endpoint key configured on manager used to authenticate this endpoint"`
	ServerKey         string `` /* 203-byte string literal not displayed */
	ServerFingerprint string `toml:"server-fingerprint" comment:"Configure manager certificate pinning\n Put here the manager's certificate fingerprint"`
	Unsafe            bool   `toml:"unsafe" comment:"Allow unsafe HTTPS connection"`
	MaxUploadSize     int64  `toml:"max-upload-size" comment:"Maximum allowed upload size"`
}

ClientConfig structure definition

func (*ClientConfig) ManagerIP 

func (cc *ClientConfig) ManagerIP() net.IP

ManagerIP returns the IP address of the manager if any, returns nil otherwise

func (*ClientConfig) Transport 

func (cc *ClientConfig) Transport() http.RoundTripper

Transport creates an approriate HTTP transport from a configuration Cert pinning inspired by: https://medium.com/@zmanian/server-public-key-pinning-in-go-7a57bbe39438

type Command 

type Command struct {
	UUID string   `json:"uuid"`
	Name string   `json:"name"`
	Args []string `json:"args"`
	// used to drop files on the endpoint
	Drop []*EndpointFile `json:"drop"`
	// used to fetch files from the endpoint
	Fetch      map[string]*EndpointFile `json:"fetch"`
	Stdout     []byte                   `json:"stdout"`
	Stderr     []byte                   `json:"stderr"`
	Error      string                   `json:"error"`
	Sent       bool                     `json:"sent"`
	Background bool                     `json:"background"`
	Completed  bool                     `json:"completed"`
	Timeout    time.Duration            `json:"timeout"`
	SentTime   time.Time                `json:"sent-time"`
	// contains filtered or unexported fields
}

Command structure representing a command sent to an endpoint

func NewCommand 

func NewCommand() *Command

NewCommand creates a new Command to run on an endpoint

func NewCommandWithEnv 

func NewCommandWithEnv(env *AliasEnv) *Command

NewCommandWithEnv creates a new Command to run on an endpoint

func (*Command) AddDropFile 

func (c *Command) AddDropFile(filename, filepath string) error

AddDropFile adds a file to drop on the endpoint. Argument filepath is the path of the file on the local filesystem

func (*Command) AddDropFileFromPath 

func (c *Command) AddDropFileFromPath(path string) error

AddDropFileFromPath adds a file to drop on the endpoint. It is a wrapper around AddDropFile

func (*Command) AddFetchFile 

func (c *Command) AddFetchFile(filepath string)

AddFetchFile adds a file to fetch from the endpoint.

func (*Command) BuildCmd 

func (c *Command) BuildCmd() (*exec.Cmd, error)

BuildCmd builds up an exec.Cmd from Command

func (*Command) Complete 

func (c *Command) Complete(other *Command) error

Complete updates a command from another

func (*Command) Run 

func (c *Command) Run() (err error)

Run runs the command according to the specified settings it aims at being used on the endpoint

func (*Command) SetCommandLine 

func (c *Command) SetCommandLine(cl string) error

SetCommandLine sets the command line to execute on the endpoint

func (Command) String 

func (c Command) String() string

func (*Command) Strip 

func (c *Command) Strip()

Strip reduces the command to the strict necessary fields to make the return trip from the endpoint to the manager

type CommandAPI 

type CommandAPI struct {
	CommandLine string        `json:"command-line"`
	FetchFiles  []string      `json:"fetch-files"`
	DropFiles   []string      `json:"drop-files"`
	Timeout     time.Duration `json:"timeout"`
}

CommandAPI structure used by Admin API clients to POST commands

func (*CommandAPI) ToCommand 

func (c *CommandAPI) ToCommand() (*Command, error)

ToCommand converts a CommandAPI to a Command

type Endpoint 

type Endpoint struct {
	UUID           string    `json:"uuid"`
	Hostname       string    `json:"hostname"`
	IP             string    `json:"ip"`
	Key            string    `json:"key"`
	Command        *Command  `json:"command,omitempty"`
	LastConnection time.Time `json:"last-connection"`
}

Endpoint structure used to track and interact with endpoints

func NewEndpoint 

func NewEndpoint(uuid, key string) *Endpoint

NewEndpoint returns a new Endpoint structure

func (*Endpoint) Copy 

func (e *Endpoint) Copy() *Endpoint

Copy returns a pointer to a new copy of the Endpoint

func (*Endpoint) UpdateLastConnection 

func (e *Endpoint) UpdateLastConnection()

UpdateLastConnection updates the LastConnection member of Endpoint structure

type EndpointAPIConfig 

type EndpointAPIConfig struct {
	Host      string           `toml:"host" comment:"Hostname or IP where the API should listen to"`
	Port      int              `toml:"port" comment:"Port used by the API"`
	ServerKey string           `` /* 162-byte string literal not displayed */
	Endpoints []EndpointConfig `toml:"endpoints" comment:"Endpoints configurations"`
}

EndpointAPIConfig structure holding configuration for the API used by endpoints

func (*EndpointAPIConfig) DelEndpoint 

func (ec *EndpointAPIConfig) DelEndpoint(uuid string)

DelEndpoint deletes an endpoint from the configuration

type EndpointConfig 

type EndpointConfig struct {
	UUID string `toml:"uuid" comment:"Unique client identifier"`
	Key  string `toml:"key" comment:"API key used to authenticate the client"`
}

EndpointConfig structure to hold the configuration for one endpoint

type EndpointFile 

type EndpointFile struct {
	UUID  string `json:"uuid"`
	Name  string `json:"name"`
	Data  []byte `json:"data"`
	Error string `json:"error"`
}

EndpointFile describes a File to drop or fetch from the endpoint

type Endpoints 

type Endpoints struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

Endpoints structure used to manage endpoints This struct looks over complicated for what it does but it is because it was more complex before and got simplified (too lazy to change it...)

func NewEndpoints 

func NewEndpoints() Endpoints

NewEndpoints creates a new Endpoints structure

func (*Endpoints) Add 

func (es *Endpoints) Add(e *Endpoint)

Add adds an Endpoint to the Endpoints

func (*Endpoints) DelByUUID 

func (es *Endpoints) DelByUUID(uuid string)

DelByUUID deletes an Endpoint by its UUID

func (*Endpoints) Endpoints 

func (es *Endpoints) Endpoints() []*Endpoint

Endpoints returns a list of references to copies of the endpoints

func (*Endpoints) GetByUUID 

func (es *Endpoints) GetByUUID(uuid string) (*Endpoint, bool)

GetByUUID returns a reference to the copy of an Endpoint by its UUID

func (*Endpoints) GetMutByUUID 

func (es *Endpoints) GetMutByUUID(uuid string) (*Endpoint, bool)

GetMutByUUID returns reference to an Endpoint

func (*Endpoints) Len 

func (es *Endpoints) Len() int

Len returns the number of endpoints

func (*Endpoints) MutEndpoints 

func (es *Endpoints) MutEndpoints() []*Endpoint

MutEndpoints returns a list of references of the endpoints

type FileUpload 

type FileUpload struct {
	Name      string `json:"filename"`
	GUID      string `json:"guid"`
	EventHash string `json:"event-hash"`
	Content   []byte `json:"content"`
}

FileUpload structure used to forward files from the client to the manager

func (*FileUpload) Dump 

func (f *FileUpload) Dump(dir string) (err error)

Dump dumps the FileUpload into the given root directory dir

func (*FileUpload) Implode 

func (f *FileUpload) Implode() string

Implode returns the full path of the FileUpload

func (*FileUpload) Validate 

func (f *FileUpload) Validate() error

Validate that the file upload follows the expected format

type Forwarder 

type Forwarder struct {
	sync.Mutex

	Client      *ManagerClient
	TimeTresh   time.Duration
	EventTresh  uint64
	Pipe        *bytes.Buffer
	EventsPiped uint64
	Local       bool
	// contains filtered or unexported fields
}

Forwarder structure definition

func NewForwarder 

func NewForwarder(c *ForwarderConfig) (*Forwarder, error)

NewForwarder creates a new Forwarder structure Todo: needs update with client

func (*Forwarder) ArchiveLogs 

func (f *Forwarder) ArchiveLogs()

ArchiveLogs archives the old log files not compressed into compressed

func (*Forwarder) CleanOlderQueued 

func (f *Forwarder) CleanOlderQueued() error

CleanOlderQueued cleans up the older queue file

func (*Forwarder) Close 

func (f *Forwarder) Close()

Close closes the forwarder properly

func (*Forwarder) Collect 

func (f *Forwarder) Collect()

Collect sends the piped event to the remote server Todo: needs update with client

func (*Forwarder) DiskSpaceQueue 

func (f *Forwarder) DiskSpaceQueue() int64

DiskSpaceQueue compute the disk space (in bytes) taken by queued events

func (*Forwarder) HasQueuedEvents 

func (f *Forwarder) HasQueuedEvents() bool

HasQueuedEvents checks whether some events are waiting to be sent

func (*Forwarder) LogfilePath 

func (f *Forwarder) LogfilePath() string

LogfilePath returns the path of the logfile if it exists else returns empty string

func (*Forwarder) PipeEvent 

func (f *Forwarder) PipeEvent(e *evtx.GoEvtxMap)

PipeEvent pipes an event to be sent through the forwarder

func (*Forwarder) ProcessQueue 

func (f *Forwarder) ProcessQueue()

ProcessQueue processes the events queued Todo: needs update with client

func (*Forwarder) Reset 

func (f *Forwarder) Reset()

Reset resets the forwarder

func (*Forwarder) Run 

func (f *Forwarder) Run()

Run starts the Forwarder worker function

func (*Forwarder) Save 

func (f *Forwarder) Save() (err error)

Save save the piped events to the disks

type ForwarderConfig 

type ForwarderConfig struct {
	Local   bool          `` /* 127-byte string literal not displayed */
	Client  ClientConfig  `toml:"manager" comment:"Configure connection to the manager"`
	Logging LoggingConfig `toml:"logging" comment:"Forwarder's logging configuration"`
}

ForwarderConfig structure definition

type LoggingConfig 

type LoggingConfig struct {
	Dir              string        `toml:"dir" comment:"Directory used to store logs"`
	RotationInterval time.Duration `toml:"rotation-interval" comment:"Logfile rotation interval"`
}

LoggingConfig structure to encode Logging configuration of the forwarder

type Manager 

type Manager struct {
	sync.RWMutex
	Config *ManagerConfig
	// contains filtered or unexported fields
}

Manager structure definition

func NewManager 

func NewManager(c *ManagerConfig) (*Manager, error)

NewManager creates a new WHIDS manager with a logfile as parameter

func (*Manager) AddCommand 

func (m *Manager) AddCommand(uuid string, c *Command) error

AddCommand sets a command to be executed on endpoint specified by UUID

func (*Manager) AddEndpoint 

func (m *Manager) AddEndpoint(uuid, key string)

AddEndpoint adds new endpoint to the manager

func (*Manager) Collect 

func (m *Manager) Collect(wt http.ResponseWriter, rq *http.Request)

Collect HTTP handler

func (*Manager) Command 

func (m *Manager) Command(wt http.ResponseWriter, rq *http.Request)

Command HTTP handler

func (*Manager) Container 

func (m *Manager) Container(wt http.ResponseWriter, rq *http.Request)

Container HTTP handler serves Gene containers to clients

func (*Manager) ContainerList 

func (m *Manager) ContainerList(wt http.ResponseWriter, rq *http.Request)

ContainerList HTTP handler to server the list of available containers

func (*Manager) ContainerSha256 

func (m *Manager) ContainerSha256(wt http.ResponseWriter, rq *http.Request)

ContainerSha256 HTTP handler to server the Sha256 of a given container

func (*Manager) GetCommand 

func (m *Manager) GetCommand(uuid string) (*Command, error)

GetCommand gets the command set for an endpoint specified by UUID

func (*Manager) IsDone 

func (m *Manager) IsDone() bool

IsDone returns true when manager is done

func (*Manager) LoadContainers 

func (m *Manager) LoadContainers()

LoadContainers loads the containers into the manager the container names is given by the filename without the extension Example: /some/random/abspath/blacklist.txt will give blacklist container

func (*Manager) LoadGeneEngine 

func (m *Manager) LoadGeneEngine() error

LoadGeneEngine make the manager update the gene rules it has to serve

func (*Manager) Rules 

func (m *Manager) Rules(wt http.ResponseWriter, rq *http.Request)

Rules HTTP handler used to serve the rules

func (*Manager) RulesSha256 

func (m *Manager) RulesSha256(wt http.ResponseWriter, rq *http.Request)

RulesSha256 returns the sha256 of the latest set of rules loaded into the manager

func (*Manager) Run 

func (m *Manager) Run()

Run starts a new thread spinning the receiver

func (*Manager) ServerKey 

func (m *Manager) ServerKey(wt http.ResponseWriter, rq *http.Request)

ServerKey HTTP handler used to authenticate server on client side

func (*Manager) Shutdown 

func (m *Manager) Shutdown() error

Shutdown the Manager

func (*Manager) UpdateReducer 

func (m *Manager) UpdateReducer(identifier string, e *evtx.GoEvtxMap)

UpdateReducer updates the reducer member of the Manager

func (*Manager) UploadDump 

func (m *Manager) UploadDump(wt http.ResponseWriter, rq *http.Request)

UploadDump HTTP handler used to upload dump files from client to manager

func (*Manager) Wait 

func (m *Manager) Wait()

Wait the Manager to Shutdown

type ManagerClient 

type ManagerClient struct {
	// contains filtered or unexported fields
}

ManagerClient structure definition

func NewManagerClient 

func NewManagerClient(c *ClientConfig) (*ManagerClient, error)

NewManagerClient creates a new Client to interface with the manager

func (*ManagerClient) Close 

func (m *ManagerClient) Close()

Close closes idle connections from underlying transport

func (*ManagerClient) ExecuteCommand 

func (m *ManagerClient) ExecuteCommand() error

ExecuteCommand executes a Command on the endpoint and return the result to the manager. NB: this method is blocking due to Command.Run function call

func (*ManagerClient) GetContainer 

func (m *ManagerClient) GetContainer(name string) ([]string, error)

GetContainer retrieves a given container from the manager

func (*ManagerClient) GetContainerSha256 

func (m *ManagerClient) GetContainerSha256(name string) (string, error)

GetContainerSha256 retrieves a given container from the manager

func (*ManagerClient) GetContainersList 

func (m *ManagerClient) GetContainersList() ([]string, error)

GetContainersList retrieves the names of the containers available in the manager

func (*ManagerClient) GetRules 

func (m *ManagerClient) GetRules() (string, error)

GetRules retrieve the latest batch of Gene rules available on the server

func (*ManagerClient) GetRulesSha256 

func (m *ManagerClient) GetRulesSha256() (string, error)

GetRulesSha256 returns the sha256 string of the latest batch of rules available on the server

func (*ManagerClient) IsServerAuthEnforced 

func (m *ManagerClient) IsServerAuthEnforced() bool

IsServerAuthEnforced returns true if server authentication is requested by the client

func (*ManagerClient) IsServerAuthenticated 

func (m *ManagerClient) IsServerAuthenticated() (auth bool, up bool)

IsServerAuthenticated returns true if the server is authenticated and thus can be trusted

func (*ManagerClient) IsServerUp 

func (m *ManagerClient) IsServerUp() bool

IsServerUp returns true if manager server is up

func (*ManagerClient) PostDump 

func (m *ManagerClient) PostDump(f *FileUpload) error

PostDump client helper to upload a file to the Manager

func (*ManagerClient) PostLogs 

func (m *ManagerClient) PostLogs(r io.Reader) error

PostLogs posts logs to be collected

func (*ManagerClient) Prepare 

func (m *ManagerClient) Prepare(method, url string, body io.Reader) (*http.Request, error)

Prepare prepares a http.Request to be sent to the manager

func (*ManagerClient) PrepareFileUpload 

func (m *ManagerClient) PrepareFileUpload(path, guid, evthash, filename string) (*FileUpload, error)

PrepareFileUpload prepares a FileUpload from several parameters

func (*ManagerClient) PrepareGzip 

func (m *ManagerClient) PrepareGzip(method, url string, body io.Reader) (*http.Request, error)

PrepareGzip prepares a http.Request gzip encoded to be sent to the manager

type ManagerConfig 

type ManagerConfig struct {
	// TOML strings need to be first otherwise issue parsing back config
	RulesDir      string            `toml:"rules-dir" comment:"Gene rule directory\n See: https://github.com/0xrawsec/gene-rules"`
	DumpDir       string            `toml:"dump-dir" comment:"Directory where to dump artifacts collected on hosts"`
	ContainersDir string            `toml:"containers-dir" comment:"Gene rules' containers directory\n (c.f. Gene documentation https://github.com/0xrawsec/gene)"`
	AdminAPI      AdminAPIConfig    `toml:"admin-api" comment:"Settings to configure administrative API (not supposed to be reachable by endpoints)"`
	EndpointAPI   EndpointAPIConfig `toml:"endpoint-api" comment:"Settings to configure API used by endpoints"`
	Logging       ManagerLogConfig  `toml:"logging" comment:"Logging settings"`
	TLS           TLSConfig         `toml:"tls" comment:"TLS settings. Leave empty, not to use TLS"`
	MISP          MispConfig        `toml:"misp" comment:"MISP settings. Use this setting to push IOCs as containers on endpoints"`
	// contains filtered or unexported fields
}

ManagerConfig defines manager's configuration structure

func LoadManagerConfig 

func LoadManagerConfig(path string) (*ManagerConfig, error)

LoadManagerConfig loads the manager configuration from a file

func (*ManagerConfig) AddEndpointConfig 

func (mc *ManagerConfig) AddEndpointConfig(uuid, key string)

AddEndpointConfig adds a new endpoint with uuid and key to the manager

func (*ManagerConfig) Save 

func (mc *ManagerConfig) Save() error

Save saves the configuration to a path specified by the path member of the structure

func (*ManagerConfig) SetPath 

func (mc *ManagerConfig) SetPath(path string)

SetPath exposes the path member for changes

type ManagerLogConfig 

type ManagerLogConfig struct {
	Root        string `toml:"root" comment:"Root directory where logfiles are stored"`
	LogBasename string `toml:"logfile" comment:"Logfile name (relative to root) used to store logs"`
	EnEnptLogs  bool   `` /* 158-byte string literal not displayed */
	VerboseHTTP bool   `toml:"verbose-http" comment:"Enables verbose HTTP logs\n When disabled beaconing requests are filtered out"`
}

ManagerLogConfig structure to hold manager's logging configuration

func (*ManagerLogConfig) AlertPath 

func (c *ManagerLogConfig) AlertPath(uuid string, date time.Time) string

AlertPath builds the path where to store alerts for an endpoint

func (*ManagerLogConfig) LogPath 

func (c *ManagerLogConfig) LogPath(uuid string, date time.Time) string

LogPath builds the path where to store logs for an endpoint

type MispConfig 

type MispConfig struct {
	Proto  string `toml:"protocol" comment:"HTTP protocol to use (http or https)"`
	Host   string `toml:"host" comment:"Hostname or IP address of MISP server"`
	APIKey string `toml:"api-key" comment:"MISP API key"`
}

MispConfig with TOML tags

type TLSConfig 

type TLSConfig struct {
	Cert string `toml:"cert" comment:"Path to the certificate file to use for TLS connections"`
	Key  string `toml:"key" comment:"Path to the key to use for TLS connection"`
}

TLSConfig structure definition

func (*TLSConfig) Empty 

func (t *TLSConfig) Empty() bool

Empty returns true if current TLSConfig is empty else false

func (*TLSConfig) Verify 

func (t *TLSConfig) Verify() error

Verify checks whether the files holding cert and key exist

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.