README
¶
Distributed queries
post to /distributed/add to create a new distributed query for a node. Multiple nodes may
be specified in the same post request
curl https://osquerydev.phishinghole.io:8888/distributed/add -d '{"nodes":[{"node_key":"ls": ["select * from users;", "select * from logged_in_users;"]}]}'
/distributed/add
post data in the following format
{
"nodes":
[
{
"node_key": "llngzieyoh43e0133ols",
"queries": [
"select * from users;",
"select * from etc_hosts"
]
},
{
"node_key": "llngzieyoh43e0133ldf",
"queries": [
"select * from users",
"select * from dns_resolvers"
]
}
]
}
Documentation
¶
Index ¶
- func DistributedQueryAdd(dyn DistributedDB) http.Handler
- func DistributedQueryRead(dyn DistributedDB) http.Handler
- func DistributedQueryWrite(dyn DistributedDB) http.Handler
- func FirehoseService() *firehose.Firehose
- func ParseDistributedResults(request *http.Request) ([]osquery_types.DistributedQueryResult, error)
- func PutFirehoseBatch(dqr []osquery_types.DistributedQueryResult, streamname string, ...) error
- type DistributedDB
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DistributedQueryAdd ¶
func DistributedQueryAdd(dyn DistributedDB) http.Handler
code for bulk firehose puts if needed for later for a, i := range s { rec := &firehose.Record{Data: []byte(fmt.Sprintf("%s \n", i))} records = append(records, rec) logger.Info(a, i)
if len(records) == 450 || a == len(s) -1 {
_, err := fh_svc.PutRecordBatch(&firehose.PutRecordBatchInput{
DeliveryStreamName: aws.String(streamname),
Records: records,
})
if err != nil {
logger.Error(err)
return err
}
records = records[:0]
}
func DistributedQueryRead ¶
func DistributedQueryRead(dyn DistributedDB) http.Handler
func DistributedQueryWrite ¶
func DistributedQueryWrite(dyn DistributedDB) http.Handler
func FirehoseService ¶
func ParseDistributedResults ¶
func ParseDistributedResults(request *http.Request) ([]osquery_types.DistributedQueryResult, error)
func PutFirehoseBatch ¶
func PutFirehoseBatch(dqr []osquery_types.DistributedQueryResult, streamname string, fhSvc *firehose.Firehose) error
Types ¶
type DistributedDB ¶
type DistributedDB interface {
SearchDistributedNodeKey(nk string) (osquery_types.DistributedQuery, error)
DeleteDistributedQuery(dq osquery_types.DistributedQuery) error
ValidNode(nodeKey string) error
UpsertDistributedQuery(dq osquery_types.DistributedQuery) error
}
Source Files
Click to show internal directories.
Click to hide internal directories.