Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type PostRuledownloadHandler ¶
type PostRuledownloadHandler struct {
// contains filtered or unexported fields
}
RuleDownloadHandler handles requests to the /ruledownload and /ruledownload/{machine_id} API endpoints
During every sync, Santa sensors make successive POST requests to the /ruledownload endpoint to paginate through all rules. When given a blank postbody (e.g. {}), it indicates the very first request in a sequence. If the API returns a "cursor" in the response body, this cursor will be sent back verbatim in a subsequent postbody. When a response does not return a "cursor" in the body, it signals that there are no more items to page through, and the sensor will stop sending requests.
func (*PostRuledownloadHandler) Boot ¶
func (h *PostRuledownloadHandler) Boot() (err error)
func (*PostRuledownloadHandler) Handle ¶
func (h *PostRuledownloadHandler) Handle(request events.APIGatewayProxyRequest) (*events.APIGatewayProxyResponse, error)
func (*PostRuledownloadHandler) Handles ¶
func (h *PostRuledownloadHandler) Handles(request events.APIGatewayProxyRequest) bool
type RuledownloadRequest ¶
type RuledownloadRequest struct { // Cursor is, verbatim, the Cursor that is returned to a sensor in a previous RuledownloadResponse // On the very first rule download request in a flight sequence, there will be no cursor provided. Cursor *ruledownloadCursor `json:"cursor,omitempty"` }
RuledownloadRequest is the postbody submitted to /ruledownload endpoints
type RuledownloadResponse ¶
type RuledownloadResponse struct { Rules []RuledownloadRule `json:"rules"` // When a cursor is returned by the server, it is an indicator to the Santa sensor that there are // additional rules to be paginated through. This cursor is passed to the next request. Cursor *ruledownloadCursor `json:"cursor,omitempty"` }
RuledownloadResponse is the response body returned by /ruledownload endpoints
type RuledownloadRule ¶
type RuledownloadRule struct { RuleType types.RuleType `json:"rule_type"` Policy types.Policy `json:"policy"` SHA256 string `json:"sha256,omitempty"` Identifier string `json:"identifier"` CustomMessage string `json:"custom_msg,omitempty"` }
RuledownloadRule is a single rule returned in a RuledownloadResponse It duck-types to/from the SantaRule struct type Documentation: https://santa.dev/development/sync-protocol.html#rules-objects
func DDBRulesToResponseRules ¶
func DDBRulesToResponseRules(rulesList []rules.SantaRule) (responseRules []RuledownloadRule)
DDBRulesToResponseRules type converts the DynamoDB representation of a rule to an API representation of a Rule, which is returned in an API response.
Click to show internal directories.
Click to hide internal directories.