Documentation
¶
Index ¶
- Constants
- Variables
- func GetWhiteListRuleNameFieldName(white_type string) string
- func QueryWhitelistMongodbCollection(alarmType string) (*mongo.Collection, error)
- func SendAlarmMsgNotice(alarm_event_type int, msg map[string]interface{})
- func UpdateWhitelistNameAndDesc(ctx context.Context, whitelistType string, whitelistID string, name string, ...) error
- func WhiteListAddMultiWithCombine(ctx context.Context, whitelistType string, data *WhiteListAddReq) error
- func WhiteListDelMulti(ctx context.Context, whitelistType string, idList []string) error
- type AlarmDbDataForWhite
- type WLDelResp
- type WLDeleter
- type WLUpdater
- type WhiteListAddReq
- type WhiteListContent
- type WhiteListData
- type WhiteListDataQueryFilter
- type WhiteListDataWithCombineCondition
- type WhiteListDbData
- type WhiteListWithID
- type WhiteListWorker
- type WhitelistDbDataContent
Constants ¶
View Source
const ( EventTypeHIDS = iota EventTypeRASP EventTypeKube EventTypeVirus )
View Source
const ( WhitelistRangeTypeAll int = 0 WhitelistRangeTypeSingle int = 1 )
############################### Variable ###############################
View Source
const ( WhitelistMatchKeyUnkownIndex int = -1 WhitelistMatchKeyEqIndex int = 0 WhitelistMatchKeyEqValue string = "$eq" WhitelistMatchKeyRegexIndex int = 1 WhitelistMatchKeyRegexValue string = "$regex" )
View Source
const ( WhitelistKeyAgentID string = "agent_id" WhitelistKeyClusterID string = "cluster_id" WhitelistKeyName string = "SMITH_ALERT_DATA.RULE_INFO.RuleName" WhitelistKeyKcPrefix string = "node_list." WhitelistKeyRaspName string = "rule_name" )
View Source
const ( WhitelistTypeHids string = "hids" WhitelistTypeRasp string = "rasp" WhitelistTypeKube string = "kube" WhitelistTypeVirus string = "virus" )
View Source
const (
WhitelistRangeIndexTypeCluster string = "cluster"
)
Variables ¶
View Source
var WhitelistKeyDbFieldMap = map[string]string{
"argv": "argv",
"exe": "exe",
"md5_hash": "md5_hash",
"ppid_argv": "ppid_argv",
"pgid_argv": "pgid_argv",
"socket_argv": "socket_argv",
"sip": "sip",
"connect_info": "connect_info",
"pid_tree": "pid_tree",
"ld_preload": "ld_preload",
"ko_file": "ko_file",
"module_name": "module_name",
"run_path": "run_path",
"top_chain": "top_chain",
"static_file": "static_file",
"name": "name",
"class": "class",
"stack_trace_hash": "stack_trace_hash",
"stack_trace": "stack_trace",
"source_ip": "source_ip",
"user_agent": "user_agent",
"real_user_name": "real_user_name",
"real_user_groups": "real_user_groups",
"verb": "verb",
"resource_namespace": "resource_namespace",
"resource_kind": "resource_kind",
"resource_name": "resource_name",
"images": "images",
"read_write_mounts": "read_write_mounts",
"read_only_mounts": "read_only_mounts",
"exec_command": "exec_command",
"args_array": "args_array",
}
View Source
var WhitelistMatchTypeMap = map[int]string{ WhitelistMatchKeyEqIndex: "$eq", WhitelistMatchKeyRegexIndex: "$regex", }
Functions ¶
func QueryWhitelistMongodbCollection ¶
func QueryWhitelistMongodbCollection(alarmType string) (*mongo.Collection, error)
func SendAlarmMsgNotice ¶
func WhiteListAddMultiWithCombine ¶
func WhiteListAddMultiWithCombine(ctx context.Context, whitelistType string, data *WhiteListAddReq) error
Types ¶
type AlarmDbDataForWhite ¶
type AlarmDbDataForWhite struct {
Id string `json:"_id" bson:"_id"`
AgentId string `json:"agent_id" bson:"agent_id"`
Status int `json:"__alarm_status" bson:"__alarm_status"`
HitWl bool `json:"__hit_wl" bson:"__hit_wl"`
}
############################### Data Struct ###############################
type WhiteListAddReq ¶
type WhiteListAddReq struct {
RangeType int `json:"range_type" bson:"range_type"`
RangeIndex string `json:"range_index" bson:"range_index"`
Filter []WhiteListContent `json:"filter" bson:"filter"`
Name string `json:"name" bson:"name"`
AlertType string `json:"alert_type" bson:"alert_type"`
RangeIndexType *string `json:"range_index_type,omitempty" bson:"range_index_type,omitempty"`
WhiteRuleName *string `json:"white_rule_name,omitempty" bson:"white_rule_name,omitempty"`
WhiteRuleDesc *string `json:"white_rule_desc,omitempty" bson:"white_rule_desc,omitempty"`
}
type WhiteListContent ¶
type WhiteListData ¶
type WhiteListData struct {
Id string `json:"id" bson:"id"`
RangeType int `json:"range_type" bson:"range_type"`
RangeIndex string `json:"range_index" bson:"range_index"`
MatchKey string `json:"match_key" bson:"match_key"`
MatchType int `json:"match_type" bson:"match_type"`
MatchContent string `json:"match_content" bson:"match_content"`
MatchAlarmName string `json:"match_alarm_name" bson:"match_alarm_name"`
UpdateTime int64 `json:"update_time" bson:"update_time"`
}
type WhiteListDataQueryFilter ¶
type WhiteListDataQueryFilter struct {
MatchKey []string `json:"match_key"`
MatchContent *string `json:"content,omitempty"`
RangeType *int `json:"range_type,omitempty"`
InsertTimeStart int64 `json:"update_time_start"`
InsertTimeEnd int64 `json:"update_time_end"`
MatchAlarmName *string `json:"match_alarm_name,omitempty"`
WhiteRuleName *string `json:"white_rule_name,omitempty"`
WhiteRuleDesc *string `json:"white_rule_desc,omitempty"`
}
type WhiteListDataWithCombineCondition ¶
type WhiteListDataWithCombineCondition struct {
Id string `json:"id" bson:"id"`
RangeType int `json:"range_type" bson:"range_type"`
RangeIndex string `json:"range_index" bson:"range_index"`
MatchAlarmName string `json:"match_alarm_name" bson:"match_alarm_name"`
MatchCombine []WhiteListContent `json:"match_combine" bson:"match_combine"`
UpdateTime int64 `json:"update_time" bson:"update_time"`
WhiteRuleName string `json:"white_rule_name" bson:"white_rule_name"`
WhiteRuleDesc string `json:"white_rule_desc,omitempty" bson:"white_rule_desc,omitempty"`
}
type WhiteListDbData ¶
type WhiteListDbData struct {
Id string `json:"_id" bson:"_id"`
Type int `json:"type" bson:"type"`
Filter []common.FilterContent `json:"filter" binding:"dive" bson:"filter"`
Condition string `json:"condition" binding:"oneof=$and $or $nor" bson:"condition"`
InsertTime int64 `json:"insert_time" bson:"insert_time"`
UpdateTime int64 `json:"update_time" bson:"update_time"`
Name string `json:"name,omitempty" bson:"name,omitempty"`
Desc string `json:"desc,omitempty" bson:"desc,omitempty"`
}
type WhiteListWithID ¶
type WhiteListWorker ¶
type WhiteListWorker struct {
// contains filtered or unexported fields
}
var KubeWLWorker WhiteListWorker
var RaspWLWorker WhiteListWorker
var VirusWLWorker WhiteListWorker
var WLWorker WhiteListWorker
func (*WhiteListWorker) Add ¶
func (w *WhiteListWorker) Add(item *WLUpdater)
type WhitelistDbDataContent ¶
type WhitelistDbDataContent struct {
Type int `json:"type" bson:"type"`
Filter []common.FilterContent `json:"filter" binding:"dive" bson:"filter"`
Condition string `json:"condition" binding:"oneof=$and $or $nor" bson:"condition"`
InsertTime int64 `json:"insert_time" bson:"insert_time"`
UpdateTime int64 `json:"update_time" bson:"update_time"`
Name string `json:"name,omitempty" bson:"name,omitempty"`
Desc string `json:"desc,omitempty" bson:"desc,omitempty"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.