Documentation ¶
Index ¶
- Constants
- Variables
- func GetWhiteListRuleNameFieldName(white_type string) string
- func QueryWhitelistMongodbCollection(alarmType string) (*mongo.Collection, error)
- func SendAlarmMsgNotice(alarm_event_type int, msg map[string]interface{})
- func UpdateWhitelistNameAndDesc(ctx context.Context, whitelistType string, whitelistID string, name string, ...) error
- func WhiteListAddMultiWithCombine(ctx context.Context, whitelistType string, data *WhiteListAddReq) error
- func WhiteListDelMulti(ctx context.Context, whitelistType string, idList []string) error
- type AlarmDbDataForWhite
- type WLDelResp
- type WLDeleter
- type WLUpdater
- type WhiteListAddReq
- type WhiteListContent
- type WhiteListData
- type WhiteListDataQueryFilter
- type WhiteListDataWithCombineCondition
- type WhiteListDbData
- type WhiteListWithID
- type WhiteListWorker
- type WhitelistDbDataContent
Constants ¶
View Source
const ( EventTypeHIDS = iota EventTypeRASP EventTypeKube EventTypeVirus )
View Source
const ( WhitelistRangeTypeAll int = 0 WhitelistRangeTypeSingle int = 1 )
############################### Variable ###############################
View Source
const ( WhitelistMatchKeyUnkownIndex int = -1 WhitelistMatchKeyEqIndex int = 0 WhitelistMatchKeyEqValue string = "$eq" WhitelistMatchKeyRegexIndex int = 1 WhitelistMatchKeyRegexValue string = "$regex" )
View Source
const ( WhitelistKeyAgentID string = "agent_id" WhitelistKeyClusterID string = "cluster_id" WhitelistKeyName string = "SMITH_ALERT_DATA.RULE_INFO.RuleName" WhitelistKeyKcPrefix string = "node_list." WhitelistKeyRaspName string = "rule_name" )
View Source
const ( WhitelistTypeHids string = "hids" WhitelistTypeRasp string = "rasp" WhitelistTypeKube string = "kube" WhitelistTypeVirus string = "virus" )
View Source
const (
WhitelistRangeIndexTypeCluster string = "cluster"
)
Variables ¶
View Source
var WhitelistKeyDbFieldMap = map[string]string{
"argv": "argv",
"exe": "exe",
"md5_hash": "md5_hash",
"ppid_argv": "ppid_argv",
"pgid_argv": "pgid_argv",
"socket_argv": "socket_argv",
"sip": "sip",
"connect_info": "connect_info",
"pid_tree": "pid_tree",
"ld_preload": "ld_preload",
"ko_file": "ko_file",
"module_name": "module_name",
"run_path": "run_path",
"top_chain": "top_chain",
"static_file": "static_file",
"name": "name",
"class": "class",
"stack_trace_hash": "stack_trace_hash",
"stack_trace": "stack_trace",
"source_ip": "source_ip",
"user_agent": "user_agent",
"real_user_name": "real_user_name",
"real_user_groups": "real_user_groups",
"verb": "verb",
"resource_namespace": "resource_namespace",
"resource_kind": "resource_kind",
"resource_name": "resource_name",
"images": "images",
"read_write_mounts": "read_write_mounts",
"read_only_mounts": "read_only_mounts",
"exec_command": "exec_command",
"args_array": "args_array",
}
View Source
var WhitelistMatchTypeMap = map[int]string{ WhitelistMatchKeyEqIndex: "$eq", WhitelistMatchKeyRegexIndex: "$regex", }
Functions ¶
func QueryWhitelistMongodbCollection ¶
func QueryWhitelistMongodbCollection(alarmType string) (*mongo.Collection, error)
func SendAlarmMsgNotice ¶
func WhiteListAddMultiWithCombine ¶
func WhiteListAddMultiWithCombine(ctx context.Context, whitelistType string, data *WhiteListAddReq) error
Types ¶
type AlarmDbDataForWhite ¶
type AlarmDbDataForWhite struct { Id string `json:"_id" bson:"_id"` AgentId string `json:"agent_id" bson:"agent_id"` Status int `json:"__alarm_status" bson:"__alarm_status"` HitWl bool `json:"__hit_wl" bson:"__hit_wl"` }
############################### Data Struct ###############################
type WhiteListAddReq ¶
type WhiteListAddReq struct { RangeType int `json:"range_type" bson:"range_type"` RangeIndex string `json:"range_index" bson:"range_index"` Filter []WhiteListContent `json:"filter" bson:"filter"` Name string `json:"name" bson:"name"` AlertType string `json:"alert_type" bson:"alert_type"` RangeIndexType *string `json:"range_index_type,omitempty" bson:"range_index_type,omitempty"` WhiteRuleName *string `json:"white_rule_name,omitempty" bson:"white_rule_name,omitempty"` WhiteRuleDesc *string `json:"white_rule_desc,omitempty" bson:"white_rule_desc,omitempty"` }
type WhiteListContent ¶
type WhiteListData ¶
type WhiteListData struct { Id string `json:"id" bson:"id"` RangeType int `json:"range_type" bson:"range_type"` RangeIndex string `json:"range_index" bson:"range_index"` MatchKey string `json:"match_key" bson:"match_key"` MatchType int `json:"match_type" bson:"match_type"` MatchContent string `json:"match_content" bson:"match_content"` MatchAlarmName string `json:"match_alarm_name" bson:"match_alarm_name"` UpdateTime int64 `json:"update_time" bson:"update_time"` }
type WhiteListDataQueryFilter ¶
type WhiteListDataQueryFilter struct { MatchKey []string `json:"match_key"` MatchContent *string `json:"content,omitempty"` RangeType *int `json:"range_type,omitempty"` InsertTimeStart int64 `json:"update_time_start"` InsertTimeEnd int64 `json:"update_time_end"` MatchAlarmName *string `json:"match_alarm_name,omitempty"` WhiteRuleName *string `json:"white_rule_name,omitempty"` WhiteRuleDesc *string `json:"white_rule_desc,omitempty"` }
type WhiteListDataWithCombineCondition ¶
type WhiteListDataWithCombineCondition struct { Id string `json:"id" bson:"id"` RangeType int `json:"range_type" bson:"range_type"` RangeIndex string `json:"range_index" bson:"range_index"` MatchAlarmName string `json:"match_alarm_name" bson:"match_alarm_name"` MatchCombine []WhiteListContent `json:"match_combine" bson:"match_combine"` UpdateTime int64 `json:"update_time" bson:"update_time"` WhiteRuleName string `json:"white_rule_name" bson:"white_rule_name"` WhiteRuleDesc string `json:"white_rule_desc,omitempty" bson:"white_rule_desc,omitempty"` }
type WhiteListDbData ¶
type WhiteListDbData struct { Id string `json:"_id" bson:"_id"` Type int `json:"type" bson:"type"` Filter []common.FilterContent `json:"filter" binding:"dive" bson:"filter"` Condition string `json:"condition" binding:"oneof=$and $or $nor" bson:"condition"` InsertTime int64 `json:"insert_time" bson:"insert_time"` UpdateTime int64 `json:"update_time" bson:"update_time"` Name string `json:"name,omitempty" bson:"name,omitempty"` Desc string `json:"desc,omitempty" bson:"desc,omitempty"` }
type WhiteListWithID ¶
type WhiteListWorker ¶
type WhiteListWorker struct {
// contains filtered or unexported fields
}
var KubeWLWorker WhiteListWorker
var RaspWLWorker WhiteListWorker
var VirusWLWorker WhiteListWorker
var WLWorker WhiteListWorker
func (*WhiteListWorker) Add ¶
func (w *WhiteListWorker) Add(item *WLUpdater)
type WhitelistDbDataContent ¶
type WhitelistDbDataContent struct { Type int `json:"type" bson:"type"` Filter []common.FilterContent `json:"filter" binding:"dive" bson:"filter"` Condition string `json:"condition" binding:"oneof=$and $or $nor" bson:"condition"` InsertTime int64 `json:"insert_time" bson:"insert_time"` UpdateTime int64 `json:"update_time" bson:"update_time"` Name string `json:"name,omitempty" bson:"name,omitempty"` Desc string `json:"desc,omitempty" bson:"desc,omitempty"` }
Click to show internal directories.
Click to hide internal directories.