outputs

package
v0.0.0-...-1899e77 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 18, 2024 License: MIT Imports: 86 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	OK            string = "ok"
	Warning       string = "warning"
	Alert         string = "alert"
	Error         string = "error"
	Critical      string = "critical"
	Emergency     string = "emergency"
	Notice        string = "notice"
	Informational string = "informational"
	Debug         string = "debug"
	Info          string = "info"
	None          string = "none"

	All      string = "all"
	Fields   string = "fields"
	Total    string = "total"
	Rejected string = "rejected"
	Accepted string = "accepted"
	Outputs  string = "outputs"

	Rule      string = "rule"
	Priority  string = "priority"
	Source    string = "source"
	Tags      string = "tags"
	Time      string = "time"
	Text      string = "text"
	Plaintext string = "plaintext"
	JSON      string = "json"
	Markdown  string = "markdown"
	Hostname  string = "hostname"

	DefaultFooter  string = "https://github.com/falcosecurity/falcosidekick"
	DefaultIconURL string = "https://raw.githubusercontent.com/falcosecurity/falcosidekick/master/imgs/falcosidekick.png"

	// Colors
	PaleCyan  string = "#ccfff2"
	Yellow    string = "#ffc700"
	Red       string = "#e20b0b"
	LigthBlue string = "#68c2ff"
	Lightcyan string = "#5bffb5"
	Orange    string = "#ff5400"

	Kubeless string = "Kubeless"
	Openfaas string = "OpenFaas"
	Fission  string = "Fission"
	Falco    string = "Falco"
	MQTT     string = "MQTT"

	UDP string = "udp"
	TCP string = "tcp"

	// SASL Auth mechanisms for SMTP
	Plain       string = "plain"
	OAuthBearer string = "oauthbearer"
	External    string = "external"
	Anonymous   string = "anonymous"
)
View Source 
const (
	OTLPinstrumentationName    = "falco"
	OTLPinstrumentationVersion = "v0.1.0"
)
View Source 
const (
	USEndpoint string = "https://events.pagerduty.com"
	EUEndpoint string = "https://events.eu.pagerduty.com"
)
View Source 
const APIv1Namespaces = "/api/v1/namespaces/"
View Source 
const APIv1Path string = "api/v1/org/"
View Source 
const AuthorizationHeaderKey = "Authorization"
View Source 
const Bearer = "Bearer"
View Source 
const ContentTypeHeaderKey = "Content-Type"

Some common header values that may be needed in other files

View Source 
const (
	// DatadogPath is the path of Datadog's event API
	DatadogPath string = "/api/v1/events"
)
View Source 
const DefaultContentType = "application/json; charset=utf-8"

DefaultContentType is the default Content-Type header to send along with the Client's POST Request

View Source 
const DynatraceContentType = "application/json; charset=utf-8"
View Source 
const DynatraceEventProvider = "Falco"
View Source 
const Falcosidekick_ string = "falcosidekick_"
View Source 
const FissionContentType = "application/json"
View Source 
const FissionEventIDKey = "event-id"

Some constant strings to use in request headers

View Source 
const FissionEventNamespaceKey = "event-namespace"
View Source 
const GrafanaContentType = "application/json"

The Content-Type to send along with the request

View Source 
const HttpPost = "POST"

HTTP Methods

View Source 
const HttpPut = "PUT"
View Source 
const KubelessContentType = "application/json"
View Source 
const KubelessEventIDKey = "event-id"

Some constant strings to use in request headers

View Source 
const KubelessEventNamespaceKey = "event-namespace"
View Source 
const KubelessEventTypeKey = "event-type"
View Source 
const KubelessEventTypeValue = "falco"
View Source 
const KubelessUserAgentKey = "User-Agent"
View Source 
const LokiContentType = "application/json"

The Content-Type to send along with the request

View Source 
const MutualTLSCacertFilename = "/ca.crt"
View Source 
const MutualTLSClientCertFilename = "/client.crt"

files names are static fo the shake of helm and single docker compatibility

View Source 
const MutualTLSClientKeyFilename = "/client.key"
View Source 
const Schema = "falco_alert::1.0.0"
View Source 
const ServicesPath = "/services/"
View Source 
const SourcePath string = "/source/"
View Source 
const UserAgentHeaderKey = "User-Agent"
View Source 
const UserAgentHeaderValue = "Falcosidekick"

Variables

View Source 
var EnabledOutputs []string

EnabledOutputs list all enabled outputs

View Source 
var ErrBadGateway = errors.New("bad gateway")

ErrBadGateway = 502

View Source 
var ErrClientAuthenticationError = errors.New("authentication error")

ErrClientAuthenticationError = 401

View Source 
var ErrClientCreation = errors.New("client creation error")

ErrClientCreation is returned if client can't be created

View Source 
var ErrForbidden = errors.New("access denied")

ErrForbidden = 403

View Source 
var ErrHeaderMissing = errors.New("header missing")

ErrHeaderMissing = 400

View Source 
var ErrInternalServer = errors.New("internal server error")

ErrInternalServer = 500

View Source 
var ErrNotFound = errors.New("resource not found")

ErrNotFound = 404

View Source 
var ErrSASLAuthCreation = errors.New("sasl auth: wrong mechanism")
View Source 
var ErrTooManyRequest = errors.New("exceeding post rate limit")

ErrTooManyRequest = 429

View Source 
var ErrUnprocessableEntityError = errors.New("bad request")

ErrUnprocessableEntityError = 422

View Source 
var MitreTacticRegEx = regexp.MustCompile(`mitre_\w+`)

match MITRE tactics, e.g. "mitre_execution"

View Source 
var MitreTechniqueRegEx = regexp.MustCompile(`T\d+\.?\d*`)

match MITRE techniques, e.g. "T1070", and sub-techniques, e.g. "T1055.008"

View Source 
var PriorityMap = map[types.PriorityType]string{
	types.Emergency:     "critical",
	types.Alert:         "high",
	types.Critical:      "critical",
	types.Error:         "high",
	types.Warning:       "medium",
	types.Notice:        "low",
	types.Informational: "info",
	types.Debug:         "info",
}

Functions

func NewStatsdClient 

func NewStatsdClient(outputType string, config *types.Configuration, stats *types.Statistics) (*statsd.Client, error)

NewStatsdClient returns a new output.Client for sending metrics to StatsD.

Types

type Client 

type Client struct {
	OutputType              string
	EndpointURL             *url.URL
	MutualTLSEnabled        bool
	CheckCert               bool
	HeaderList              []Header
	ContentType             string
	ShutDownFunc            func()
	Config                  *types.Configuration
	Stats                   *types.Statistics
	PromStats               *types.PromStatistics
	AWSSession              *session.Session
	StatsdClient            *statsd.Client
	DogstatsdClient         *statsd.Client
	GCPTopicClient          *pubsub.Topic
	GCPCloudFunctionsClient *gcpfunctions.CloudFunctionsClient

	GCSStorageClient  *storage.Client
	KafkaProducer     *kafka.Writer
	CloudEventsClient cloudevents.Client
	KubernetesClient  kubernetes.Interface
	RabbitmqClient    *amqp.Channel
	WavefrontSender   *wavefront.Sender
	Crdclient         *crdClient.Clientset
	MQTTClient        mqtt.Client
	TimescaleDBClient *timescaledb.Pool
	RedisClient       *redis.Client
	// contains filtered or unexported fields
}

Client communicates with the different API.

func NewAWSClient 

func NewAWSClient(config *types.Configuration, stats *types.Statistics, promStats *types.PromStatistics, statsdClient, dogstatsdClient *statsd.Client) (*Client, error)

NewAWSClient returns a new output.Client for accessing the AWS API.

func NewClient 

func NewClient(outputType string, defaultEndpointURL string, mutualTLSEnabled bool, checkCert bool, params types.InitClientArgs) (*Client, error)

InitClient returns a new output.Client for accessing the different API.

func NewEventHubClient 

func NewEventHubClient(config *types.Configuration, stats *types.Statistics, promStats *types.PromStatistics, statsdClient, dogstatsdClient *statsd.Client) (*Client, error)

NewEventHubClient returns a new output.Client for accessing the Azure Event Hub.

func NewFissionClient 

func NewFissionClient(config *types.Configuration, stats *types.Statistics, promStats *types.PromStatistics,
	statsdClient, dogstatsdClient *statsd.Client) (*Client, error)

NewFissionClient returns a new output.Client for accessing Kubernetes.

func NewGCPClient 

func NewGCPClient(config *types.Configuration, stats *types.Statistics, promStats *types.PromStatistics, statsdClient, dogstatsdClient *statsd.Client) (*Client, error)

NewGCPClient returns a new output.Client for accessing the GCP API.

func NewKafkaClient 

func NewKafkaClient(config *types.Configuration, stats *types.Statistics, promStats *types.PromStatistics, statsdClient, dogstatsdClient *statsd.Client) (*Client, error)

NewKafkaClient returns a new output.Client for accessing the Apache Kafka.

func NewKubelessClient 

func NewKubelessClient(config *types.Configuration, stats *types.Statistics, promStats *types.PromStatistics, statsdClient, dogstatsdClient *statsd.Client) (*Client, error)

NewKubelessClient returns a new output.Client for accessing Kubernetes.

func NewMQTTClient 

func NewMQTTClient(config *types.Configuration, stats *types.Statistics, promStats *types.PromStatistics,
	statsdClient, dogstatsdClient *statsd.Client) (*Client, error)

NewMQTTClient returns a new output.Client for accessing Kubernetes.

func NewOpenfaasClient 

func NewOpenfaasClient(config *types.Configuration, stats *types.Statistics, promStats *types.PromStatistics, statsdClient, dogstatsdClient *statsd.Client) (*Client, error)

NewOpenfaasClient returns a new output.Client for accessing Kubernetes.

func NewOtlpTracesClient 

func NewOtlpTracesClient(config *types.Configuration, stats *types.Statistics, promStats *types.PromStatistics, statsdClient, dogstatsdClient *statsd.Client) (*Client, error)

func NewPolicyReportClient 

func NewPolicyReportClient(config *types.Configuration, stats *types.Statistics, promStats *types.PromStatistics, statsdClient, dogstatsdClient *statsd.Client) (*Client, error)

func NewRabbitmqClient 

func NewRabbitmqClient(config *types.Configuration, stats *types.Statistics, promStats *types.PromStatistics, statsdClient, dogstatsdClient *statsd.Client) (*Client, error)

NewRabbitmqClient returns a new output.Client for accessing the RabbitmMQ API.

func NewRedisClient 

func NewRedisClient(config *types.Configuration, stats *types.Statistics, promStats *types.PromStatistics,
	statsdClient, dogstatsdClient *statsd.Client) (*Client, error)

func NewSMTPClient 

func NewSMTPClient(config *types.Configuration, stats *types.Statistics, promStats *types.PromStatistics, statsdClient, dogstatsdClient *statsd.Client) (*Client, error)

NewSMTPClient returns a new output.Client for accessing a SMTP server.

func NewSpyderbatClient 

func NewSpyderbatClient(config *types.Configuration, stats *types.Statistics, promStats *types.PromStatistics,
	statsdClient, dogstatsdClient *statsd.Client) (*Client, error)

func NewSyslogClient 

func NewSyslogClient(config *types.Configuration, stats *types.Statistics, promStats *types.PromStatistics, statsdClient, dogstatsdClient *statsd.Client) (*Client, error)

func NewTimescaleDBClient 

func NewTimescaleDBClient(config *types.Configuration, stats *types.Statistics, promStats *types.PromStatistics,
	statsdClient, dogstatsdClient *statsd.Client) (*Client, error)

func NewWavefrontClient 

func NewWavefrontClient(config *types.Configuration, stats *types.Statistics, promStats *types.PromStatistics, statsdClient, dogstatsdClient *statsd.Client) (*Client, error)

NewWavefrontClient returns a new output.Client for accessing the Wavefront API.

func NewYandexClient 

func NewYandexClient(config *types.Configuration, stats *types.Statistics, promStats *types.PromStatistics, statsdClient, dogstatsdClient *statsd.Client) (*Client, error)

NewYandexClient returns a new output.Client for accessing the Yandex API.

func (*Client) AddHeader 

func (c *Client) AddHeader(key, value string)

AddHeader adds an HTTP Header to the Client.

func (*Client) AlertmanagerPost 

func (c *Client) AlertmanagerPost(falcopayload types.FalcoPayload)

AlertmanagerPost posts event to AlertManager

func (*Client) AutoCreateQuickwitIndex 

func (c *Client) AutoCreateQuickwitIndex(args types.InitClientArgs) error

func (*Client) BasicAuth 

func (c *Client) BasicAuth(username, password string)

BasicAuth adds an HTTP Basic Authentication compliant header to the Client.

func (*Client) CliqPost 

func (c *Client) CliqPost(falcopayload types.FalcoPayload)

CliqPost posts event to cliq

func (*Client) CloudEventsSend 

func (c *Client) CloudEventsSend(falcopayload types.FalcoPayload)

CloudEventsSend produces a CloudEvent and sends to the CloudEvents consumers.

func (*Client) CloudRunFunctionPost 

func (c *Client) CloudRunFunctionPost(falcopayload types.FalcoPayload)

CloudRunFunctionPost call Cloud Function

func (*Client) CountMetric 

func (c *Client) CountMetric(metric string, value int64, tags []string)

CountMetric sends metrics to StatsD/DogStatsD.

func (*Client) DatadogPost 

func (c *Client) DatadogPost(falcopayload types.FalcoPayload)

DatadogPost posts event to Datadog

func (*Client) DiscordPost 

func (c *Client) DiscordPost(falcopayload types.FalcoPayload)

DiscordPost posts events to discord

func (*Client) DynatracePost 

func (c *Client) DynatracePost(falcopayload types.FalcoPayload)

func (*Client) ElasticsearchPost 

func (c *Client) ElasticsearchPost(falcopayload types.FalcoPayload)

ElasticsearchPost posts event to Elasticsearch

func (*Client) EnqueueSecurityLake 

func (c *Client) EnqueueSecurityLake(falcopayload types.FalcoPayload)

func (*Client) EventHubPost 

func (c *Client) EventHubPost(falcopayload types.FalcoPayload)

EventHubPost posts event to Azure Event Hub

func (*Client) FissionCall 

func (c *Client) FissionCall(falcopayload types.FalcoPayload)

FissionCall .

func (*Client) GCPCallCloudFunction 

func (c *Client) GCPCallCloudFunction(falcopayload types.FalcoPayload)

GCPCallCloudFunction calls the given Cloud Function

func (*Client) GCPPublishTopic 

func (c *Client) GCPPublishTopic(falcopayload types.FalcoPayload)

GCPPublishTopic sends a message to a GCP PubSub Topic

func (*Client) GetAuth 

func (c *Client) GetAuth() (sasl.Client, error)

func (*Client) GooglechatPost 

func (c *Client) GooglechatPost(falcopayload types.FalcoPayload)

GooglechatPost posts event to Google Chat

func (*Client) GotifyPost 

func (c *Client) GotifyPost(falcopayload types.FalcoPayload)

GotifyPost posts event to Gotify

func (*Client) GrafanaOnCallPost 

func (c *Client) GrafanaOnCallPost(falcopayload types.FalcoPayload)

GrafanaOnCallPost posts event to grafana onCall

func (*Client) GrafanaPost 

func (c *Client) GrafanaPost(falcopayload types.FalcoPayload)

GrafanaPost posts event to grafana

func (*Client) InfluxdbPost 

func (c *Client) InfluxdbPost(falcopayload types.FalcoPayload)

InfluxdbPost posts event to InfluxDB

func (*Client) InvokeLambda 

func (c *Client) InvokeLambda(falcopayload types.FalcoPayload)

InvokeLambda invokes a lambda function

func (*Client) KafkaProduce 

func (c *Client) KafkaProduce(falcopayload types.FalcoPayload)

KafkaProduce sends a message to a Apach Kafka Topic

func (*Client) KafkaRestPost 

func (c *Client) KafkaRestPost(falcopayload types.FalcoPayload)

KafkaRestPost posts event the Kafka Rest Proxy

func (*Client) KubelessCall 

func (c *Client) KubelessCall(falcopayload types.FalcoPayload)

KubelessCall .

func (*Client) LokiPost 

func (c *Client) LokiPost(falcopayload types.FalcoPayload)

LokiPost posts event to Loki

func (*Client) MQTTPublish 

func (c *Client) MQTTPublish(falcopayload types.FalcoPayload)

MQTTPublish .

func (*Client) MattermostPost 

func (c *Client) MattermostPost(falcopayload types.FalcoPayload)

MattermostPost posts event to Mattermost

func (*Client) N8NPost 

func (c *Client) N8NPost(falcopayload types.FalcoPayload)

N8NPost posts event to an URL

func (*Client) NatsPublish 

func (c *Client) NatsPublish(falcopayload types.FalcoPayload)

NatsPublish publishes event to NATS

func (*Client) NodeRedPost 

func (c *Client) NodeRedPost(falcopayload types.FalcoPayload)

NodeRedPost posts event to Slack

func (*Client) OTLPTracesPost 

func (c *Client) OTLPTracesPost(falcopayload types.FalcoPayload)

OTLPPost generates an OTLP trace _implicitly_ via newTrace() by calling OTEL SDK's tracer.Start() --> span.End(), i.e. no need to explicitly do a HTTP POST

func (*Client) OpenObservePost 

func (c *Client) OpenObservePost(falcopayload types.FalcoPayload)

OpenObservePost posts event to OpenObserve

func (*Client) OpenfaasCall 

func (c *Client) OpenfaasCall(falcopayload types.FalcoPayload)

OpenfaasCall .

func (*Client) OpsgeniePost 

func (c *Client) OpsgeniePost(falcopayload types.FalcoPayload)

OpsgeniePost posts event to OpsGenie

func (*Client) PagerdutyPost 

func (c *Client) PagerdutyPost(falcopayload types.FalcoPayload)

PagerdutyPost posts alert event to Pagerduty

func (*Client) Post 

func (c *Client) Post(payload interface{}) error

Post sends event (payload) to Output with POST http method.

func (*Client) Publish 

func (c *Client) Publish(falcopayload types.FalcoPayload)

Publish sends a message to a Rabbitmq

func (*Client) PublishTopic 

func (c *Client) PublishTopic(falcopayload types.FalcoPayload)

PublishTopic sends a message to a SNS Topic

func (*Client) Put 

func (c *Client) Put(payload interface{}) error

Put sends event (payload) to Output with PUT http method.

func (*Client) PutRecord 

func (c *Client) PutRecord(falcoPayLoad types.FalcoPayload)

PutRecord puts a record in Kinesis

func (*Client) QuickwitPost 

func (c *Client) QuickwitPost(falcopayload types.FalcoPayload)

func (*Client) RedisPost 

func (c *Client) RedisPost(falcopayload types.FalcoPayload)

func (*Client) ReportErr 

func (c *Client) ReportErr(message string, err error)

func (*Client) ReportError 

func (c *Client) ReportError(err error)

func (*Client) RocketchatPost 

func (c *Client) RocketchatPost(falcopayload types.FalcoPayload)

RocketchatPost posts event to Rocketchat

func (*Client) SendCloudWatchLog 

func (c *Client) SendCloudWatchLog(falcopayload types.FalcoPayload)

SendCloudWatchLog sends a message to CloudWatch Log

func (*Client) SendMail 

func (c *Client) SendMail(falcopayload types.FalcoPayload)

SendMail sends email to SMTP server

func (*Client) SendMessage 

func (c *Client) SendMessage(falcopayload types.FalcoPayload)

SendMessage sends a message to SQS Queue

func (*Client) SlackPost 

func (c *Client) SlackPost(falcopayload types.FalcoPayload)

SlackPost posts event to Slack

func (*Client) SpyderbatPost 

func (c *Client) SpyderbatPost(falcopayload types.FalcoPayload)

func (*Client) StanPublish 

func (c *Client) StanPublish(falcopayload types.FalcoPayload)

StanPublish publishes event to NATS Streaming

func (*Client) StartSecurityLakeWorker 

func (c *Client) StartSecurityLakeWorker()

func (*Client) SumoLogicPost 

func (c *Client) SumoLogicPost(falcopayload types.FalcoPayload)

SumoLogicPost posts event to SumoLogic

func (*Client) SyslogPost 

func (c *Client) SyslogPost(falcopayload types.FalcoPayload)

func (*Client) TeamsPost 

func (c *Client) TeamsPost(falcopayload types.FalcoPayload)

TeamsPost posts event to Teams

func (*Client) TektonPost 

func (c *Client) TektonPost(falcopayload types.FalcoPayload)

TektonPost posts event to EventListner

func (*Client) TelegramPost 

func (c *Client) TelegramPost(falcopayload types.FalcoPayload)

TelegramPost posts event to Telegram

func (*Client) TimescaleDBPost 

func (c *Client) TimescaleDBPost(falcopayload types.FalcoPayload)

func (*Client) UpdateOrCreatePolicyReport 

func (c *Client) UpdateOrCreatePolicyReport(falcopayload types.FalcoPayload)

UpdateOrCreatePolicyReport creates/updates PolicyReport/ClusterPolicyReport Resource in Kubernetes

func (*Client) UploadGCS 

func (c *Client) UploadGCS(falcopayload types.FalcoPayload)

UploadGCS upload payload to

func (*Client) UploadS3 

func (c *Client) UploadS3(falcopayload types.FalcoPayload)

UploadS3 upload payload to S3

func (*Client) UploadYandexDataStreams 

func (c *Client) UploadYandexDataStreams(falcoPayLoad types.FalcoPayload)

UploadYandexDataStreams uploads payload to Yandex Data Streams

func (*Client) UploadYandexS3 

func (c *Client) UploadYandexS3(falcopayload types.FalcoPayload)

UploadYandexS3 uploads payload to Yandex S3

func (*Client) WavefrontPost 

func (c *Client) WavefrontPost(falcopayload types.FalcoPayload)

WavefrontPost sends metrics to WaveFront.

func (*Client) WebUIPost 

func (c *Client) WebUIPost(falcopayload types.FalcoPayload)

WebUIPost posts event to Slack

func (*Client) WebhookPost 

func (c *Client) WebhookPost(falcopayload types.FalcoPayload)

WebhookPost posts event to an URL

func (*Client) ZincsearchPost 

func (c *Client) ZincsearchPost(falcopayload types.FalcoPayload)

ZincsearchPost posts event to Zincsearch 

type Header struct {
	Key   string
	Value string
}

Headers to add to the client before sending the request

type KafkaRestPayload 

type KafkaRestPayload struct {
	Records []Records `json:"records"`
}

KafkaRestPayload is the request wrapper for Kafka Rest

type OCSFFIndingDetails 

type OCSFFIndingDetails struct {
	CreatedTime int64    `json:"created_time" parquet:"name=created_time, type=INT64"`
	Desc        string   `json:"desc" parquet:"name=desc, type=BYTE_ARRAY, convertedtype=UTF8"`
	Title       string   `json:"title" parquet:"name=title, type=BYTE_ARRAY, convertedtype=UTF8"`
	Types       []string `json:"types" parquet:"name=types, type=BYTE_ARRAY, convertedtype=UTF8, repetitiontype=REPEATED"`
	UID         string   `json:"uid" parquet:"name=uid, type=BYTE_ARRAY, convertedtype=UTF8"`
}

https://schema.ocsf.io/objects/finding

type OCSFMetadata 

type OCSFMetadata struct {
	Version string      `json:"version" parquet:"name=version, type=BYTE_ARRAY, convertedtype=UTF8"`
	Product OCSFProduct `json:"product" parquet:"name=product"`
	Labels  []string    `json:"labels" parquet:"name=labels, type=BYTE_ARRAY, convertedtype=UTF8, repetitiontype=REPEATED"`
}

https://schema.ocsf.io/objects/metadata

type OCSFObservable 

type OCSFObservable struct {
	Name   string `json:"name" parquet:"name=name, type=BYTE_ARRAY, convertedtype=UTF8"`
	Type   string `json:"type" parquet:"name=type, type=BYTE_ARRAY, convertedtype=UTF8"`
	TypeID int32  `json:"type_id" parquet:"name=type_id, type=INT32"`
	Value  string `json:"value" parquet:"name=value, type=BYTE_ARRAY, convertedtype=UTF8"`
}

https://schema.ocsf.io/objects/observable

type OCSFProduct 

type OCSFProduct struct {
	VendorName string `json:"vendor_name" parquet:"name=vendor_name, type=BYTE_ARRAY, convertedtype=UTF8"`
	Name       string `json:"name" parquet:"name=name, type=BYTE_ARRAY, convertedtype=UTF8"`
}

https://schema.ocsf.io/objects/product

type OCSFSecurityFinding 

type OCSFSecurityFinding struct {
	// Attacks      []OCSFAttack     `json:"attacks,omitempty" parquet:"name=attacks, type=MAP, convertedtype=LIST, valuetype=BYTE_ARRAY, valueconvertedtype=UTF8"`
	ActivityID   int32              `json:"activity_id" parquet:"name=activity_id, type=INT32"`
	ActivityName string             `json:"activity_name" parquet:"name=activity_name, type=BYTE_ARRAY, convertedtype=UTF8"`
	CategoryName string             `json:"category_name" parquet:"name=category_name, type=BYTE_ARRAY, convertedtype=UTF8"`
	CategoryUID  int32              `json:"category_uid" parquet:"name=category_uid, type=INT32"`
	ClassName    string             `json:"class_name" parquet:"name=classname, type=BYTE_ARRAY, convertedtype=UTF8"`
	ClassUID     int32              `json:"class_uid" parquet:"name=class_uid, type=INT32"`
	Finding      OCSFFIndingDetails `json:"finding" parquet:"name=finding"`
	Message      string             `json:"message" parquet:"name=message, type=BYTE_ARRAY, convertedtype=UTF8"`
	Metadata     OCSFMetadata       `json:"metadata" parquet:"name=metadata"`
	Observables  []OCSFObservable   `json:"observables" parquet:"name=observables, repetitiontype=REPEATED"`
	RawData      string             `json:"raw_data" parquet:"name=raw_data, type=BYTE_ARRAY, convertedtype=UTF8"`
	Severity     string             `json:"severity" parquet:"name=severity, type=BYTE_ARRAY, convertedtype=UTF8"`
	SeverityID   int32              `json:"severity_id" parquet:"name=severity_id, type=INT32"`
	State        string             `json:"state" parquet:"name=state, type=BYTE_ARRAY, convertedtype=UTF8"`
	StateID      int32              `json:"state_id" parquet:"name=state_id, type=INT32"`
	Status       string             `json:"status" parquet:"name=status, type=BYTE_ARRAY, convertedtype=UTF8"`
	Timestamp    int64              `json:"time" parquet:"name=time, type=INT64"`
	TypeName     string             `json:"type_name" parquet:"name=type_name, type=BYTE_ARRAY, convertedtype=UTF8"`
	TypeUID      int32              `json:"type_uid" parquet:"name=type_uid, type=INT32"`
}

Security Finding [2001] Class https://schema.ocsf.io/classes/security_finding

func NewOCSFSecurityFinding 

func NewOCSFSecurityFinding(falcopayload types.FalcoPayload) OCSFSecurityFinding

type QuickwitDocMapping 

type QuickwitDocMapping struct {
	DynamicMapping QuickwitDynamicMapping `json:"dynamic_mapping"`
	FieldMappings  []QuickwitFieldMapping `json:"field_mappings"`
	Mode           string                 `json:"mode"`
	StoreSource    bool                   `json:"store_source"`
	TimestampField string                 `json:"timestamp_field"`
}

type QuickwitDynamicMapping 

type QuickwitDynamicMapping struct {
	Description string `json:"description"`
	Fast        bool   `json:"fast"`
	ExpendDots  bool   `json:"expand_dots"`
	Indexed     bool   `json:"indexed"`
	Record      string `json:"record"`
	Stored      bool   `json:"stored"`
	Tokenizer   string `json:"tokenizer"`
}

type QuickwitFieldMapping 

type QuickwitFieldMapping struct {
	Name string `json:"name"`
	Type string `json:"type"`
	Fast bool   `json:"fast"`
}

type QuickwitMappingPayload 

type QuickwitMappingPayload struct {
	Id             string                 `json:"index_id"`
	Version        string                 `json:"version"`
	SearchSettings QuickwitSearchSettings `json:"search_settings"`
	DocMapping     QuickwitDocMapping     `json:"doc_mapping"`
}

type QuickwitSearchSettings 

type QuickwitSearchSettings struct {
	DefaultSearchFields []string `json:"default_search_fields"`
}

type Records 

type Records struct {
	Value string `json:"value"`
}

Records are the items inside the request wrapper

type SMTPPayload 

type SMTPPayload struct {
	From    string
	To      string
	Subject string
	Body    string
}

SMTPPayload is payload for SMTP Output

type SourceBody 

type SourceBody struct {
	Name        string `json:"name"`
	Description string `json:"description"`
	UID         string `json:"uid"`
}

type WebUIPayload 

type WebUIPayload struct {
	Event   types.FalcoPayload `json:"event"`
	Outputs []string           `json:"outputs"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.