client

package
v3.8.50 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 20, 2024 License: BSD-2-Clause Imports: 28 Imported by: 4

Documentation

Overview

Package client wraps the Gravwell REST API.

Index

Constants

View Source
const (
	// Websocket subprotocols
	PROTO_PING   string = "ping"
	PROTO_IDX    string = "idxStats"
	PROTO_SYS    string = "sysStats"
	PROTO_DESC   string = "sysDesc"
	PROTO_IGST   string = "igstStats"
	PROTO_PONG   string = `PONG`
	PROTO_PARSE  string = `parse`
	PROTO_SEARCH string = `search`
	PROTO_ATTACH string = `attach`

	STAT_R_SIZE = 1024
	STAT_W_SIZE = 1024
)
View Source
const (
	// login field names
	USER_FIELD string = "User"
	PASS_FIELD string = "Pass"

	// API paths
	LOGIN_URL                        = `/api/login`
	LOGOUT_URL                       = `/api/logout`
	MFA_URL                          = `/api/mfa`
	MFA_CLEAR_ALL_URL                = `/api/mfa/clear`
	MFA_LOGIN_URL                    = `/api/login/mfa`
	MFA_TOTP_SETUP_URL               = `/api/mfa/totp/setup`
	MFA_TOTP_CLEAR_URL               = `/api/mfa/totp/clear`
	MFA_RECOVERY_GENERATE_PATH       = "/api/mfa/recoverycodes/generate"
	TEMP_TOKEN_URL                   = `/api/login/tmptoken`
	REFRESH_TOKEN_URL                = `/api/login/refreshtoken`
	USER_INFO_URL                    = `/api/info/whoami`
	DESC_URL                         = `/api/stats/sysDesc`
	STATE_URL                        = `/api/stats/ping`
	STATS_URL                        = `/api/stats/sysStats`
	IDX_URL                          = `/api/stats/idxStats`
	INGESTER_URL                     = `/api/stats/igstStats`
	WELLS_URL                        = `/api/stats/wellStats`
	STORAGE_URL                      = `/api/stats/storage/indexers`
	STORAGE_INDEXER_URL              = `/api/stats/storage/indexer/%s/wells`
	CALENDAR_URL                     = `/api/stats/storage/calendar`
	CALENDAR_INDEXER_URL             = `/api/stats/storage/indexer/%s/calendar`
	ADD_USER_URL                     = `/api/users`
	USERS_LIST_URL                   = `/api/users`
	USERS_INFO_URL                   = `/api/users/%d`
	USERS_LOCK_URL                   = `/api/users/%d/lock`
	USERS_LOCKED_URL                 = `/api/users/%d/locked`
	USERS_DASHBOARD_URL              = `/api/users/%d/dashboards`
	USERS_MACROS_URL                 = `/api/users/%d/macros`
	USERS_PREFS_URL                  = `/api/users/%d/preferences`
	USERS_ALL_PREFS_URL              = `/api/users/preferences`
	USERS_ADMIN_URL                  = `/api/users/%d/admin`
	USERS_ADMIN_SU_PATH              = `/api/users/su/%d`
	USER_SESSIONS_URL                = `/api/users/%d/sessions`
	CHANGE_PASS_URL                  = `/api/users/%d/pwd`
	USERS_GROUP_URL                  = `/api/users/%d/group`
	USERS_GROUP_ID_URL               = `/api/users/%d/group/%d`
	USERS_SEARCH_GROUP_URL           = `/api/users/%d/searchgroup`
	USERS_MFA_CLEAR_URL              = `/api/users/%d/mfa/clear`
	WS_STAT_URL                      = `/api/ws/stats`
	WS_SEARCH_URL                    = `/api/ws/search`
	WS_ATTACH_URL                    = `/api/ws/attach/%s`
	PARSE_URL                        = `/api/parse`
	API_VERSION_URL                  = `/api/version`
	GROUP_ID_URL                     = `/api/groups/%d`
	GROUP_MEMBERS_URL                = `/api/groups/%d/members`
	GROUP_DASHBOARD_URL              = `/api/groups/%d/dashboards`
	GROUP_MACROS_URL                 = `/api/groups/%d/macros`
	GROUP_URL                        = `/api/groups`
	SEARCH_CTRL_LIST_URL             = `/api/searchctrl`
	SEARCH_CTRL_LIST_DETAILS_URL     = `/api/searchctrl/details`
	SEARCH_CTRL_LIST_ALL_URL         = `/api/searchctrl/all`
	SEARCH_CTRL_URL                  = `/api/searchctrl/%s`
	SEARCH_CTRL_ATTACH_URL           = `/api/searchctrl/%s/attach`
	SEARCH_CTRL_DETAILS              = `/api/searchctrl/%s/details`
	SEARCH_CTRL_BACKGROUND_URL       = `/api/searchctrl/%s/background`
	SEARCH_CTRL_GROUP_URL            = `/api/searchctrl/%s/group`
	SEARCH_CTRL_GROUPS_URL           = `/api/searchctrl/%s/groups`
	SEARCH_CTRL_GLOBAL_URL           = `/api/searchctrl/%s/global`
	SEARCH_CTRL_SAVE_URL             = `/api/searchctrl/%s/save`
	SEARCH_CTRL_STOP_URL             = `/api/searchctrl/%s/stop`
	SEARCH_CTRL_DOWNLOAD_URL         = `/api/searchctrl/%s/download/%s`
	SEARCH_CTRL_PING_URL             = `/api/searchctrl/%s/ping`
	SEARCH_CTRL_DETACH_URL           = `/api/searchctrl/%s/detach`
	SEARCH_CTRL_STATS_URL            = `/api/searchctrl/%s/stats`
	SEARCH_CTRL_STATS_OVERVIEW_URL   = `/api/searchctrl/%s/stats/overview`
	SEARCH_CTRL_EXPLORE_URL          = `/api/searchctrl/%s/renderer/%s/explore`
	SEARCH_CTRL_IMPORT_URL           = `/api/searchctrl/import`
	SEARCH_CTRL_LAUNCH_URL           = `/api/searchctrl/launch`
	SEARCH_HISTORY_URL               = `/api/searchhistory/%s/%d`
	NOTIFICATIONS_URL                = `/api/notifications`
	NOTIFICATIONS_ID_URL             = `/api/notifications/%d`
	NOTIFICATIONS_SELF_TARGETED_URL  = `/api/notifications/targeted/self`
	LOGGING_PATH_URL                 = `/api/logging`
	TEST_URL                         = `/api/test`
	TEST_AUTH_URL                    = `/api/testauth`
	DASHBOARD_URL                    = `/api/dashboards/%v`
	DASHBOARD_MY_URL                 = `/api/dashboards`
	DASHBOARD_ALL_URL                = `/api/dashboards/all`
	DASHBOARD_CLONE_URL              = `/api/dashboards/%d/clone`
	MACROS_URL                       = `/api/macros`
	MACROS_ALL_URL                   = `/api/macros/all`
	MACROS_ID_URL                    = `/api/macros/%d`
	LICENSE_INFO_URL                 = `/api/license`
	LICENSE_SKU_URL                  = `/api/license/sku`
	LICENSE_SERIAL_URL               = `/api/license/serial`
	LICENSE_UPDATE_URL               = `/api/license/update`
	RESOURCES_LIST_URL               = "/api/resources"
	RESOURCES_GUID_URL               = "/api/resources/%s"
	RESOURCES_GUID_RAW_URL           = "/api/resources/%s/raw"
	RESOURCES_GUID_CLONE_URL         = "/api/resources/%s/clone"
	RESOURCES_LOOKUP_URL             = "/api/resources/lookup/%s"
	SCHEDULED_SEARCH_URL             = "/api/scheduledsearches"
	SCHEDULED_SEARCH_ALL_URL         = "/api/scheduledsearches/all"
	SCHEDULED_SEARCH_ID_URL          = "/api/scheduledsearches/%v"
	SCHEDULED_SEARCH_RESULTS_ID_URL  = "/api/scheduledsearches/%d/results"
	SCHEDULED_SEARCH_ERROR_ID_URL    = "/api/scheduledsearches/%d/error"
	SCHEDULED_SEARCH_STATE_ID_URL    = "/api/scheduledsearches/%d/state"
	SCHEDULED_SEARCH_CANCEL_ID_URL   = "/api/scheduledsearches/%d/cancel"
	SCHEDULED_SEARCH_USER_URL        = "/api/scheduledsearches/user/%d"
	SCHEDULED_SEARCH_CHECKIN_URL     = "/api/scheduledsearches/checkin"
	SCHEDULED_SEARCH_PARSE           = "/api/scheduledsearches/parse"
	FLOW_URL                         = "/api/flows"
	FLOW_ID_URL                      = "/api/flows/%v"
	FLOW_RESULTS_ID_URL              = "/api/flows/%d/results"
	FLOW_ERROR_ID_URL                = "/api/flows/%d/error"
	FLOW_STATE_ID_URL                = "/api/flows/%d/state"
	FLOW_CANCEL_ID_URL               = "/api/flows/%d/cancel"
	FLOW_USER_URL                    = "/api/flows/user/%d"
	FLOW_PARSE_URL                   = "/api/flows/parse"
	MAIL_URL                         = "/api/mail"
	MAIL_CONFIGURE_URL               = `/api/mail/configure`
	JSON_INGEST_URL                  = "/api/ingest/json"
	LINES_INGEST_URL                 = "/api/ingest/lines"
	INTERNAL_INGEST_URL              = "/api/ingest/internal"
	TEST_INGEST_URL                  = "/api/ingest/test"
	TAGS_URL                         = "/api/tags"
	INDEXER_MANAGE_ADD_URL           = "/api/indexer/manage/add"
	KIT_URL                          = `/api/kits`
	KIT_ID_URL                       = `/api/kits/%s`
	KIT_BUILD_URL                    = `/api/kits/build`
	KIT_BUILD_ID_URL                 = `/api/kits/build/%s`
	KIT_STATUS_URL                   = `/api/kits/status`
	KIT_STATUS_ID_URL                = `/api/kits/status/%s`
	KIT_REMOTE_LIST_URL              = `/api/kits/remote/list`
	KIT_REMOTE_LIST_ALL_URL          = `/api/kits/remote/list/all`
	KIT_BUILD_HISTORY_URL            = `/api/kits/build/history`
	KIT_BUILD_HISTORY_ID_URL         = `/api/kits/build/history/%s`
	EXTRACTORS_URL                   = `/api/autoextractors`
	EXTRACTORS_UPLOAD_URL            = `/api/autoextractors/upload`
	EXTRACTORS_TEST_URL              = `/api/autoextractors/test`
	EXTRACTORS_ID_URL                = `/api/autoextractors/%s`
	EXTRACTORS_SYNC_URL              = `/api/autoextractors/sync`
	EXTRACTORS_ENGINES_URL           = `/api/autoextractors/engines`
	EXPLORE_GENERATE_URL             = `/api/explore/generate`
	TEMPLATES_URL                    = "/api/templates"
	TEMPLATES_ID_URL                 = "/api/templates/%s"
	TEMPLATES_ID_DETAILS_URL         = "/api/templates/%s/details"
	PIVOTS_URL                       = "/api/pivots"
	PIVOTS_ID_URL                    = "/api/pivots/%s"
	PIVOTS_ID_DETAILS_URL            = "/api/pivots/%s/details"
	USER_FILES_URL                   = "/api/files"
	USER_FILES_ID_URL                = "/api/files/%s"
	USER_FILES_ID_DETAILS_URL        = "/api/files/%s/details"
	LIBRARY_URL                      = "/api/library"
	LIBRARY_ID_URL                   = "/api/library/%s"
	LIBS_URL                         = `/api/libs`
	CAPABILITY_LIST_URL              = `/api/info/capabilities`
	CAPABILITY_TEMPLATE_LIST_URL     = `/api/info/capabilities/templates`
	CAPABILITY_CURRENT_USER_LIST_URL = `/api/info/capabilities/my`
	CAPABILITY_CURRENT_USER_WHY_URL  = `/api/info/capabilities/why`
	CAPABILITY_USER_URL              = `/api/users/%d/capabilities`
	CAPABILITY_USER_WHY_URL          = `/api/users/%d/capabilities/why`
	CAPABILITY_GROUP_URL             = `/api/groups/%d/capabilities`
	GROUP_TAG_ACCESS_URL             = `/api/groups/%d/tags`
	USER_TAG_ACCESS_URL              = `/api/users/%d/tags`
	PLAYBOOKS_URL                    = `/api/playbooks`
	PLAYBOOKS_ID_URL                 = `/api/playbooks/%s`
	BACKUP_URL                       = `/api/backup`
	DEPLOYMENT_URL                   = `/api/deployment`
	TOKENS_URL                       = `/api/tokens`
	TOKENS_ID_URL                    = `/api/tokens/%s`
	TOKENS_CAPABILITIES_URL          = `/api/tokens/capabilities`
	SECRETS_URL                      = `/api/secrets`
	SECRETS_ID_URL                   = `/api/secrets/%s`
	SECRETS_ID_DETAILS_URL           = `/api/secrets/%s/details`
	SECRETS_ID_FULL_URL              = `/api/secrets/%s/full`
	SETTINGS_URL                     = `/api/settings`
	INGESTERS_TRACKING_URL           = `/api/ingesters/%s/tracking`
	CBAC_DEFAULT_URL                 = `/api/cbac/default`
	CBAC_DEFAULT_CAPABILITIES_URL    = `/api/cbac/default/capabilities`
	CBAC_DEFAULT_TAGS_URL            = `/api/cbac/default/tags`
	ALERTS_URL                       = `/api/alerts`
	ALERTS_ID_URL                    = `/api/alerts/%s`
	ALERTS_ID_SAMPLE_URL             = `/api/alerts/%s/sample`
	ALERTS_VALIDATE_DISPATCHER_URL   = `/api/alerts/validate/dispatcher`
	ALERTS_VALIDATE_CONSUMER_URL     = `/api/alerts/validate/consumer`
	// Special APIs for installing licenses
	LICENSE_INIT_UPLOAD = `/license`
	LICENSE_INIT_STATUS = `/license/status`
)
View Source
const (
	SEARCH_HISTORY_USER = `user`
)

Variables

View Source
var (
	ErrInvalidTestStatus error = errors.New("Invalid status on webserver test")
	ErrAccountLocked     error = errors.New(`Account is Locked`)
	ErrLoginFail         error = errors.New(`Username and Password are incorrect`)
	ErrMFARequired       error = errors.New(`MFA required`)
	ErrMFASetupRequired  error = errors.New(`MFA configuration required`)
	ErrNotSynced         error = errors.New(`Client has not been synced`)
	ErrNoLogin           error = errors.New("Not logged in")
	ErrEmptyUserAgent    error = errors.New("UserAgent cannot be empty")
)
View Source
var (
	ErrInvalidLogLevel = errors.New("Invalid logging level")
	Version            = VersionStruct{
		Major:    0,
		Minor:    1,
		Revision: 1,
	}
)
View Source
var (
	ErrNotAuthed = errors.New("Not Authed")
	ErrNotFound  = errors.New("Not Found")
)
View Source
var (
	ErrInvalidKitSize = errors.New("Kit is too small to upload")
)
View Source
var (
	ErrInvalidUserFileSize = errors.New("UserFile is too large to upload")
)
View Source
var (
	ErrMaxBodyDrained = errors.New("too many response bytes in body, closing")
)
View Source
var (
	ErrNotAdmin = errors.New("You are not an admin")
)
View Source
var (
	ErrSearchNotAttached = errors.New("search not attached")
)

Functions

This section is empty.

Types

type ActiveSession

type ActiveSession struct {
	JWT                  string
	LastNotificationTime time.Time
}

The ActiveSession structure represents a login session on the server. The JWT field contains a negotiated authentication token (with expiration).

type Client

type Client struct {
	// contains filtered or unexported fields
}

Client handles interaction with the server's REST APIs and websockets.

func New added in v3.8.19

func New(server string, enforceCertificate, useHttps bool) (*Client, error)

New connects to the specified server and returns a new Client object. The useHttps parameter enables or disables SSL. Setting enforceCertificate to false will disable SSL certificate validation, allowing self-signed certs.

func NewClient deprecated

func NewClient(server string, enforceCertificate, useHttps bool, objLogger objlog.ObjLog) (*Client, error)

NewClient connects to the specified server and returns a new Client object. The useHttps parameter enables or disables SSL. Setting enforceCertificate to false will disable SSL certificate validation, allowing self-signed certs.

Deprecated: Use New() or NewOpts() instead

func NewOpts added in v3.8.19

func NewOpts(opts Opts) (*Client, error)

func (*Client) AccessLogF

func (c *Client) AccessLogF(format string, a ...interface{}) error

AccessLogF submits a log message to the webserver at the Access log level.

func (*Client) AddDashboard

func (c *Client) AddDashboard(name, desc string, obj interface{}) (uint64, error)

AddDashboard creates a new dashboard and returns the ID. The obj parameter will be stored as the Data field of the dashboard.

func (*Client) AddExtraction

func (c *Client) AddExtraction(d types.AXDefinition) (id uuid.UUID, wrs []types.WarnResp, err error)

AddExtraction installs an autoextractor definition, returning the UUID of the new extraction or an error if it is invalid.

func (*Client) AddGroup

func (c *Client) AddGroup(name, desc string) error

AddGroup (admin-only) creates a new group with the given name and description.

func (*Client) AddIndexer

func (c *Client) AddIndexer(dialstring string) (map[string]string, error)

AddIndexer (admin-only) tells the webserver to connect to a new indexer. The indexer will be added to the list of indexers in the webserver's config file and persist in the future.

func (*Client) AddMacro

func (c *Client) AddMacro(m types.SearchMacro) (id uint64, err error)

AddMacro creates a new macro with the specified name and expansion, returning the ID of the newly-created macro.

func (*Client) AddPlaybook

func (c *Client) AddPlaybook(name, desc string, body []byte) (uuid.UUID, error)

AddPlaybook creates a new playbook with the specified name, description, and body, returning the UUID of the new playbook. Note that the UUID and GUID fields will be automatically chosen, but the GUID field may be updated later.

func (*Client) AddSelfTargetedNotification

func (c *Client) AddSelfTargetedNotification(notifType uint32, msg, link string, expiration time.Time) error

AddSelfTargetedNotification creates a new notification with the given type, message, link, and expiration. If expiration time is invalid, the webserver will instead set a default expiration.

func (*Client) AddUser

func (c *Client) AddUser(user, pass, name, email string, admin bool) error

AddUser (admin-only) creates a new user. The user and pass parameters specify login information. The name parameter is the user's real name and the email parameter is the user's email address. If 'admin' is set to true, the user will be flagged as an administrator.

func (*Client) AddUserFile

func (c *Client) AddUserFile(name, desc, pth string) (guid uuid.UUID, err error)

AddUserFile creates a new user file with the specified name and description. pth should point to a valid file on the local system.

func (*Client) AddUserFileDetails

func (c *Client) AddUserFileDetails(meta types.UserFileDetails, pth string) (guid uuid.UUID, err error)

AddUserFileDetails creates a new user file (uploaded from pth) with details set by the meta parameter.

func (*Client) AddUserToGroup

func (c *Client) AddUserToGroup(uid, gid int32) error

AddUserToGroup adds a user to a group.

func (*Client) AdminChangePass

func (c *Client) AdminChangePass(id int32, pass string) error

AdminChangePass (admin-only) changes the specified user's password without requiring the current password.

func (*Client) AdminClearUserMFA added in v3.8.35

func (c *Client) AdminClearUserMFA(uid int32) error

AdminClearUserMFA completely clears the specified user's MFA configuration. They will have to re-configure MFA on their next login.

func (*Client) AdminDeleteKit

func (c *Client) AdminDeleteKit(id string) (err error)

AdminDeleteKit is an admin-only function which can delete a kit owned by any user.

func (*Client) AdminListKits

func (c *Client) AdminListKits() (pkgs []types.IdKitState, err error)

AdminListKits is an admin-only function which lists all kits on the system. Non-administrators will get the same list as returned by ListKits.

func (*Client) AdminMode

func (c *Client) AdminMode() bool

AdminMode returns true if the ?admin=true parameter is set for API requests.

func (*Client) AllNotifications added in v3.8.37

func (c *Client) AllNotifications() (n types.NotificationSet, err error)

AllNotifications is an admin only API that retrieves all notifications for all users regardless of ownership and or ignored until status.

func (*Client) AllUserFiles

func (c *Client) AllUserFiles() (ufds []types.UserFileDetails, err error)

AllUserFiles pulls the complete list of all user files for the entire system. Non-administrators will receive the same list as returned by UserFiles.

func (*Client) AttachSearch

func (c *Client) AttachSearch(id string) (s Search, err error)

AttachSearch connects to an existing search (specified with the id parameter) and returns the associated Search object.

func (*Client) BackgroundSearch

func (c *Client) BackgroundSearch(sid string) error

BackgroundSearch will request that a search is backgrounded by ID

func (*Client) Backup

func (c *Client) Backup(wtr io.Writer, includeSS bool) (err error)

Backup generates a complete backup of all content on the Gravwell webserver and writes it out to the io.Writer provided. By default, scheduled searches / scheduled scripts are not included; set the 'includeSS' option to include them.

func (*Client) BackupWithConfig added in v3.8.18

func (c *Client) BackupWithConfig(wtr io.Writer, cfg types.BackupConfig) (err error)

func (*Client) BuildKit

func (c *Client) BuildKit(pbr types.KitBuildRequest) (r types.KitBuildResponse, err error)

BuildKit builds a new kit. The parameter 'pbr' contains information about the kit to be built, including lists of objects to include. On success, the returned KitBuildResponse will contain a UUID which can be used to download the kit via the KitDownloadRequest function.

func (*Client) CapabilityList

func (c *Client) CapabilityList() (cl []types.CapabilityDesc, err error)

CapabilityList returns a complete list of capabilities.

func (*Client) CapabilityTemplateList

func (c *Client) CapabilityTemplateList() (cl []types.CapabilityTemplate, err error)

CapabilityTemplateList returns a list of CBAC templates defined on the system.

func (*Client) CheckApiVersion

func (c *Client) CheckApiVersion() (string, error)

CheckApiVersion assert the REST API version of the webserver is compatible with the client.

func (*Client) ClearAdminMode

func (c *Client) ClearAdminMode()

ClearAdminMode unsets the ?admin=true parameter for future API requests.

func (*Client) ClearAllMFA added in v3.8.35

func (c *Client) ClearAllMFA(user, pass string, authtype types.AuthType, code string) error

ClearAllMFA completely clears the current user's MFA configuration, if allowed by site policy.

func (*Client) ClearFlowError added in v3.8.2

func (c *Client) ClearFlowError(id int32) error

ClearFlowError clears the error field on the specified scheduled search.

func (*Client) ClearFlowState added in v3.8.2

func (c *Client) ClearFlowState(id int32) error

ClearFlowState clears state variables on the specified scheduled search.

func (*Client) ClearScheduledSearchError

func (c *Client) ClearScheduledSearchError(id int32) error

ClearScheduledSearchError clears the error field on the specified scheduled search.

func (*Client) ClearScheduledSearchState

func (c *Client) ClearScheduledSearchState(id int32) error

ClearScheduledSearchState clears state variables on the specified scheduled search.

func (*Client) ClearUserScheduledSearches

func (c *Client) ClearUserScheduledSearches(uid int32) error

ClearUserScheduledSearches removes all scheduled searches belonging to the specified user

func (*Client) CloneDashboard

func (c *Client) CloneDashboard(origid uint64) (id uint64, err error)

CloneDashboard creates a copy of a dashboard and returns the ID of the new dashboard.

func (*Client) CloneResource

func (c *Client) CloneResource(guid string, newName string) (*types.ResourceMetadata, error)

CloneResource creates a copy of an existing resource (specified by GUID) with the Name field set to the newName parameter.

func (*Client) Close

func (c *Client) Close() error

Close shuts down the client and cleans up connections. It does NOT terminate sessions.

func (*Client) ConfigureMail

func (c *Client) ConfigureMail(user, pass, server string, port uint16, useTLS, noVerify bool) error

ConfigureMail sets up mail server options for the current user. The user, pass, server, and port parameters specify the mail server and authentication options for the server. The useTLS flag enables TLS for SMTP, and the noVerify flag disables checking of TLS certs.

func (*Client) CreateFlow added in v3.8.2

func (c *Client) CreateFlow(name, description, schedule, flow string, groups []int32) (int32, error)

CreateFlow makes a new flow and returns the ID. The parameters are:

- name: the flow name.

- description: the flow description.

- schedule: a cron-format schedule on which to execute the flow.

- flow: a valid JSON flow definition.

- groups: an optional array of groups which should be able to access this object.

func (*Client) CreateResource

func (c *Client) CreateResource(name, description string, global bool, groups []int32) (*types.ResourceMetadata, error)

CreateResource makes a new resource. The resource name and description are specified at creation time, as are the Global flag and an optional list of groups with which to share it. The return value contains information about the newly-created resource.

func (*Client) CreateScheduledScript

func (c *Client) CreateScheduledScript(name, description, schedule, script string, lang types.ScriptLang, groups []int32) (int32, error)

Create a scheduled search that executes a script instead of a search. The parameters are:

- name: the search name.

- description: the search description.

- schedule: a cron-format schedule on which to execute the search.

- script: a valid anko script.

- groups: an optional array of groups which should be able to access this object.

- lang: the language of scheduled script (anko, go)

func (*Client) CreateScheduledSearch

func (c *Client) CreateScheduledSearch(name, description, schedule string, searchreference uuid.UUID, searchquery string, duration time.Duration, groups []int32) (int32, error)

CreateScheduledSearch makes a new scheduled search and returns the ID. The parameters are:

- name: the search name.

- description: the search description.

- schedule: a cron-format schedule on which to execute the search.

- searchreference: a reference to a query library item. Cannot be combined with searchquery.

- searchquery: a valid search query string. Cannot be combined with searchreference.

- duration: the amount of time over which the query should be run.

func (*Client) CreateScheduledSearchFromObject added in v3.8.35

func (c *Client) CreateScheduledSearchFromObject(s types.ScheduledSearch) (int32, error)

CreateScheduledSearchFromObject makes a new scheduled search and returns the ID. The parameters are:

- s: A scheduled search object.

func (*Client) CreateSecret added in v3.8.16

func (c *Client) CreateSecret(sc types.SecretCreate) (sf types.Secret, err error)

CreateSecret instantiates and returns a new Secret. The actual secret string will not be returned.

func (*Client) CreateToken added in v3.8.5

func (c *Client) CreateToken(tc types.TokenCreate) (tf types.TokenFull, err error)

func (*Client) CurrentUserCapabilities

func (c *Client) CurrentUserCapabilities() (set []types.CapabilityDesc, err error)

CurrentUserCapabilities returns the list of capabilities enabled for the current user.

func (*Client) CurrentUserCapabilityExplanations added in v3.8.21

func (c *Client) CurrentUserCapabilityExplanations() (set []types.CapabilityExplanation, err error)

CurrentUserCapabilityExplanations returns the list of capabilities, marked up to explain whether or not a user has the capability and why.

func (*Client) DebugAddHeaderValue added in v3.8.27

func (c *Client) DebugAddHeaderValue(key, value string)

DebugAddHeaderValue can be used to inject header values into all requests; this function is primarily used for testing and forcing interactions with web application firewalls, security devices, and general testing. Key values must not be empty, empted values are allowed.

func (*Client) DebugAddQueryValue added in v3.8.27

func (c *Client) DebugAddQueryValue(key, value string)

DebugAddQueryValue can be used to URL parameters into all requests; this function is primarily used for testing and forcing interactions with web application firewalls, security devices, and general testing. Key values must not be empty, empted values are allowed.

func (*Client) DebugDeleteHeaderValue added in v3.8.27

func (c *Client) DebugDeleteHeaderValue(key string)

DebugDeleteHeaderValue can be used to remove a previously injected header value. See DebugAddHeaderValue for more information

func (*Client) DebugDeleteQueryValue added in v3.8.27

func (c *Client) DebugDeleteQueryValue(key string)

DebugDeleteQueryValue can be used to remove a previously injected query value. See DebugAddQueryValue for more information

func (*Client) DeleteAlert added in v3.8.23

func (c *Client) DeleteAlert(id uuid.UUID) (err error)

DeleteAlert deletes an alert. The id must be the ThingUUID, for precision.

func (*Client) DeleteBuildKit

func (c *Client) DeleteBuildKit(id string) (err error)

DeleteBuildKit removes a recently-built kit.

func (*Client) DeleteDashboard

func (c *Client) DeleteDashboard(id uint64) error

DeleteDashboard deletes the specified dashboard.

func (*Client) DeleteDashboardByGuid

func (c *Client) DeleteDashboardByGuid(id string) error

DeleteDashboardByGuid deletes a dashboard specified by GUID.

func (*Client) DeleteDefaultSearchGroup added in v3.8.9

func (c *Client) DeleteDefaultSearchGroup(uid int32) error

DeleteDefaultSearchGroup removes the default search group for a specified user Admins can delete any user's default search group, but regular users can only delete their own.

func (*Client) DeleteExtraction

func (c *Client) DeleteExtraction(uuid string) (wrs []types.WarnResp, err error)

DeleteExtraction deletes the specified autoextraction.

func (*Client) DeleteFlow added in v3.8.2

func (c *Client) DeleteFlow(id int32) error

DeleteFlow removes the specified flow.

func (*Client) DeleteGroup

func (c *Client) DeleteGroup(gid int32) error

DeleteGroup (admin-only) will delete a group.

func (*Client) DeleteKit

func (c *Client) DeleteKit(id string) (err error)

DeleteKit uninstalls a kit (specified by UUID). Note that if kit items have been modified, DeleteKit will return an error; use ForceDeleteKit to remove the kit regardless.

func (*Client) DeleteKitBuildHistory

func (c *Client) DeleteKitBuildHistory(id string) error

DeleteKitBuildHistory deletes a build history entry for the given ID e.g. "io.gravwell.foo"

func (*Client) DeleteKitEx added in v3.8.0

func (c *Client) DeleteKitEx(id string) ([]types.SourcedKitItem, error)

DeleteKitEx attempts to uninstall a kit. If kit items have been modified, it will return an error and a list of modified items. If nothing has been changed, it returns an empty list and a nil error.

func (*Client) DeleteMacro

func (c *Client) DeleteMacro(id uint64) error

DeleteMacro deletes a macro.

func (*Client) DeleteMailConfig added in v3.8.16

func (c *Client) DeleteMailConfig() error

DeleteMailConfig removes a users mail configuration fom preferences this completely uninstalls any mail configs

func (*Client) DeleteNotification added in v3.8.10

func (c *Client) DeleteNotification(id uint64) error

DeleteNotification will delete a notification using a notification ID

func (*Client) DeletePivot

func (c *Client) DeletePivot(guid uuid.UUID) (err error)

DeletePivot deletes the pivot with the specified GUID

func (*Client) DeletePlaybook

func (c *Client) DeletePlaybook(id uuid.UUID) error

DeletePlaybook deletes the playbook with the specified UUID or GUID.

func (*Client) DeletePreferences

func (c *Client) DeletePreferences(id int32) error

DeletePreferences clear's the specified user's preferences.

func (*Client) DeleteResource

func (c *Client) DeleteResource(guid string) error

DeleteResource removes a resource by GUID.

func (*Client) DeleteScheduledSearch

func (c *Client) DeleteScheduledSearch(id int32) error

DeleteScheduledSearch removes the specified scheduled search.

func (*Client) DeleteSearch

func (c *Client) DeleteSearch(sid string) error

DeleteSearch will request that a search is deleted by search ID

func (*Client) DeleteSearchLibrary

func (c *Client) DeleteSearchLibrary(id uuid.UUID) (err error)

DeleteSearchLibrary deletes a specific libary entry.

func (*Client) DeleteSecret added in v3.8.16

func (c *Client) DeleteSecret(id uuid.UUID) (err error)

DeleteSecret deletes a Secret.

func (*Client) DeleteTemplate

func (c *Client) DeleteTemplate(guid uuid.UUID) (err error)

DeleteTemplate deletes the template with the specified GUID

func (*Client) DeleteToken added in v3.8.5

func (c *Client) DeleteToken(id uuid.UUID) (err error)

func (*Client) DeleteUser

func (c *Client) DeleteUser(id int32) error

DeleteUser (admin-only) deletes the specified user.

func (*Client) DeleteUserFile

func (c *Client) DeleteUserFile(id uuid.UUID) (err error)

DeleteUserFile removes a user file by its GUID

func (*Client) DeleteUserFromGroup

func (c *Client) DeleteUserFromGroup(uid, gid int32) error

DeleteUserFromGroup removes a user from a group.

func (*Client) DeploymentInfo

func (c *Client) DeploymentInfo() (di types.DeploymentInfo, err error)

DistributedWebservers queries to determine if the webserver is in distributed mode and therefore using the datastore. This means that certain resource changes may take some time to fully distribute. This is an admin-only function.

func (*Client) DetachSearch

func (c *Client) DetachSearch(s Search)

DetachSearch disconnects the client from a search. This may lead to the search being garbage collected.

func (*Client) DialWebsocket

func (c *Client) DialWebsocket(pth string) (conn *websocket.Conn, resp *http.Response, err error)

DialWebsocket uses the client's auth tokens to connect to a websocket on the server, returning the websocket connection.

func (*Client) DownloadRequest

func (c *Client) DownloadRequest(url string) (resp *http.Response, err error)

DownloadRequest performs an authenticated GET request on the specified URL and hands back the http.Response object for the request.

func (*Client) DownloadRequestWithContext

func (c *Client) DownloadRequestWithContext(url string, ctx context.Context) (resp *http.Response, err error)

DownloadRequestWithContext performs an authenticated GET request on the specified URL and hands back the http.Response object for the request.

func (*Client) DownloadSearch

func (c *Client) DownloadSearch(sid string, tr types.TimeRange, format string) (r io.ReadCloser, err error)

DownloadSearch returns an io.ReadCloser which can be used to download the results of the search with the specified search ID. The tr parameter is the time frame over which to download results, and the format parameter specifies the desired download format ("json", "csv", "text", "pcap", "lookupdata", "ipexist", "archive")

func (*Client) ErrorLogF

func (c *Client) ErrorLogF(format string, a ...interface{}) error

ErrorLogF submits a log message to the webserver at the Error log level.

func (*Client) ExploreGenerate

func (c *Client) ExploreGenerate(tag string, ents []types.SearchEntry) (mp map[string][]types.GenerateAXResponse, err error)

ExploreGenerate takes a tag name and an array of one or more SearchEntry objects as arguments. It has the webserver attempt various data exploration extractions and returns a map of the results. The map keys are extraction modules, e.g. "json" or "winlog". The map values are arrays of GenerateAXResponse structures, each representing one possible extraction of the data, including an AX definition which can be installed if the user deems the extraction appropriate.

func (*Client) ExportLoginToken added in v3.8.6

func (c *Client) ExportLoginToken() (token string, err error)

func (*Client) ExtractionSupportedEngines

func (c *Client) ExtractionSupportedEngines() (v []string, err error)

ExtractionSupportedEngines returns a list of valid engines for use in autoextraction definitions.

func (*Client) ForceDeleteKit

func (c *Client) ForceDeleteKit(id string) (err error)

ForceDeleteKit uninstalls a kit (specified by UUID) regardless of any changes made since installation.

func (*Client) ForgetIngester added in v3.8.20

func (c *Client) ForgetIngester(id uuid.UUID) (err error)

func (*Client) GenerateRecoveryCodes added in v3.8.35

func (c *Client) GenerateRecoveryCodes(user, pass string, authtype types.AuthType, code string) (codes types.RecoveryCodes, err error)

GenerateRecoveryCodes regenerates the user's recovery codes.

func (*Client) GetAlert added in v3.8.23

func (c *Client) GetAlert(id uuid.UUID) (result types.AlertDefinition, err error)

GetAlert returns the definition for a specific alert. The id passed can be either a ThingUUID, which will always return a specific alert, or a GUID, in which case the webserver will attempt to resolve the "most appropriate" alert with that GUID.

func (*Client) GetAlertSampleEvent added in v3.8.23

func (c *Client) GetAlertSampleEvent(id uuid.UUID) (result types.Event, err error)

GetAlertSampleEvent asks the webserver to generate a sample event for the given alert.

func (*Client) GetAlerts added in v3.8.23

func (c *Client) GetAlerts() (result []types.AlertDefinition, err error)

GetAlerts returns a list of alerts the user has access to. As admin, set the admin flag (c.SetAdminMode) to get a list of all alerts on the system.

func (*Client) GetAlertsByConsumer added in v3.8.30

func (c *Client) GetAlertsByConsumer(consumerID string, consumerType types.AlertConsumerType) (result []types.AlertDefinition, err error)

GetAlertsByConsumer returns a list of alerts who refer to the specified consumer. consumerID should be the *ID* of the a flow, not the *GUID*. Basically, this lets you ask: which alerts will launch *this specific flow*.

func (*Client) GetAlertsByDispatcher added in v3.8.30

func (c *Client) GetAlertsByDispatcher(dispatcherID string, dispatcherType types.AlertDispatcherType) (result []types.AlertDefinition, err error)

GetAlertsByDispatcher returns a list of alerts who refer to the specified dispatcher. dispatcherID should be the *ID* of the a scheduled search, not the *GUID*. Basically, this lets you ask: which alerts will be invoked by *this specific scheduled search*.

func (*Client) GetAllDashboards

func (c *Client) GetAllDashboards() ([]types.Dashboard, error)

GetAllDashboards (admin-only) returns a list of all dashboards on the system.

func (*Client) GetAllMacros

func (c *Client) GetAllMacros() ([]types.SearchMacro, error)

GetAllMacros (admin-only) returns all macros on the system.

func (*Client) GetAllPlaybooks

func (c *Client) GetAllPlaybooks() (pbs []types.Playbook, err error)

GetAllPlaybooks (admin-only) returns all playbooks for all users. Non-administrators will receive the same list as returned by GetUserPlaybooks.

func (*Client) GetAllPreferences

func (c *Client) GetAllPreferences() (types.UserPreferences, error)

GetAllPreferences (admin-only) fetches preferences for all users.

func (*Client) GetAllResourceList

func (c *Client) GetAllResourceList() (rm []types.ResourceMetadata, err error)

GetAllResourceList is an admin-only API to pull back the entire resource list. Non-administrators will receive the same list as returned by GetResourceList.

func (*Client) GetAllScheduledSearches

func (c *Client) GetAllScheduledSearches() ([]types.ScheduledSearch, error)

GetAllScheduledSearches (admin-only) returns all scheduled searches on the system.

func (*Client) GetAllUsers

func (c *Client) GetAllUsers() ([]types.UserDetails, error)

GetAllUsers returns information about all users on the system.

func (*Client) GetApiVersion added in v3.8.1

func (c *Client) GetApiVersion() (types.ApiInfo, error)

GetApiVersion returns the REST API version of the webserver.

func (*Client) GetAttachSockets

func (c *Client) GetAttachSockets() (*SearchSockets, error)

GetAttachSockets will hit the search routing websocket page and pull back only the attach socket.

func (*Client) GetAvailableEntryCount

func (c *Client) GetAvailableEntryCount(s Search) (uint64, bool, error)

GetAvailableEntryCount returns the number of output entries for the specified search. The second return value is a boolean indicating if the search has finished or not.

func (*Client) GetCalendarStats added in v3.8.25

func (c *Client) GetCalendarStats(start, end time.Time, wells []string) ([]types.CalendarEntry, error)

GetCalendarStats gets day-by-day calendar statistics for the given wells.

func (*Client) GetChartResults

func (c *Client) GetChartResults(s Search, start, end uint64) (resp types.ChartResponse, err error)

GetChartResults queries a range of search results from the chart renderer. It returns a types.ChartResponse structure containing the results (see the Entries field).

func (*Client) GetChartTsRange

func (c *Client) GetChartTsRange(s Search, start, end time.Time, first, last uint64) (types.ChartResponse, error)

GetChartTsRange queries search results for a time range from the chart renderer. It returns a types.ChartResponse structure containing the results (see the Entries field) The 'first' and 'last' parameters specify indexes of entries to fetch within the timespan specified.

func (*Client) GetDashboard

func (c *Client) GetDashboard(id uint64) (types.Dashboard, error)

GetDashboard fetches a dashboard by numeric ID.

func (*Client) GetDashboardByGuid

func (c *Client) GetDashboardByGuid(guid string) (types.Dashboard, error)

GetDashboardByGuid fetches a dashboard by GUID.

func (*Client) GetDefaultSearchGroup added in v3.8.9

func (c *Client) GetDefaultSearchGroup(uid int32) (gid int32, err error)

GetDefaultSearchGroup returns the specified users default search group Admins can get any user's default search group, but regular users can only get their own.

func (*Client) GetEntries

func (c *Client) GetEntries(s Search, start, end uint64) ([]types.StringTagEntry, error)

GetEntries fetches results from a search. These results have the Tag field represented as a string rather than the numeric representation used internally. Note that GetEntries is really only suitable for searches using the raw, text, or hex renderers. Results from the table renderer will also be restructured as entries, but other renderers are not supported.

func (*Client) GetExploreEntries

func (c *Client) GetExploreEntries(s Search, start, end uint64) ([]types.SearchEntry, []types.ExploreResult, error)

GetExploreEntries takes the same arguments as GetEntries (a search + start and end indices), but in addition to the array of SearchEntries, it returns an array of ExploreResult objects. Each ExploreResult corresponds to the SearchEntry at the same index.

func (*Client) GetExtraction added in v3.8.21

func (c *Client) GetExtraction(uuid string) (d types.AXDefinition, err error)

GetExtraction returns a particular extraction by UUID

func (*Client) GetExtractions

func (c *Client) GetExtractions() (dfs []types.AXDefinition, err error)

GetExtractions returns the list of autoextraction definitions available to the current user.

func (*Client) GetFdgResults

func (c *Client) GetFdgResults(s Search, start, end uint64) (types.FdgResponse, error)

GetFdgResults queries a range of search results from the FDG renderer. It returns a types.FdgResponse structure containing the results (see the Entries field).

func (*Client) GetFdgTsRange

func (c *Client) GetFdgTsRange(s Search, start, end time.Time, first, last uint64) (types.FdgResponse, error)

GetFdgTsRange queries search results for a time range from the fdg renderer. It returns a types.FdgResponse structure containing the results (see the Entries field) The 'first' and 'last' parameters specify indexes of entries to fetch within the timespan specified.

func (*Client) GetFlow added in v3.8.2

func (c *Client) GetFlow(id interface{}) (types.ScheduledSearch, error)

GetFlow returns the flow with the given ID. The ID is an interface{} to allow the user to specify either the flow's int32 "ID" or its UUID "GUID" field.

func (*Client) GetFlowList added in v3.8.2

func (c *Client) GetFlowList() ([]types.ScheduledSearch, error)

GetFlowhList returns flows the user has access to.

func (*Client) GetFullSecret added in v3.8.16

func (c *Client) GetFullSecret(id uuid.UUID) (s types.SecretFull, err error)

GetFullSecret fetches the entire Secret, including the value. This can only be used if you have authenticated using the searchagent token. The search agent knows how to set up the Client object correctly for this. If you are not writing something which acts like the search agent, you don't want this function, it won't work.

func (*Client) GetGaugeResults

func (c *Client) GetGaugeResults(s Search, start, end uint64) (types.GaugeResponse, error)

GetGaugeResults queries a range of search results from the gauge or numbercard renderers. It returns a types.GaugeResponse structure containing the results (see the Entries field).

func (*Client) GetGaugeTsRange

func (c *Client) GetGaugeTsRange(s Search, start, end time.Time, first, last uint64) (types.GaugeResponse, error)

GetGaugeTsRange queries search results for a time range from the gauge renderer. It returns a types.GaugeResponse structure containing the results (see the Entries field) The 'first' and 'last' parameters specify indexes of entries to fetch within the timespan specified.

func (*Client) GetGroup

func (c *Client) GetGroup(id int32) (types.GroupDetails, error)

GetGroup returns information about the specified group.

func (*Client) GetGroupCapabilities

func (c *Client) GetGroupCapabilities(gid int32) (cs types.CapabilityState, err error)

GetGroupCapabilities (admin-only) returns the list of capabilities enabled for a given group.

func (*Client) GetGroupDashboards

func (c *Client) GetGroupDashboards(id int32) ([]types.Dashboard, error)

GetGroupDashboards returns a list of all dashboards shared with the specified group. Only admins or members of the group may call this function.

func (*Client) GetGroupList

func (c *Client) GetGroupList() ([]types.GroupDetails, error)

GetGroupList gets a listing of groups with basic info like GID, name, desc.

func (*Client) GetGroupMacros

func (c *Client) GetGroupMacros(id int32) ([]types.SearchMacro, error)

GetGroupMacros returns macros shared with the specified group.

func (*Client) GetGroupMap

func (c *Client) GetGroupMap() (map[int32]string, error)

GetGroupMap returns a map of GID to group name for every group on the system.

func (*Client) GetGroupTagAccess

func (c *Client) GetGroupTagAccess(gid int32) (ta types.TagAccess, err error)

GetGroupTagAccess (admin-only) returns the tag access restrictions for the specified group.

func (*Client) GetGroupUsers

func (c *Client) GetGroupUsers(gid int32) ([]types.UserDetails, error)

ListGroupUsers will return user details for all members of a group. Only administrators or members of the group may call this function.

func (*Client) GetGroups

func (c *Client) GetGroups() ([]types.GroupDetails, error)

GetGroups returns information about all groups on the system.

func (*Client) GetGuiSettings added in v3.8.8

func (c *Client) GetGuiSettings() (types.GUISettings, error)

func (*Client) GetHeatmapResults

func (c *Client) GetHeatmapResults(s Search, start, end uint64, fence types.Geofence) (types.HeatmapResponse, error)

GetHeatmapResults queries a range of search results from the heatmap renderer. It returns a types.HeatmapResponse structure containing the results (see the Entries field). The fence parameter is an option geofence to apply to the results.

func (*Client) GetHeatmapTsRange

func (c *Client) GetHeatmapTsRange(s Search, start, end time.Time, first, last uint64, fence types.Geofence) (types.HeatmapResponse, error)

GetHeatmapTsRange queries search results for a time range from the heatmap renderer. It returns a types.HeatmapResponse structure containing the results (see the Entries field) The 'first' and 'last' parameters specify indexes of entries to fetch within the timespan specified. The fence parameter is an option geofence to apply to the results.

func (*Client) GetHexResults

func (c *Client) GetHexResults(s Search, start, end uint64) (types.TextResponse, error)

GetHexResults queries a range of search results from the hex renderer. It returns a types.TextResponse structure containing the results (see the Entries field)

func (*Client) GetHexTsRange

func (c *Client) GetHexTsRange(s Search, start, end time.Time, first, last uint64) (types.TextResponse, error)

GetHexTsRange queries search results for a time range from the hex renderer. It returns a types.TextResponse structure containing the results (see the Entries field). The 'first' and 'last' parameters specify indexes of entries to fetch within the timespan specified.

func (*Client) GetIndexStats

func (c *Client) GetIndexStats() (map[string]types.IdxStats, error)

GetIndexStats gets statistics for all the indexes on all connected indexers.

func (*Client) GetIndexerCalendarStats added in v3.8.25

func (c *Client) GetIndexerCalendarStats(indexer uuid.UUID, start, end time.Time, wells []string) ([]types.CalendarEntry, error)

GetIndexerCalendarStats gets day-by-day calendar statistics for a given indexer and given wells.

func (*Client) GetIndexerStorageStats added in v3.8.25

func (c *Client) GetIndexerStorageStats(indexer uuid.UUID) (map[string]types.PerWellStorageStats, error)

GetIndexerStorageStats gets storage statistics for the given indexer..

func (*Client) GetIngesterStats

func (c *Client) GetIngesterStats() (map[string]types.IngestStats, error)

GetIngesterStats gets statistics for all ingesters tied to each indexer.

func (*Client) GetLibFile

func (c *Client) GetLibFile(repo, commit, fn string) (bts []byte, err error)

GetLibFile fetches the contents of a particular SOAR library file, as used in scheduled search scripts. The repo and commit arguments are optional. Examples:

c.GetLibFile("https://github.com/gravwell/libs", "cd9d6c5", "alerts/email.ank")
c.GetLibFile("", "", "utils/links.ank")

func (*Client) GetLicenseDistributionState

func (c *Client) GetLicenseDistributionState() (ds types.LicenseDistributionStatus, err error)

GetLicenseDistributionState checks the distribution status of a newly-uploaded license during the initial setup of a Gravwell cluster. This function MUST be called after calling InitLicense; when the status returned is "done", Gravwell is ready for use.

func (*Client) GetLicenseInfo

func (c *Client) GetLicenseInfo() (li types.LicenseInfo, err error)

GetLicenseInfo returns information about the currently installed license.

func (*Client) GetLicenseSKU

func (c *Client) GetLicenseSKU() (sku string, err error)

GetLicenseSKU returns the SKU for the license in use.

func (*Client) GetLicenseSerial

func (c *Client) GetLicenseSerial() (serial string, err error)

GetLicenseSerial returns the serial number for the current license.

func (*Client) GetLogLevel

func (c *Client) GetLogLevel() (string, error)

GetLogLevel is an admin-only function which returns the webserver's enabled log level.

Valid levels: "Off", "Error", "Warn", "Info", "Web Access".

func (*Client) GetMFAInfo added in v3.8.35

func (c *Client) GetMFAInfo() (resp types.MFAInfo, err error)

GetMFAInfo returns information about the system's MFA policies and the user's MFA setup.

func (*Client) GetMacro

func (c *Client) GetMacro(id uint64) (types.SearchMacro, error)

GetMacro returns detailed about a particular macro.

func (*Client) GetMyPreferences

func (c *Client) GetMyPreferences(obj interface{}) error

GetMyPreferences gets the current user's preferences into obj.

func (*Client) GetNumbercardResults

func (c *Client) GetNumbercardResults(s Search, start, end uint64) (types.GaugeResponse, error)

GetNumbercardResults queries a range of search results from the gauge or numbercard renderers. It returns a types.GaugeResponse structure containing the results (see the Entries field).

func (*Client) GetNumbercardTsRange

func (c *Client) GetNumbercardTsRange(s Search, start, end time.Time, first, last uint64) (types.GaugeResponse, error)

GetNumbercardTsRange queries search results for a time range from the gauge or numbercard renderers. It returns a types.GaugeResponse structure containing the results (see the Entries field) The 'first' and 'last' parameters specify indexes of entries to fetch within the timespan specified.

func (*Client) GetP2PResults

func (c *Client) GetP2PResults(s Search, start, end uint64, fence types.Geofence) (types.P2PResponse, error)

GetP2PResults queries a range of search results from the point2point renderer. It returns a types.P2PResponse structure containing the results (see the Entries field). The fence parameter is an option geofence to apply to the results.

func (*Client) GetP2PTsRange

func (c *Client) GetP2PTsRange(s Search, start, end time.Time, first, last uint64, fence types.Geofence) (types.P2PResponse, error)

GetP2PTsRange queries search results for a time range from the point2point renderer. It returns a types.P2PResponse structure containing the results (see the Entries field) The 'first' and 'last' parameters specify indexes of entries to fetch within the timespan specified. The fence parameter is an option geofence to apply to the results.

func (*Client) GetPcapResults

func (c *Client) GetPcapResults(s Search, start, end uint64) (types.TextResponse, error)

GetPcapResults queries a range of search results from the pcap renderer. It returns a types.TextResponse structure containing the results (see the Entries field).

func (*Client) GetPcapTsRange

func (c *Client) GetPcapTsRange(s Search, start, end time.Time, first, last uint64) (types.TextResponse, error)

GetPcapTsRange queries search results for a time range from the pcap renderer. It returns a types.TextResponse structure containing the results (see the Entries field). The 'first' and 'last' parameters specify indexes of entries to fetch within the timespan specified.

func (*Client) GetPingStates

func (c *Client) GetPingStates() (map[string]string, error)

GetPingStates gets the connected/disconnected state of each indexer.

func (*Client) GetPivot

func (c *Client) GetPivot(guid uuid.UUID) (pivot types.WirePivot, err error)

GetPivot returns a types.WirePivot with the requested GUID. Because unique GUIDs are not enforced, the following precedence is used when selecting a pivot to return: 1. Pivots owned by the user always have highest priority 2. Pivots shared with a group to which the user belongs are next 3. Global pivots are the lowest priority

func (*Client) GetPlaybook

func (c *Client) GetPlaybook(id uuid.UUID) (types.Playbook, error)

GetPlaybook fetches the playbook with the specified UUID or GUID.

func (*Client) GetPointmapResults

func (c *Client) GetPointmapResults(s Search, start, end uint64, fence types.Geofence) (types.PointmapResponse, error)

GetPointmapResults queries a range of search results from the pointmap renderer. It returns a types.PointmapResponse structure containing the results (see the Entries field). The fence parameter is an option geofence to apply to the results.

func (*Client) GetPointmapTsRange

func (c *Client) GetPointmapTsRange(s Search, start, end time.Time, first, last uint64, fence types.Geofence) (types.PointmapResponse, error)

GetPointmapTsRange queries search results for a time range from the pointmap renderer. It returns a types.PointmapResponse structure containing the results (see the Entries field) The 'first' and 'last' parameters specify indexes of entries to fetch within the timespan specified. The fence parameter is an option geofence to apply to the results.

func (*Client) GetPreferences

func (c *Client) GetPreferences(id int32, obj interface{}) error

GetPreferences fetches the preferences structure for the user and unpacks them into obj.

func (*Client) GetRawResults

func (c *Client) GetRawResults(s Search, start, end uint64) (types.TextResponse, error)

GetRawResults queries a range of search results from the raw renderer. It returns a types.TextResponse structure containing the results (see the Entries field).

func (*Client) GetRawTsRange

func (c *Client) GetRawTsRange(s Search, start, end time.Time, first, last uint64) (types.TextResponse, error)

GetRawTsRange queries search results for a time range from the raw renderer. It returns a types.TextResponse structure containing the results (see the Entries field). The 'first' and 'last' parameters specify indexes of entries to fetch within the timespan specified.

func (*Client) GetRefinedSearchHistory

func (c *Client) GetRefinedSearchHistory(s string) ([]types.SearchLog, error)

GetRefinedSearchHistory retrieves the current search history for the currently logged in user narrowed to searches containing the substring s. It only pulls back searches invoked by the individual user.

func (*Client) GetResource

func (c *Client) GetResource(name string) ([]byte, error)

GetResource returns the contents of the resource with the specified name. The name can be either the user-friendly Name field, or a stringified GUID. Because resources can be shared, and resources are not required to have globally-unique names, the following precedence is used when selecting a resource by user-friendly name: 1. Resources owned by the user always have highest priority 2. Resources shared with a group to which the user belongs are next 3. Global resources are the lowest priority

func (*Client) GetResourceList

func (c *Client) GetResourceList() (rm []types.ResourceMetadata, err error)

GetResourceList returns information about all resources the user can access.

func (*Client) GetResourceMetadata added in v3.8.14

func (c *Client) GetResourceMetadata(guid string) (*types.ResourceMetadata, error)

GetResourceMetadata gets the specified resource's metadata.

func (*Client) GetScheduledSearch

func (c *Client) GetScheduledSearch(id interface{}) (types.ScheduledSearch, error)

GetScheduledSearch returns the scheduled search with the given ID. The ID is an interface{} to allow the user to specify either the int32 "ID" or the UUID "GUID" field.

func (*Client) GetScheduledSearchList

func (c *Client) GetScheduledSearchList() ([]types.ScheduledSearch, error)

GetScheduledSearchList returns scheduled searches the user has access to.

func (*Client) GetSearchAgentCheckin added in v3.8.31

func (c *Client) GetSearchAgentCheckin() (ci types.SearchAgentCheckin, err error)

GetSearchAgentCheckin finds out when the most recent searchagent checkin was.

func (*Client) GetSearchHistory

func (c *Client) GetSearchHistory() ([]types.SearchLog, error)

GetSearchHistory retrieves the current search history for the currently logged in user. It only pulls back searches invoked by the individual user.

func (*Client) GetSearchHistoryRange

func (c *Client) GetSearchHistoryRange(start, end int) ([]types.SearchLog, error)

GetSearchHistoryRange retrieves paginated search history for the currently logged in user. The start and end parameters are indexes into the search history, with 0 representing the most recent search.

func (*Client) GetSearchLibrary added in v3.8.6

func (c *Client) GetSearchLibrary(id uuid.UUID) (sl types.WireSearchLibrary, err error)

GetSearchLibrary returns a query which matches the UUID given. It first checks for a query with a matching ThingUUID. If that is not found, it looks for a query with a matching GUID, prioritizing queries belonging to the current user.

func (*Client) GetSearchMetadata

func (c *Client) GetSearchMetadata(s Search) (sm types.SearchMetadata, err error)

GetSearchMetadata request the enumerated value metadata stats from a search. The metadata stats contain some basic survey info about enumerated values in the pipeline. The survey info may contain numerical info such as min and max for numbers and a sample of enumerated value values for non-numerical types.

func (*Client) GetSearchSockets

func (c *Client) GetSearchSockets() (*SearchSockets, error)

GetSearchSockets will hit the search routing websocket page and pull back the parse, search, and attach subprotocols.

func (*Client) GetStackGraphResults

func (c *Client) GetStackGraphResults(s Search, start, end uint64) (types.StackGraphResponse, error)

GetStackGraphResults queries a range of search results from the stackgraph renderer. It returns a types.StackGraphResponse structure containing the results (see the Entries field).

func (*Client) GetStackGraphTsRange

func (c *Client) GetStackGraphTsRange(s Search, start, end time.Time, first, last uint64) (types.StackGraphResponse, error)

GetStackGraphTsRange queries search results for a time range from the stackgraph renderer. It returns a types.StackGraphResponse structure containing the results (see the Entries field) The 'first' and 'last' parameters specify indexes of entries to fetch within the timespan specified.

func (*Client) GetStatSocket

GetStatSocket will connect to the websocketRouter and get the subProto client for the stats socket only.

func (*Client) GetStorageStats added in v3.8.25

func (c *Client) GetStorageStats() (map[string]types.StorageStats, error)

GetStorageStats gets storage statistics for all indexers.

func (*Client) GetSystemDescriptions

func (c *Client) GetSystemDescriptions() (map[string]types.SysInfo, error)

GetSystemDescriptions hits the static page to hand back system descriptions for all active indexers and the webserver.

func (*Client) GetSystemStats

func (c *Client) GetSystemStats() (map[string]types.SysStats, error)

GetSystemStats gets the system statistics from each active indexer.

func (*Client) GetTOTPSetup added in v3.8.35

func (c *Client) GetTOTPSetup(user, pass string) (types.MFATOTPSetupResponse, error)

GetTOTPSetup requests the parameters necessary for configuring TOTP when the user does not have any MFA set up at all.

func (*Client) GetTOTPSetupEx added in v3.8.35

func (c *Client) GetTOTPSetupEx(user, pass string, authtype types.AuthType, code string) (types.MFATOTPSetupResponse, error)

GetTOTPSetupEx requests the parameters necessary for configuring TOTP. If any form of MFA is already configured for that account, a valid authtype and MFA code must be specified in addition to username and password. If MFA is not set up, "AUTH_TYPE_NONE" may be passed along with an empty code.

func (*Client) GetTableResults

func (c *Client) GetTableResults(s Search, start, end uint64) (types.TableResponse, error)

GetTableResults queries a range of search results from the table renderer. It returns a types.TableResponse structure containing the results (see the Entries field)

func (*Client) GetTableTsRange

func (c *Client) GetTableTsRange(s Search, start, end time.Time, first, last uint64) (types.TableResponse, error)

GetTableTsRange queries search results for a time range from the table renderer. It returns a types.TableResponse structure containing the results (see the Entries field) The 'first' and 'last' parameters specify indexes of entries to fetch within the timespan specified.

func (*Client) GetTags

func (c *Client) GetTags() ([]string, error)

GetTags returns an array of strings representing the tags on the Gravwell system.

func (*Client) GetTemplate

func (c *Client) GetTemplate(guid uuid.UUID) (template types.WireUserTemplate, err error)

GetTemplate returns a types.WireUserTemplate with the requested GUID. Because unique GUIDs are not enforced, the following precedence is used when selecting a template to return: 1. Templates owned by the user always have highest priority 2. Templates shared with a group to which the user belongs are next 3. Global templates are the lowest priority

func (*Client) GetTextResults

func (c *Client) GetTextResults(s Search, first, last uint64) (types.TextResponse, error)

GetTextResults queries a range of search results from the text, hex, or raw renderers. It returns a types.TextResponse structure containing the results (see the Entries field)

func (*Client) GetTextTsRange

func (c *Client) GetTextTsRange(s Search, start, end time.Time, first, last uint64) (types.TextResponse, error)

GetTextTsRange queries search results for a time range from the text, hex, or raw renderers. It returns a types.TextResponse structure containing the results (see the Entries field) The 'first' and 'last' parameters specify indexes of entries to fetch within the timespan specified.

func (*Client) GetUserCapabilities

func (c *Client) GetUserCapabilities(uid int32) (cs types.CapabilityState, err error)

GetUserCapabilities (admin-only) returns the list of capabilities enabled for the specified user.

func (*Client) GetUserCapabilityExplanations added in v3.8.21

func (c *Client) GetUserCapabilityExplanations(uid int32) (cs []types.CapabilityExplanation, err error)

GetUserCapabilityExplanations (admin-only) returns the list of capabilities enabled for the specified user & why

func (*Client) GetUserDashboards

func (c *Client) GetUserDashboards(id int32) ([]types.Dashboard, error)

GetUserDashboards returns a list of all dashboards belonging to the specified user. Only admins or the user in question may call this function.

func (*Client) GetUserFile

func (c *Client) GetUserFile(id uuid.UUID) (bts []byte, err error)

GetUserFile downloads a file with the given GUID and hands back its contents

func (*Client) GetUserFileDetails added in v3.8.17

func (c *Client) GetUserFileDetails(id uuid.UUID) (dets types.UserFileDetails, err error)

GetUserFileDetails fetches info about a particular file by GUID or ThingUUID.

func (*Client) GetUserGroups

func (c *Client) GetUserGroups(uid int32) ([]types.GroupDetails, error)

ListGroups returns information about groups to which the user belongs.

func (*Client) GetUserGroupsDashboards

func (c *Client) GetUserGroupsDashboards() ([]types.Dashboard, error)

GetUserGroupsDashboards returns a list of all dashboards the current user can view.

func (*Client) GetUserGroupsMacros

func (c *Client) GetUserGroupsMacros() ([]types.SearchMacro, error)

GetUserGroupsMacros returns all macros accessible to the current user.

func (*Client) GetUserInfo

func (c *Client) GetUserInfo(id int32) (types.UserDetails, error)

GetUserInfo (admin-only) gets information about a specific user.

func (*Client) GetUserList

func (c *Client) GetUserList() ([]types.UserDetails, error)

GetUserList gets a listing of users with basic info like UID, name, email, etc.

func (*Client) GetUserMacros

func (c *Client) GetUserMacros(id int32) ([]types.SearchMacro, error)

GetUserMacros returns macros belonging to the specified user.

func (*Client) GetUserMap

func (c *Client) GetUserMap() (map[int32]string, error)

GetUserMap returns a map of UID to username for every user on the system.

func (*Client) GetUserPlaybooks

func (c *Client) GetUserPlaybooks() ([]types.Playbook, error)

GetUserPlaybooks returns all playbooks accessible to the current user.

func (*Client) GetUserScheduledSearches

func (c *Client) GetUserScheduledSearches(uid int32) ([]types.ScheduledSearch, error)

GetUserScheduledSearches returns all scheduled searches belonging to the specified user.

func (*Client) GetUserSearchHistory

func (c *Client) GetUserSearchHistory(uid int32) ([]types.SearchLog, error)

GetUserSearchHistory retrieves the current search history for the specified user. Only admins may request search history for users besides themselves.

func (*Client) GetUserTagAccess

func (c *Client) GetUserTagAccess(uid int32) (ta types.TagAccess, err error)

GetUserTagAccess (admin-only) returns the tag access restrictions for the specified user.

func (*Client) Groups

func (c *Client) Groups() (gps []types.GroupDetails, err error)

Groups returns the current user's group memberships.

func (*Client) HasCapability added in v3.8.20

func (c *Client) HasCapability(cp types.Capability) bool

HasCapability checks if the client contains a given capability, if the capability list is not yet populated

func (*Client) Impersonate

func (c *Client) Impersonate(uid int32) (nc *Client, err error)

Impersonate is an admin-only function which can be used to execute commands as another user, similar to the `su` command on Unix. It returns a Client object which is authenticated as the specified user.

func (*Client) ImportLoginToken

func (c *Client) ImportLoginToken(token string) (err error)

ImportLoginToken takes an existing JWT token and loads it into the client. The token is not validated by the client at this point; use the TestLogin function to verify that the token is valid. If you need to save and restore sessions, consider using the SessionData and InheritSession functions instead.

func (*Client) ImportSearch

func (c *Client) ImportSearch(rdr io.Reader, gid int32) (err error)

ImportSearch uploads an archived search to Gravwell. The gid parameter specifies a group to share with, if desired.

func (*Client) ImportSearchBatchInfo added in v3.7.1

func (c *Client) ImportSearchBatchInfo(rdr io.Reader, gid int32, name, info string) (err error)

ImportSearchBatchInfo uploads an archived search to Gravwell with optional batch information. The gid parameter specifies a group to share with, if desired. The name and info parameters are optional extended batch information

func (*Client) InfoLogF

func (c *Client) InfoLogF(format string, a ...interface{}) error

InfoLogF submits a log message to the webserver at the Info log level.

func (*Client) Ingest added in v3.7.5

func (c *Client) Ingest(rdr io.Reader, tag, src string, ignoreTimestamp, assumeLocalTimezone bool) (resp types.IngestResponse, err error)

func (*Client) IngestEntries

func (c *Client) IngestEntries(entries []types.StringTagEntry) error

IngestEntries takes an array of entries and uploads them to the webserver, which will then distribute them out to its indexers. Returns the number of ingested entries and any error.

func (*Client) IngestFile

func (c *Client) IngestFile(file, tag, src string, ignoreTimestamp, assumeLocalTimezone bool) (resp types.IngestResponse, err error)

IngestFile uploads the contents of a file on disk and ingests them.

The 'file' argument should point at a valid file on disk containing line-delimited log entries, a pcap packet capture, or JSON as downloaded from Gravwell search results.

'tag' is the tag to use, and 'src' should be a string containing a valid IP address.

If 'ignoreTimestamp' is set, all entries will be tagged with the current time.

If 'assumeLocalTimezone' is set, any timezone information in the data will be ignored and timestamps will be assumed to be in the Gravwell server's local timezone.

func (*Client) IngestInternal added in v3.8.0

func (c *Client) IngestInternal(entries []types.StringTagEntry) error

IngestInternal is used to perform ingest on internal logs for external components. Things like the searchagent and other drone controllers can use this to get their internal logs into the the gravwell tag without an ingest connection. This API requires admin status.

func (*Client) InheritSession

func (c *Client) InheritSession(sess *ActiveSession) (bool, error)

InheritSession loads an ActiveSession object into the client and verifies that the session data is still valid. Session objects may be retrieved using the SessionData function, serialized to a file, and later restored using InheritSession to implement basic persistent session functionality.

func (*Client) InitLicense

func (c *Client) InitLicense(b []byte) error

InitLicense uploads the contents of a Gravwell license. It will return nil if the license is valid and accepted by Gravwell. After calling InitLicense, you MUST use GetLicenseDistributionState to verify that Gravwell has distributed the license to the indexers and is ready to use.

func (*Client) InstallKit

func (c *Client) InstallKit(id string, cfg types.KitConfig) (err error)

InstallKit tells the webserver to install a staged kit. The id parameter is the UUID of the staged kit. The cfg parameter provides install-time options.

func (*Client) InstallTOTPSetup added in v3.8.35

func (c *Client) InstallTOTPSetup(user, pass, code string) (types.MFATOTPInstallResponse, error)

InstallTOTPSetup installs the parameters requested by GetTOTPSetup. The code parameter should be generated from the URL in the reponse.

func (*Client) IsAdmin

func (c *Client) IsAdmin() (bool, error)

IsAdmin checks if the logged-in user is an admin.

func (*Client) KitDownloadRequest

func (c *Client) KitDownloadRequest(id string) (*http.Response, error)

KitDownloadRequest initiates a download for the specified kit and returns the associated http.Response structure. The kit is available in the Body field of the response.

func (*Client) KitInfo

func (c *Client) KitInfo(id uuid.UUID) (ki types.IdKitState, err error)

KitInfo returns information about a particular installed/staged kit, specified by the kit's UUID.

func (*Client) KitStatuses

func (c *Client) KitStatuses() (statuses []types.InstallStatus, err error)

KitStatuses returns the statuses of any ongoing or completed kit installations.

func (*Client) LicenseInitRequired

func (c *Client) LicenseInitRequired() bool

LicenseInitRequired returns true if the Gravwell cluster requires a license. If true, use InitLicense to upload a valid license file.

func (*Client) ListAllPivots

func (c *Client) ListAllPivots() (pivots []types.WirePivot, err error)

ListAllPivots returns the list of all pivots in the system Non-administrators will receive the same list as returned by ListPivots.

func (*Client) ListAllSearchLibrary

func (c *Client) ListAllSearchLibrary() (wsl []types.WireSearchLibrary, err error)

ListAllSearchLibrary (admin-only) returns the list of all search library entries for all users. Non-administrators will receive the same list as returned by ListSearchLibrary.

func (*Client) ListAllSearchStatuses

func (c *Client) ListAllSearchStatuses() ([]types.SearchCtrlStatus, error)

ListAllSearchStatuses returns a list of all searches on the system. Only admin users can use this function.

func (*Client) ListAllTemplates

func (c *Client) ListAllTemplates() (templates []types.WireUserTemplate, err error)

ListAllTemplates returns the list of all templates in the system. Non-administrators will receive the same list as returned by ListTemplates.

func (*Client) ListKitBuildHistory

func (c *Client) ListKitBuildHistory() (hist []types.KitBuildRequest, err error)

ListKitBuildHistory returns KitBuildRequests for all kits previously built by the user. Note that only the most recent build request is stored for each unique kit ID (e.g. "io.gravwell.foo").

func (*Client) ListKits

func (c *Client) ListKits() (pkgs []types.IdKitState, err error)

ListKits returns a list of all installed and staged kits.

func (*Client) ListPivots

func (c *Client) ListPivots() (pivots []types.WirePivot, err error)

ListPivots returns a list of pivots accessible to the current user.

func (*Client) ListRemoteKits

func (c *Client) ListRemoteKits(all bool) (mds []types.KitMetadata, err error)

ListRemoteKits returns a list of kits available on the kit server.

func (*Client) ListSearchDetails added in v3.8.17

func (c *Client) ListSearchDetails() ([]types.SearchInfo, error)

ListSearchDetails returns details for all searches the current user has access to and their current status. If the admin flag is set (by calling SetAdminMode()) this will return info for all searches on the system.

func (*Client) ListSearchLibrary

func (c *Client) ListSearchLibrary() (wsl []types.WireSearchLibrary, err error)

ListSearchLibrary returns the list of queries in the search library available to the user.

func (*Client) ListSearchStatuses

func (c *Client) ListSearchStatuses() ([]types.SearchCtrlStatus, error)

ListSearchStatuses returns a list of all searches the current user has access to and their current status.

func (*Client) ListSecrets added in v3.8.16

func (c *Client) ListSecrets() (s []types.Secret, err error)

ListSecrets returns a list of all Secret objects the user has access to. The actual secret string will not be returned.

func (*Client) ListTemplates

func (c *Client) ListTemplates() (templates []types.WireUserTemplate, err error)

ListTemplates returns a list of templates accessible to the current user.

func (*Client) ListTokens added in v3.8.5

func (c *Client) ListTokens() (ts []types.Token, err error)

func (*Client) LockUserAccount

func (c *Client) LockUserAccount(id int32) error

LockUserAccount (admin-only) locks a user account. The user will be unable to log in until unlocked, and all existing sessions will be terminated.

func (*Client) LoggedIn

func (c *Client) LoggedIn() bool

LoggedIn returns true if the client is in an authenticated state.

func (*Client) Login

func (c *Client) Login(user, pass string) error

Login authenticates the client to the webserver using the specified username and password.

func (*Client) LoginEx added in v3.8.35

func (c *Client) LoginEx(user, pass string) (types.LoginResponse, error)

LoginEx acts like Login but returns the LoginResponse received from the server. If login was successful, the client's JWT *will* be updated.

func (*Client) LoginWithAPIToken added in v3.8.30

func (c *Client) LoginWithAPIToken(token string) (err error)

func (*Client) Logout

func (c *Client) Logout() error

Logout terminates the current session on the server.

func (*Client) LogoutAll

func (c *Client) LogoutAll() error

LogoutAll asks the server to terminate the current session and every other session for our user.

func (*Client) LookupGroup added in v3.8.19

func (c *Client) LookupGroup(groupname string) (gd types.GroupDetails, err error)

LookupGroup looks up a GroupDetails object given a group name if the group name is not found, ErrNotFound is returned

func (*Client) LookupResourceGUID

func (c *Client) LookupResourceGUID(name string) (string, error)

LookupResourceGUID attempts to resolve the GUID for a resource with the specified user-friendly name. It follows precedence as defined on the GetResource method.

func (*Client) LookupUser added in v3.8.19

func (c *Client) LookupUser(username string) (ud types.UserDetails, err error)

LookupUser looks up a UserDetails object given a username if the username is not found, ErrNotFound is returned

func (*Client) MFALogin added in v3.8.35

func (c *Client) MFALogin(user, pass string, authtype types.AuthType, code string) (types.LoginResponse, error)

func (*Client) MailConfig added in v3.8.17

func (c *Client) MailConfig() (mc types.UserMailConfig, err error)

MailConfig retrieves the current mail config if no mail config is set an empty UserMailConfig is returned Even on a valid mail config the Password portion is not present in the response

func (*Client) ModifyKit added in v3.8.22

func (c *Client) ModifyKit(id string, cfg types.KitConfig) (report types.KitModifyReport, err error)

ModifyKit tells the webserver to change parameters on an installed kit. The id parameter is the UUID of the installed kit. The cfg parameter provides the desired changes, with the following fields being respected: Global, InstallationGroup, and Labels.

func (*Client) MyAdminStatus

func (c *Client) MyAdminStatus() bool

MyAdminStatus returns true if the current user is marked as an administrator.

func (*Client) MyInfo

func (c *Client) MyInfo() (types.UserDetails, error)

MyInfo returns the current user's information.

func (*Client) MyNewNotificationCount

func (c *Client) MyNewNotificationCount() (int, error)

MyNewNotificationCount returns the number of new notifications since the last read notification.

func (*Client) MyNewNotifications

func (c *Client) MyNewNotifications() (types.NotificationSet, error)

MyNewNotifications returns notifications which have not been previously read. Calling MyNewNotifications updates the last-read notification.

func (*Client) MyNotificationCount

func (c *Client) MyNotificationCount() (int, error)

MyNotificationCount returns the number of notifications for the current user.

func (*Client) MyNotifications

func (c *Client) MyNotifications() (types.NotificationSet, error)

MyNotifications returns all notifications for the current user. Calling MyNotifications updates the last-read notification.

func (*Client) MySessions

func (c *Client) MySessions() ([]types.Session, error)

MySessions returns an array of the current user's sessions.

func (*Client) MyUID

func (c *Client) MyUID() int32

MyUID returns the current user's numeric user ID.

func (*Client) NewAlert added in v3.8.23

func (c *Client) NewAlert(def types.AlertDefinition) (result types.AlertDefinition, err error)

NewAlert creates a new alert.

func (*Client) NewPivot

func (c *Client) NewPivot(guid uuid.UUID, name, description string, contents types.RawObject) (storedGuid uuid.UUID, err error)

NewPivot creates a new pivot with the given GUID, name, description, contents. If guid is set to uuid.Nil, a random GUID will be chosen automatically.

func (*Client) NewSearchLibrary

func (c *Client) NewSearchLibrary(sl types.WireSearchLibrary) (wsl types.WireSearchLibrary, err error)

NewSearchLibrary creates a new search library entry for the current user.

func (*Client) NewTemplate

func (c *Client) NewTemplate(guid uuid.UUID, name, description string, contents types.RawObject) (details types.WireUserTemplate, err error)

NewTemplate creates a new template with the given GUID, name, description, contents. If guid is set to uuid.Nil, a random GUID will be chosen automatically.

func (*Client) ParseFlow added in v3.8.2

func (c *Client) ParseFlow(flow string) (outputPayloads map[int]map[string]interface{}, err error)

ParseFlow asks the API to check a flow. If there is no error, outputPayloads will be a map containing the outputs of each node, keyed by the node ID.

func (*Client) ParseReactiveFlow added in v3.8.23

func (c *Client) ParseReactiveFlow(flow string, event types.Event) (outputPayloads map[int]map[string]interface{}, err error)

ParseReactiveFlow asks the API to check a flow as if triggered by an alert. The event parameter will be injected into the initial payload under the name `event`. If there is no error, outputPayloads will be a map containing the outputs of each node, keyed by the node ID.

func (*Client) ParseScheduledScript

func (c *Client) ParseScheduledScript(data string, lang types.ScriptLang) (line, column int, err error)

ParseScheduledScript asks the API to parse a script given an ID if there is no error line and column will have a return value of 0 if there is an error, err will be populated and potentially a line and column if the error was in the script

func (*Client) ParseSearch

func (c *Client) ParseSearch(query string) (err error)

ParseSearch validates a search query. Gravwell will return an error if the query is not valid.

func (*Client) ParseSearchWithResponse

func (c *Client) ParseSearchWithResponse(query string, filters []types.FilterRequest) (psr types.ParseSearchResponse, err error)

ParseSearchWithResponse behaves as ParseSearch, but it returns the ParseSearchResponse which contains detailed information about how Gravwell parsed out the search.

func (*Client) PopulateResource

func (c *Client) PopulateResource(guid string, data []byte) error

PopulateResource updates the contents of the resource with the specified GUID.

func (*Client) PopulateResourceFromReader

func (c *Client) PopulateResourceFromReader(guid string, data io.Reader) (err error)

PopulateResourceFromReader updates the contents of the specified resource using data read from an io.Reader rather than a slice of bytes.

func (*Client) PullKit

func (c *Client) PullKit(guid uuid.UUID) (pc types.KitState, err error)

PullKit tells the webserver to stage the kit with the specified GUID for installation, pulling the kit from the kit server. A KitState object containing information about the kit is returned on success.

func (*Client) PurgeUser added in v3.8.6

func (c *Client) PurgeUser(id int32) error

PurgeUser will first enumerate every asset that is owned by the user and delete them then it will delete the user. This is an admin-only function.

func (*Client) PutMyPreferences

func (c *Client) PutMyPreferences(obj interface{}) error

PutMyPreferences updates the current user's preferences with obj.

func (*Client) PutPreferences

func (c *Client) PutPreferences(id int32, obj interface{}) error

PutPreferences updates the specified user's preferences with obj.

func (*Client) RefreshLoginToken added in v3.7.5

func (c *Client) RefreshLoginToken() (err error)

RefreshLoginToken will ask the webserver to refresh the login state this means we get a new JWT and cookie and discard the old one. The client must be logged in to use this API

func (*Client) RequestTimeout

func (c *Client) RequestTimeout() (time.Duration, error)

RequestTimeout returns the current client request timeout value.

func (*Client) Restore

func (c *Client) Restore(rdr io.Reader) (err error)

Restore reads a backup archive from rdr and unpacks it on the Gravwell server.

func (*Client) RestoreEncrypted added in v3.8.18

func (c *Client) RestoreEncrypted(rdr io.Reader, password string) (err error)

RestoreEncrypted reads a backup archive from rdr and unpacks it on the Gravwell server.

func (*Client) SaveSearch

func (c *Client) SaveSearch(sid string, ssp ...types.SaveSearchPatch) error

SaveSearch will request that a search is saved by ID, an optional SaveSearchPatch can be sent to modify the expiration or search name and notes

func (*Client) ScheduledSearchCheckin

func (c *Client) ScheduledSearchCheckin(cfg types.SearchAgentConfig) error

ScheduledSearchCheckin (admin-only) informs the webserver that the search agent is active.

func (*Client) SearchDownloadRequest

func (c *Client) SearchDownloadRequest(id, format string, tr types.TimeRange) (resp *http.Response, err error)

SearchDownloadRequest initiates a download of search results. The id parameter specifies the search to download. The format should be a supported download format for the search's renderer ("json", "csv", "text", "pcap", "lookupdata", "ipexist", "archive"). The tr parameter is the time frame over which results should be downloaded.

func (*Client) SearchDownloadRequestWithContext

func (c *Client) SearchDownloadRequestWithContext(id, format string, tr types.TimeRange, ctx context.Context) (resp *http.Response, err error)

SearchDownloadRequestWithContext initiates a download of search results. The id parameter specifies the search to download. The format should be a supported download format for the search's renderer ("json", "csv", "text", "pcap", "lookupdata", "ipexist", "archive"). The tr parameter is the time frame over which results should be downloaded.

func (*Client) SearchInfo

func (c *Client) SearchInfo(sid string) (types.SearchInfo, error)

SearchInfo requests the search info for a given search ID

func (*Client) SearchStatus added in v3.8.21

func (c *Client) SearchStatus(sid string) (types.SearchCtrlStatus, error)

SearchStatus requests the status of a given search ID

func (*Client) SecretInfo added in v3.8.16

func (c *Client) SecretInfo(id uuid.UUID) (s types.Secret, err error)

SecretInfo fetches information about a particular Secret. The actual secret string will not be returned.

func (*Client) SendMail

func (c *Client) SendMail(from string, to []string, subject string, body string, attch []types.UserMailAttachment) error

SendMail sends an email with the specified parameters using the mail server configuration defined for the current user. Note that the email will be sent from the webserver, not the system running the client code.

func (*Client) SendPrebuiltMail

func (c *Client) SendPrebuiltMail(msg types.UserMail) error

SendPrebuiltMail operates as SendMail, but takes a pre-populated types.UserMail object as an argument instead of discrete arguments.

func (*Client) Server

func (c *Client) Server() string

func (*Client) ServerIP

func (c *Client) ServerIP() net.IP

ServerIP attempts to return an IP address for the webserver. If it cannot resolve the hostname, it will return an unspecified IP

func (Client) SessionData

func (c Client) SessionData() (ActiveSession, error)

SessionData returns a structure containing auth tokens for the current login session.

func (*Client) Sessions

func (c *Client) Sessions(id int32) ([]types.Session, error)

Sessions lists sessions for the specified user.

func (*Client) SetAdmin

func (c *Client) SetAdmin(id int32, admin bool) error

SetAdmin (admin-only) changes the admin status for the user with the given ID.

func (*Client) SetAdminMode

func (c *Client) SetAdminMode()

SetAdminMode sets the ?admin=true parameter on future API requests. Note that setting this parameter has no effect for non-admin users. Admin users should use this parameter carefully, as it gives access to objects belonging to other users and makes it easy to break things.

func (*Client) SetDefaultSearchGroup

func (c *Client) SetDefaultSearchGroup(uid int32, gid int32) error

SetDefaultSearchGroup will set the specified user's default search group. Admins can set any user's default search group, but regular users can only set their own.

func (*Client) SetGlobal added in v3.8.43

func (c *Client) SetGlobal(sid string, global bool) error

SetGlobal is an admin-only function to toggle sharing of results with the entire system.

func (*Client) SetGroup

func (c *Client) SetGroup(sid string, gid int32) error

SetGroup will set the GID of the group which can read the search. Setting it to 0 will disable group access. Deprecated: use SetGroups instead

func (*Client) SetGroupCapabilities

func (c *Client) SetGroupCapabilities(gid int32, cs types.CapabilityState) (err error)

SetGroupCapabilities (admin-only) sets the capability list for a group.

func (*Client) SetGroupTagAccess

func (c *Client) SetGroupTagAccess(gid int32, ta types.TagAccess) (err error)

SetGroupTagAccess (admin-only) sets the tag access rules for a group.

func (*Client) SetGroups added in v3.8.43

func (c *Client) SetGroups(sid string, gids []int32) error

SetGroups sets the list of groups that can read the search

func (*Client) SetLogLevel

func (c *Client) SetLogLevel(level string) error

SetLogLevel is an admin-only function which sets the webserver's logging level.

Valid levels: "Off", "Error", "Warn", "Info", "Web Access".

func (*Client) SetNoCache added in v3.8.27

func (c *Client) SetNoCache(v bool)

SetNoCache enables or disables Cache-Control headers on requests

func (*Client) SetPivot

func (c *Client) SetPivot(guid uuid.UUID, pivot types.WirePivot) (details types.WirePivot, err error)

SetPivot allows the owner of a pivot (or an admin) to update the contents of the pivot.

func (*Client) SetRequestTimeout

func (c *Client) SetRequestTimeout(to time.Duration) error

SetRequestTimeout overrides the client request timeout value. The timeout defaults to a very high value because large downloads may take significant time.

func (*Client) SetTemplate

func (c *Client) SetTemplate(guid uuid.UUID, template types.WireUserTemplate) (details types.WireUserTemplate, err error)

SetTemplate allows the owner of a template (or an admin) to update the contents of the template.

func (*Client) SetUserAgent

func (c *Client) SetUserAgent(v string) error

SetUserAgent changes the User-Agent field the client sends with requests (default: “GravwellCLI”).

func (*Client) SetUserCapabilities

func (c *Client) SetUserCapabilities(uid int32, cs types.CapabilityState) (err error)

SetUserCaapbilities (admin-only) sets a user's capabilities to the provided list.

func (*Client) SetUserTagAccess

func (c *Client) SetUserTagAccess(uid int32, ta types.TagAccess) (err error)

SetUserTagAccess (admin-only) sets the tag access rules for a user.

func (*Client) StartBackgroundSearch

func (c *Client) StartBackgroundSearch(query string, start, end time.Time, nohistory bool) (s Search, err error)

StartBackgroundSearch launches a backgrounded search with the given query and the specified start and end times. If "nohistory" is set, the search will be hidden in the user's search history; if false, it will be visible.

func (*Client) StartFilteredSearch

func (c *Client) StartFilteredSearch(query string, start, end time.Time, nohistory bool, filters []types.FilterRequest) (s Search, err error)

StartFilteredSearch launches a foregrounded search with the given query and start/end. The filters parameter is an array of filters; these will be automatically inserted into the query during the parse phase. If "nohistory" is set, the search will be hidden in the user's search history; if false, it will be visible.

func (*Client) StartSearch

func (c *Client) StartSearch(query string, start, end time.Time, nohistory bool) (s Search, err error)

StartSearch launches a foregrounded search with the given query and start/end. If "nohistory" is set, the search will be hidden in the user's search history; if false, it will be visible.

func (*Client) StartSearchEx added in v3.7.1

func (c *Client) StartSearchEx(sr types.StartSearchRequest) (s Search, err error)

StartSearchExtended launches a search using a StartSearchRequest object This function grants the maximum amount of control over the search starting process

func (*Client) State added in v3.8.35

func (c *Client) State() ClientState

State returns the current, enumerated status of the client

func (*Client) StopSearch

func (c *Client) StopSearch(id string) (err error)

StopSearch asks the search to stop progressing through the underlying data. The renderer maintains any data it currently has and the query is entirely usable, The data feed is just stopped. Issuing a Stop command to a query that is done has no affect. Meaning that if you attached to an archived search and issue a stop nothing happens. Requests to stop queries that you don't own return an error unless the caller is an admin

func (*Client) Sync

func (c *Client) Sync() (err error)

Sync fetches some useful information for local reference, such as user details. It is typically not necessary to call this function; in the past, you had to call Sync immediately after authenticating, but the Login function now fetches the same information automatically.

func (*Client) TOTPClear added in v3.8.35

func (c *Client) TOTPClear(user, pass string, authtype types.AuthType, code string) error

TOTPClear deletes the user's TOTP setup. Note that this may return an error if another MFA method is not configured.

func (*Client) TOTPLogin added in v3.8.35

func (c *Client) TOTPLogin(user, pass, code string) (types.LoginResponse, error)

TOTPLogin does a login using TOTP as the second factor.

func (*Client) Test

func (c *Client) Test() error

Test checks if the webserver is responding to HTTP requests.

func (*Client) TestAddExtraction

func (c *Client) TestAddExtraction(d types.AXDefinition) (wrs []types.WarnResp, err error)

TestAddExtraction validates an autoextractor definition.

func (*Client) TestGet

func (c *Client) TestGet(path string) error

TestGet performs a GET request to the specified URL path, e.g. `/api/test`. It returns nil for response code 200 or an error otherwise.

func (*Client) TestIngest added in v3.8.6

func (c *Client) TestIngest() (err error)

TestIngest returns whether or not this client is allowed to ingest data if ingest is allowed err will be nil

func (*Client) TestLogin

func (c *Client) TestLogin() error

TestLogin checks if the client is successfully logged in, indicated by a nil return value.

func (*Client) TokenCapabilities added in v3.8.5

func (c *Client) TokenCapabilities() (cl []string, err error)

func (*Client) TokenInfo added in v3.8.5

func (c *Client) TokenInfo(id uuid.UUID) (t types.Token, err error)

func (*Client) UnlockUserAccount

func (c *Client) UnlockUserAccount(id int32) error

LockUserAccount (admin-only) unlocks a user account.

func (*Client) UpdateAlert added in v3.8.23

func (c *Client) UpdateAlert(def types.AlertDefinition) (result types.AlertDefinition, err error)

UpdateAlert modifies an alert. Make sure to have ThingUUID set, as this is used to resolve the appropriate alert to modify.

func (*Client) UpdateDashboard

func (c *Client) UpdateDashboard(db *types.Dashboard) error

UpdateDashboard takes a types.Dashboard as an argument and updates the corresponding dashboard on the server to match.

func (*Client) UpdateExtraction

func (c *Client) UpdateExtraction(d types.AXDefinition) (wrs []types.WarnResp, err error)

UpdateExtraction modifies an existing autoextractor. The UUID field of the definition passed in must match the UUID of an existing definition owned by the user.

func (*Client) UpdateFlow added in v3.8.2

func (c *Client) UpdateFlow(ss types.ScheduledSearch) error

UpdateFlow is used to modify an existing flow.

func (*Client) UpdateFlowResults added in v3.8.2

func (c *Client) UpdateFlowResults(ss types.ScheduledSearch) error

UpdateFlowResults is used to update the flow after it has been run. It only updates the LastRun, LastRunDuration, LastSearchIDs, and LastError fields.

func (*Client) UpdateGroup

func (c *Client) UpdateGroup(gid int32, gdet types.GroupDetails) error

UpdateGroup (admin-only) will update the specified group's details.

func (*Client) UpdateMacro

func (c *Client) UpdateMacro(m types.SearchMacro) error

UpdateMacro modifies an existing macro.

func (*Client) UpdateMetadata

func (c *Client) UpdateMetadata(guid string, metadata types.ResourceMetadata) error

UpdateMetadata sets the specified resource's metadata.

func (*Client) UpdateNotification added in v3.8.10

func (c *Client) UpdateNotification(id uint64, n types.Notification) error

UpdateNotification will update a notification using a notification ID

func (*Client) UpdatePlaybook

func (c *Client) UpdatePlaybook(m types.Playbook) error

UpdatePlaybook modifies an existing playbook. The UUID or GUID field of the parameter must match an existing playbook on the system that the user has access to.

func (*Client) UpdateScheduledSearch

func (c *Client) UpdateScheduledSearch(ss types.ScheduledSearch) error

UpdateScheduledSearch is used to modify an existing scheduled search.

func (*Client) UpdateScheduledSearchResults

func (c *Client) UpdateScheduledSearchResults(ss types.ScheduledSearch) error

UpdateScheduledSearchResults is used to update the scheduled search after it has been run. It only updates the PersistentMaps, LastRun, LastRunDuration, LastSearchIDs, and LastError fields

func (*Client) UpdateSearchLibrary

func (c *Client) UpdateSearchLibrary(sl types.WireSearchLibrary) (nsl types.WireSearchLibrary, err error)

UpdateSearchLibrary updates a specific search library entry.

func (*Client) UpdateSecret added in v3.8.16

func (c *Client) UpdateSecret(id uuid.UUID, value string) (s types.Secret, err error)

UpdateSecret changes the value of a particular secret. The actual secret string will not be returned.

func (*Client) UpdateSecretDetails added in v3.8.17

func (c *Client) UpdateSecretDetails(id uuid.UUID, sc types.SecretCreate) (s types.Secret, err error)

UpdateSecretDetails changes the details (not the value) of a particular secret. The actual secret string will not be returned.

func (*Client) UpdateToken added in v3.8.5

func (c *Client) UpdateToken(id uuid.UUID, tr types.TokenCreate) (t types.Token, err error)

func (*Client) UpdateUserFile

func (c *Client) UpdateUserFile(id uuid.UUID, pth string) (err error)

UpdateUserFile will push a new user file with name and description to the given GUID

func (*Client) UpdateUserFileMetadata

func (c *Client) UpdateUserFileMetadata(id uuid.UUID, uf types.UserFileDetails) (err error)

UpdateUserFileMetadata will change every field of the user file but not the actual contents of the file

func (*Client) UpdateUserInfo

func (c *Client) UpdateUserInfo(id int32, user, name, email string) error

AdminUpdateInfo changes basic information about the specified user. Admins can set any user's info, but regular users can only set their own.

func (*Client) UploadExtraction

func (c *Client) UploadExtraction(b []byte) (wrs []types.WarnResp, err error)

UploadExtraction uploads a TOML-formatted byteslice containing one or more autoextractor definitions. Gravwell will parse these definitions and install or update autoextractors as appropriate.

func (*Client) UploadKit

func (c *Client) UploadKit(p string) (pc types.KitState, err error)

UploadKit stages a kit file for installation. The parameter 'p' should be the path of a kit file on disk. A KitState object containing information about the kit is returned on success.

func (*Client) UploadLicenseFile

func (c *Client) UploadLicenseFile(f string) ([]types.LicenseUpdateError, error)

UploadLicenseFile is an admin-only function to upload a new license to the Gravwell system. It takes a path to a license file as the argument.

func (*Client) UserChangePass

func (c *Client) UserChangePass(id int32, orig, pass string) error

UserChangePass changes the given user's password. Any user may change their own password, but they must know the current password.

func (*Client) UserFiles

func (c *Client) UserFiles() (ufds []types.UserFileDetails, err error)

UserFiles lists all the user files the logged in account has access to

func (*Client) ValidateAlertFlowConsumer added in v3.8.23

func (c *Client) ValidateAlertFlowConsumer(flowID uuid.UUID, alert types.AlertDefinition) (resp types.AlertConsumerValidateResponse, err error)

ValidateAlertFlowConsumer validates an existing flow against a given alert, making sure it does not consume any fields not provided by the schema.

func (*Client) ValidateAlertScheduledSearchDispatcher added in v3.8.23

func (c *Client) ValidateAlertScheduledSearchDispatcher(ssearchID uuid.UUID, schema types.AlertSchemas) (resp types.AlertDispatcherValidateResponse, err error)

ValidateAlertScheduledSearchDispatcher validates an existing scheduled search against a given schema.

func (*Client) WaitForSearch

func (c *Client) WaitForSearch(s Search) (err error)

WaitForSearch sleeps until the given search is complete. If the search fails for some reason, WaitForSearch will return an error describing the reason for the failure.

func (*Client) WarnLogF

func (c *Client) WarnLogF(format string, a ...interface{}) error

WarnLogF submits a log message to the webserver at the Warn log level.

func (*Client) WellData

func (c *Client) WellData() (mp map[string]types.IndexerWellData, err error)

WellData returns information about the storage wells on the indexers. The return value is a map of indexer name strings to IndexerWellData objects.

type ClientError added in v3.8.23

type ClientError struct {
	Status     string
	StatusCode int
	ErrorBody  string
}

func (*ClientError) Error added in v3.8.23

func (e *ClientError) Error() string

type ClientState added in v3.8.35

type ClientState uint16
const (
	// Client states
	STATE_NEW        ClientState = iota
	STATE_AUTHED     ClientState = iota
	STATE_CLOSED     ClientState = iota
	STATE_LOGGED_OFF ClientState = iota
)

func (ClientState) String added in v3.8.35

func (cs ClientState) String() string

type Opts added in v3.8.19

type Opts struct {
	Server                 string
	UseHttps               bool
	InsecureNoEnforceCerts bool
	ObjLogger              objlog.ObjLog
}
type Search struct {
	ID        string
	RenderMod string

	types.StartSearchRequest
	// contains filtered or unexported fields
}

Search represents an search on the Gravwell system.

func (*Search) Exchange added in v3.8.6

func (s *Search) Exchange(req, resp interface{}) (err error)

func (*Search) Ping added in v3.8.11

func (s *Search) Ping() error

Ping sends a message via the search's websockets (if present) to keep the sockets open. If you intend to run a search and then wait a long time before interacting with it further, you should periodically call Ping() to keep the connection alive.

type SearchSockets

SearchSockets wraps up several different websocket subprotocols. Depending on the function used to obtain the SearchSockets object, not all subprotocols may be populated--refer to the individual function's documentation.

type VersionStruct

type VersionStruct struct {
	Major    uint16
	Minor    uint16
	Revision uint16
}

func (VersionStruct) String

func (v VersionStruct) String() string

String returns the version in the format <Major>.<Minor>.<Revision>, e.g. "4.1.0".

Directories

Path Synopsis
kits
Package kits provides tools for interacting with kit archives directly.
Package kits provides tools for interacting with kit archives directly.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL