manager

package
v0.0.0-...-6432196 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 30, 2022 License: MIT Imports: 8 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type FindingFilter 

type FindingFilter func(*FindingManager)

FindingFilter is a function that can be used to filter findings when calling GetFindings. Ie: 

  fm := NewFindingManager(ctx, cfg)
	fm.GetFindings(
		WithWorkflowStatus("NEW"),
		WithRecordState("ACTIVE"),
		WithResourceType("AwsS3Bucket"),
	)

See filters.go for a list of available filters.

func WithComplianceStatus 

func WithComplianceStatus(status string) FindingFilter

WithComplianceStatus filters the findings by Compliance Status. Valid values are 

PASSED, WARNING, FAILED, NOT_AVAILABLE, NOT_APPLICABLE, and ERROR.

You can use this option multiple times to add multiple compliance statuses (logical OR). Ie: 

f := NewFindingsManager(ctx, cfg, WithComplianceStatus("FAILED"), WithComplianceStatus("WARNING")

will return findings with compliance status PASSED or WARNING.

func WithRecordState 

func WithRecordState(state string) FindingFilter

WithRecordState filters the findings by Record State. Valid values are 

ACTIVE, ARCHIVED

You can use this option multiple times to add multiple record states (logical OR). Ie: 

f := NewFindingsManager(ctx, cfg, WithRecordState("ACTIVE"), WithRecordState("ARCHIVED")

will return findings with record state ACTIVE or ARCHIVED.

func WithResourceType 

func WithResourceType(resourceType string) FindingFilter

WithResourceType filters the findings by Resource Type (AwsEc2Instance, AwsIamAccessKey, AwsIamUser, AwsS3Bucket, etc.). The list of resources is wide and may change over time. The full liss can be found here: 

https://docs.aws.amazon.com/securityhub/latest/userguide/asff-resources.html

You can use this option multiple times to add multiple resource types (logical OR). Ie: 

f := NewFindingsManager(ctx, cfg, WithResourceType("AwsEc2Instance"), WithResourceType("AwsS3Bucket")

will return findings with resource type AwsEc2Instance or AwsS3Bucket.

func WithResourceTypes 

func WithResourceTypes(resourceType ...string) FindingFilter

WithResourceType filters the findings by Resource Type (AwsEc2Instance, AwsIamAccessKey, AwsIamUser, AwsS3Bucket, etc.). The list of resources is wide and may change over time. The full liss can be found here: 

https://docs.aws.amazon.com/securityhub/latest/userguide/asff-resources.html

You can use this option multiple times to add multiple resource types (logical OR). Ie: 

f := NewFindingsManager(ctx, cfg, WithResourceType("AwsEc2Instance"), WithResourceType("AwsS3Bucket")

will return findings with resource type AwsEc2Instance or AwsS3Bucket.

func WithSeverityLabel 

func WithSeverityLabel(label string) FindingFilter

WithSeverityLabel filters the findings by Severity Label. Valid values are 

LOW, MEDIUM, HIGH, CRITICAL

You can use this option multiple times to add multiple severity labels (logical OR). Ie: 

f := NewFindingsManager(ctx, cfg, WithSeverityLabel("LOW"), WithSeverityLabel("MEDIUM")

will return findings with severity label LOW or MEDIUM.

func WithWorkflowStatus 

func WithWorkflowStatus(status string) FindingFilter

WithWorkflowStatus filters the findings by workflow status. Valid values are 

NEW, NOTIFIED, TODO: add the rest

You can use this option multiple times (10 max) return multiple statuses (logical OR). Ie: 

f := NewFindingsManager(ctx, cfg, WithWorkflowStatus("NEW"), WithWorkflowStatus("NOTIFIED")

will return findings with NEW or NOTIFIED workflow status.

type FindingManager 

type FindingManager struct {
	Filters *types.AwsSecurityFindingFilters
	// contains filtered or unexported fields
}

FindingManager manages Security Hub findings.

func NewFindingManager 

func NewFindingManager(ctx context.Context, cfg aws.Config, opts ...FindingManagerOption) *FindingManager

NewFindingManager returns a new FindingManager object you can use to work with Security Hub findings.

func (*FindingManager) CheckFindings 

func (fm *FindingManager) CheckFindings(filters ...FindingFilter) error

CheckFindings checks the current findings and returns a list of findings that are valid, invalid, or unknown. 

  fm := NewFindingManager(ctx, cfg)
	fm.LoadFindings(
		WithWorkflowStatus("NEW"),
		WithRecordState("ACTIVE"),
	  WithResourceType("AwsEc2Instance"),
		WithResourceType("AwsS3Bucket"),
	)
	valid, invalid, unknown := fm.CheckFindings()

See options.go for a complete list of GetFindings filters.

func (*FindingManager) GetInsight 

func (fm *FindingManager) GetInsight(name string) (types.Insight, error)

GetInsight returns the named Insight. Returns an error if the insight is not found.

func (*FindingManager) SaveFiltersAsInsight 

func (fm *FindingManager) SaveFiltersAsInsight(name string, groupBy string) error

SaveFiltersAsInsight saves the current set of filters as a new SecurityHub Insight with the given name, grouped by the given groupBy attribute. See https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-insights.html for more information on Insights and Group By attributes.

If an insight with the same name already exists, it will be overwritten with the new filters. If no filters are applied to the FindingManager, an error will be returned.

If groupBy is empty, the insight will be grouped by the default attribute, AwsAccountId.

type FindingManagerOption 

type FindingManagerOption func(*FindingManager)

FindingManagerOption is a function that can be used to filter findings and configure a FindingManager. Ie: 

  ctx := context.Background()
	cfg, err = config.LoadDefaultConfig(ctx)
	if err != nil {
	  panic(err)
	}
	f := NewFindingManager(ctx, cfg, WithWorkflowStatus("NEW"), WithRecordState("ACTIVE"), WithResourceType("AwsS3Bucket")
	f.GetFindings()
	f.ResolveInvalid()

See options.go for a complete list of FindingManger options.

type ResourceType 

type ResourceType string
const (
	AwsApiGatewayRestApi              ResourceType = "AwsApiGatewayRestApi"
	AwsApiGatewayStage                ResourceType = "AwsApiGatewayStage"
	AwsApiGatewayV2Api                ResourceType = "AwsApiGatewayV2Api"
	AwsApiGatewayV2Stage              ResourceType = "AwsApiGatewayV2Stage"
	AwsAutoScalingAutoScalingGroup    ResourceType = "AwsAutoScalingAutoScalingGroup"
	AwsAutoScalingLaunchConfiguration ResourceType = "AwsAutoScalingLaunchConfiguration"
	AwsBackupBackupPlan               ResourceType = "AwsBackupBackupPlan"
	AwsBackupBackupVault              ResourceType = "AwsBackupBackupVault"
	AwsBackupRecoveryPoint            ResourceType = "AwsBackupRecoveryPoint"
	AwsCertificateManagerCertificate  ResourceType = "AwsCertificateManagerCertificate"
	AwsCloudFormationStack            ResourceType = "AwsCloudFormationStack"
	AwsCloudFrontDistribution         ResourceType = "AwsCloudFrontDistribution"
	AwsCloudTrailTrail                ResourceType = "AwsCloudTrailTrail"
	AwsCloudWatchAlarm                ResourceType = "AwsCloudWatchAlarm"
	AwsCodeBuildProject               ResourceType = "AwsCodeBuildProject"
	AwsDynamoDbTable                  ResourceType = "AwsDynamoDbTable"
	AwsEc2Eip                         ResourceType = "AwsEc2Eip"
	AwsEc2Instance                    ResourceType = "AwsEc2Instance"
	AwsEc2NetworkAcl                  ResourceType = "AwsEc2NetworkAcl"
	AwsEc2NetworkInterface            ResourceType = "AwsEc2NetworkInterface"
	AwsEc2SecurityGroup               ResourceType = "AwsEc2SecurityGroup"
	AwsEc2Subnet                      ResourceType = "AwsEc2Subnet"
	AwsEc2TransitGateway              ResourceType = "AwsEc2TransitGateway"
	AwsEc2Volume                      ResourceType = "AwsEc2Volume"
	AwsEc2Vpc                         ResourceType = "AwsEc2Vpc"
	AwsEc2VpcEndpointService          ResourceType = "AwsEc2VpcEndpointService"
	AwsEc2VpcPeeringConnection        ResourceType = "AwsEc2VpcPeeringConnection"
	AwsEc2VpnConnection               ResourceType = "AwsEc2VpnConnection"
	AwsEcrContainerImage              ResourceType = "AwsEcrContainerImage"
	AwsEcrRepository                  ResourceType = "AwsEcrRepository"
	AwsEcsCluster                     ResourceType = "AwsEcsCluster"
	AwsEcsContainer                   ResourceType = "AwsEcsContainer"
	AwsEcsService                     ResourceType = "AwsEcsService"
	AwsEcsTask                        ResourceType = "AwsEcsTask"
	AwsEcsTaskDefinition              ResourceType = "AwsEcsTaskDefinition"
	AwsEfsAccessPoint                 ResourceType = "AwsEfsAccessPoint"
	AwsEksCluster                     ResourceType = "AwsEksCluster"
	AwsElasticBeanstalkEnvironment    ResourceType = "AwsElasticBeanstalkEnvironment"
	AwsElasticsearchDomain            ResourceType = "AwsElasticsearchDomain"
	AwsElbLoadBalancer                ResourceType = "AwsElbLoadBalancer"
	AwsElbv2LoadBalancer              ResourceType = "AwsElbv2LoadBalancer"
	AwsIamAccessKey                   ResourceType = "AwsIamAccessKey"
	AwsIamGroup                       ResourceType = "AwsIamGroup"
	AwsIamPolicy                      ResourceType = "AwsIamPolicy"
	AwsIamRole                        ResourceType = "AwsIamRole"
	AwsIamUser                        ResourceType = "AwsIamUser"
	AwsKinesisStream                  ResourceType = "AwsKinesisStream"
	AwsKmsKey                         ResourceType = "AwsKmsKey"
	AwsLambdaFunction                 ResourceType = "AwsLambdaFunction"
	AwsLambdaLayerVersion             ResourceType = "AwsLambdaLayerVersion"
	AwsNetworkFirewallFirewall        ResourceType = "AwsNetworkFirewallFirewall"
	AwsNetworkFirewallFirewallPolicy  ResourceType = "AwsNetworkFirewallFirewallPolicy"
	AwsNetworkFirewallRuleGroup       ResourceType = "AwsNetworkFirewallRuleGroup"
	AwsOpenSearchServiceDomain        ResourceType = "AwsOpenSearchServiceDomain"
	AwsRdsDbCluster                   ResourceType = "AwsRdsDbCluster"
	AwsRdsDbClusterSnapshot           ResourceType = "AwsRdsDbClusterSnapshot"
	AwsRdsDbInstance                  ResourceType = "AwsRdsDbInstance"
	AwsRdsDbSecurityGroup             ResourceType = "AwsRdsDbSecurityGroup"
	AwsRdsDbSnapshot                  ResourceType = "AwsRdsDbSnapshot"
	AwsRdsEventSubscription           ResourceType = "AwsRdsEventSubscription"
	AwsRedshiftCluster                ResourceType = "AwsRedshiftCluster"
	AwsS3AccountPublicAccessBlock     ResourceType = "AwsS3AccountPublicAccessBlock"
	AwsS3Bucket                       ResourceType = "AwsS3Bucket"
	AwsS3Object                       ResourceType = "AwsS3Object"
	AwsSecretsManagerSecret           ResourceType = "AwsSecretsManagerSecret"
	AwsSnsTopic                       ResourceType = "AwsSnsTopic"
	AwsSqsQueue                       ResourceType = "AwsSqsQueue"
	AwsSsmPatchCompliance             ResourceType = "AwsSsmPatchCompliance"
	AwsWafRateBasedRule               ResourceType = "AwsWafRateBasedRule"
	AwsWafRegionalRateBasedRule       ResourceType = "AwsWafRegionalRateBasedRule"
	AwsWafRegionalRule                ResourceType = "AwsWafRegionalRule"
	AwsWafRegionalRuleGroup           ResourceType = "AwsWafRegionalRuleGroup"
	AwsWafRegionalWebAcl              ResourceType = "AwsWafRegionalWebAcl"
	AwsWafRule                        ResourceType = "AwsWafRule"
	AwsWafRuleGroup                   ResourceType = "AwsWafRuleGroup"
	AwsWafWebAcl                      ResourceType = "AwsWafWebAcl"
	AwsXrayEncryptionConfig           ResourceType = "AwsXrayEncryptionConfig"
	Container                         ResourceType = "Container"
	Other                             ResourceType = "Other"
)

func SupportedResources 

func SupportedResources() []ResourceType

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.