Documentation
¶
Index ¶
- Constants
- func UpdateAdmission(c pcc.Client, policy AdmissionPolicy) error
- func UpdateComplianceCiImage(c pcc.Client, policy CompliancePolicy) error
- func UpdateComplianceCiServerless(c pcc.Client, policy CompliancePolicy) error
- func UpdateComplianceContainer(c pcc.Client, policy CompliancePolicy) error
- func UpdateComplianceHost(c pcc.Client, policy CompliancePolicy) error
- func UpdateComplianceServerless(c pcc.Client, policy CompliancePolicy) error
- func UpdateRuntimeContainer(c pcc.Client, policy RuntimeContainerPolicy) error
- func UpdateRuntimeHost(c pcc.Client, policy RuntimeHostPolicy) error
- func UpdateVulnerabilityCiImage(c pcc.Client, policy VulnerabilityImagePolicy) error
- func UpdateVulnerabilityHost(c pcc.Client, policy VulnerabilityHostPolicy) error
- func UpdateVulnerabilityImage(c pcc.Client, policy VulnerabilityImagePolicy) error
- type AdmissionPolicy
- type AdmissionRule
- type ComplianceCheck
- type ComplianceConditions
- type CompliancePolicy
- func GetComplianceCiImage(c pcc.Client) (CompliancePolicy, error)
- func GetComplianceCiServerless(c pcc.Client) (CompliancePolicy, error)
- func GetComplianceContainer(c pcc.Client) (CompliancePolicy, error)
- func GetComplianceHost(c pcc.Client) (CompliancePolicy, error)
- func GetComplianceServerless(c pcc.Client) (CompliancePolicy, error)
- type ComplianceRule
- type RuntimeContainerCustomRule
- type RuntimeContainerDns
- type RuntimeContainerFilesystem
- type RuntimeContainerNetwork
- type RuntimeContainerPolicy
- type RuntimeContainerPort
- type RuntimeContainerProcesses
- type RuntimeContainerRule
- type RuntimeHostAntiMalware
- type RuntimeHostCustomRule
- type RuntimeHostDeniedProcesses
- type RuntimeHostDns
- type RuntimeHostFileIntegrityRule
- type RuntimeHostForensic
- type RuntimeHostLogInspectionRule
- type RuntimeHostNetwork
- type RuntimeHostPolicy
- type RuntimeHostPort
- type RuntimeHostRule
- type VulnerabilityHostCveRule
- type VulnerabilityHostExpiration
- type VulnerabilityHostPolicy
- type VulnerabilityHostRule
- type VulnerabilityHostTagRule
- type VulnerabilityHostThreshold
- type VulnerabilityImageCveRule
- type VulnerabilityImageExpiration
- type VulnerabilityImageGraceDaysPolicy
- type VulnerabilityImagePolicy
- type VulnerabilityImageRule
- type VulnerabilityImageTagRule
- type VulnerabilityImageThreshold
Constants ¶
View Source
const ( ComplianceCiImagesEndpoint = "api/v1/policies/compliance/ci/images" ComplianceCiServerlessEndpoint = "api/v1/policies/compliance/ci/serverless" ComplianceContainerEndpoint = "api/v1/policies/compliance/container" ComplianceHostEndpoint = "api/v1/policies/compliance/host" ComplianceServerlessEndpoint = "api/v1/policies/compliance/serverless" )
View Source
const ( VulnerabilityImagesEndpoint = "api/v1/policies/vulnerability/images" VulnerabilityCiImagesEndpoint = "api/v1/policies/vulnerability/ci/images" )
View Source
const AdmissionEndpoint = "api/v1/policies/admission"
View Source
const RuntimeContainerEndpoint = "api/v1/policies/runtime/container"
View Source
const RuntimeHostEndpoint = "api/v1/policies/runtime/host"
View Source
const VulnerabilityHostEndpoint = "api/v1/policies/vulnerability/host"
Variables ¶
This section is empty.
Functions ¶
func UpdateAdmission ¶ added in v0.3.0
func UpdateAdmission(c pcc.Client, policy AdmissionPolicy) error
Update the current host admission policy.
func UpdateComplianceCiImage ¶ added in v0.1.3
func UpdateComplianceCiImage(c pcc.Client, policy CompliancePolicy) error
Update the current CI image compliance policy.
func UpdateComplianceCiServerless ¶ added in v0.2.0
func UpdateComplianceCiServerless(c pcc.Client, policy CompliancePolicy) error
Update the current CI serverless compliance policy.
func UpdateComplianceContainer ¶ added in v0.1.3
func UpdateComplianceContainer(c pcc.Client, policy CompliancePolicy) error
Update the current container compliance policy.
func UpdateComplianceHost ¶ added in v0.1.3
func UpdateComplianceHost(c pcc.Client, policy CompliancePolicy) error
Update the current host compliance policy.
func UpdateComplianceServerless ¶ added in v0.2.0
func UpdateComplianceServerless(c pcc.Client, policy CompliancePolicy) error
Update the current serverless compliance policy.
func UpdateRuntimeContainer ¶ added in v0.1.3
func UpdateRuntimeContainer(c pcc.Client, policy RuntimeContainerPolicy) error
Update the current container runtime policy.
func UpdateRuntimeHost ¶ added in v0.1.3
func UpdateRuntimeHost(c pcc.Client, policy RuntimeHostPolicy) error
Update the current host runtime policy.
func UpdateVulnerabilityCiImage ¶ added in v0.1.3
func UpdateVulnerabilityCiImage(c pcc.Client, policy VulnerabilityImagePolicy) error
Update the current CI image vulnerability policy.
func UpdateVulnerabilityHost ¶ added in v0.1.3
func UpdateVulnerabilityHost(c pcc.Client, policy VulnerabilityHostPolicy) error
Update the current host vulnerability policy.
func UpdateVulnerabilityImage ¶ added in v0.1.3
func UpdateVulnerabilityImage(c pcc.Client, policy VulnerabilityImagePolicy) error
Update the current image vulnerability policy.
Types ¶
type AdmissionPolicy ¶ added in v0.3.0
type AdmissionPolicy struct {
Id string `json:"_id,omitempty"`
Rules []AdmissionRule `json:"rules,omitempty"`
}
func GetAdmission ¶ added in v0.3.0
func GetAdmission(c pcc.Client) (AdmissionPolicy, error)
Get the current host admission policy.
type AdmissionRule ¶ added in v0.3.0
type ComplianceCheck ¶ added in v0.1.3
type ComplianceConditions ¶ added in v0.1.3
type ComplianceConditions struct {
Checks []ComplianceCheck `json:"vulnerabilities,omitempty"`
}
type CompliancePolicy ¶ added in v0.1.3
type CompliancePolicy struct {
Rules []ComplianceRule `json:"rules,omitempty"`
Type string `json:"policyType,omitempty"`
}
func GetComplianceCiImage ¶ added in v0.1.3
func GetComplianceCiImage(c pcc.Client) (CompliancePolicy, error)
Get the current CI image compliance policy.
func GetComplianceCiServerless ¶ added in v0.2.0
func GetComplianceCiServerless(c pcc.Client) (CompliancePolicy, error)
Get the current CI serverless compliance policy.
func GetComplianceContainer ¶ added in v0.1.3
func GetComplianceContainer(c pcc.Client) (CompliancePolicy, error)
Get the current container compliance policy.
func GetComplianceHost ¶ added in v0.1.3
func GetComplianceHost(c pcc.Client) (CompliancePolicy, error)
Get the current host compliance policy.
func GetComplianceServerless ¶ added in v0.2.0
func GetComplianceServerless(c pcc.Client) (CompliancePolicy, error)
Get the current serverless compliance policy.
type ComplianceRule ¶ added in v0.1.3
type ComplianceRule struct {
BlockMessage string `json:"blockMsg,omitempty"`
Collections []collection.Collection `json:"collections,omitempty"`
Conditions ComplianceConditions `json:"condition,omitempty"`
Disabled bool `json:"disabled"`
Effect string `json:"effect,omitempty"`
Name string `json:"name,omitempty"`
Notes string `json:"notes,omitempty"`
ShowPassedChecks bool `json:"allCompliance"`
Verbose bool `json:"verbose"`
}
type RuntimeContainerCustomRule ¶ added in v0.1.3
type RuntimeContainerDns ¶ added in v0.1.3
type RuntimeContainerFilesystem ¶ added in v0.1.3
type RuntimeContainerFilesystem struct {
Allowed []string `json:"whitelist,omitempty"`
BackdoorFiles bool `json:"backdoorFiles"`
CheckNewFiles bool `json:"checkNewFiles"`
Denied []string `json:"blacklist,omitempty"`
DenyEffect string `json:"effect,omitempty"`
SkipEncryptedBinaries bool `json:"skipEncryptedBinaries"`
SuspiciousElfHeaders bool `json:"suspiciousELFHeaders"`
}
type RuntimeContainerNetwork ¶ added in v0.1.3
type RuntimeContainerNetwork struct {
AllowedListeningPorts []RuntimeContainerPort `json:"whitelistListeningPorts,omitempty"`
AllowedOutboundIps []string `json:"whitelistIPs,omitempty"`
AllowedOutboundPorts []RuntimeContainerPort `json:"whitelistOutboundPorts,omitempty"`
DeniedListeningPorts []RuntimeContainerPort `json:"blacklistListeningPorts,omitempty"`
DeniedOutboundIps []string `json:"blacklistIPs,omitempty"`
DeniedOutboundPorts []RuntimeContainerPort `json:"blacklistOutboundPorts,omitempty"`
DenyEffect string `json:"effect,omitempty"`
DetectPortScan bool `json:"detectPortScan"`
SkipModifiedProcesses bool `json:"skipModifiedProc"`
SkipRawSockets bool `json:"skipRawSockets"`
}
type RuntimeContainerPolicy ¶ added in v0.1.3
type RuntimeContainerPolicy struct {
LearningDisabled bool `json:"learningDisabled,omitempty"`
Rules []RuntimeContainerRule `json:"rules,omitempty"`
}
func GetRuntimeContainer ¶ added in v0.1.3
func GetRuntimeContainer(c pcc.Client) (RuntimeContainerPolicy, error)
Get the current container runtime policy.
type RuntimeContainerPort ¶ added in v0.1.3
type RuntimeContainerProcesses ¶ added in v0.1.3
type RuntimeContainerProcesses struct {
Allowed []string `json:"whitelist,omitempty"`
CheckCryptoMiners bool `json:"checkCryptoMiners"`
CheckLateralMovement bool `json:"checkLateralMovement"`
CheckParentChild bool `json:"checkParentChild"`
CheckSuidBinaries bool `json:"checkSuidBinaries"`
Denied []string `json:"blacklist,omitempty"`
DenyEffect string `json:"effect,omitempty"`
SkipModified bool `json:"skipModified"`
SkipReverseShell bool `json:"skipReverseShell"`
}
type RuntimeContainerRule ¶ added in v0.1.3
type RuntimeContainerRule struct {
AdvancedProtection bool `json:"advancedProtection"`
CloudMetadataEnforcement bool `json:"cloudMetadataEnforcement"`
Collections []collection.Collection `json:"collections,omitempty"`
CustomRules []RuntimeContainerCustomRule `json:"customRules,omitempty"`
Disabled bool `json:"disabled"`
Dns RuntimeContainerDns `json:"dns,omitempty"`
Filesystem RuntimeContainerFilesystem `json:"filesystem,omitempty"`
KubernetesEnforcement bool `json:"kubernetesEnforcement"`
Name string `json:"name,omitempty"`
Network RuntimeContainerNetwork `json:"network,omitempty"`
Notes string `json:"notes,omitempty"`
Processes RuntimeContainerProcesses `json:"processes,omitempty"`
WildFireAnalysis string `json:"wildFireAnalysis,omitempty"`
}
type RuntimeHostAntiMalware ¶ added in v0.1.3
type RuntimeHostAntiMalware struct {
AllowedProcesses []string `json:"allowedProcesses,omitempty"`
CryptoMiner string `json:"cryptoMiner,omitempty"`
CustomFeed string `json:"customFeed,omitempty"`
DeniedProcesses RuntimeHostDeniedProcesses `json:"deniedProcesses,omitempty"`
DetectCompilerGeneratedBinary bool `json:"detectCompilerGeneratedBinary"`
EncryptedBinaries string `json:"encryptedBinaries,omitempty"`
ExecutionFlowHijack string `json:"executionFlowHijack,omitempty"`
IntelligenceFeed string `json:"intelligenceFeed,omitempty"`
ReverseShell string `json:"reverseShell,omitempty"`
ServiceUnknownOriginBinary string `json:"serviceUnknownOriginBinary,omitempty"`
SkipSshTracking bool `json:"skipSSHTracking,omitempty"`
SuspiciousElfHeaders string `json:"suspiciousELFHeaders,omitempty"`
TempFsProcesses string `json:"tempFSProc,omitempty"`
UserUnknownOriginBinary string `json:"userUnknownOriginBinary,omitempty"`
WebShell string `json:"webShell,omitempty"`
WildFireAnalysis string `json:"wildFireAnalysis,omitempty"`
}
type RuntimeHostCustomRule ¶ added in v0.1.3
type RuntimeHostDeniedProcesses ¶ added in v0.1.3
type RuntimeHostDns ¶ added in v0.1.3
type RuntimeHostFileIntegrityRule ¶ added in v0.1.3
type RuntimeHostFileIntegrityRule struct {
AllowedProcesses []string `json:"procWhitelist,omitempty"`
ExcludedFiles []string `json:"exclusions,omitempty"`
Metadata bool `json:"metadata"`
Path string `json:"path,omitempty"`
Read bool `json:"read"`
Recursive bool `json:"recursive"`
Write bool `json:"write"`
}
type RuntimeHostForensic ¶ added in v0.1.3
type RuntimeHostForensic struct {
ActivitiesDisabled bool `json:"activitiesDisabled"`
DockerEnabled bool `json:"dockerEnabled"`
ReadonlyDockerEnabled bool `json:"readonlyDockerEnabled"`
ServiceActivitiesEnabled bool `json:"serviceActivitiesEnabled"`
SshdEnabled bool `json:"sshdEnabled"`
SudoEnabled bool `json:"sudoEnabled"`
}
type RuntimeHostLogInspectionRule ¶ added in v0.1.3
type RuntimeHostNetwork ¶ added in v0.1.3
type RuntimeHostNetwork struct {
AllowedOutboundIps []string `json:"allowedOutboundIPs,omitempty"`
CustomFeed string `json:"customFeed,omitempty"`
DeniedListeningPorts []RuntimeHostPort `json:"deniedListeningPorts,omitempty"`
DeniedOutboundIps []string `json:"deniedOutboundIPs,omitempty"`
DeniedOutboundPorts []RuntimeHostPort `json:"deniedOutboundPorts,omitempty"`
DenyEffect string `json:"denyListEffect,omitempty"`
IntelligenceFeed string `json:"intelligenceFeed,omitempty"`
}
type RuntimeHostPolicy ¶ added in v0.1.3
type RuntimeHostPolicy struct {
Rules []RuntimeHostRule `json:"rules,omitempty"`
}
func GetRuntimeHost ¶ added in v0.1.3
func GetRuntimeHost(c pcc.Client) (RuntimeHostPolicy, error)
Get the current host runtime policy.
type RuntimeHostPort ¶ added in v0.1.3
type RuntimeHostRule ¶ added in v0.1.3
type RuntimeHostRule struct {
AntiMalware RuntimeHostAntiMalware `json:"antiMalware,omitempty"`
Collections []collection.Collection `json:"collections,omitempty"`
CustomRules []RuntimeHostCustomRule `json:"customRules,omitempty"`
Disabled bool `json:"disabled"`
Dns RuntimeHostDns `json:"dns,omitempty"`
FileIntegrityRules []RuntimeHostFileIntegrityRule `json:"fileIntegrityRules,omitempty"`
Forensic RuntimeHostForensic `json:"forensic,omitempty"`
LogInspectionRules []RuntimeHostLogInspectionRule `json:"logInspectionRules,omitempty"`
Name string `json:"name,omitempty"`
Network RuntimeHostNetwork `json:"network,omitempty"`
Notes string `json:"notes,omitempty"`
}
type VulnerabilityHostCveRule ¶ added in v0.1.3
type VulnerabilityHostCveRule struct {
Description string `json:"description,omitempty"`
Effect string `json:"effect,omitempty"`
Expiration VulnerabilityHostExpiration `json:"expiration,omitempty"`
Id string `json:"id,omitempty"`
}
type VulnerabilityHostExpiration ¶ added in v0.1.3
type VulnerabilityHostPolicy ¶ added in v0.1.3
type VulnerabilityHostPolicy struct {
Rules []VulnerabilityHostRule `json:"rules,omitempty"`
Type string `json:"policyType,omitempty"`
}
func GetVulnerabilityHost ¶ added in v0.1.3
func GetVulnerabilityHost(c pcc.Client) (VulnerabilityHostPolicy, error)
Get the current host vulnerability policy.
type VulnerabilityHostRule ¶ added in v0.1.3
type VulnerabilityHostRule struct {
AlertThreshold VulnerabilityHostThreshold `json:"alertThreshold,omitempty"`
Collections []collection.Collection `json:"collections,omitempty"`
CveRules []VulnerabilityHostCveRule `json:"cveRules,omitempty"`
Disabled bool `json:"disabled"`
Effect string `json:"effect,omitempty"`
GraceDays int `json:"graceDays,omitempty"`
Name string `json:"name,omitempty"`
Notes string `json:"notes,omitempty"`
OnlyFixed bool `json:"onlyFixed"`
TagRules []VulnerabilityHostTagRule `json:"tags,omitempty"`
Verbose bool `json:"verbose"`
}
type VulnerabilityHostTagRule ¶ added in v0.1.3
type VulnerabilityHostTagRule struct {
Description string `json:"description,omitempty"`
Effect string `json:"effect,omitempty"`
Expiration VulnerabilityHostExpiration `json:"expiration,omitempty"`
Name string `json:"name,omitempty"`
}
type VulnerabilityHostThreshold ¶ added in v0.1.3
type VulnerabilityImageCveRule ¶ added in v0.1.3
type VulnerabilityImageCveRule struct {
Description string `json:"description,omitempty"`
Effect string `json:"effect,omitempty"`
Expiration VulnerabilityImageExpiration `json:"expiration,omitempty"`
Id string `json:"id,omitempty"`
}
type VulnerabilityImageExpiration ¶ added in v0.1.3
type VulnerabilityImageGraceDaysPolicy ¶ added in v0.4.2
type VulnerabilityImagePolicy ¶ added in v0.1.3
type VulnerabilityImagePolicy struct {
Rules []VulnerabilityImageRule `json:"rules,omitempty"`
Type string `json:"policyType,omitempty"`
}
func GetVulnerabilityCiImage ¶ added in v0.1.3
func GetVulnerabilityCiImage(c pcc.Client) (VulnerabilityImagePolicy, error)
Get the current CI image vulnerability policy.
func GetVulnerabilityImage ¶ added in v0.1.3
func GetVulnerabilityImage(c pcc.Client) (VulnerabilityImagePolicy, error)
Get the current image vulnerability policy.
type VulnerabilityImageRule ¶ added in v0.1.3
type VulnerabilityImageRule struct {
AlertThreshold VulnerabilityImageThreshold `json:"alertThreshold,omitempty"`
BlockMessage string `json:"blockMsg,omitempty"`
BlockThreshold VulnerabilityImageThreshold `json:"blockThreshold,omitempty"`
Collections []collection.Collection `json:"collections,omitempty"`
CveRules []VulnerabilityImageCveRule `json:"cveRules,omitempty"`
Disabled bool `json:"disabled"`
Effect string `json:"effect,omitempty"`
GraceDays int `json:"graceDays,omitempty"`
GraceDaysPolicy VulnerabilityImageGraceDaysPolicy `json:"graceDaysPolicy,omitempty"`
Name string `json:"name,omitempty"`
Notes string `json:"notes,omitempty"`
OnlyFixed bool `json:"onlyFixed"`
TagRules []VulnerabilityImageTagRule `json:"tags,omitempty"`
Verbose bool `json:"verbose"`
}
type VulnerabilityImageTagRule ¶ added in v0.1.3
type VulnerabilityImageTagRule struct {
Description string `json:"description,omitempty"`
Effect string `json:"effect,omitempty"`
Expiration VulnerabilityImageExpiration `json:"expiration,omitempty"`
Name string `json:"name,omitempty"`
}
type VulnerabilityImageThreshold ¶ added in v0.1.3
Source Files
Click to show internal directories.
Click to hide internal directories.