Documentation
¶
Index ¶
- Constants
- func CollectAll[T any](ctx context.Context, itemsCh <-chan T, errCh <-chan error) ([]T, error)
- func UserAgent() string
- type ApiEndpoint
- type ApiEndpointAuthentication
- type ApiEndpointExposureDetails
- type ApiEndpointInternetExposure
- type ApiEndpointRiskOverview
- type ApiEndpointSensitiveDataFinding
- type ApiEndpointsQuery
- type Client
- func (c *Client) ArchiveThreatDetection(ctx context.Context, detectionID string) (*ThreatDetection, error)
- func (c *Client) CreateIntegrationWebhook(ctx context.Context, webhook map[string]interface{}) (*IntegrationWebhook, error)
- func (c *Client) CreateWorkflow(ctx context.Context, workflow map[string]interface{}) (*Workflow, error)
- func (c *Client) DeleteIntegrationWebhook(ctx context.Context, webhookID string) error
- func (c *Client) DeleteWorkflow(ctx context.Context, workflowID string) error
- func (c *Client) EnableLogging()
- func (c *Client) GetConfigurationFinding(ctx context.Context, findingID string, includeCloudAccountTags bool) (*ConfigurationFinding, error)
- func (c *Client) GetOrganizationID() string
- func (c *Client) GetSbomPackageDetails(ctx context.Context, packageName, version string) (*SbomPackage, error)
- func (c *Client) GetThreatDetection(ctx context.Context, detectionID string) (*ThreatDetection, error)
- func (c *Client) GetVulnerabilityFinding(ctx context.Context, findingID string) (*VulnerabilityFinding, error)
- func (c *Client) GetWorkflow(ctx context.Context, workflowID string) (*Workflow, error)
- func (c *Client) ListApiEndpoints(ctx context.Context, query *ApiEndpointsQuery) (<-chan ApiEndpoint, <-chan error)
- func (c *Client) ListConfigurationFindings(ctx context.Context, query *ConfigurationFindingsQuery) (<-chan ConfigurationFinding, <-chan error)
- func (c *Client) ListIntegrationWebhooks(ctx context.Context, vendor string) ([]IntegrationWebhook, error)
- func (c *Client) ListSbomPackages(ctx context.Context, query *SbomPackagesQuery) ([]SbomPackage, error)
- func (c *Client) ListThreatDetections(ctx context.Context, query *ThreatDetectionsQuery) ([]ThreatDetection, error)
- func (c *Client) ListThreatEvents(ctx context.Context, query *ThreatEventsQuery) ([]ThreatEvent, error)
- func (c *Client) ListThreatPolicies(ctx context.Context, managedBy string) ([]ThreatPolicy, error)
- func (c *Client) ListVulnerabilityFindings(ctx context.Context, query *VulnerabilityFindingsQuery) (<-chan VulnerabilityFinding, <-chan error)
- func (c *Client) ListWorkflows(ctx context.Context) ([]Workflow, error)
- func (c *Client) SetLogger(logger Logger)
- func (c *Client) UpdateIntegrationWebhook(ctx context.Context, webhookID string, update map[string]interface{}) (*IntegrationWebhook, error)
- func (c *Client) UpdateThreatDetection(ctx context.Context, detectionID string, update map[string]interface{}) (*ThreatDetection, error)
- func (c *Client) UpdateThreatPolicy(ctx context.Context, policyID string, update map[string]interface{}) (*ThreatPolicy, error)
- func (c *Client) UpdateWorkflow(ctx context.Context, workflowID string, update map[string]interface{}) (*Workflow, error)
- type CloudAccount
- type Config
- type ConfigurationCheck
- type ConfigurationFinding
- type ConfigurationFindingsQuery
- type ConfigurationFramework
- type ConfigurationFrameworkStatus
- type ConfigurationRule
- type DefaultLogger
- type HTTPClient
- type Image
- type ImagesSummary
- type ImpactMetrics
- type IntegrationWebhook
- type InternetExposure
- type InternetExposureDetails
- type Logger
- type MitreAttackDetails
- type NoOpLogger
- type Package
- type Region
- type Remediation
- type Resource
- type ResourcesSummary
- type SbomPackage
- type SbomPackagesQuery
- type Tag
- type ThreatDetection
- type ThreatDetectionEvent
- type ThreatDetectionTrigger
- type ThreatDetectionsQuery
- type ThreatEvent
- type ThreatEventsQuery
- type ThreatPolicy
- type VulnerabilitiesSummary
- type Vulnerability
- type VulnerabilityFinding
- type VulnerabilityFindingsQuery
- type Workflow
- type WorkflowAction
- type WorkflowConfig
- type WorkflowSelector
- type WorkflowTrigger
Constants ¶
const ( SeverityLow = "LOW" SeverityMedium = "MEDIUM" SeverityHigh = "HIGH" SeverityCritical = "CRITICAL" )
Severity levels for findings, detections, and events
const ( CloudProviderAWS = "AWS" CloudProviderGCP = "GCP" CloudProviderAzure = "AZURE" CloudProviderBYOC = "BYOC" )
Cloud providers
const ( StatusOpen = "OPEN" StatusPending = "PENDING" StatusArchived = "ARCHIVED" StatusPass = "PASS" StatusFail = "FAIL" StatusEnabled = "ENABLED" StatusDisabled = "DISABLED" )
Status constants
const Version = "v1.0.0"
Version is the current version of the Upwind Go SDK (format: vX.Y.Z)
Variables ¶
This section is empty.
Functions ¶
func CollectAll ¶
CollectAll is a helper function that collects all items from a channel into a slice
Types ¶
type ApiEndpoint ¶
type ApiEndpoint struct {
ID string `json:"id"`
Method string `json:"method"`
URI string `json:"uri"`
ResourceID string `json:"resource_id"`
FirstSeenTime string `json:"first_seen_time"`
LastSeenTime string `json:"last_seen_time"`
Domains []string `json:"domains,omitempty"`
StatusCodes []string `json:"status_codes,omitempty"`
RiskOverview *ApiEndpointRiskOverview `json:"risk_overview,omitempty"`
}
ApiEndpoint represents an API endpoint
type ApiEndpointAuthentication ¶
type ApiEndpointAuthentication struct {
State string `json:"state"`
}
ApiEndpointAuthentication represents authentication state
type ApiEndpointExposureDetails ¶
type ApiEndpointExposureDetails struct {
LastSeenTime string `json:"last_seen_time"`
}
ApiEndpointExposureDetails represents exposure details
type ApiEndpointInternetExposure ¶
type ApiEndpointInternetExposure struct {
Ingress *ApiEndpointExposureDetails `json:"ingress,omitempty"`
}
ApiEndpointInternetExposure represents internet exposure for API endpoint
type ApiEndpointRiskOverview ¶
type ApiEndpointRiskOverview struct {
Authentication *ApiEndpointAuthentication `json:"authentication,omitempty"`
InternetExposure *ApiEndpointInternetExposure `json:"internet_exposure,omitempty"`
SensitiveDataFindings []ApiEndpointSensitiveDataFinding `json:"sensitive_data_findings,omitempty"`
}
ApiEndpointRiskOverview represents risk overview for an API endpoint
type ApiEndpointSensitiveDataFinding ¶
type ApiEndpointSensitiveDataFinding struct {
Type string `json:"type"`
Category string `json:"category"`
LastSeenTime string `json:"last_seen_time"`
}
ApiEndpointSensitiveDataFinding represents sensitive data finding
type ApiEndpointsQuery ¶
type ApiEndpointsQuery struct {
PerPage int
PageToken string
Method string
AuthenticationState string
HasInternetIngress *bool
HasVulnerability *bool
HasSensitiveData *bool
CloudAccountID string
CloudProvider string
ResourceType string
CloudOrganizationID string
CloudOrganizationUnitID string
Domain string
ClusterID string
Namespace string
}
ApiEndpointsQuery represents query parameters for API endpoints
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client is the main SDK client for interacting with the Upwind API
func NewClientFromEnv ¶
NewClientFromEnv creates a new client from environment variables
func NewClientFromFile ¶
NewClientFromFile creates a new client from a configuration file
func (*Client) ArchiveThreatDetection ¶
func (c *Client) ArchiveThreatDetection(ctx context.Context, detectionID string) (*ThreatDetection, error)
ArchiveThreatDetection archives a threat detection
func (*Client) CreateIntegrationWebhook ¶
func (c *Client) CreateIntegrationWebhook(ctx context.Context, webhook map[string]interface{}) (*IntegrationWebhook, error)
CreateIntegrationWebhook creates a new integration webhook
func (*Client) CreateWorkflow ¶
func (c *Client) CreateWorkflow(ctx context.Context, workflow map[string]interface{}) (*Workflow, error)
CreateWorkflow creates a new workflow
func (*Client) DeleteIntegrationWebhook ¶
DeleteIntegrationWebhook deletes an integration webhook
func (*Client) DeleteWorkflow ¶
DeleteWorkflow deletes a workflow
func (*Client) EnableLogging ¶
func (c *Client) EnableLogging()
EnableLogging enables logging with the default logger
func (*Client) GetConfigurationFinding ¶
func (c *Client) GetConfigurationFinding(ctx context.Context, findingID string, includeCloudAccountTags bool) (*ConfigurationFinding, error)
GetConfigurationFinding retrieves a specific configuration finding by ID
func (*Client) GetOrganizationID ¶
GetOrganizationID returns the organization ID
func (*Client) GetSbomPackageDetails ¶
func (c *Client) GetSbomPackageDetails(ctx context.Context, packageName, version string) (*SbomPackage, error)
GetSbomPackageDetails retrieves detailed information about a specific SBOM package
func (*Client) GetThreatDetection ¶
func (c *Client) GetThreatDetection(ctx context.Context, detectionID string) (*ThreatDetection, error)
GetThreatDetection retrieves a specific threat detection by ID
func (*Client) GetVulnerabilityFinding ¶
func (c *Client) GetVulnerabilityFinding(ctx context.Context, findingID string) (*VulnerabilityFinding, error)
GetVulnerabilityFinding retrieves a specific vulnerability finding by ID
func (*Client) GetWorkflow ¶
GetWorkflow retrieves a specific workflow by ID
func (*Client) ListApiEndpoints ¶
func (c *Client) ListApiEndpoints(ctx context.Context, query *ApiEndpointsQuery) (<-chan ApiEndpoint, <-chan error)
ListApiEndpoints streams API endpoints page by page via a channel. This is memory-efficient for large datasets. The channel will be closed when done. Returns an error channel that will receive any error that occurs during streaming.
Example - streaming (memory efficient):
endpoints, errCh := client.ListApiEndpoints(ctx, query)
for endpoint := range endpoints {
process(endpoint)
}
if err := <-errCh; err != nil {
log.Fatal(err)
}
Example - collect all (loads everything in memory):
endpointsCh, errCh := client.ListApiEndpoints(ctx, query) allEndpoints, err := sdk.CollectAll(ctx, endpointsCh, errCh)
func (*Client) ListConfigurationFindings ¶
func (c *Client) ListConfigurationFindings(ctx context.Context, query *ConfigurationFindingsQuery) (<-chan ConfigurationFinding, <-chan error)
ListConfigurationFindings streams configuration findings page by page via a channel. This is memory-efficient for large datasets. The channel will be closed when done. Returns an error channel that will receive any error that occurs during streaming.
Example - streaming (memory efficient):
findings, errCh := client.ListConfigurationFindings(ctx, query)
for finding := range findings {
process(finding)
}
if err := <-errCh; err != nil {
log.Fatal(err)
}
Example - collect all (loads everything in memory):
findingsCh, errCh := client.ListConfigurationFindings(ctx, query) allFindings, err := sdk.CollectAll(ctx, findingsCh, errCh)
func (*Client) ListIntegrationWebhooks ¶
func (c *Client) ListIntegrationWebhooks(ctx context.Context, vendor string) ([]IntegrationWebhook, error)
ListIntegrationWebhooks retrieves all integration webhooks
func (*Client) ListSbomPackages ¶
func (c *Client) ListSbomPackages(ctx context.Context, query *SbomPackagesQuery) ([]SbomPackage, error)
ListSbomPackages retrieves all SBOM packages
func (*Client) ListThreatDetections ¶
func (c *Client) ListThreatDetections(ctx context.Context, query *ThreatDetectionsQuery) ([]ThreatDetection, error)
ListThreatDetections retrieves all threat detections (no pagination for this endpoint)
func (*Client) ListThreatEvents ¶
func (c *Client) ListThreatEvents(ctx context.Context, query *ThreatEventsQuery) ([]ThreatEvent, error)
ListThreatEvents retrieves threat events with page-based pagination
func (*Client) ListThreatPolicies ¶
ListThreatPolicies retrieves all threat policies
func (*Client) ListVulnerabilityFindings ¶
func (c *Client) ListVulnerabilityFindings(ctx context.Context, query *VulnerabilityFindingsQuery) (<-chan VulnerabilityFinding, <-chan error)
ListVulnerabilityFindings streams vulnerability findings page by page via a channel. This is memory-efficient for large datasets. The channel will be closed when done. Returns an error channel that will receive any error that occurs during streaming.
Example - streaming (memory efficient):
findings, errCh := client.ListVulnerabilityFindings(ctx, query)
for finding := range findings {
process(finding)
}
if err := <-errCh; err != nil {
log.Fatal(err)
}
Example - collect all (loads everything in memory):
findingsCh, errCh := client.ListVulnerabilityFindings(ctx, query) allFindings, err := sdk.CollectAll(ctx, findingsCh, errCh)
func (*Client) ListWorkflows ¶
ListWorkflows retrieves all workflows
func (*Client) UpdateIntegrationWebhook ¶
func (c *Client) UpdateIntegrationWebhook(ctx context.Context, webhookID string, update map[string]interface{}) (*IntegrationWebhook, error)
UpdateIntegrationWebhook updates an existing integration webhook
func (*Client) UpdateThreatDetection ¶
func (c *Client) UpdateThreatDetection(ctx context.Context, detectionID string, update map[string]interface{}) (*ThreatDetection, error)
UpdateThreatDetection updates a threat detection (e.g., to archive it)
func (*Client) UpdateThreatPolicy ¶
func (c *Client) UpdateThreatPolicy(ctx context.Context, policyID string, update map[string]interface{}) (*ThreatPolicy, error)
UpdateThreatPolicy updates a threat policy (e.g., to enable/disable it)
type CloudAccount ¶
type CloudAccount struct {
ID string `json:"id"`
AccountID string `json:"account_id"`
Name string `json:"name"`
Provider string `json:"provider"`
Config map[string]interface{} `json:"config,omitempty"`
}
CloudAccount represents a cloud account
type Config ¶
type Config struct {
// ClientID is the OAuth2 client ID
ClientID string `json:"client_id"`
// ClientSecret is the OAuth2 client secret
ClientSecret string `json:"client_secret"`
// OrganizationID is the Upwind organization ID
OrganizationID string `json:"organization_id"`
// Region is the API region (US, EU, or ME)
Region Region `json:"region"`
// BaseURL is the API base URL (optional, derived from region if not provided)
BaseURL string `json:"base_url,omitempty"`
// TokenURL is the OAuth2 token endpoint (optional, defaults to Upwind auth endpoint)
TokenURL string `json:"token_url,omitempty"`
// MaxRetries is the maximum number of retry attempts for failed requests
MaxRetries int `json:"max_retries"`
// MaxConcurrency is the maximum number of concurrent API requests
MaxConcurrency int `json:"max_concurrency"`
// PageSize is the default page size for paginated requests
PageSize int `json:"page_size"`
// RateLimitPerSecond is the maximum number of requests per second (0 = no limit)
RateLimitPerSecond int `json:"rate_limit_per_second"`
}
Config holds the configuration for the Upwind SDK
func DefaultConfig ¶
func DefaultConfig() *Config
DefaultConfig returns a Config with default values
func LoadConfigFromEnv ¶
LoadConfigFromEnv loads configuration from environment variables Supported environment variables:
- UPWIND_CLIENT_ID: OAuth2 client ID
- UPWIND_CLIENT_SECRET: OAuth2 client secret
- UPWIND_ORGANIZATION_ID: Organization ID
- UPWIND_REGION: API region (US, EU, ME)
- UPWIND_BASE_URL: Custom base URL (optional)
- UPWIND_TOKEN_URL: Custom token URL (optional)
- UPWIND_MAX_RETRIES: Maximum retry attempts (default: 3)
- UPWIND_MAX_CONCURRENCY: Maximum concurrent requests (default: 10)
- UPWIND_PAGE_SIZE: Default page size (default: 100)
- UPWIND_RATE_LIMIT: Requests per second limit (default: 10)
func LoadConfigFromFile ¶
LoadConfigFromFile loads configuration from a JSON file
func (*Config) GetAudience ¶
GetAudience returns the OAuth2 audience based on the region
func (*Config) GetBaseURL ¶
GetBaseURL returns the base URL for the API based on the region
func (*Config) GetTokenURL ¶
GetTokenURL returns the OAuth2 token URL
type ConfigurationCheck ¶
type ConfigurationCheck struct {
ID string `json:"id"`
Title string `json:"title"`
Description string `json:"description,omitempty"`
Remediation string `json:"remediation,omitempty"`
}
ConfigurationCheck represents a configuration check
type ConfigurationFinding ¶
type ConfigurationFinding struct {
ID string `json:"id"`
Status string `json:"status"`
Severity string `json:"severity"`
Title string `json:"title"`
Description string `json:"description,omitempty"`
FirstSeenTime string `json:"first_seen_time"`
LastSeenTime string `json:"last_seen_time"`
LastSyncTime string `json:"last_sync_time,omitempty"`
Framework *ConfigurationFramework `json:"framework,omitempty"`
Check *ConfigurationCheck `json:"check,omitempty"`
Resource *Resource `json:"resource,omitempty"`
}
ConfigurationFinding represents a configuration finding
type ConfigurationFindingsQuery ¶
type ConfigurationFindingsQuery struct {
MinLastSeenTime string
MaxLastSeenTime string
Status string
Severity string
ResourceName string
CheckTitle string
CheckID string
FrameworkID string
FrameworkTitle string
CloudAccountTags []string
IncludeCloudAccountTags bool
}
ConfigurationFindingsQuery represents query parameters for configuration findings
type ConfigurationFramework ¶
type ConfigurationFramework struct {
ID string `json:"id"`
Status string `json:"status,omitempty"`
Version string `json:"version,omitempty"`
Revision string `json:"revision,omitempty"`
Title string `json:"title"`
Description string `json:"description,omitempty"`
CloudProvider string `json:"cloud_provider,omitempty"`
CreateTime string `json:"create_time,omitempty"`
UpdateTime string `json:"update_time,omitempty"`
LastScanTime string `json:"last_scan_time,omitempty"`
Type string `json:"type,omitempty"`
ComplianceStatus *ConfigurationFrameworkStatus `json:"compliance_status,omitempty"`
RolloutState string `json:"rollout_state,omitempty"`
}
ConfigurationFramework represents a compliance framework
type ConfigurationFrameworkStatus ¶
type ConfigurationFrameworkStatus struct {
Score int `json:"score"`
}
ConfigurationFrameworkStatus represents framework compliance status
type ConfigurationRule ¶
type ConfigurationRule struct {
ID string `json:"id"`
Name string `json:"name"`
Framework string `json:"framework,omitempty"`
FindingsCount int `json:"findings_count"`
CreateTime string `json:"create_time,omitempty"`
UpdateTime string `json:"update_time,omitempty"`
}
ConfigurationRule represents a configuration rule
type DefaultLogger ¶
type DefaultLogger struct{}
DefaultLogger is a simple logger that writes to standard output
func (*DefaultLogger) Printf ¶
func (l *DefaultLogger) Printf(format string, v ...interface{})
func (*DefaultLogger) Println ¶
func (l *DefaultLogger) Println(v ...interface{})
type HTTPClient ¶
HTTPClient interface for making HTTP requests
type Image ¶
type Image struct {
Name string `json:"name"`
Digest string `json:"digest"`
URI string `json:"uri"`
Registry string `json:"registry,omitempty"`
Repository string `json:"repository,omitempty"`
OSVersion string `json:"os_version,omitempty"`
OSName string `json:"os_name,omitempty"`
Tag string `json:"tag,omitempty"`
}
Image represents container image information
type ImagesSummary ¶
type ImagesSummary struct {
AffectedCount int `json:"affected_count"`
}
ImagesSummary represents a summary of images
type ImpactMetrics ¶
type ImpactMetrics struct {
AffectedResourceCount int `json:"affected_resource_count"`
AffectedImageCount int `json:"affected_image_count"`
}
ImpactMetrics represents the impact metrics for a vulnerability
type IntegrationWebhook ¶
type IntegrationWebhook struct {
ID string `json:"id"`
Name string `json:"name"`
Vendor string `json:"vendor"`
Status string `json:"status"`
Config map[string]interface{} `json:"config,omitempty"`
CreateTime string `json:"create_time,omitempty"`
UpdateTime string `json:"update_time,omitempty"`
}
IntegrationWebhook represents an integration webhook
type InternetExposure ¶
type InternetExposure struct {
Ingress *InternetExposureDetails `json:"ingress,omitempty"`
}
InternetExposure represents internet exposure information
type InternetExposureDetails ¶
type InternetExposureDetails struct {
ActiveCommunication bool `json:"active_communication"`
}
InternetExposureDetails contains details about internet exposure
type Logger ¶
type Logger interface {
Printf(format string, v ...interface{})
Println(v ...interface{})
}
Logger interface for logging
type MitreAttackDetails ¶
type MitreAttackDetails struct {
TacticID string `json:"tactic_id"`
TacticName string `json:"tactic_name"`
TechniqueID string `json:"technique_id"`
TechniqueName string `json:"technique_name"`
}
MitreAttackDetails represents MITRE ATT&CK framework information
type NoOpLogger ¶
type NoOpLogger struct{}
NoOpLogger is a logger that doesn't log anything
func (*NoOpLogger) Printf ¶
func (l *NoOpLogger) Printf(format string, v ...interface{})
func (*NoOpLogger) Println ¶
func (l *NoOpLogger) Println(v ...interface{})
type Package ¶
type Package struct {
Name string `json:"name"`
Framework string `json:"framework,omitempty"`
Type string `json:"type,omitempty"`
Version string `json:"version"`
InUse bool `json:"in_use"`
}
Package represents a software package
type Remediation ¶
type Remediation struct {
Type string `json:"type"`
Data interface{} `json:"data"`
}
Remediation represents remediation information
type Resource ¶
type Resource struct {
ID string `json:"id"`
ExternalID string `json:"external_id,omitempty"`
Name string `json:"name"`
Type string `json:"type"`
Path string `json:"path,omitempty"`
CloudProvider string `json:"cloud_provider"`
CloudAccountID string `json:"cloud_account_id"`
CloudAccountName string `json:"cloud_account_name,omitempty"`
CloudAccountTags []Tag `json:"cloud_account_tags,omitempty"`
Region string `json:"region,omitempty"`
ClusterID string `json:"cluster_id,omitempty"`
Namespace string `json:"namespace,omitempty"`
InternetExposure *InternetExposure `json:"internet_exposure,omitempty"`
RiskCategories []string `json:"risk_categories,omitempty"`
}
Resource represents a cloud resource
type ResourcesSummary ¶
type ResourcesSummary struct {
InUseCount int `json:"in_use_count"`
TotalCount int `json:"total_count"`
}
ResourcesSummary represents a summary of resources
type SbomPackage ¶
type SbomPackage struct {
Name string `json:"name"`
Version string `json:"version"`
PackageManager string `json:"package_manager,omitempty"`
Framework string `json:"framework,omitempty"`
Licenses []string `json:"licenses,omitempty"`
VulnerabilitiesSummary *VulnerabilitiesSummary `json:"vulnerabilities_summary,omitempty"`
ResourcesSummary *ResourcesSummary `json:"resources_summary,omitempty"`
ImagesSummary *ImagesSummary `json:"images_summary,omitempty"`
}
SbomPackage represents an SBOM package
type SbomPackagesQuery ¶
type SbomPackagesQuery struct {
CloudAccountID string
Framework string
ImageName string
PackageName string
PackageManager string
PackageLicense string
}
SbomPackagesQuery represents query parameters for SBOM packages
type ThreatDetection ¶
type ThreatDetection struct {
ID string `json:"id"`
Type string `json:"type"`
Category string `json:"category"`
Severity string `json:"severity"`
Status string `json:"status"`
Title string `json:"title"`
Description string `json:"description,omitempty"`
FirstSeenTime string `json:"first_seen_time"`
LastSeenTime string `json:"last_seen_time"`
OccurrenceCount int `json:"occurrence_count"`
Resource *Resource `json:"resource,omitempty"`
MitreAttacks []MitreAttackDetails `json:"mitre_attacks,omitempty"`
Triggers []ThreatDetectionTrigger `json:"triggers,omitempty"`
}
ThreatDetection represents a threat detection
type ThreatDetectionEvent ¶
type ThreatDetectionEvent struct {
ID string `json:"id"`
EventType string `json:"event_type"`
Description string `json:"description,omitempty"`
EventTime string `json:"event_time"`
Data map[string]interface{} `json:"data,omitempty"`
}
ThreatDetectionEvent represents an event in a detection
type ThreatDetectionTrigger ¶
type ThreatDetectionTrigger struct {
PolicyID string `json:"policy_id"`
PolicyName string `json:"policy_name"`
Events []ThreatDetectionEvent `json:"events,omitempty"`
}
ThreatDetectionTrigger represents a policy trigger
type ThreatDetectionsQuery ¶
type ThreatDetectionsQuery struct {
Severity string
Type string
Category string
MinFirstSeenTime string
MaxFirstSeenTime string
MinLastSeenTime string
MaxLastSeenTime string
}
ThreatDetectionsQuery represents query parameters for threat detections
type ThreatEvent ¶
type ThreatEvent struct {
ID string `json:"id"`
Type string `json:"type"`
Severity string `json:"severity"`
Category string `json:"category"`
Status string `json:"status"`
Title string `json:"title"`
FirstSeenTime string `json:"first_seen_time"`
LastSeenTime string `json:"last_seen_time"`
Resource *Resource `json:"resource,omitempty"`
}
ThreatEvent represents a threat event
type ThreatEventsQuery ¶
type ThreatEventsQuery struct {
CloudAccountID string
Severity string
Category string
MinFirstSeenTime string
MaxFirstSeenTime string
MinLastSeenTime string
MaxLastSeenTime string
Page int
PerPage int
}
ThreatEventsQuery represents query parameters for threat events
type ThreatPolicy ¶
type ThreatPolicy struct {
ID string `json:"id"`
DisplayName string `json:"display_name"`
Category string `json:"category"`
Severity string `json:"severity"`
Scope string `json:"scope"`
OpenIssues int `json:"open_issues"`
ManagedBy string `json:"managed_by"`
Enabled bool `json:"enabled"`
}
ThreatPolicy represents a threat policy
type VulnerabilitiesSummary ¶
type VulnerabilitiesSummary struct {
CriticalCount int `json:"critical_count"`
HighCount int `json:"high_count"`
MediumCount int `json:"medium_count"`
LowCount int `json:"low_count"`
UnclassifiedCount int `json:"unclassified_count"`
TotalCount int `json:"total_count"`
}
VulnerabilitiesSummary represents a summary of vulnerabilities
type Vulnerability ¶
type Vulnerability struct {
Name string `json:"name,omitempty"`
Description string `json:"description,omitempty"`
Exploitable bool `json:"exploitable"`
NVDCVEID string `json:"nvd_cve_id,omitempty"`
NVDDescription string `json:"nvd_description,omitempty"`
NVDPublishTime string `json:"nvd_publish_time,omitempty"`
CVEFirstSeenTime string `json:"cve_first_seen_time,omitempty"`
NVDCVSSV2Severity string `json:"nvd_cvss_v2_severity,omitempty"`
NVDCVSSV2Score string `json:"nvd_cvss_v2_score,omitempty"`
NVDCVSSV3Severity string `json:"nvd_cvss_v3_severity,omitempty"`
NVDCVSSV3Score string `json:"nvd_cvss_v3_score,omitempty"`
NVDCVSSV4Severity string `json:"nvd_cvss_v4_severity,omitempty"`
NVDCVSSV4Score string `json:"nvd_cvss_v4_score,omitempty"`
ImpactMetrics *ImpactMetrics `json:"impact_metrics,omitempty"`
}
Vulnerability represents vulnerability details
type VulnerabilityFinding ¶
type VulnerabilityFinding struct {
ID string `json:"id"`
Status string `json:"status"`
Source string `json:"source"`
FirstSeenTime string `json:"first_seen_time"`
LastScanTime string `json:"last_scan_time"`
Vulnerability *Vulnerability `json:"vulnerability,omitempty"`
Image *Image `json:"image,omitempty"`
Package *Package `json:"package,omitempty"`
Resource *Resource `json:"resource,omitempty"`
Remediation []Remediation `json:"remediation,omitempty"`
}
VulnerabilityFinding represents a vulnerability finding
type VulnerabilityFindingsQuery ¶
type VulnerabilityFindingsQuery struct {
PageToken string
PerPage int
CloudAccountID string
ClusterID string
Namespace string
IngressActiveCommunication *bool
InternetExposure *bool
InUse *bool
Exploitable *bool
FixAvailable *bool
Severity string
ImageName string
Framework string
}
VulnerabilityFindingsQuery represents query parameters for vulnerability findings
type Workflow ¶
type Workflow struct {
ID string `json:"id"`
Name string `json:"name"`
Type string `json:"type"`
Status string `json:"status"`
LastExecutionTime string `json:"last_execution_time,omitempty"`
Config *WorkflowConfig `json:"config,omitempty"`
}
Workflow represents a workflow
type WorkflowAction ¶
type WorkflowAction map[string]interface{}
WorkflowAction represents a workflow action (interface for different types)
type WorkflowConfig ¶
type WorkflowConfig struct {
Selectors []WorkflowSelector `json:"selectors,omitempty"`
Actions []WorkflowAction `json:"actions,omitempty"`
Trigger *WorkflowTrigger `json:"trigger,omitempty"`
}
WorkflowConfig represents workflow configuration
type WorkflowSelector ¶
type WorkflowSelector map[string]interface{}
WorkflowSelector represents a workflow selector (interface for different types)
type WorkflowTrigger ¶
type WorkflowTrigger struct {
Type string `json:"type"`
Severities []string `json:"severities,omitempty"`
Categories []string `json:"categories,omitempty"`
}
WorkflowTrigger represents workflow trigger configuration
Source Files