Documentation ¶
Overview ¶
Package connectors implements connectors to different security services, like AWS GuardDuty, AWS Security Hub, or Palo Alto Prisma Cloud.
Index ¶
- func GetAccountID(session client.ConfigProvider) (string, error)
- func NewMasterMemberSess(region, memberAccountID, memberRole string) (*session.Session, *session.Session)
- type DetectiveInviter
- type DetectiveMasterClient
- type DetectiveMemberClient
- type GuardDutyInviter
- type GuardDutyListDetectors
- type GuardDutyMasterClient
- type GuardDutyMemberClient
- type Prisma
- type SecurityHubInviter
- type SecurityHubMasterClient
- type SecurityHubMemberClient
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetAccountID ¶
func GetAccountID(session client.ConfigProvider) (string, error)
GetAccountID returns AWS account ID using provided session, without error handling because in case of problem with credentials we'll see it on the first use
Types ¶
type DetectiveInviter ¶
type DetectiveInviter struct {
// contains filtered or unexported fields
}
DetectiveInviter is a per-region structure which contains all information for adding new member account to Detective master.
func NewDetectiveInviter ¶
func NewDetectiveInviter(masterSess, memberSess client.ConfigProvider) *DetectiveInviter
NewDetectiveInviter creates new instance of DetectiveInviter which is capable of inviting specified member account to master account Detective
func (DetectiveInviter) AddMember ¶
func (d DetectiveInviter) AddMember(accountID, accountEmail, masterAccountID string) error
AddMember adds new member account to master, sends invite to it, and then accepts invite from the member account. In case the member is already in place and connected (enabled), nothing is done. https://docs.aws.amazon.com/detective/latest/userguide/detective-accounts.html
type DetectiveMasterClient ¶
type DetectiveMasterClient interface { GetMembers(*detective.GetMembersInput) (*detective.GetMembersOutput, error) CreateMembers(*detective.CreateMembersInput) (*detective.CreateMembersOutput, error) ListGraphs(*detective.ListGraphsInput) (*detective.ListGraphsOutput, error) }
DetectiveMasterClient is a subset of aws-sdk-go/service/detective which is used for sending invitations from Detective master.
type DetectiveMemberClient ¶
type DetectiveMemberClient interface { ListInvitations(*detective.ListInvitationsInput) (*detective.ListInvitationsOutput, error) AcceptInvitation(*detective.AcceptInvitationInput) (*detective.AcceptInvitationOutput, error) }
DetectiveMemberClient is a subset of aws-sdk-go/service/detective which is used for accepting invitations on Detective member.
type GuardDutyInviter ¶
type GuardDutyInviter struct {
// contains filtered or unexported fields
}
GuardDutyInviter is a per-region structure which contains all information for adding new member account to GuardDuty master.
func NewGuardDutyInviter ¶
func NewGuardDutyInviter(masterSess, memberSess client.ConfigProvider) *GuardDutyInviter
NewGuardDutyInviter creates new instance of GuardDutyInviter which is capable of inviting specified member account to master account GuardDuty
func (GuardDutyInviter) AddMember ¶
func (g GuardDutyInviter) AddMember(accountID, accountEmail, masterAccountID string) error
AddMember adds new member account to master, sends invite to it, and then accepts invite from the member account. In case the member is already in place and connected (enabled), nothing is done. https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_accounts.html
type GuardDutyListDetectors ¶
type GuardDutyListDetectors interface {
ListDetectors(*guardduty.ListDetectorsInput) (*guardduty.ListDetectorsOutput, error)
}
GuardDutyListDetectors is interface for ListDetectors function which is used both in master and member.
type GuardDutyMasterClient ¶
type GuardDutyMasterClient interface { GuardDutyListDetectors GetMembers(*guardduty.GetMembersInput) (*guardduty.GetMembersOutput, error) CreateMembers(*guardduty.CreateMembersInput) (*guardduty.CreateMembersOutput, error) InviteMembers(*guardduty.InviteMembersInput) (*guardduty.InviteMembersOutput, error) }
GuardDutyMasterClient is a subset of aws-sdk-go/service/guardduty which is used for sending invitations from GuardDuty master.
type GuardDutyMemberClient ¶
type GuardDutyMemberClient interface { GuardDutyListDetectors ListInvitations(*guardduty.ListInvitationsInput) (*guardduty.ListInvitationsOutput, error) AcceptAdministratorInvitation(*guardduty.AcceptAdministratorInvitationInput) (*guardduty.AcceptAdministratorInvitationOutput, error) }
GuardDutyMemberClient is a subset of aws-sdk-go/service/guardduty which is used for accepting invitations on GuardDuty member.
type Prisma ¶
type Prisma struct {
// contains filtered or unexported fields
}
Prisma contain credentials for API access
func (Prisma) AddAWSAccount ¶
AddAWSAccount adds an AWS account to Prisma, or updates existing one with provided AWS credentials in case it's necessary
type SecurityHubInviter ¶
type SecurityHubInviter struct {
// contains filtered or unexported fields
}
SecurityHubInviter is a per-region structure which contains all information for adding new member account to Security Hub master.
func NewSecurityHubInviter ¶
func NewSecurityHubInviter(masterSess, memberSess client.ConfigProvider) *SecurityHubInviter
NewSecurityHubInviter creates new instance of SecurityHubInviter which is capable of inviting specified member account to master account SecurityHub
func (SecurityHubInviter) AddMember ¶
func (s SecurityHubInviter) AddMember(accountID, accountEmail, masterAccountID string) error
AddMember adds new member account to master, sends invite to it, and then accepts invite from the member account. In case the member is already in place and connected (enabled), nothing is done. https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-accounts.html
type SecurityHubMasterClient ¶
type SecurityHubMasterClient interface { GetMembers(*securityhub.GetMembersInput) (*securityhub.GetMembersOutput, error) CreateMembers(*securityhub.CreateMembersInput) (*securityhub.CreateMembersOutput, error) InviteMembers(*securityhub.InviteMembersInput) (*securityhub.InviteMembersOutput, error) }
SecurityHubMasterClient is a subset of aws-sdk-go/service/securityhub which is used for sending invitations from Security Hub master.
type SecurityHubMemberClient ¶
type SecurityHubMemberClient interface { ListInvitations(*securityhub.ListInvitationsInput) (*securityhub.ListInvitationsOutput, error) AcceptInvitation(*securityhub.AcceptInvitationInput) (*securityhub.AcceptInvitationOutput, error) }
SecurityHubMemberClient is a subset of aws-sdk-go/service/securityhub which is used for accepting invitations on Security Hub member.