alienvault

package module
v0.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 29, 2020 License: Apache-2.0 Imports: 13 Imported by: 1

README

AlienVault

Build Status

A basic Go package providing a client for the AlienVault API.

Whilst AV do provide a public API, this does not yet support operations on job scheduling and sensors. For this reason, this client utilises an unoffical internal API used by the AV web UI to get the job done. The plan is to move this to the public API as soon as support for the required data types is made available.

Example Usage

alienVaultClient := alienvault.New(
    os.Getenv("ALIENVAULT_FQDN"),
    alienvault.Credentials{
        Username: os.Getenv("ALIENVAULT_USERNAME"),
        Password: os.Getenv("ALIENVAULT_PASSWORD"),
    })

if err := alienVaultClient.Authenticate(); err != nil {
    panic(err)
}

job, err := alienVaultClient.GetAWSBucketJob("...")
if err != nil {
    panic(err)
}

fmt.Printf("Job details: %#v\n", *job)

Testing

To run acceptance tests, you will need to populate the following env vars:

  • ALIENVAULT_FQDN
  • ALIENVAULT_USERNAME
  • ALIENVAULT_PASSWORD

Problems/Outstanding Work

  • Sensor management is not automatically tested as the AV account we're using only has a license for 2 sensors, both of which we're using.
  • We need to switch to the public (v2) API once AV add support for managing sensors and jobs

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AWSBucketJob 

type AWSBucketJob struct {
	Params AWSBucketJobParams `json:"params"` // Params allows you to dictate which bucket and path to use for the job, and specify which plugin should be used to process the logs.
	// contains filtered or unexported fields
}

AWSBucketJob is a scheduled job for retrieving logs from an S3 bucket

type AWSBucketJobParams 

type AWSBucketJobParams struct {
	BucketName string `json:"bucketName"` // The name of the bucket to use when retrieving logs for this job
	Path       string `json:"path"`       // The path to use when looking for logs in the specified bucket
	// contains filtered or unexported fields
}

AWSBucketJobParams are parameters for an AWSBucketJob

type AWSCloudWatchJob 

type AWSCloudWatchJob struct {
	Params AWSCloudWatchJobParams `json:"params"` // Params allows you to specify which region/group/stream you wish to retrieve logs from, and which plugin should be used to process those logs
	// contains filtered or unexported fields
}

AWSCloudWatchJob is a job which retrieves logs from cloudwatch groups(s)/stream(s)

type AWSCloudWatchJobParams 

type AWSCloudWatchJobParams struct {
	Region string `json:"regionName"` // The region to use when retrieving logs from cloudwatch
	Group  string `json:"groupName"`  // The group to use when retrieving logs from cloudwatch
	Stream string `json:"streamName"` // The stream to use when retrieving logs from cloudwatch
	// contains filtered or unexported fields
}

AWSCloudWatchJobParams allows you to specify cloudwatch job parameters

type Client 

type Client struct {
	// contains filtered or unexported fields
}

Client is an API client for interacting with AlienVault USM Anywhere

func New 

func New(fqdn string, creds Credentials, skipTLSVerification bool, version int) *Client

New creates a new client using the provided FQDN and credentials

func (*Client) Authenticate 

func (client *Client) Authenticate() error

Authenticate gives the client a session to use in subsequent calls.

func (*Client) CreateAWSBucketJob 

func (client *Client) CreateAWSBucketJob(j *AWSBucketJob) error

CreateAWSBucketJob creates a new bucket job

func (*Client) CreateAWSCloudWatchJob 

func (client *Client) CreateAWSCloudWatchJob(j *AWSCloudWatchJob) error

CreateAWSCloudWatchJob creates a new AWS cloudwatch job

func (*Client) CreateSensorKey 

func (client *Client) CreateSensorKey() (*SensorKey, error)

CreateSensorKey will create a new key used to activate a sensor. However, if the useExisting option is used, and an unused key already exists, this will be returned instead.

func (*Client) CreateSensorViaAppliance 

func (client *Client) CreateSensorViaAppliance(ctx context.Context, sensor *Sensor, ip net.IP) error

CreateSensorViaAppliance creates a new sensor via the sensor appliance referenced by the provided IP address

func (*Client) DeleteAWSBucketJob 

func (client *Client) DeleteAWSBucketJob(j *AWSBucketJob) error

DeleteAWSBucketJob deletes a bucket job

func (*Client) DeleteAWSCloudWatchJob 

func (client *Client) DeleteAWSCloudWatchJob(j *AWSCloudWatchJob) error

DeleteAWSCloudWatchJob deletes an existing AWS cloudwatch job

func (*Client) DeleteSensor 

func (client *Client) DeleteSensor(sensor *Sensor) error

DeleteSensor deletes an existing sensor

func (*Client) DeleteSensorKey 

func (client *Client) DeleteSensorKey(key *SensorKey) error

DeleteSensorKey deletes a particular sensor key as identified by the supplied id

func (*Client) GetAWSBucketJob 

func (client *Client) GetAWSBucketJob(uuid string) (*AWSBucketJob, error)

GetAWSBucketJob returns a particular *AWSBucketJob as identified by the UUID parameter

func (*Client) GetAWSBucketJobs 

func (client *Client) GetAWSBucketJobs() ([]AWSBucketJob, error)

GetAWSBucketJobs returns a slice of all AWS Bucket jobs

func (*Client) GetAWSCloudWatchJob 

func (client *Client) GetAWSCloudWatchJob(uuid string) (*AWSCloudWatchJob, error)

GetAWSCloudWatchJob returns a particular *AWSCloudWatchJob as identified by the UUID parameter

func (*Client) GetAWSCloudWatchJobs 

func (client *Client) GetAWSCloudWatchJobs() ([]AWSCloudWatchJob, error)

GetAWSCloudWatchJobs returns all AWS CloudWatch jobs

func (*Client) GetLicense 

func (client *Client) GetLicense() (*License, error)

GetLicense returns the license in use by the current account

func (*Client) GetSensor 

func (client *Client) GetSensor(id string) (*Sensor, error)

GetSensor returns a specific sensor as identified by the id parameter

func (*Client) GetSensorKey 

func (client *Client) GetSensorKey(id string) (*SensorKey, error)

GetSensorKey returns a particular sensor key identified by the supplied id

func (*Client) GetSensorKeys 

func (client *Client) GetSensorKeys() ([]SensorKey, error)

GetSensorKeys returns a list of all sensor keys on the account

func (*Client) GetSensors 

func (client *Client) GetSensors() ([]Sensor, error)

GetSensors returns a list of all sensors

func (*Client) HasSensorAvailability 

func (client *Client) HasSensorAvailability() (bool, error)

HasSensorAvailability tells us whether we have room to create new sensors using the current license

func (*Client) HasSensorKeyAvailability 

func (client *Client) HasSensorKeyAvailability() (bool, error)

HasSensorKeyAvailability tells us whether we have room to create new sensor keys using the current license

func (*Client) UpdateAWSBucketJob 

func (client *Client) UpdateAWSBucketJob(j *AWSBucketJob) error

UpdateAWSBucketJob updates an AWS bucket job

func (*Client) UpdateAWSCloudWatchJob 

func (client *Client) UpdateAWSCloudWatchJob(j *AWSCloudWatchJob) error

UpdateAWSCloudWatchJob updates an existing AWS cloudwatch job

func (*Client) UpdateSensor 

func (client *Client) UpdateSensor(sensor *Sensor) error

UpdateSensor updates an existing sensor

type Credentials 

type Credentials struct {
	Username string `json:"email"`
	Password string `json:"password"`
}

Credentials contain a username and password for accessing the AV USM system

type JobAction 

type JobAction string

JobAction is the action to take when running this job, such as checking a bucket for log files (alienvault.JobActionMonitorBucket) 

const (
	// JobActionMonitorBucket is the action of monitoring an S3 bucket for log files
	JobActionMonitorBucket JobAction = "s3TrackFiles"
	// JobActionMonitorCloudWatch is the action of monitoring cloudwatch for log files
	JobActionMonitorCloudWatch JobAction = "cloudWatchTrackFiles"
)

type JobApplication 

type JobApplication string

JobApplication is the application associated with the job. Currently we support alienvault.JobApplicationAWS, which is Amazon AWS 

const (
	// JobApplicationAWS Amazon AWS
	JobApplicationAWS JobApplication = "amazon-aws"
)

type JobSchedule 

type JobSchedule string

JobSchedule is a cron-like syntax which describes when to run the scheduled job. Constants are available to simplify this, such as alienvault.JobScheduleHourly 

const (
	// JobScheduleHourly will run every hour at :02
	JobScheduleHourly JobSchedule = "0 2 0/1 1/1 * ? *"

	// JobScheduleDaily will run daily at 00:02
	JobScheduleDaily JobSchedule = "0 2 0 1/1 * ? *"
)

type JobSourceFormat 

type JobSourceFormat string

JobSourceFormat is the format which the log files are in - alienvault.JobSourceFormatRaw or alienvault.JobSourceFormatSyslog 

const (
	// JobSourceFormatRaw describes raw log files
	JobSourceFormatRaw JobSourceFormat = "raw"
	// JobSourceFormatSyslog describes log files in syslog format
	JobSourceFormatSyslog JobSourceFormat = "syslog"
)

type JobType 

type JobType string

JobType is the type of job, such as alienvault.JobTypeCollection for collecting log files 

const (
	// JobTypeCollection is a job type which collects log files from a given source
	JobTypeCollection JobType = "collection"
)

type License 

type License struct {
	ControlNodeLimit int   `json:"controlNodesAllowed"`
	SensorNodeLimit  int   `json:"sensorNodesAllowed"`
	MonthlyStorageKB int64 `json:"monthlyKBStorage"`
	Expiration       int64 `json:"expiration"`
}

License is an AV license subscription

func (*License) IsExpired 

func (license *License) IsExpired() bool

IsExpired returns true if the license in use has expired

type Sensor 

type Sensor struct {
	// Annoyingly, AV have two fields ID and UUID which both appear to be a primary key - UUID is used in v1 calls, ID in v2
	V1ID           string            `json:"uuid,omitempty"`
	V2ID           string            `json:"id,omitempty"`
	Name           string            `json:"name"`
	Description    string            `json:"description"`
	ActivationCode string            `json:"activation_code"`
	Status         SensorStatus      `json:"status"`
	SetupStatus    SensorSetupStatus `json:"setupStatus"`
}

Sensor is a machine which gathers event data from your infrastrcture and absorbs it into the AV system

func (*Sensor) ID added in v0.3.0 

func (sensor *Sensor) ID() string

type SensorKey 

type SensorKey struct {
	ID        string `json:"id"`
	Consumed  bool
	CreatedAt int     `json:"createdAt"`
	ExpiresAt int     `json:"expires"`
	NodeID    *string `json:"nodeId"`
}

SensorKey is a key used to activate a sensor. The ID is traditionally used as an auth code to activate a sensor using the web UI.

type SensorSetupStatus 

type SensorSetupStatus string

SensorSetupStatus refers to whether or not the sensor has had it's configuration finalised 

const (
	// SensorSetupStatusComplete indicates sensor has had it's configuration finalised
	SensorSetupStatusComplete SensorSetupStatus = "Complete"
)

type SensorStatus 

type SensorStatus string

SensorStatus refers to whether or not the sensor is ready for jobs. "Ready" indicates that this is so. 

const (
	// SensorStatusReady indicates sensor is ready for configuration
	SensorStatusReady SensorStatus = "Ready"
	// SensorStatusConnectionLost refers to a sensor configuration which has lost contact with the actual appliance, possibly becuse the appliance no longer exists.
	SensorStatusConnectionLost SensorStatus = "Connection lost"
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.