osquery

package

v0.0.0-...-788bd8d Latest Latest Go to latest Published: Feb 6, 2021 License: MIT, MIT Imports: 6 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/mlukasik-dev/osquery-server

Links

Open Source Insights

Documentation ¶

Index ¶

type Connection
type ConnectionID
type Connections
type ExtensionManager
type ExtensionManagerClient
- func NewClient(path string, timeout time.Duration) (*ExtensionManagerClient, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Connection ¶

type Connection struct {
	Client    *ExtensionManagerClient
	Connected bool
}

type ConnectionID ¶

type ConnectionID = string

ConnectionID is the type, which remote connection's IDs should be of.

type Connections ¶

type Connections = map[ConnectionID]*Connection

type ExtensionManager ¶

type ExtensionManager interface {
	Close()
	Ping() (*osquery.ExtensionStatus, error)
	Call(registry, item string, req osquery.ExtensionPluginRequest) (*osquery.ExtensionResponse, error)
	Extensions() (osquery.InternalExtensionList, error)
	RegisterExtension(info *osquery.InternalExtensionInfo, registry osquery.ExtensionRegistry) (*osquery.ExtensionStatus, error)
	Options() (osquery.InternalOptionList, error)
	Query(sql string) (*osquery.ExtensionResponse, error)
	GetQueryColumns(sql string) (*osquery.ExtensionResponse, error)
}

type ExtensionManagerClient ¶

type ExtensionManagerClient struct {
	Client osquery.ExtensionManager
	// contains filtered or unexported fields
}

ExtensionManagerClient is a wrapper for the osquery Thrift extensions API.

func NewClient ¶

func NewClient(path string, timeout time.Duration) (*ExtensionManagerClient, error)

NewClient creates a new client communicating to osquery over the socket at the provided path. If resolving the address or connecting to the socket fails, this function will error.

func (*ExtensionManagerClient) Call ¶

func (c *ExtensionManagerClient) Call(registry, item string, request osquery.ExtensionPluginRequest) (*osquery.ExtensionResponse, error)

Call requests a call to an extension (or core) registry plugin.

func (*ExtensionManagerClient) Close ¶

func (c *ExtensionManagerClient) Close()

Close should be called to close the transport when use of the client is completed.

func (*ExtensionManagerClient) Extensions ¶

func (c *ExtensionManagerClient) Extensions() (osquery.InternalExtensionList, error)

Extensions requests the list of active registered extensions.

func (*ExtensionManagerClient) GetQueryColumns ¶

func (c *ExtensionManagerClient) GetQueryColumns(sql string) (*osquery.ExtensionResponse, error)

GetQueryColumns requests the columns returned by the parsed query.

func (*ExtensionManagerClient) Options ¶

func (c *ExtensionManagerClient) Options() (osquery.InternalOptionList, error)

Options requests the list of bootstrap or configuration options.

func (*ExtensionManagerClient) Ping ¶

func (c *ExtensionManagerClient) Ping() (*osquery.ExtensionStatus, error)

Ping requests metadata from the extension manager.

func (*ExtensionManagerClient) Query ¶

func (c *ExtensionManagerClient) Query(sql string) (*osquery.ExtensionResponse, error)

Query requests a query to be run and returns the extension response. Consider using the QueryRow or QueryRows helpers for a more friendly interface.

func (*ExtensionManagerClient) QueryRow ¶

func (c *ExtensionManagerClient) QueryRow(sql string) (map[string]string, error)

QueryRow behaves similarly to QueryRows, but it returns an error if the query does not return exactly one row.

func (*ExtensionManagerClient) QueryRows ¶

func (c *ExtensionManagerClient) QueryRows(sql string) ([]map[string]string, error)

QueryRows is a helper that executes the requested query and returns the results. It handles checking both the transport level errors and the osquery internal errors by returning a normal Go error type.

func (*ExtensionManagerClient) RegisterExtension ¶

func (c *ExtensionManagerClient) RegisterExtension(info *osquery.InternalExtensionInfo, registry osquery.ExtensionRegistry) (*osquery.ExtensionStatus, error)

RegisterExtension registers the extension plugins with the osquery process.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
gen
osquery
transport Package transport provides Thrift TTransport and TServerTransport implementations for use on mac/linux (TSocket/TServerSocket) and Windows (custom named pipe implementation).	Package transport provides Thrift TTransport and TServerTransport implementations for use on mac/linux (TSocket/TServerSocket) and Windows (custom named pipe implementation).

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL