module

package

v0.0.2-0...-4ce78c8 Latest Latest Go to latest Published: Jun 17, 2021 License: Apache-2.0, Apache-2.0 Imports: 29 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/n9e/n9e-agentd

Documentation ¶

Rendered for

Index ¶

func NewModule(cfg *config.Config) (api.Module, error)
type APIServer
- func NewAPIServer(cfg *config.Config, probe *sprobe.Probe, client *statsd.Client) *APIServer
- func (a *APIServer) Apply(ruleIDs []rules.RuleID)
- func (a *APIServer) DumpProcessCache(ctx context.Context, params *api.DumpProcessCacheParams) (*api.SecurityDumpProcessCacheMessage, error)
- func (a *APIServer) GetEvents(params *api.GetEventParams, stream api.SecurityModule_GetEventsServer) error
- func (a *APIServer) GetStats() map[string]int64
- func (a *APIServer) SendEvent(rule *rules.Rule, event Event)
- func (a *APIServer) SendStats() error
type AgentContext
- func (v AgentContext) MarshalEasyJSON(w *jwriter.Writer)
- func (v AgentContext) MarshalJSON() ([]byte, error)
- func (v *AgentContext) UnmarshalEasyJSON(l *jlexer.Lexer)
- func (v *AgentContext) UnmarshalJSON(data []byte) error
type Event
type Limit
type Limiter
- func NewLimiter(limit rate.Limit, burst int) *Limiter
type LimiterOpts
type Module
- func (m *Module) Close()
- func (m *Module) EventDiscarderFound(rs *rules.RuleSet, event eval.Event, field eval.Field, ...)
- func (m *Module) GetProbe() *sprobe.Probe
- func (m *Module) GetRuleSet() *rules.RuleSet
- func (m *Module) GetStats() map[string]interface{}
- func (m *Module) HandleCustomEvent(rule *rules.Rule, event *sprobe.CustomEvent)
- func (m *Module) HandleEvent(event *sprobe.Event)
- func (m *Module) Register(httpMux *http.ServeMux) error
- func (m *Module) Reload() error
- func (m *Module) RuleMatch(rule *rules.Rule, event eval.Event)
- func (m *Module) SendEvent(rule *rules.Rule, event Event)
type RateLimiter
- func NewRateLimiter(client *statsd.Client, opts LimiterOpts) *RateLimiter
- func (rl *RateLimiter) Allow(ruleID string) bool
- func (rl *RateLimiter) Apply(rules []rules.RuleID)
- func (rl *RateLimiter) GetStats() map[rules.RuleID]RateLimiterStat
- func (rl *RateLimiter) SendStats() error
type RateLimiterStat
type RuleEvent
type Signal
- func (v Signal) MarshalEasyJSON(w *jwriter.Writer)
- func (v Signal) MarshalJSON() ([]byte, error)
- func (v *Signal) UnmarshalEasyJSON(l *jlexer.Lexer)
- func (v *Signal) UnmarshalJSON(data []byte) error

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewModule ¶

func NewModule(cfg *config.Config) (api.Module, error)

NewModule instantiates a runtime security system-probe module

Types ¶

type APIServer ¶

type APIServer struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

APIServer represents a gRPC server in charge of receiving events sent by the runtime security system-probe module and forwards them to Datadog

func NewAPIServer ¶

func NewAPIServer(cfg *config.Config, probe *sprobe.Probe, client *statsd.Client) *APIServer

NewAPIServer returns a new gRPC event server

func (*APIServer) Apply ¶

func (a *APIServer) Apply(ruleIDs []rules.RuleID)

Apply a rule set

func (*APIServer) DumpProcessCache ¶

func (a *APIServer) DumpProcessCache(ctx context.Context, params *api.DumpProcessCacheParams) (*api.SecurityDumpProcessCacheMessage, error)

DumpProcessCache handle process dump cache requests

func (*APIServer) GetEvents ¶

func (a *APIServer) GetEvents(params *api.GetEventParams, stream api.SecurityModule_GetEventsServer) error

GetEvents waits for security events

func (*APIServer) GetStats ¶

func (a *APIServer) GetStats() map[string]int64

GetStats returns a map indexed by ruleIDs that describes the amount of events that were expired or rate limited before reaching

func (*APIServer) SendEvent ¶

func (a *APIServer) SendEvent(rule *rules.Rule, event Event)

SendEvent forwards events sent by the runtime security module to Datadog

func (*APIServer) SendStats ¶

func (a *APIServer) SendStats() error

SendStats sends statistics about the number of dropped events

type AgentContext ¶

type AgentContext struct {
	RuleID        string `json:"ruleId"`
	RuleVersion   string `json:"ruleVersion,omitempty"`
	PolicyName    string `json:"policyName,omitempty"`
	PolicyVersion string `json:"policyVersion,omitempty"`
}

AgentContext serializes the agent context to JSON easyjson:json

func (AgentContext) MarshalEasyJSON ¶

func (v AgentContext) MarshalEasyJSON(w *jwriter.Writer)

MarshalEasyJSON supports easyjson.Marshaler interface

func (AgentContext) MarshalJSON ¶

func (v AgentContext) MarshalJSON() ([]byte, error)

MarshalJSON supports json.Marshaler interface

func (*AgentContext) UnmarshalEasyJSON ¶

func (v *AgentContext) UnmarshalEasyJSON(l *jlexer.Lexer)

UnmarshalEasyJSON supports easyjson.Unmarshaler interface

func (*AgentContext) UnmarshalJSON ¶

func (v *AgentContext) UnmarshalJSON(data []byte) error

UnmarshalJSON supports json.Unmarshaler interface

type Event ¶

type Event interface {
	GetTags() []string
	GetType() string
}

Event is the interface that an event must implement to be sent to the backend

type Limit ¶

type Limit struct {
	Limit int
	Burst int
}

Limit defines rate limiter limit

type Limiter ¶

type Limiter struct {
	// contains filtered or unexported fields
}

Limiter describes an object that applies limits on the rate of triggering of a rule to ensure we don't overflow with too permissive rules

func NewLimiter ¶

func NewLimiter(limit rate.Limit, burst int) *Limiter

NewLimiter returns a new rule limiter

type LimiterOpts ¶

type LimiterOpts struct {
	Limits map[rules.RuleID]Limit
}

LimiterOpts rate limiter options

type Module ¶

type Module struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

Module represents the system-probe module for the runtime security agent

func (*Module) Close ¶

func (m *Module) Close()

Close the module

func (*Module) EventDiscarderFound ¶

func (m *Module) EventDiscarderFound(rs *rules.RuleSet, event eval.Event, field eval.Field, eventType eval.EventType)

EventDiscarderFound is called by the ruleset when a new discarder discovered

func (*Module) GetProbe ¶

func (m *Module) GetProbe() *sprobe.Probe

GetProbe returns the module's probe

func (*Module) GetRuleSet ¶

func (m *Module) GetRuleSet() *rules.RuleSet

GetRuleSet returns the set of loaded rules

func (*Module) GetStats ¶

func (m *Module) GetStats() map[string]interface{}

GetStats returns statistics about the module

func (*Module) HandleCustomEvent ¶

func (m *Module) HandleCustomEvent(rule *rules.Rule, event *sprobe.CustomEvent)

HandleCustomEvent is called by the probe when an event should be sent to Datadog but doesn't need evaluation

func (*Module) HandleEvent ¶

func (m *Module) HandleEvent(event *sprobe.Event)

HandleEvent is called by the probe when an event arrives from the kernel

func (*Module) Register ¶

func (m *Module) Register(httpMux *http.ServeMux) error

Register the runtime security agent module

func (*Module) Reload ¶

func (m *Module) Reload() error

Reload the rule set

func (*Module) RuleMatch ¶

func (m *Module) RuleMatch(rule *rules.Rule, event eval.Event)

RuleMatch is called by the ruleset when a rule matches

func (*Module) SendEvent ¶

func (m *Module) SendEvent(rule *rules.Rule, event Event)

SendEvent sends an event to the backend after checking that the rate limiter allows it for the provided rule

type RateLimiter ¶

type RateLimiter struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

RateLimiter describes a set of rule rate limiters

func NewRateLimiter ¶

func NewRateLimiter(client *statsd.Client, opts LimiterOpts) *RateLimiter

NewRateLimiter initializes an empty rate limiter

func (*RateLimiter) Allow ¶

func (rl *RateLimiter) Allow(ruleID string) bool

Allow returns true if a specific rule shall be allowed to sent a new event

func (*RateLimiter) Apply ¶

func (rl *RateLimiter) Apply(rules []rules.RuleID)

Apply a set of rules

func (*RateLimiter) GetStats ¶

func (rl *RateLimiter) GetStats() map[rules.RuleID]RateLimiterStat

GetStats returns a map indexed by ruleIDs that describes the amount of events that were dropped because of the rate limiter

func (*RateLimiter) SendStats ¶

func (rl *RateLimiter) SendStats() error

SendStats sends statistics about the number of sent and drops events for the set of rules

type RateLimiterStat ¶

type RateLimiterStat struct {
	// contains filtered or unexported fields
}

RateLimiterStat represents the rate limiting statistics

type RuleEvent ¶

type RuleEvent struct {
	RuleID string `json:"ruleId"`
	Event  Event  `json:"event"`
}

RuleEvent is a wrapper used to send an event to the backend

type Signal ¶

type Signal struct {
	*AgentContext `json:"agent"`
	Title         string `json:"title"`
}

Signal - Rule event wrapper used to send an event to the backend easyjson:json

func (Signal) MarshalEasyJSON ¶

func (v Signal) MarshalEasyJSON(w *jwriter.Writer)

MarshalEasyJSON supports easyjson.Marshaler interface

func (Signal) MarshalJSON ¶

func (v Signal) MarshalJSON() ([]byte, error)

MarshalJSON supports json.Marshaler interface

func (*Signal) UnmarshalEasyJSON ¶

func (v *Signal) UnmarshalEasyJSON(l *jlexer.Lexer)

UnmarshalEasyJSON supports easyjson.Unmarshaler interface

func (*Signal) UnmarshalJSON ¶

func (v *Signal) UnmarshalJSON(data []byte) error

UnmarshalJSON supports json.Unmarshaler interface

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL