Documentation
¶
Index ¶
- Constants
- func Validator() (*validator.Validate, error)
- type CheckIntegrationInput
- type DeleteIntegrationInput
- type FullScanInput
- type GetIntegrationTemplateInput
- type LambdaInput
- type ListIntegrationsInput
- type ListLogTypesInput
- type ListLogTypesOutput
- type ManagedS3Resources
- type PutIntegrationInput
- type PutIntegrationSettings
- type S3PrefixLogtypes
- type S3PrefixLogtypesMapping
- type SourceIntegration
- type SourceIntegrationHealth
- type SourceIntegrationItemStatus
- type SourceIntegrationMetadata
- type SourceIntegrationScanInformation
- type SourceIntegrationStatus
- type SourceIntegrationTemplate
- type SqsConfig
- type UpdateIntegrationLastScanEndInput
- type UpdateIntegrationLastScanStartInput
- type UpdateIntegrationSettingsInput
- type UpdateStatusInput
Constants ¶
View Source
const ( // IntegrationTypeAWSScan is the integration type for snapshots in customer AWS accounts. IntegrationTypeAWSScan = "aws-scan" // IntegrationTypeAWS3 is the integration type for importing data from customer S3 buckets. IntegrationTypeAWS3 = "aws-s3" // IntegrationTypeSqs is integration type for pulling data from an SQS queue. IntegrationTypeSqs = "aws-sqs" // StatusError is the string set in the database when an error occurs in a scan. StatusError = "error" // StatusOK is the string set in the database when a scan is successful. StatusOK = "ok" // StatusScanning is the status set while a scan is underway. StatusScanning = "scanning" )
Variables ¶
This section is empty.
Functions ¶
Types ¶
type CheckIntegrationInput ¶
type CheckIntegrationInput struct {
AWSAccountID string `genericapi:"redact" json:"awsAccountId" validate:"omitempty,len=12,numeric"`
IntegrationType string `json:"integrationType" validate:"oneof=aws-scan aws-s3 aws-sqs"`
IntegrationLabel string `json:"integrationLabel" validate:"required,integrationLabel"`
// Checks for cloudsec integrations
EnableCWESetup *bool `json:"enableCWESetup"`
EnableRemediation *bool `json:"enableRemediation"`
// Checks for s3 integrations
S3Bucket string `json:"s3Bucket"`
S3PrefixLogTypes S3PrefixLogtypes `json:"s3PrefixLogTypes,omitempty"`
KmsKey string `json:"kmsKey"`
ManagedBucketNotifications bool `json:"managedBucketNotifications"`
// Checks for Sqs configuration
SqsConfig *SqsConfig `json:"sqsConfig,omitempty"`
// PantherVersion is the version of Panther that the source was created with. Must follow semver format.
PantherVersionStr string `json:"pantherVersion"`
}
CheckIntegrationInput is used to check the health of a potential configuration.
func (*CheckIntegrationInput) PantherVersion ¶ added in v1.16.0
func (i *CheckIntegrationInput) PantherVersion() *semver.Version
type DeleteIntegrationInput ¶
type DeleteIntegrationInput struct {
IntegrationID string `json:"integrationId" validate:"required,uuid4"`
}
DeleteIntegrationInput is used to delete a specific item from the database.
type FullScanInput ¶ added in v1.2.1
type FullScanInput struct {
Integrations []*SourceIntegrationMetadata
}
FullScanInput is used to do a full scan of one or more integrations.
type GetIntegrationTemplateInput ¶
type GetIntegrationTemplateInput struct {
AWSAccountID string `genericapi:"redact" json:"awsAccountId" validate:"required,len=12,numeric"`
IntegrationType string `json:"integrationType" validate:"oneof=aws-scan aws-s3"`
IntegrationLabel string `json:"integrationLabel" validate:"required,integrationLabel"`
RemediationEnabled *bool `json:"remediationEnabled"`
CWEEnabled *bool `json:"cweEnabled"`
Enabled *bool `json:"enabled" validate:"omitempty"`
RegionIgnoreList []string `json:"regionIgnoreList" validate:"omitempty"`
ResourceTypeIgnoreList []string `json:"resourceTypeIgnoreList" validate:"omitempty"`
ResourceRegexIgnoreList []string `json:"resourceRegexIgnoreList" validate:"omitempty"`
S3Bucket string `json:"s3Bucket" validate:"omitempty,min=1"`
KmsKey string `json:"kmsKey" validate:"omitempty,kmsKeyArn"`
ManagedBucketNotifications bool `json:"managedBucketNotifications"`
}
GetIntegrationTemplateInput allows specification of what resources should be enabled/disabled in the template
type LambdaInput ¶
type LambdaInput struct {
CheckIntegration *CheckIntegrationInput `json:"integrationHealthCheck"`
PutIntegration *PutIntegrationInput `json:"putIntegration"`
UpdateIntegrationSettings *UpdateIntegrationSettingsInput `json:"updateIntegrationSettings"`
ListIntegrations *ListIntegrationsInput `json:"listIntegrations"`
DeleteIntegration *DeleteIntegrationInput `json:"deleteIntegration"`
ListLogTypes *ListLogTypesInput `json:"listLogTypes"`
GetIntegrationTemplate *GetIntegrationTemplateInput `json:"getIntegrationTemplate"`
UpdateIntegrationLastScanEnd *UpdateIntegrationLastScanEndInput `json:"updateIntegrationLastScanEnd"`
UpdateIntegrationLastScanStart *UpdateIntegrationLastScanStartInput `json:"updateIntegrationLastScanStart"`
FullScan *FullScanInput `json:"fullScan"`
UpdateStatus *UpdateStatusInput `json:"updateStatus"`
}
LambdaInput is the collection of all possible args to the Lambda function.
type ListIntegrationsInput ¶
type ListIntegrationsInput struct {
IntegrationType *string `json:"integrationType" validate:"omitempty,oneof=aws-scan aws-s3 aws-sqs"`
}
ListIntegrationsInput allows filtering by the IntegrationType field
type ListLogTypesOutput ¶ added in v1.12.0
type ListLogTypesOutput struct {
LogTypes []string `json:"logTypes" validate:"omitempty"`
}
ListLogTypesOutput
type ManagedS3Resources ¶ added in v1.16.0
type ManagedS3Resources struct {
// Storing the topic's ARN
// - saves us from an extra network call when checking whether Panther managed to create the topic
// - we don't ever delete it from AWS, so we need to show to the user the exact resource that will be kept.
TopicARN *string `json:"topicARN"`
// Only the IDs from configurations that Panther manages. The bucket may have
// other user-created topic configurations as well.
TopicConfigurationIDs []string `json:"topicConfigIds"`
}
type PutIntegrationInput ¶
type PutIntegrationInput struct {
PutIntegrationSettings
}
PutIntegrationInput is used to add one or many integrations.
type PutIntegrationSettings ¶
type PutIntegrationSettings struct {
IntegrationLabel string `json:"integrationLabel" validate:"required,integrationLabel,excludesall='<>&\""`
IntegrationType string `json:"integrationType" validate:"oneof=aws-scan aws-s3 aws-sqs"`
UserID string `json:"userId" validate:"required,uuid4"`
AWSAccountID string `genericapi:"redact" json:"awsAccountId" validate:"omitempty,len=12,numeric"`
CWEEnabled *bool `json:"cweEnabled"`
RemediationEnabled *bool `json:"remediationEnabled"`
ScanIntervalMins int `json:"scanIntervalMins" validate:"omitempty,oneof=60 180 360 720 1440"`
Enabled *bool `json:"enabled"`
RegionIgnoreList []string `json:"regionIgnoreList"`
ResourceTypeIgnoreList []string `json:"resourceTypeIgnoreList"`
ResourceRegexIgnoreList []string `json:"resourceRegexIgnoreList"`
S3Bucket string `json:"s3Bucket"`
S3PrefixLogTypes S3PrefixLogtypes `json:"s3PrefixLogTypes,omitempty" validate:"omitempty,min=1"`
KmsKey string `json:"kmsKey" validate:"omitempty,kmsKeyArn"`
ManagedBucketNotifications bool `json:"managedBucketNotifications"`
SqsConfig *SqsConfig `json:"sqsConfig,omitempty"`
}
PutIntegrationSettings are all the settings for the new integration.
type S3PrefixLogtypes ¶ added in v1.15.0
type S3PrefixLogtypes []S3PrefixLogtypesMapping
func (S3PrefixLogtypes) LogTypes ¶ added in v1.15.0
func (pl S3PrefixLogtypes) LogTypes() []string
func (S3PrefixLogtypes) LongestPrefixMatch ¶ added in v1.15.0
func (pl S3PrefixLogtypes) LongestPrefixMatch(objectKey string) (bestMatch S3PrefixLogtypesMapping, matched bool)
Return the S3PrefixLogtypesMapping whose prefix is the longest one that matches the objectKey.
func (S3PrefixLogtypes) S3Prefixes ¶ added in v1.15.0
func (pl S3PrefixLogtypes) S3Prefixes() []string
type S3PrefixLogtypesMapping ¶ added in v1.15.0
type S3PrefixLogtypesMapping struct {
S3Prefix string `json:"prefix"`
LogTypes []string `json:"logTypes" validate:"required,min=1"`
}
S3PrefixLogtypesMapping contains the logtypes Panther should parse for this s3 prefix.
type SourceIntegration ¶
type SourceIntegration struct {
SourceIntegrationMetadata
SourceIntegrationStatus
SourceIntegrationScanInformation
}
SourceIntegration represents a Panther integration with a source.
func (*SourceIntegration) RequiredLogProcessingRole ¶ added in v1.15.0
func (s *SourceIntegration) RequiredLogProcessingRole() string
func (*SourceIntegration) RequiredLogTypes ¶ added in v1.8.0
func (s *SourceIntegration) RequiredLogTypes() (logTypes []string)
Note: Don't use this for classification as the S3 source has different log types per prefix defined.
func (*SourceIntegration) S3Info ¶ added in v1.15.0
func (s *SourceIntegration) S3Info() (bucket string, prefixes []string)
Return the s3 bucket and prefixes configured to hold input data for this source. For an s3 source, bucket and prefixes are user inputs.
type SourceIntegrationHealth ¶
type SourceIntegrationHealth struct {
IntegrationType string `json:"integrationType"`
// Checks for cloudsec integrations
AuditRoleStatus SourceIntegrationItemStatus `json:"auditRoleStatus,omitempty"`
CWERoleStatus SourceIntegrationItemStatus `json:"cweRoleStatus,omitempty"`
RemediationRoleStatus SourceIntegrationItemStatus `json:"remediationRoleStatus,omitempty"`
// Checks for log analysis integrations
ProcessingRoleStatus SourceIntegrationItemStatus `json:"processingRoleStatus,omitempty"`
S3BucketStatus SourceIntegrationItemStatus `json:"s3BucketStatus,omitempty"`
KMSKeyStatus SourceIntegrationItemStatus `json:"kmsKeyStatus,omitempty"`
// GetObject check is not available to sources created in Panther<1.16
GetObjectStatus *SourceIntegrationItemStatus `json:"getObjectStatus,omitempty"`
// BucketNotificationsStatus is the result of checking the bucket's notifications configuration.
// It is populated only if the log processing role has the s3:GetBucketNotification permission. This is
// added to our provided CFN template if user opts for Panther-managed bucket notifications.
BucketNotificationsStatus *SourceIntegrationItemStatus `json:"bucketNotificationsStatus,omitempty"`
// Checks for Sqs integrations
SqsStatus SourceIntegrationItemStatus `json:"sqsStatus"`
}
type SourceIntegrationMetadata ¶
type SourceIntegrationMetadata struct {
AWSAccountID string `json:"awsAccountId,omitempty"`
CreatedAtTime time.Time `json:"createdAtTime,omitempty"`
CreatedBy string `json:"createdBy,omitempty"`
IntegrationID string `json:"integrationId,omitempty"`
IntegrationLabel string `json:"integrationLabel,omitempty"`
IntegrationType string `json:"integrationType,omitempty"`
RemediationEnabled *bool `json:"remediationEnabled,omitempty"`
CWEEnabled *bool `json:"cweEnabled,omitempty"`
ScanIntervalMins int `json:"scanIntervalMins,omitempty"`
// optional fields for snapshot-poller filtering
Enabled *bool `json:"enabled,omitempty"`
RegionIgnoreList []string `json:"regionIgnoreList,omitempty"`
ResourceTypeIgnoreList []string `json:"resourceTypeIgnoreList,omitempty"`
ResourceRegexIgnoreList []string `json:"resourceRegexIgnoreList,omitempty"`
// fields specific for an s3 integration (plus AWSAccountID, StackName)
S3Bucket string `json:"s3Bucket,omitempty"`
S3PrefixLogTypes S3PrefixLogtypes `json:"s3PrefixLogTypes,omitempty"`
KmsKey string `json:"kmsKey,omitempty"`
LogProcessingRole string `json:"logProcessingRole,omitempty"`
// Whether Panther should configure the user's bucket notifications.
ManagedBucketNotifications bool `json:"managedBucketNotifications"`
// This is only needed for the API response, so that the UI can show a warning message
// if Panther couldn't setup bucket notifications. Failing to do so doesn't
// block any other source operations like saving to the DB.
NotificationsConfigurationSucceeded bool `json:"notificationsConfigurationSucceeded"`
StackName string `json:"stackName,omitempty"`
SqsConfig *SqsConfig `json:"sqsConfig,omitempty"`
// PantherVersion is the version of Panther that the source was created with.
PantherVersion string `json:"pantherVersion,omitempty"`
}
SourceIntegrationMetadata is general settings and metadata for an integration.
type SourceIntegrationScanInformation ¶
type SourceIntegrationScanInformation struct {
LastScanStartTime *time.Time `json:"lastScanStartTime,omitempty"`
LastScanEndTime *time.Time `json:"lastScanEndTime,omitempty"`
LastScanErrorMessage string `json:"lastScanErrorMessage,omitempty"`
}
SourceIntegrationScanInformation is detail about the last snapshot.
type SourceIntegrationStatus ¶
type SourceIntegrationStatus struct {
ScanStatus string `json:"scanStatus,omitempty"`
EventStatus string `json:"eventStatus,omitempty"`
LastEventReceived *time.Time `json:"lastEventReceived,omitempty"`
}
SourceIntegrationStatus provides information about the status of a source
type SqsConfig ¶ added in v1.6.0
type SqsConfig struct {
// The log types associated with the source. Needs to be set by UI.
LogTypes []string `json:"logTypes" validate:"required,min=1"`
// The AWS Principals that are allowed to send data to this source. Needs to be set by UI.
AllowedPrincipalArns []string `json:"allowedPrincipalArns"`
// The ARNS (e.g. SNS topic ARNs) that are allowed to send data to this source. Needs to be set by UI.
AllowedSourceArns []string `json:"allowedSourceArns"`
// The Panther-internal S3 bucket where the data from this source will be available
S3Bucket string `json:"s3Bucket"`
// The Role that the log processor can use to access this data
LogProcessingRole string `json:"logProcessingRole"`
// THe URL of the SQS queue
QueueURL string `json:"queueUrl"`
}
type UpdateIntegrationLastScanEndInput ¶
type UpdateIntegrationLastScanEndInput struct {
ScanStatus string `json:"scanStatus" validate:"oneof=ok error scanning"`
IntegrationID string `json:"integrationId" validate:"required,uuid4"`
LastScanEndTime time.Time `json:"lastScanEndTime" validate:"required"`
EventStatus string `json:"eventStatus"`
LastScanErrorMessage string `json:"lastScanErrorMessage"`
}
UpdateIntegrationLastScanEndInput is used to update scan information at the end of a scan.
type UpdateIntegrationLastScanStartInput ¶
type UpdateIntegrationLastScanStartInput struct {
IntegrationID string `json:"integrationId" validate:"required,uuid4"`
LastScanStartTime time.Time `json:"lastScanStartTime" validate:"required"`
ScanStatus string `json:"scanStatus" validate:"required,oneof=ok error scanning"`
}
UpdateIntegrationLastScanStartInput is used to update scan information at the beginning of a scan.
type UpdateIntegrationSettingsInput ¶
type UpdateIntegrationSettingsInput struct {
IntegrationID string `json:"integrationId" validate:"required,uuid4"`
IntegrationLabel string `json:"integrationLabel" validate:"required,integrationLabel,excludesall='<>&\""`
CWEEnabled *bool `json:"cweEnabled"`
RemediationEnabled *bool `json:"remediationEnabled"`
ScanIntervalMins int `json:"scanIntervalMins" validate:"omitempty,oneof=60 180 360 720 1440"`
Enabled *bool `json:"enabled"`
RegionIgnoreList []string `json:"regionIgnoreList"`
ResourceTypeIgnoreList []string `json:"resourceTypeIgnoreList"`
ResourceRegexIgnoreList []string `json:"resourceRegexIgnoreList"`
S3Bucket string `json:"s3Bucket" validate:"omitempty,min=1"`
S3PrefixLogTypes S3PrefixLogtypes `json:"s3PrefixLogTypes,omitempty" validate:"omitempty,min=1"`
KmsKey string `json:"kmsKey" validate:"omitempty,kmsKeyArn"`
SqsConfig *SqsConfig `json:"sqsConfig,omitempty"`
}
UpdateIntegrationSettingsInput is used to update integration settings.
type UpdateStatusInput ¶ added in v1.5.1
type UpdateStatusInput struct {
IntegrationID string `json:"integrationId" validate:"required,uuid4"`
LastEventReceived time.Time `json:"lastEventReceived" validate:"required"`
}
Updates the status of an integration Sample request:
{
"updateStatus": {
"integrationId": "uuid",
"lastEventReceived":"2020-10-10T05:03:01Z"
}
}
Source Files
Click to show internal directories.
Click to hide internal directories.