/
types.go
871 lines (792 loc) · 21 KB
/
types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
// SPDX-License-Identifier: MIT OR Apache-2.0
package types
import (
"context"
"encoding/json"
"expvar"
"text/template"
"time"
"github.com/DataDog/datadog-go/statsd"
"github.com/embano1/memlog"
"github.com/prometheus/client_golang/prometheus"
)
// FalcoPayload is a struct to map falco event json
type FalcoPayload struct {
UUID string `json:"uuid,omitempty"`
Output string `json:"output"`
Priority PriorityType `json:"priority"`
Rule string `json:"rule"`
Time time.Time `json:"time"`
OutputFields map[string]interface{} `json:"output_fields"`
Source string `json:"source"`
Tags []string `json:"tags,omitempty"`
Hostname string `json:"hostname,omitempty"`
}
func (f FalcoPayload) String() string {
j, _ := json.Marshal(f)
return string(j)
}
func (f FalcoPayload) Check() bool {
if f.Priority.String() == "" {
return false
}
if f.Rule == "" {
return false
}
if f.Time.IsZero() {
return false
}
if len(f.OutputFields) == 0 {
return false
}
return true
}
// Configuration is a struct to store configuration
type Configuration struct {
MutualTLSFilesPath string
MutualTLSClient MutualTLSClient
TLSClient TLSClient
TLSServer TLSServer
Debug bool
ListenAddress string
ListenPort int
BracketReplacer string
Customfields map[string]string
Templatedfields map[string]string
Prometheus prometheusOutputConfig
Slack SlackOutputConfig
Cliq CliqOutputConfig
Mattermost MattermostOutputConfig
Rocketchat RocketchatOutputConfig
Teams teamsOutputConfig
Datadog datadogOutputConfig
Discord DiscordOutputConfig
Alertmanager AlertmanagerOutputConfig
Elasticsearch ElasticsearchOutputConfig
Quickwit QuickwitOutputConfig
Influxdb influxdbOutputConfig
Loki LokiOutputConfig
SumoLogic SumoLogicOutputConfig
Nats natsOutputConfig
Stan stanOutputConfig
AWS awsOutputConfig
SMTP smtpOutputConfig
Opsgenie opsgenieOutputConfig
Statsd statsdOutputConfig
Dogstatsd statsdOutputConfig
Webhook WebhookOutputConfig
CloudEvents CloudEventsOutputConfig
Azure azureConfig
GCP GcpOutputConfig
Googlechat GooglechatConfig
Kafka kafkaConfig
KafkaRest KafkaRestConfig
Pagerduty PagerdutyConfig
Kubeless kubelessConfig
Openfaas openfaasConfig
Tekton tektonConfig
WebUI WebUIOutputConfig
PolicyReport PolicyReportConfig
Rabbitmq RabbitmqConfig
Wavefront WavefrontOutputConfig
Fission fissionConfig
Grafana GrafanaOutputConfig
GrafanaOnCall GrafanaOnCallOutputConfig
Yandex YandexOutputConfig
Syslog SyslogConfig
NodeRed NodeRedOutputConfig
MQTT MQTTConfig
Zincsearch zincsearchOutputConfig
Gotify gotifyOutputConfig
Spyderbat SpyderbatConfig
TimescaleDB TimescaleDBConfig
Redis RedisConfig
Telegram TelegramConfig
N8N N8NConfig
OpenObserve OpenObserveConfig
Dynatrace DynatraceOutputConfig
OTLP OTLPOutputConfig
}
// InitClientArgs represent a client parameters for initialization
type InitClientArgs struct {
Config *Configuration
Stats *Statistics
PromStats *PromStatistics
StatsdClient *statsd.Client
DogstatsdClient *statsd.Client
}
// MutualTLSClient represents parameters for mutual TLS as client
type MutualTLSClient struct {
CertFile string
KeyFile string
CaCertFile string
}
// MutualTLSClient represents parameters for global TLS client options
type TLSClient struct {
CaCertFile string
}
// TLSServer represents parameters for TLS Server
type TLSServer struct {
Deploy bool
CertFile string
KeyFile string
MutualTLS bool
CaCertFile string
NoTLSPort int
NoTLSPaths []string
}
// SlackOutputConfig represents parameters for Slack
type SlackOutputConfig struct {
WebhookURL string
Channel string
Footer string
Icon string
Username string
OutputFormat string
MinimumPriority string
MessageFormat string
MessageFormatTemplate *template.Template
CheckCert bool
MutualTLS bool
}
// CliqOutputConfig represents parameters for Zoho Cliq
type CliqOutputConfig struct {
WebhookURL string
Icon string
OutputFormat string
MinimumPriority string
MessageFormat string
MessageFormatTemplate *template.Template
UseEmoji bool
CheckCert bool
MutualTLS bool
}
// RocketchatOutputConfig .
type RocketchatOutputConfig struct {
WebhookURL string
Footer string
Icon string
Username string
OutputFormat string
MinimumPriority string
MessageFormat string
MessageFormatTemplate *template.Template
CheckCert bool
MutualTLS bool
}
// MattermostOutputConfig represents parameters for Mattermost
type MattermostOutputConfig struct {
WebhookURL string
Footer string
Icon string
Username string
OutputFormat string
MinimumPriority string
MessageFormat string
MessageFormatTemplate *template.Template
CheckCert bool
MutualTLS bool
}
type WavefrontOutputConfig struct {
EndpointType string // direct or proxy
EndpointHost string // Endpoint hostname (only IP or hostname)
EndpointToken string // Token for API access. Only for direct mode
EndpointMetricPort int // Port to send metrics. Only for proxy mode
MetricName string // The Name of the metric
FlushIntervalSeconds int // Time between flushes.
BatchSize int // BatchSize to send. Only for direct mode
MinimumPriority string
}
type teamsOutputConfig struct {
WebhookURL string
ActivityImage string
OutputFormat string
MinimumPriority string
CheckCert bool
MutualTLS bool
}
type datadogOutputConfig struct {
APIKey string
Host string
MinimumPriority string
CheckCert bool
MutualTLS bool
}
// DiscordOutputConfig .
type DiscordOutputConfig struct {
WebhookURL string
MinimumPriority string
Icon string
CheckCert bool
MutualTLS bool
}
type ThresholdConfig struct {
Value int64 `json:"value" yaml:"value"`
Priority PriorityType `json:"priority" yaml:"priority"`
}
type AlertmanagerOutputConfig struct {
HostPort string
MinimumPriority string
CheckCert bool
MutualTLS bool
Endpoint string
ExpiresAfter int
ExtraLabels map[string]string
ExtraAnnotations map[string]string
CustomSeverityMap map[PriorityType]string
DropEventThresholds string
DropEventThresholdsList []ThresholdConfig
DropEventDefaultPriority string
CustomHeaders map[string]string
}
type ElasticsearchOutputConfig struct {
HostPort string
Index string
Type string
MinimumPriority string
Suffix string
Username string
Password string
CheckCert bool
MutualTLS bool
CustomHeaders map[string]string
}
type QuickwitOutputConfig struct {
HostPort string
ApiEndpoint string
Index string
Version string
CustomHeaders map[string]string
MinimumPriority string
CheckCert bool
MutualTLS bool
AutoCreateIndex bool
}
type influxdbOutputConfig struct {
HostPort string
Database string
Organization string
Bucket string
Precision string
User string
Password string
Token string
MinimumPriority string
CheckCert bool
MutualTLS bool
}
type LokiOutputConfig struct {
HostPort string
User string
APIKey string
MinimumPriority string
CheckCert bool
MutualTLS bool
Tenant string
Endpoint string
ExtraLabels string
ExtraLabelsList []string
CustomHeaders map[string]string
}
type SumoLogicOutputConfig struct {
MinimumPriority string
ReceiverURL string
SourceCategory string
SourceHost string
Name string
CheckCert bool
MutualTLS bool
}
type prometheusOutputConfig struct {
ExtraLabels string
ExtraLabelsList []string
}
type natsOutputConfig struct {
HostPort string
MinimumPriority string
CheckCert bool
MutualTLS bool
}
type stanOutputConfig struct {
HostPort string
ClusterID string
ClientID string
MinimumPriority string
CheckCert bool
MutualTLS bool
}
type awsOutputConfig struct {
Region string
AccessKeyID string
SecretAccessKey string
RoleARN string
ExternalID string
CheckIdentity bool
Lambda awsLambdaConfig
SQS awsSQSConfig
SNS awsSNSConfig
S3 awsS3Config
SecurityLake awsSecurityLakeConfig
CloudWatchLogs awsCloudWatchLogs
Kinesis awsKinesisConfig
}
type awsLambdaConfig struct {
FunctionName string
InvocationType string
LogType string
MinimumPriority string
}
type awsSQSConfig struct {
URL string
MinimumPriority string
}
type awsSNSConfig struct {
TopicArn string
RawJSON bool
MinimumPriority string
}
type awsCloudWatchLogs struct {
LogGroup string
LogStream string
MinimumPriority string
}
type awsS3Config struct {
Prefix string
Bucket string
MinimumPriority string
Endpoint string
ObjectCannedACL string
}
type awsKinesisConfig struct {
StreamName string
MinimumPriority string
}
type awsSecurityLakeConfig struct {
Bucket string
Region string
Prefix string
AccountID string
Interval uint
BatchSize uint
MinimumPriority string
Ctx context.Context
Memlog *memlog.Log
ReadOffset *memlog.Offset
WriteOffset *memlog.Offset
}
type smtpOutputConfig struct {
HostPort string
TLS bool
AuthMechanism string
User string
Password string
Token string
Identity string
Trace string
From string
To string
OutputFormat string
MinimumPriority string
}
type opsgenieOutputConfig struct {
Region string
APIKey string
MinimumPriority string
CheckCert bool
MutualTLS bool
}
// WebhookOutputConfig represents parameters for Webhook
type WebhookOutputConfig struct {
Address string
Method string
CustomHeaders map[string]string
MinimumPriority string
CheckCert bool
MutualTLS bool
}
// NodeRedOutputConfig represents parameters for Node-RED
type NodeRedOutputConfig struct {
Address string
User string
Password string
CustomHeaders map[string]string
MinimumPriority string
CheckCert bool
}
// CloudEventsOutputConfig represents parameters for CloudEvents
type CloudEventsOutputConfig struct {
Address string
Extensions map[string]string
MinimumPriority string
CheckCert bool
MutualTLS bool
}
type statsdOutputConfig struct {
Forwarder string
Namespace string
Tags []string
}
type azureConfig struct {
EventHub eventHub
}
type eventHub struct {
Namespace string
Name string
MinimumPriority string
}
type gcpCloudRun struct {
Endpoint string
JWT string
MinimumPriority string
}
type GcpOutputConfig struct {
Credentials string
WorkloadIdentity bool
PubSub GcpPubSub
Storage gcpStorage
CloudFunctions gcpCloudFunctions
CloudRun gcpCloudRun
}
type gcpCloudFunctions struct {
Name string
MinimumPriority string
}
type GcpPubSub struct {
ProjectID string
Topic string
MinimumPriority string
CustomAttributes map[string]string
}
type gcpStorage struct {
Bucket string
Prefix string
MinimumPriority string
}
// GooglechatConfig represents parameters for Google chat
type GooglechatConfig struct {
WebhookURL string
OutputFormat string
MinimumPriority string
MessageFormat string
MessageFormatTemplate *template.Template
CheckCert bool
MutualTLS bool
}
type kafkaConfig struct {
HostPort string
Topic string
MinimumPriority string
SASL string
TLS bool
Username string
Password string
Balancer string
ClientID string
Compression string
Async bool
RequiredACKs string
TopicCreation bool
}
type KafkaRestConfig struct {
Address string
Version int
MinimumPriority string
CheckCert bool
MutualTLS bool
}
type PagerdutyConfig struct {
RoutingKey string
Region string
MinimumPriority string
CheckCert bool
MutualTLS bool
}
type kubelessConfig struct {
Namespace string
Function string
Port int
Kubeconfig string
MinimumPriority string
CheckCert bool
MutualTLS bool
}
type openfaasConfig struct {
GatewayNamespace string
GatewayService string
FunctionName string
FunctionNamespace string
GatewayPort int
Kubeconfig string
MinimumPriority string
CheckCert bool
MutualTLS bool
}
type tektonConfig struct {
EventListener string
MinimumPriority string
CheckCert bool
MutualTLS bool
}
// WebUIOutputConfig represents parameters for WebUI
type WebUIOutputConfig struct {
URL string
CheckCert bool
MutualTLS bool
}
// PolicyReportConfig represents parameters for policyreport
type PolicyReportConfig struct {
Enabled bool
PruneByPriority bool
Kubeconfig string
MinimumPriority string
MaxEvents int
}
// RabbitmqConfig represents parameters for rabbitmq
type RabbitmqConfig struct {
URL string
Queue string
MinimumPriority string
}
// GrafanaOutputConfig represents parameters for Grafana
type GrafanaOutputConfig struct {
HostPort string
APIKey string
DashboardID int
PanelID int
AllFieldsAsTags bool
CheckCert bool
MutualTLS bool
MinimumPriority string
CustomHeaders map[string]string
}
// GrafanaOnCallOutputConfig represents parameters for Grafana OnCall
type GrafanaOnCallOutputConfig struct {
WebhookURL string
CheckCert bool
MutualTLS bool
MinimumPriority string
CustomHeaders map[string]string
}
type YandexOutputConfig struct {
AccessKeyID string
SecretAccessKey string
Region string
S3 YandexS3Config
DataStreams YandexDataStreamsConfig
}
type YandexS3Config struct {
Endpoint string
Prefix string
Bucket string
MinimumPriority string
}
type YandexDataStreamsConfig struct {
Endpoint string
StreamName string
MinimumPriority string
}
// SyslogConfig represents config parameters for the syslog client
// Host: the remote syslog host. It can be either an IP address or a domain.
// Port: the remote port address. Ex: 514.
// Protocol: the type of transfer protocol to use. It should be either "tcp" or "udp".
type SyslogConfig struct {
Host string
Port string
Protocol string
Format string
MinimumPriority string
}
// MQTTConfig represents config parameters for the MQTT client
type MQTTConfig struct {
Broker string
Topic string
QOS int
Retained bool
User string
Password string
CheckCert bool
MinimumPriority string
}
// fissionConfig represents config parameters for Fission
type fissionConfig struct {
RouterNamespace string
RouterService string
RouterPort int
Function string
KubeConfig string
MinimumPriority string
CheckCert bool
MutualTLS bool
}
// zincsearchOutputConfig represents config parameters for Zincsearch
type zincsearchOutputConfig struct {
HostPort string
Index string
Username string
Password string
CheckCert bool
MinimumPriority string
}
// gotifyOutputConfig represents config parameters for Gotify
type gotifyOutputConfig struct {
HostPort string
Token string
Format string
CheckCert bool
MinimumPriority string
}
type SpyderbatConfig struct {
OrgUID string
APIKey string
APIUrl string
Source string
SourceDescription string
MinimumPriority string
}
type TimescaleDBConfig struct {
Host string
Port string
User string
Password string
Database string
HypertableName string
MinimumPriority string
}
// RedisConfig represents config parameters for Redis
type RedisConfig struct {
Address string
Password string
Database int
StorageType string
Key string
Version int
MinimumPriority string
CheckCert bool
MutualTLS bool
}
// TelegramConfig represents parameters for Telegram
type TelegramConfig struct {
Token string
ChatID string
MinimumPriority string
CheckCert bool
}
// N8NConfig represents config parameters for N8N
type N8NConfig struct {
Address string
User string
Password string
HeaderAuthName string
HeaderAuthValue string
MinimumPriority string
CheckCert bool
}
type DynatraceOutputConfig struct {
APIToken string
APIUrl string
MinimumPriority string
CheckCert bool
}
// OpenObserveConfig represents config parameters for OpenObserve
type OpenObserveConfig struct {
HostPort string
OrganizationName string
StreamName string
MinimumPriority string
Username string
Password string
CheckCert bool
MutualTLS bool
CustomHeaders map[string]string
}
// OTLPTraces represents config parameters for OTLP Traces
type OTLPTraces struct {
Endpoint string
Protocol string
Timeout int64
Headers string
Duration int64
Synced bool
ExtraEnvVars map[string]string
CheckCert bool
MinimumPriority string
}
// OTLPOutputConfig represents config parameters for OTLP
type OTLPOutputConfig struct {
Traces OTLPTraces
}
// Statistics is a struct to store stastics
type Statistics struct {
Requests *expvar.Map
FIFO *expvar.Map
GRPC *expvar.Map
Falco *expvar.Map
Slack *expvar.Map
Mattermost *expvar.Map
Rocketchat *expvar.Map
Teams *expvar.Map
Datadog *expvar.Map
Discord *expvar.Map
Alertmanager *expvar.Map
Elasticsearch *expvar.Map
Quickwit *expvar.Map
Loki *expvar.Map
SumoLogic *expvar.Map
Nats *expvar.Map
Stan *expvar.Map
Influxdb *expvar.Map
AWSLambda *expvar.Map
AWSSQS *expvar.Map
AWSSNS *expvar.Map
AWSCloudWatchLogs *expvar.Map
AWSS3 *expvar.Map
AWSSecurityLake *expvar.Map
AWSKinesis *expvar.Map
SMTP *expvar.Map
Opsgenie *expvar.Map
Statsd *expvar.Map
Dogstatsd *expvar.Map
Webhook *expvar.Map
AzureEventHub *expvar.Map
GCPPubSub *expvar.Map
GCPStorage *expvar.Map
GCPCloudFunctions *expvar.Map
GCPCloudRun *expvar.Map
GoogleChat *expvar.Map
Kafka *expvar.Map
KafkaRest *expvar.Map
Pagerduty *expvar.Map
CloudEvents *expvar.Map
Kubeless *expvar.Map
Openfaas *expvar.Map
Tekton *expvar.Map
WebUI *expvar.Map
Rabbitmq *expvar.Map
Wavefront *expvar.Map
Fission *expvar.Map
Grafana *expvar.Map
GrafanaOnCall *expvar.Map
YandexS3 *expvar.Map
YandexDataStreams *expvar.Map
Syslog *expvar.Map
Cliq *expvar.Map
PolicyReport *expvar.Map
NodeRed *expvar.Map
MQTT *expvar.Map
Zincsearch *expvar.Map
Gotify *expvar.Map
Spyderbat *expvar.Map
TimescaleDB *expvar.Map
Redis *expvar.Map
Telegram *expvar.Map
N8N *expvar.Map
OpenObserve *expvar.Map
Dynatrace *expvar.Map
OTLPTraces *expvar.Map
}
// PromStatistics is a struct to store prometheus metrics
type PromStatistics struct {
Falco *prometheus.CounterVec
Inputs *prometheus.CounterVec
Outputs *prometheus.CounterVec
}