Documentation
¶
Index ¶
- Constants
- func GenQueryName() string
- func QueryExpiration(exp int) time.Time
- type DistributedQuery
- type DistributedQueryTarget
- type NodeQuery
- type Queries
- func (q *Queries) Activate(name string, envid uint) error
- func (q *Queries) CleanupCompletedQueries(envid uint) error
- func (q *Queries) CleanupExpiredCarves(envid uint) error
- func (q *Queries) CleanupExpiredQueries(envid uint) error
- func (q *Queries) Complete(name string, envid uint) error
- func (q *Queries) Create(query DistributedQuery) error
- func (q *Queries) CreateNodeQueries(nodeIDs []uint, queryID uint) error
- func (q *Queries) CreateSaved(name, query, creator string, envid uint) error
- func (q *Queries) CreateTarget(name, targetType, targetValue string) error
- func (q *Queries) Delete(name string, envid uint) error
- func (q *Queries) DeleteSaved(name, creator string, envid uint) error
- func (q *Queries) Exists(name string, envid uint) bool
- func (q *Queries) Expire(name string, envid uint) error
- func (q *Queries) Get(name string, envid uint) (DistributedQuery, error)
- func (q *Queries) GetActive(envid uint) ([]DistributedQuery, error)
- func (q *Queries) GetCarves(target string, envid uint) ([]DistributedQuery, error)
- func (q *Queries) GetQueries(target string, envid uint) ([]DistributedQuery, error)
- func (q *Queries) GetSaved(name, creator string, envid uint) (SavedQuery, error)
- func (q *Queries) GetSavedByCreator(creator string, envid uint) ([]SavedQuery, error)
- func (q *Queries) GetTargets(name string) ([]DistributedQueryTarget, error)
- func (q *Queries) Gets(target, qtype string, envid uint) ([]DistributedQuery, error)
- func (q *Queries) IncError(name string, envid uint) error
- func (q *Queries) IncExecution(name string, envid uint) error
- func (q *Queries) NodeQueries(node nodes.OsqueryNode) (QueryReadQueries, bool, error)
- func (q *Queries) SetExpected(name string, expected int, envid uint) error
- func (q *Queries) UpdateQueryStatus(queryName string, nodeID uint, statusCode int) error
- func (q *Queries) UpdateSaved(name, query, creator string, envid uint) error
- type QueryReadQueries
- type SavedQuery
Constants ¶
View Source
const ( // QueryTargetPlatform defines platform as target QueryTargetPlatform string = "platform" // QueryTargetLocalname defines localname as target QueryTargetLocalname string = "localname" // QueryTargetEnvironment defines environment as target QueryTargetEnvironment string = "environment" // QueryTargetUUID defines uuid as target QueryTargetUUID string = "uuid" // StandardQueryType defines a regular query StandardQueryType string = "query" // CarveQueryType defines a regular query CarveQueryType string = "carve" // MetadataQueryType defines a regular query MetadataQueryType string = "metadata" )
View Source
const ( // StatusActive defines active status constant StatusActive string = "ACTIVE" // StatusComplete defines complete status constant StatusComplete string = "COMPLETE" // StatusExpired defines expired status constant StatusExpired string = "EXPIRED" )
View Source
const ( // TargetAll for all queries but hidden TargetAll string = "all" // TargetAllFull for all queries including hidden ones TargetAllFull string = "all-full" // TargetActive for active queries TargetActive string = "active" // TargetHiddenActive for hidden active queries TargetHiddenActive string = "hidden-active" // TargetCompleted for completed queries TargetCompleted string = "completed" // TargetExpired for expired queries TargetExpired string = "expired" // TargetSaved for saved queries TargetSaved string = "saved" // TargetHiddenCompleted for hidden completed queries TargetHiddenCompleted string = "hidden-completed" // TargetDeleted for deleted queries TargetDeleted string = "deleted" // TargetHidden for hidden queries TargetHidden string = "hidden" )
View Source
const ( DistributedQueryStatusPending string = "pending" DistributedQueryStatusCompleted string = "completed" DistributedQueryStatusError string = "error" )
Variables ¶
This section is empty.
Functions ¶
func QueryExpiration ¶
Helper to generate the time.Time for the expiration of a query or carve based on hours
Types ¶
type DistributedQuery ¶
type DistributedQuery struct {
gorm.Model
Name string `gorm:"not null;unique;index"`
Creator string
Query string
Expected int
Executions int
Errors int
Active bool
Hidden bool
Protected bool
Completed bool
Deleted bool
Expired bool
Type string
Path string
EnvironmentID uint
ExtraData string
Expiration time.Time
}
DistributedQuery as abstraction of a distributed query
type DistributedQueryTarget ¶
type DistributedQueryTarget struct {
gorm.Model
Name string `gorm:"index"`
Type string
Value string
}
DistributedQueryTarget to keep target logic for queries
type NodeQuery ¶
type NodeQuery struct {
gorm.Model
NodeID uint `gorm:"not null;index"`
QueryID uint `gorm:"not null;index"`
Status string `gorm:"type:varchar(10);default:'pending'"`
}
NodeQuery links a node to a query
type Queries ¶
Queries to handle on-demand queries
func CreateQueries ¶
CreateQueries to initialize the queries struct
func (*Queries) CleanupCompletedQueries ¶
CleanupCompletedQueries to set all completed queries as inactive by environment
func (*Queries) CleanupExpiredCarves ¶
CleanupExpiredCarves to set all expired carves as inactive by environment
func (*Queries) CleanupExpiredQueries ¶
CleanupExpiredQueries to set all expired queries as inactive by environment
func (*Queries) Create ¶
func (q *Queries) Create(query DistributedQuery) error
Create to create new query to be served to nodes
func (*Queries) CreateNodeQueries ¶
CreateNodeQueries to link multiple nodes to a query
func (*Queries) CreateSaved ¶
CreateSaved to create new saved query
func (*Queries) CreateTarget ¶
CreateTarget to create target entry for a given query
func (*Queries) DeleteSaved ¶
DeleteSaved to delete an existing saved query
func (*Queries) Get ¶
func (q *Queries) Get(name string, envid uint) (DistributedQuery, error)
Get to get a query by name
func (*Queries) GetActive ¶
func (q *Queries) GetActive(envid uint) ([]DistributedQuery, error)
GetActive all active queries and carves by target
func (*Queries) GetCarves ¶
func (q *Queries) GetCarves(target string, envid uint) ([]DistributedQuery, error)
GetCarves all carve queries by target (active/completed/all/all-full/deleted/hidden)
func (*Queries) GetQueries ¶
func (q *Queries) GetQueries(target string, envid uint) ([]DistributedQuery, error)
GetQueries all queries by target (active/completed/all/all-full/deleted/hidden)
func (*Queries) GetSaved ¶
func (q *Queries) GetSaved(name, creator string, envid uint) (SavedQuery, error)
GetSaved to get a saved query by creator
func (*Queries) GetSavedByCreator ¶
func (q *Queries) GetSavedByCreator(creator string, envid uint) ([]SavedQuery, error)
GetSavedByCreator to get a saved query by creator
func (*Queries) GetTargets ¶
func (q *Queries) GetTargets(name string) ([]DistributedQueryTarget, error)
GetTargets to retrieve targets for a given query
func (*Queries) Gets ¶
func (q *Queries) Gets(target, qtype string, envid uint) ([]DistributedQuery, error)
Gets all queries by target (active/completed/all/all-full/deleted/hidden/expired)
func (*Queries) IncExecution ¶
IncExecution to increase the execution count for this query
func (*Queries) NodeQueries ¶
func (q *Queries) NodeQueries(node nodes.OsqueryNode) (QueryReadQueries, bool, error)
func (*Queries) SetExpected ¶
SetExpected to set the number of expected executions for this query
func (*Queries) UpdateQueryStatus ¶
UpdateQueryStatus to update the status of each query
type QueryReadQueries ¶
QueryReadQueries to hold all the on-demand queries
Source Files
Click to show internal directories.
Click to hide internal directories.