
v0.4.3 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Feb 22, 2025 License: MIT Imports: 4 Imported by: 0




View Source
const (
	StatusLog string = "status"
	ResultLog string = "result"
	QueryLog  string = "query"

Types of log types

View Source
const (
	// log levels
	LogLevelDebug string = "debug"
	LogLevelInfo  string = "info"
	LogLevelWarn  string = "warn"
	LogLevelError string = "error"
	// log formats
	LogFormatConsole string = "console"
	LogFormatJSON    string = "json"


This section is empty.


This section is empty.


type AcceleratedQueryReadResponse

type AcceleratedQueryReadResponse struct {
	Queries     queries.QueryReadQueries `json:"queries"`
	NodeInvalid bool                     `json:"node_invalid"`
	Accelerate  int                      `json:"accelerate"`

AcceleratedQueryReadResponse for accelerated on-demand queries from nodes https://github.com/osquery/osquery/blob/master/osquery/distributed/distributed.cpp#L219-L231

type ApiActionsRequest

type ApiActionsRequest struct {
	Certificate string `json:"certificate"`
	MacPkgURL   string `json:"url_mac_pkg"`
	MsiPkgURL   string `json:"url_msi_pkg"`
	RpmPkgURL   string `json:"url_rpm_pkg"`
	DebPkgURL   string `json:"url_deb_pkg"`

ApiActionsRequest to receive action requests

type ApiDataResponse

type ApiDataResponse struct {
	Data string `json:"data"`

ApiDataResponse to be returned to API requests for generic data

type ApiDistributedCarveRequest

type ApiDistributedCarveRequest struct {
	UUID     string `json:"uuid"`
	Path     string `json:"path"`
	ExpHours int    `json:"exp_hours"`

ApiDistributedCarveRequest to receive query requests

type ApiDistributedQueryRequest

type ApiDistributedQueryRequest struct {
	UUIDs        []string `json:"uuid_list"`
	Platforms    []string `json:"platform_list"`
	Environments []string `json:"environment_list"`
	Hosts        []string `json:"host_list"`
	Query        string   `json:"query"`
	Hidden       bool     `json:"hidden"`
	ExpHours     int      `json:"exp_hours"`

ApiDistributedQueryRequest to receive query requests

type ApiErrorResponse

type ApiErrorResponse struct {
	Error string `json:"error"`

ApiErrorResponse to be returned to API requests with the error message

type ApiGenericResponse

type ApiGenericResponse struct {
	Message string `json:"message"`

ApiGenericResponse to be returned to API requests for anything

type ApiLoginRequest

type ApiLoginRequest struct {
	Username string `json:"username"`
	Password string `json:"password"`
	ExpHours int    `json:"exp_hours"`

ApiLoginRequest to receive login requests

type ApiLoginResponse

type ApiLoginResponse struct {
	Token string `json:"token"`

ApiLoginResponse to be returned to API login requests with the generated token

type ApiNodeGenericRequest

type ApiNodeGenericRequest struct {
	UUID string `json:"uuid"`

ApiNodeGenericRequest to receive generic node requests

type ApiQueriesResponse

type ApiQueriesResponse struct {
	Name string `json:"query_name"`

ApiQueriesResponse to be returned to API requests for queries

type ApiTagsRequest

type ApiTagsRequest struct {
	Name        string `json:"name"`
	Description string `json:"description"`
	Color       string `json:"color"`
	Icon        string `json:"icon"`
	EnvUUID     string `json:"env_uuid"`
	TagType     uint   `json:"tagtype"`

ApiTagsRequest to receive tag requests

type CarveBlockRequest

type CarveBlockRequest struct {
	BlockID   int    `json:"block_id"`
	SessionID string `json:"session_id"`
	RequestID string `json:"request_id"`
	Data      string `json:"data"`

CarveBlockRequest received to begin a carve

type CarveBlockResponse

type CarveBlockResponse struct {
	Success bool `json:"success"`

CarveBlockResponse for osquery nodes

type CarveInitRequest

type CarveInitRequest struct {
	BlockCount int    `json:"block_count"`
	BlockSize  int    `json:"block_size"`
	CarveSize  int    `json:"carve_size"`
	CarveID    string `json:"carve_id"`
	RequestID  string `json:"request_id"`
	NodeKey    string `json:"node_key"`

CarveInitRequest received to begin a carve

type CarveInitResponse

type CarveInitResponse struct {
	Success   bool   `json:"success"`
	SessionID string `json:"session_id"`

CarveInitResponse for osquery nodes

type CertRequest

type CertRequest FlagsRequest

CertRequest to retrieve certificate

type ConfigRequest

type ConfigRequest GenericRequest

ConfigRequest received when nodes request configuration

type ConfigResponse

type ConfigResponse GenericResponse

ConfigResponse for configuration requests from nodes

type EnrollRequest

type EnrollRequest struct {
	EnrollSecret   string `json:"enroll_secret"`
	HostIdentifier string `json:"host_identifier"`
	PlatformType   string `json:"platform_type"`
	HostDetails    struct {
		EnrollOSVersion    OSVersionTable    `json:"os_version"`
		EnrollOsqueryInfo  OsqueryInfoTable  `json:"osquery_info"`
		EnrollSystemInfo   SystemInfoTable   `json:"system_info"`
		EnrollPlatformInfo PlatformInfoTable `json:"platform_info"`
	} `json:"host_details"`

EnrollRequest received when nodes enroll

type EnrollResponse

type EnrollResponse struct {
	NodeKey     string `json:"node_key"`
	NodeInvalid bool   `json:"node_invalid"`

EnrollResponse to be returned to agents

type FlagsRequest

type FlagsRequest struct {
	Secret     string `json:"secret"`
	SecrefFile string `json:"secretFile"`
	CertFile   string `json:"certFile"`

FlagsRequest to retrieve flags

type GenericRequest

type GenericRequest struct {
	NodeKey string `json:"node_key"`

GenericRequest to some endpoints

type GenericResponse

type GenericResponse struct {
	NodeInvalid bool `json:"node_invalid"`

GenericResponse for osquery nodes

type JSONConfigurationAPI

type JSONConfigurationAPI struct {
	Listener  string `json:"listener"`
	Port      string `json:"port"`
	LogLevel  string `json:"logLevel"`
	LogFormat string `json:"logFormat"`
	Host      string `json:"host"`
	Auth      string `json:"auth"`
	Carver    string `json:"carver"`

JSONConfigurationAPI to hold API service configuration values

type JSONConfigurationAdmin

type JSONConfigurationAdmin struct {
	Listener   string `json:"listener"`
	Port       string `json:"port"`
	LogLevel   string `json:"logLevel"`
	LogFormat  string `json:"logFormat"`
	Host       string `json:"host"`
	Auth       string `json:"auth"`
	Logger     string `json:"logger"`
	Carver     string `json:"carver"`
	SessionKey string `json:"sessionKey"`

JSONConfigurationAdmin to hold admin service configuration values

type JSONConfigurationHeaders

type JSONConfigurationHeaders struct {
	TrustedPrefix     string `json:"trustedPrefix"`
	AdminGroup        string `json:"adminGroup"`
	UserGroup         string `json:"userGroup"`
	Email             string `json:"email"`
	UserName          string `json:"userName"`
	FirstName         string `json:"firstName"`
	LastName          string `json:"lastName"`
	DisplayName       string `json:"displayName"`
	DistinguishedName string `json:"distinguishedName"`
	Groups            string `json:"groups"`
	DefaultEnv        string `json:"defaultEnv"`

JSONConfigurationHeaders to keep all headers details for auth

type JSONConfigurationJWT

type JSONConfigurationJWT struct {
	JWTSecret     string `json:"jwtSecret"`
	HoursToExpire int    `json:"hoursToExpire"`

JSONConfigurationJWT to hold all JWT configuration values

type JSONConfigurationTLS

type JSONConfigurationTLS struct {
	Listener        string `json:"listener"`
	Port            string `json:"port"`
	LogLevel        string `json:"logLevel"`
	LogFormat       string `json:"logFormat"`
	MetricsListener string `json:"metricsListener"`
	MetricsPort     string `json:"metricsPort"`
	MetricsEnabled  bool   `json:"metricsEnabled"`
	Host            string `json:"host"`
	Auth            string `json:"auth"`
	Logger          string `json:"logger"`
	Carver          string `json:"carver"`

JSONConfigurationTLS to hold TLS service configuration values

type KafkaConfiguration

type KafkaConfiguration struct {
	BoostrapServer    string                  `json:"bootstrap_servers"`
	SSLCALocation     string                  `json:"ssl_ca_location"`
	ConnectionTimeout time.Duration           `json:"connection_timeout"`
	SASL              KafkaSASLConfigurations `json:"sasl"`
	Topic             string                  `json:"topic"`

type KafkaSASLConfigurations

type KafkaSASLConfigurations struct {
	Mechanism string `json:"mechanism"`
	Username  string `json:"username"`
	Password  string `json:"password"`

type LogDecorations

type LogDecorations struct {
	Username       string `json:"username"`
	OsqueryUser    string `json:"osquery_user"`
	LocalHostname  string `json:"local_hostname"`
	Hostname       string `json:"hostname"`
	OsqueryVersion string `json:"osquery_version"`
	ConfigHash     string `json:"config_hash"`
	DaemonHash     string `json:"osquery_md5"`

LogDecorations for decorations field in node logs requests

type LogGenericData

type LogGenericData struct {
	HostIdentifier string         `json:"hostIdentifier"`
	Decorations    LogDecorations `json:"decorations"`
	Version        string         `json:"version"`

LogGenericData to parse both status and result logs

type LogRequest

type LogRequest struct {
	NodeKey string          `json:"node_key"`
	LogType string          `json:"log_type"`
	Data    json.RawMessage `json:"data"`

LogRequest received to process logs

type LogResponse

type LogResponse GenericResponse

LogResponse for log requests from nodes

type LogResultData

type LogResultData struct {
	Name           string          `json:"name"`
	Epoch          int64           `json:"epoch"`
	Action         string          `json:"action"`
	Columns        json.RawMessage `json:"columns"`
	Counter        int             `json:"counter"`
	UnixTime       StringInt       `json:"unixTime"`
	Decorations    LogDecorations  `json:"decorations"`
	CalendarTime   string          `json:"calendarTime"`
	HostIdentifier string          `json:"hostIdentifier"`

LogResultData to be used processing result logs from nodes

type LogStatusData

type LogStatusData struct {
	Line           StringInt      `json:"line"`
	Message        string         `json:"message"`
	Version        string         `json:"version"`
	Filename       string         `json:"filename"`
	Severity       StringInt      `json:"severity"`
	UnixTime       StringInt      `json:"unixTime"`
	Decorations    LogDecorations `json:"decorations"`
	CalendarTime   string         `json:"calendarTime"`
	HostIdentifier string         `json:"hostIdentifier"`

LogStatusData to be used processing status logs from nodes

type OSVersionTable

type OSVersionTable struct {
	ID           string `json:"_id"`
	Codename     string `json:"codename"`
	Major        string `json:"major"`
	Minor        string `json:"minor"`
	Name         string `json:"name"`
	Patch        string `json:"patch"`
	Platform     string `json:"platform"`
	PlatformLike string `json:"platform_like"`
	Version      string `json:"version"`

OSVersionTable provided on enrollment, table os_version

type OsqueryInfoTable

type OsqueryInfoTable struct {
	BuildDistro   string `json:"build_distro"`
	BuildPlatform string `json:"build_platform"`
	ConfigHash    string `json:"config_hash"`
	ConfigValid   string `json:"config_valid"`
	Extension     string `json:"extensions"`
	InstanceID    string `json:"instance_id"`
	PID           string `json:"pid"`
	StartTime     string `json:"start_time"`
	UUID          string `json:"uuid"`
	Version       string `json:"version"`
	Watcher       string `json:"watcher"`

OsqueryInfoTable provided on enrollment, table osquery_info

type OsqueryTable

type OsqueryTable struct {
	Name      string   `json:"name"`
	URL       string   `json:"url"`
	Platforms []string `json:"platforms"`
	Filter    string

OsqueryTable to show tables to query

type PlatformInfoTable

type PlatformInfoTable struct {
	Address    string `json:"address"`
	Date       string `json:"date"`
	Extra      string `json:"extra"`
	Revision   string `json:"revision"`
	Size       string `json:"size"`
	Vendor     string `json:"vendor"`
	Version    string `json:"version"`
	VolumeSize string `json:"volume_size"`

PlatformInfoTable provided on enrollment, table platform_info

type QueryCarveScheduled

type QueryCarveScheduled struct {
	Time      string `json:"time"`
	SHA256    string `json:"sha256"`
	Size      string `json:"size"`
	Path      string `json:"path"`
	Status    string `json:"status"`
	CarveGUID string `json:"carve_guid"`
	RequestID string `json:"request_id"`
	Carve     string `json:"carve"`

QueryCarveScheduled to receive confirmation for scheduled carved file

type QueryReadRequest

type QueryReadRequest GenericRequest

QueryReadRequest received to get on-demand queries

type QueryReadResponse

type QueryReadResponse struct {
	Queries     queries.QueryReadQueries `json:"queries"`
	NodeInvalid bool                     `json:"node_invalid"`

QueryReadResponse for on-demand queries from nodes

type QueryWriteData

type QueryWriteData struct {
	Name    string          `json:"name"`
	Result  json.RawMessage `json:"result"`
	Status  int             `json:"status"`
	Message string          `json:"message"`

QueryWriteData to store result of on-demand queries

type QueryWriteMessages

type QueryWriteMessages map[string]string

QueryWriteMessages to hold the on-demand queries messages

type QueryWriteQueries

type QueryWriteQueries map[string]json.RawMessage

QueryWriteQueries to hold the on-demand queries results

type QueryWriteRequest

type QueryWriteRequest struct {
	Queries  QueryWriteQueries  `json:"queries"`
	Statuses QueryWriteStatuses `json:"statuses"`
	Messages QueryWriteMessages `json:"messages"`
	NodeKey  string             `json:"node_key"`

QueryWriteRequest to receive on-demand queries results

type QueryWriteResponse

type QueryWriteResponse GenericResponse

QueryWriteResponse for on-demand queries results from nodes

type QueryWriteStatuses

type QueryWriteStatuses map[string]int

QueryWriteStatuses to hold the on-demand queries statuses

type S3Configuration

type S3Configuration struct {
	Bucket          string `json:"bucket"`
	Region          string `json:"region"`
	AccessKey       string `json:"accessKey"`
	SecretAccessKey string `json:"secretAccesKey"`

S3Configuration to hold all S3 configuration values

type ScriptRequest

type ScriptRequest struct {
	Secret      string `json:"secret"`
	SecrefFile  string `json:"secretFile"`
	FlagsFile   string `json:"flagsFile"`
	Certificate string `json:"certificate"`

ScriptRequest to retrieve script

type StringInt

type StringInt int

StringInt to parse numbers that could be strings

func (*StringInt) UnmarshalJSON

func (si *StringInt) UnmarshalJSON(b []byte) error

UnmarshalJSON implements the json.Unmarshaler interface, which allows us to ingest values of any json type as an int and run our custom conversion

type SystemInfoTable

type SystemInfoTable struct {
	ComputerName     string `json:"computer_name"`
	CPUBrand         string `json:"cpu_brand"`
	CPULogicalCores  string `json:"cpu_logical_cores"`
	CPUPhysicalCores string `json:"cpu_physical_cores"`
	CPUSubtype       string `json:"cpu_subtype"`
	CPUType          string `json:"cpu_type"`
	HardwareModel    string `json:"hardware_model"`
	HardwareSerial   string `json:"hardware_serial"`
	HardwareVendor   string `json:"hardware_vendor"`
	HardwareVersion  string `json:"hardware_version"`
	Hostname         string `json:"hostname"`
	LocalHostname    string `json:"local_hostname"`
	PhysicalMemory   string `json:"physical_memory"`
	UUID             string `json:"uuid"`

SystemInfoTable provided on enrollment, table system_info

type VerifyRequest

type VerifyRequest FlagsRequest

VerifyRequest to verify nodes

type VerifyResponse

type VerifyResponse struct {
	Flags          string `json:"flags"`
	Certificate    string `json:"certificate"`
	OsqueryVersion string `json:"osquery_version"`

VerifyResponse for verify requests from osctrld

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
JackTT - Gopher 🇻🇳