Documentation
¶
Overview ¶
Package models pkg/models/api_types.go
Package models pkg/models/metrics.go
Package models contains data models for ServiceRadar.
Package models provides data models for the sweeper service.
Index ¶
- Constants
- Variables
- func ContainsMode(modes []SweepMode, mode SweepMode) bool
- func DetermineAgentTypeFromCapabilities(capabilities []string) (int, string)
- func ExtractSafeConfigMetadata(config interface{}) map[string]string
- func FilterIPsWithBlacklist(ips, blacklistCIDRs []string) ([]string, error)
- func FilterSensitiveFields(input interface{}) (map[string]interface{}, error)
- func GenerateNetworkDeviceID(partition, ip string) string
- func GenerateServiceDeviceID(serviceType ServiceType, serviceID string) string
- func GetAgentTypeName(typeID int) string
- func GetSourceConfidence(source DiscoverySource) int
- func IsServiceDevice(deviceID string) bool
- func RiskLevelFromScore(score int) (int, string)
- type AgentConfig
- type AgentDefinition
- type AuthConfig
- type CNPGDatabase
- type CORSConfig
- type CPUClusterMetric
- type CPUMetric
- type Check
- type CloudConfig
- type CollectorCapability
- type CollectorDownloadResult
- type CollectorPackage
- type CollectorPackageStatus
- type CollectorType
- type ColumnDefinition
- type ColumnKey
- type Config
- type CoreServiceConfig
- type Device
- type DeviceCapabilityEvent
- type DeviceCapabilitySnapshot
- type DeviceIdentifier
- type DeviceLifecycleEventData
- type DeviceStatsMeta
- type DeviceStatsSnapshot
- type DeviceTarget
- type DeviceUpdate
- type DictionaryConfig
- type DiscoveredInterface
- type DiscoverySource
- type DiscoverySourceInfo
- type DiskMetric
- type Duration
- type EdgeOnboardingComponentType
- type EdgeOnboardingConfig
- type EdgeOnboardingCreateRequest
- type EdgeOnboardingCreateResult
- type EdgeOnboardingDeliverRequest
- type EdgeOnboardingDeliverResult
- type EdgeOnboardingEvent
- type EdgeOnboardingListFilter
- type EdgeOnboardingPackage
- type EdgeOnboardingRevokeRequest
- type EdgeOnboardingRevokeResult
- type EdgeOnboardingStatus
- type EdgeTemplate
- type ErrorResponse
- type EventsConfig
- type FeatureFlags
- type FingerprintingConfig
- type GatewayConfig
- type GatewayHealthEventData
- type GatewayHistory
- type GatewayHistoryPoint
- type GatewayStatus
- type Header
- type HostResult
- type ICMPStatus
- type IdentityDriftConfig
- type IdentityReaperConfig
- type IdentityReaperProfile
- type IdentityReconciliationConfig
- type KVEndpoint
- type LogCounters
- type LogDigestSnapshot
- type LogSummary
- type LoginRequest
- type MCPConfigRef
- type MemoryMetric
- type MergeAuditEvent
- type MetricPoint
- type Metrics
- type MetricsConfig
- type NATSConfig
- type NatsCredential
- type NetflowConfig
- type NetflowMetric
- type NetworkSighting
- type NetworkSightingStatus
- type OCSFAgent
- type OCSFAgentPolicy
- type OCSFAgentRecord
- func (a *OCSFAgentRecord) GetTypeName() string
- func (a *OCSFAgentRecord) MergeCapabilities(newCaps []string)
- func (a *OCSFAgentRecord) ToJSONFields() (policiesJSON, metadataJSON []byte, err error)
- func (a *OCSFAgentRecord) ToOCSFAgent() OCSFAgent
- func (a *OCSFAgentRecord) UpdateHeartbeat(ip string, capabilities []string)
- type OCSFDevice
- type OCSFDeviceHWInfo
- type OCSFDeviceOS
- type OCSFEventRow
- type OCSFGroup
- type OCSFNetworkActivity
- type OCSFNetworkInterface
- type OCSFOrganization
- type OCSFUser
- type OTELLogRow
- type OTELMetricRow
- type OTELTraceRow
- type PartitionStats
- type PortCount
- type PortResult
- type PortStatus
- type ProcessMetric
- type PromotionConfig
- type QueryConfig
- type RBACConfig
- type ReaperConfig
- type RefreshTokenRequest
- type Result
- type ResultFilter
- type RperfMetric
- type RperfMetricData
- type RperfMetricResponse
- type RperfMetrics
- type SNMPConfig
- type SNMPDiscoveryDataPayload
- type SNMPMetric
- type SNMPMetricsPayload
- type SRQLConfig
- type SSOConfig
- type ScannerStats
- type SecurityConfig
- type SecurityMode
- type Service
- type ServiceMetricsPayload
- type ServiceRole
- type ServiceStatus
- type ServiceType
- type SeverityWindowCounts
- type SightingEvent
- type SightingPromotionStatus
- type SourceConfig
- type SpireAdminConfig
- type SubnetPolicy
- type SweepConfig
- type SweepData
- type SweepHostState
- type SweepMode
- type SweepResult
- type SweepSummary
- type SysmonCPUResponse
- type SysmonDiskResponse
- type SysmonMemoryResponse
- type SysmonMetricData
- type SysmonMetrics
- type SysmonProcessResponse
- type SystemStatus
- type TLSConfig
- type Target
- type TimeseriesMetric
- type Token
- type TopologyDiscoveryEvent
- type User
- type WebhookConfig
- type WriteBufferConfig
Constants ¶
View Source
const ( DiscoverySourceSNMP DiscoverySource = "snmp" DiscoverySourceMapper DiscoverySource = "mapper" DiscoverySourceIntegration DiscoverySource = "integration" DiscoverySourceNetFlow DiscoverySource = "netflow" DiscoverySourceManual DiscoverySource = "manual" DiscoverySourceSweep DiscoverySource = "sweep" DiscoverySourceSighting DiscoverySource = "sighting" DiscoverySourceSelfReported DiscoverySource = "self-reported" DiscoverySourceArmis DiscoverySource = "armis" DiscoverySourceNetbox DiscoverySource = "netbox" DiscoverySourceSysmon DiscoverySource = "sysmon" DiscoverySourceServiceRadar DiscoverySource = "serviceradar" // ServiceRadar infrastructure components // Confidence levels for discovery sources (1-10 scale) ConfidenceLowUnknown = 1 // Low confidence - unknown source ConfidenceMediumSweep = 5 // Medium confidence - network sweep ConfidenceMediumTraffic = 6 // Medium confidence - traffic analysis ConfidenceMediumMonitoring = 6 // Medium confidence - system monitoring ConfidenceGoodExternal = 7 // Good confidence - external system ConfidenceGoodSecurity = 7 // Good confidence - external security system ConfidenceGoodDocumentation = 7 // Good confidence - network documentation system ConfidenceHighNetworkMapping = 8 // High confidence - network mapping ConfidenceHighSelfReported = 8 // High confidence - device reported itself ConfidenceHighSNMP = 9 // High confidence - active SNMP query ConfidenceHighestManual = 10 // Highest confidence - human input )
View Source
const ( OCSFAgentTypeUnknown = 0 OCSFAgentTypeEndpointDetectionResponse = 1 OCSFAgentTypeDataLossPrevention = 2 OCSFAgentTypeBackupRecovery = 3 OCSFAgentTypePerformanceMonitoring = 4 OCSFAgentTypeVulnerabilityManagement = 5 OCSFAgentTypeLogManagement = 6 OCSFAgentTypeMobileDeviceManagement = 7 OCSFAgentTypeConfigurationManagement = 8 OCSFAgentTypeRemoteAccess = 9 OCSFAgentTypeOther = 99 )
OCSF Agent Type IDs (aligned with OCSF v1.7.0) See: https://schema.ocsf.io/1.7.0/objects/agent
View Source
const ( AgentTypeNameUnknown = "Unknown" AgentTypeNameEDR = "Endpoint Detection and Response" AgentTypeNameDLP = "Data Loss Prevention" AgentTypeNameBackup = "Backup and Recovery" AgentTypeNamePerformanceMonitoring = "Performance Monitoring and Observability" AgentTypeNameVulnerability = "Vulnerability Management" AgentTypeNameLogManagement = "Log Management" AgentTypeNameMDM = "Mobile Device Management" AgentTypeNameConfigManagement = "Configuration Management" AgentTypeNameRemoteAccess = "Remote Access" AgentTypeNameOther = "Other" )
Agent type name string constants
View Source
const ( OCSFDeviceTypeUnknown = 0 OCSFDeviceTypeServer = 1 OCSFDeviceTypeDesktop = 2 OCSFDeviceTypeLaptop = 3 OCSFDeviceTypeTablet = 4 OCSFDeviceTypeMobile = 5 OCSFDeviceTypeVirtual = 6 OCSFDeviceTypeIOT = 7 OCSFDeviceTypeBrowser = 8 OCSFDeviceTypeFirewall = 9 OCSFDeviceTypeSwitch = 10 OCSFDeviceTypeHub = 11 OCSFDeviceTypeRouter = 12 OCSFDeviceTypeIDS = 13 OCSFDeviceTypeIPS = 14 OCSFDeviceTypeLoadBalancer = 15 OCSFDeviceTypeOther = 99 )
OCSF Device Type IDs (aligned with OCSF v1.7.0)
View Source
const ( DeviceTypeNameServer = "Server" DeviceTypeNameDesktop = "Desktop" DeviceTypeNameMobile = "Mobile" DeviceTypeNameFirewall = "Firewall" DeviceTypeNameSwitch = "Switch" DeviceTypeNameRouter = "Router" )
Device type name string constants
View Source
const ( OCSFRiskLevelInfo = 0 OCSFRiskLevelLow = 1 OCSFRiskLevelMedium = 2 OCSFRiskLevelHigh = 3 OCSFRiskLevelCritical = 4 OCSFRiskLevelOther = 99 )
OCSF Risk Level IDs
View Source
const MetricPointSize = 32 // 8 bytes timestamp + 8 bytes response + 16 bytes name
View Source
const ServiceDevicePartition = "serviceradar"
ServiceDevicePartition is the special partition used for service components
View Source
const (
// TrueString represents the string "true"
TrueString = "true"
)
Variables ¶
View Source
var ( ErrEdgeOnboardingDisabled = errors.New("edge onboarding: service disabled") ErrEdgeOnboardingInvalidRequest = errors.New("edge onboarding: invalid request") ErrEdgeOnboardingGatewayConflict = errors.New("edge onboarding: gateway already provisioned") ErrEdgeOnboardingComponentConflict = errors.New("edge onboarding: component already provisioned") ErrEdgeOnboardingDownloadRequired = errors.New("edge onboarding: download token required") ErrEdgeOnboardingDownloadInvalid = errors.New("edge onboarding: download token invalid") ErrEdgeOnboardingDownloadExpired = errors.New("edge onboarding: download token expired") ErrEdgeOnboardingPackageDelivered = errors.New("edge onboarding: package already delivered") ErrEdgeOnboardingPackageRevoked = errors.New("edge onboarding: package revoked") ErrEdgeOnboardingDecryptFailed = errors.New("edge onboarding: decrypt failed") )
View Source
var ( // ErrInputMustBeStruct indicates that the input must be a struct or pointer to struct. ErrInputMustBeStruct = errors.New("input must be a struct or pointer to struct") )
Functions ¶
func ContainsMode ¶
ContainsMode checks if a mode is in a list of modes.
func DetermineAgentTypeFromCapabilities ¶ added in v1.0.79
DetermineAgentTypeFromCapabilities determines the OCSF agent type based on capabilities
func ExtractSafeConfigMetadata ¶ added in v1.0.55
ExtractSafeConfigMetadata extracts only safe, non-sensitive configuration metadata for service registration and tracking purposes.
func FilterIPsWithBlacklist ¶
FilterIPsWithBlacklist filters out IP addresses that match the given CIDR blacklist. This is a utility function to be used by sync integrations to apply network blacklisting.
func FilterSensitiveFields ¶ added in v1.0.55
FilterSensitiveFields removes fields marked with `sensitive:"true"` tag from a struct before serializing it. This ensures sensitive data like secrets and passwords are never stored in databases or sent to UIs.
func GenerateNetworkDeviceID ¶ added in v1.0.55
GenerateNetworkDeviceID creates a device ID for a discovered network device Format: partition:ip Example: default:192.168.1.1
func GenerateServiceDeviceID ¶ added in v1.0.55
func GenerateServiceDeviceID(serviceType ServiceType, serviceID string) string
GenerateServiceDeviceID creates a device ID for a service component Format: serviceradar:service_type:service_id Example: serviceradar:gateway:k8s-gateway
func GetAgentTypeName ¶ added in v1.0.79
GetAgentTypeName returns the human-readable name for an agent type ID.
func GetSourceConfidence ¶
func GetSourceConfidence(source DiscoverySource) int
GetSourceConfidence returns the confidence level for a discovery source
func IsServiceDevice ¶ added in v1.0.55
IsServiceDevice checks if a device_id represents a service component
func RiskLevelFromScore ¶ added in v1.0.79
RiskLevelFromScore derives the OCSF risk level from a numeric score (0-100)
Types ¶
type AgentConfig ¶
type AgentConfig struct {
CheckersDir string `json:"checkers_dir"` // e.g., /etc/serviceradar/checkers
ListenAddr string `json:"listen_addr"` // e.g., :50051
ServiceName string `json:"service_name"` // e.g., "agent"
Security *SecurityConfig `json:"security"`
KVAddress string `json:"kv_address,omitempty"` // Optional KV store address
}
AgentConfig represents the configuration for an agent instance.
type AgentDefinition ¶
type AgentDefinition struct {
Address string `json:"address"` // gRPC address of the agent
Checks []Check `json:"checks"` // List of checks to run on this agent
}
AgentDefinition represents a remote agent and its checks.
type AuthConfig ¶
type AuthConfig struct {
// Secret key used for signing JWT tokens (SENSITIVE: never store in DB or display in UI)
JWTSecret string `json:"jwt_secret" example:"very-secret-key-do-not-share" sensitive:"true"`
// Optional JWT signing algorithm. Defaults to HS256. Set to RS256 to enable RSA signing.
JWTAlgorithm string `json:"jwt_algorithm,omitempty" example:"RS256"`
// PEM-encoded RSA private key used for RS256 signing (SENSITIVE)
JWTPrivateKeyPEM string `json:"jwt_private_key_pem,omitempty" sensitive:"true"`
// PEM-encoded RSA public key (optional; derived from private key if omitted)
JWTPublicKeyPEM string `json:"jwt_public_key_pem,omitempty"`
// Key ID placed in JWT header as `kid` for JWKS lookup
JWTKeyID string `json:"jwt_key_id,omitempty" example:"main-2025-09"`
// How long JWT tokens are valid
JWTExpiration time.Duration `json:"jwt_expiration" example:"24h"`
// OAuth callback URL
CallbackURL string `json:"callback_url" example:"https://api.example.com/auth/callback"`
// Map of local usernames to password hashes (SENSITIVE: never store in DB or display in UI)
LocalUsers map[string]string `json:"local_users" sensitive:"true"`
// Configuration for SSO providers like Google, GitHub, etc. (SENSITIVE: may contain secrets)
SSOProviders map[string]SSOConfig `json:"sso_providers" sensitive:"true"`
// RBAC configuration for users
RBAC RBACConfig `json:"rbac"`
}
AuthConfig contains authentication configuration. @Description Authentication and authorization configuration settings.
func (*AuthConfig) MarshalJSON ¶ added in v1.0.55
func (a *AuthConfig) MarshalJSON() ([]byte, error)
func (*AuthConfig) UnmarshalJSON ¶ added in v1.0.55
func (a *AuthConfig) UnmarshalJSON(data []byte) error
type CNPGDatabase ¶ added in v1.0.55
type CNPGDatabase struct {
Host string `json:"host"`
Port int `json:"port"`
Database string `json:"database"`
Username string `json:"username"`
Password string `json:"password" sensitive:"true"`
ApplicationName string `json:"application_name,omitempty"`
SSLMode string `json:"ssl_mode,omitempty"`
CertDir string `json:"cert_dir,omitempty"`
TLS *TLSConfig `json:"tls,omitempty"`
MaxConnections int32 `json:"max_connections,omitempty"`
MinConnections int32 `json:"min_connections,omitempty"`
MaxConnLifetime Duration `json:"max_conn_lifetime,omitempty"`
HealthCheckPeriod Duration `json:"health_check_period,omitempty"`
StatementTimeout Duration `json:"statement_timeout,omitempty"`
ExtraRuntimeParams map[string]string `json:"runtime_params,omitempty"`
}
CNPGDatabase describes the Timescale/CloudNativePG connection.
type CORSConfig ¶
type CORSConfig struct {
// List of origins allowed to access the API
AllowedOrigins []string `json:"allowed_origins" example:"['*','https://example.com']"`
// Whether to allow credentials (cookies, authorization headers) in CORS requests
AllowCredentials bool `json:"allow_credentials" example:"true"`
}
CORSConfig contains Cross-Origin Resource Sharing configuration. @Description Configuration for Cross-Origin Resource Sharing (CORS) for the API.
type CPUClusterMetric ¶ added in v1.0.55
type CPUClusterMetric struct {
// Cluster name (e.g., ECPU, PCPU)
Name string `json:"name" example:"ECPU"`
// Instantaneous frequency in Hz, if available.
FrequencyHz float64 `json:"frequency_hz" example:"1700000000"`
// When this metric was collected
Timestamp time.Time `json:"timestamp" example:"2025-04-24T14:15:22Z"`
// Host identifier for the agent that collected this metric
HostID string `json:"host_id,omitempty" example:"server-east-1"`
// Host IP address for the agent that collected this metric
HostIP string `json:"host_ip,omitempty" example:"192.168.1.100"`
// ServiceRadar agent identifier
AgentID string `json:"agent_id,omitempty" example:"agent-1234"`
}
CPUClusterMetric represents aggregated CPU cluster telemetry. @Description Aggregated metrics for a logical CPU cluster (e.g., efficiency or performance cores).
type CPUMetric ¶
type CPUMetric struct {
// ID number of the CPU core
CoreID int32 `json:"core_id" example:"0"`
// Platform label for the CPU core (e.g., ECPU0, PCPU3)
Label string `json:"label,omitempty" example:"ECPU0"`
// Cluster identifier this core belongs to (e.g., ECPU, PCPU)
Cluster string `json:"cluster,omitempty" example:"ECPU"`
// Usage percentage (0-100)
UsagePercent float64 `json:"usage_percent" example:"45.2"`
// Instantaneous frequency in Hz, if available.
FrequencyHz float64 `json:"frequency_hz" example:"2400000000"`
// When this metric was collected
Timestamp time.Time `json:"timestamp" example:"2025-04-24T14:15:22Z"`
// Host identifier for the agent that collected this metric
HostID string `json:"host_id,omitempty" example:"server-east-1"`
// Host IP address for the agent that collected this metric
HostIP string `json:"host_ip,omitempty" example:"192.168.1.100"`
// ServiceRadar agent identifier
AgentID string `json:"agent_id,omitempty" example:"agent-1234"`
}
CPUMetric represents CPU utilization for a single core. @Description CPU usage metrics for an individual processor core.
type Check ¶
type Check struct {
ServiceType string `json:"service_type"` // e.g., "grpc", "process", "port"
ServiceName string `json:"service_name"`
Details string `json:"details,omitempty"` // Service-specific details
Port int32 `json:"port,omitempty"` // For port checkers
Config json.RawMessage `json:"config,omitempty"` // Checker-specific configuration
}
Check represents a generic service check configuration.
type CloudConfig ¶
type CloudConfig struct {
ListenAddr string `json:"listen_addr"`
GrpcAddr string `json:"grpc_addr,omitempty"`
DBPath string `json:"db_path"`
AlertThreshold Duration `json:"alert_threshold"`
KnownGateways []string `json:"known_gateways"`
Webhooks []WebhookConfig `json:"webhooks,omitempty"`
}
CloudConfig represents the configuration for the cloud service.
type CollectorCapability ¶ added in v1.0.55
type CollectorCapability struct {
DeviceID string `json:"device_id"`
Capabilities []string `json:"capabilities"`
AgentID string `json:"agent_id,omitempty"`
GatewayID string `json:"gateway_id,omitempty"`
LastSeen time.Time `json:"last_seen"`
ServiceName string `json:"service_name,omitempty"`
}
CollectorCapability describes the collectors currently responsible for a device. Capabilities are explicit strings such as "icmp", "snmp", or "sysmon".
type CollectorDownloadResult ¶ added in v1.0.79
type CollectorDownloadResult struct {
Package *CollectorPackage `json:"package"`
NatsCredsFile string `json:"nats_creds_file"` // .creds file content
CollectorConfig string `json:"collector_config"` // Collector-specific config
MTLSBundle []byte `json:"mtls_bundle"` // mTLS certificates from deployment CA
InstallScript string `json:"install_script"` // Installation instructions
}
CollectorDownloadResult contains the package contents for a collector download.
type CollectorPackage ¶ added in v1.0.79
type CollectorPackage struct {
PackageID string `json:"package_id"`
CollectorType CollectorType `json:"collector_type"`
UserName string `json:"user_name"`
Site string `json:"site,omitempty"`
Hostname string `json:"hostname,omitempty"`
Status CollectorPackageStatus `json:"status"`
NatsCredentialID string `json:"nats_credential_id,omitempty"`
DownloadTokenHash string `json:"download_token_hash,omitempty"`
DownloadTokenExpiresAt time.Time `json:"download_token_expires_at,omitempty"`
DownloadedAt *time.Time `json:"downloaded_at,omitempty"`
DownloadedByIP string `json:"downloaded_by_ip,omitempty"`
InstalledAt *time.Time `json:"installed_at,omitempty"`
RevokedAt *time.Time `json:"revoked_at,omitempty"`
RevokeReason string `json:"revoke_reason,omitempty"`
ErrorMessage string `json:"error_message,omitempty"`
ConfigOverrides map[string]interface{} `json:"config_overrides,omitempty"`
CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"updated_at"`
}
CollectorPackage represents a collector deployment package with NATS credentials.
type CollectorPackageStatus ¶ added in v1.0.79
type CollectorPackageStatus string
CollectorPackageStatus represents the lifecycle state of a collector package.
const ( CollectorPackageStatusPending CollectorPackageStatus = "pending" CollectorPackageStatusProvisioning CollectorPackageStatus = "provisioning" CollectorPackageStatusReady CollectorPackageStatus = "ready" CollectorPackageStatusDownloaded CollectorPackageStatus = "downloaded" CollectorPackageStatusInstalled CollectorPackageStatus = "installed" CollectorPackageStatusRevoked CollectorPackageStatus = "revoked" CollectorPackageStatusFailed CollectorPackageStatus = "failed" )
type CollectorType ¶ added in v1.0.79
type CollectorType string
CollectorType identifies the type of data collector.
const ( CollectorTypeFlowgger CollectorType = "flowgger" // Syslog collector (RFC 5424, RFC 3164) CollectorTypeTrapd CollectorType = "trapd" // SNMP trap collector (v1, v2c, v3) CollectorTypeNetflow CollectorType = "netflow" // NetFlow/sFlow/IPFIX collector CollectorTypeOtel CollectorType = "otel" // OpenTelemetry collector )
type ColumnDefinition ¶
type ColumnDefinition struct {
Key ColumnKey
Name string
Type string
Codec string
Alias string
Default string
Mandatory bool
}
ColumnDefinition represents a column in the netflow_metrics stream
type Config ¶
type Config struct {
Networks []string `json:"networks"`
Ports []int `json:"ports"`
SweepModes []SweepMode `json:"sweep_modes"`
DeviceTargets []DeviceTarget `json:"device_targets,omitempty"` // Per-device sweep configuration
Interval time.Duration `json:"interval"`
Concurrency int `json:"concurrency"`
Timeout time.Duration `json:"timeout"`
ICMPCount int `json:"icmp_count"`
MaxIdle int `json:"max_idle"`
MaxLifetime time.Duration `json:"max_lifetime"`
IdleTimeout time.Duration `json:"idle_timeout"`
// Agent/Partition information for proper device identification
AgentID string `json:"agent_id,omitempty"`
GatewayID string `json:"gateway_id,omitempty"`
Partition string `json:"partition,omitempty"`
// Execution tracking for sweep results
SweepGroupID string `json:"sweep_group_id,omitempty"` // Sweep group UUID for result tracking
ConfigHash string `json:"config_hash,omitempty"` // Hash of config for change detection
ICMPSettings struct {
RateLimit int // Packets per second
Timeout time.Duration
MaxBatch int
}
TCPSettings struct {
Concurrency int
Timeout time.Duration
MaxBatch int
RouteDiscoveryHost string `json:"route_discovery_host,omitempty"` // Target for local IP discovery (default: "8.8.8.8:80")
// Ring buffer tuning for SYN scanner memory vs performance tradeoffs
// These values will be clamped to safe limits automatically
RingBlockSize int `json:"ring_block_size,omitempty"` // Block size in bytes (default: 1MB, max: 8MB)
RingBlockCount int `json:"ring_block_count,omitempty"` // Number of blocks (default: 8, max: 32, total max: 64MB)
// Network interface selection for multi-homed hosts
Interface string `json:"interface,omitempty"` // Network interface (e.g., "eth0", "wlan0") - auto-detected if empty
// Advanced NAT/firewall compatibility options
SuppressRSTReply bool `json:"suppress_rst_reply,omitempty"` // Suppress RST packet generation (optional)
// Global ring buffer memory cap (in MB) to be distributed across all CPU cores
// If 0, defaults to 64MB total. This prevents excessive memory usage on high-CPU systems.
GlobalRingMemoryMB int `json:"global_ring_memory_mb,omitempty"`
// Ring readers and poll timeout tuning
RingReaders int `json:"ring_readers,omitempty"` // number of AF_PACKET ring readers
RingPollTimeoutMs int `json:"ring_poll_timeout_ms,omitempty"` // poll() timeout per reader in ms
}
EnableHighPerformanceICMP bool `json:"high_perf_icmp,omitempty"`
ICMPRateLimit int `json:"icmp_rate_limit,omitempty"`
}
Config defines sweeper configuration.
type CoreServiceConfig ¶
type CoreServiceConfig struct {
ListenAddr string `json:"listen_addr"`
GrpcAddr string `json:"grpc_addr"`
DBPath string `json:"db_path"` // Keep for compatibility, can be optional
AlertThreshold time.Duration `json:"alert_threshold"`
GatewayPatterns []string `json:"gateway_patterns"`
KnownGateways []string `json:"known_gateways,omitempty"`
Metrics Metrics `json:"metrics"`
SNMP SNMPConfig `json:"snmp"`
Security *SecurityConfig `json:"security"`
KVSecurity *SecurityConfig `json:"kv_security,omitempty"`
Auth *AuthConfig `json:"auth,omitempty"`
CORS CORSConfig `json:"cors,omitempty"`
CNPG *CNPGDatabase `json:"cnpg"`
WriteBuffer WriteBufferConfig `json:"write_buffer,omitempty"`
NATS *NATSConfig `json:"nats,omitempty"`
Events *EventsConfig `json:"events,omitempty"`
Logging *logger.Config `json:"logging,omitempty"`
MCP *MCPConfigRef `json:"mcp,omitempty"`
SRQL *SRQLConfig `json:"srql,omitempty"`
// KV endpoints for admin config operations (hub/leaf mappings)
KVEndpoints []KVEndpoint `json:"kv_endpoints,omitempty"`
SpireAdmin *SpireAdminConfig `json:"spire_admin,omitempty"`
EdgeOnboarding *EdgeOnboardingConfig `json:"edge_onboarding,omitempty"`
Features FeatureFlags `json:"features,omitempty"`
Reaper *ReaperConfig `json:"reaper,omitempty"`
Identity *IdentityReconciliationConfig `json:"identity_reconciliation,omitempty"`
}
CoreServiceConfig represents the configuration for the core service. This was previously named DBConfig but contains much more than database configuration.
func (*CoreServiceConfig) MarshalJSON ¶
func (c *CoreServiceConfig) MarshalJSON() ([]byte, error)
func (*CoreServiceConfig) UnmarshalJSON ¶
func (c *CoreServiceConfig) UnmarshalJSON(data []byte) error
func (*CoreServiceConfig) Validate ¶
func (c *CoreServiceConfig) Validate() error
type Device ¶
type Device struct {
DeviceID string `json:"device_id"`
AgentID string `json:"agent_id"`
GatewayID string `json:"gateway_id"`
DiscoverySources []string `json:"discovery_sources"`
IP string `json:"ip"`
MAC string `json:"mac,omitempty"`
Hostname string `json:"hostname,omitempty"`
FirstSeen time.Time `json:"first_seen"`
LastSeen time.Time `json:"last_seen"`
IsAvailable bool `json:"is_available"`
ServiceType string `json:"service_type,omitempty"`
ServiceStatus string `json:"service_status,omitempty"`
LastHeartbeat *time.Time `json:"last_heartbeat,omitempty"`
DeviceType string `json:"device_type,omitempty"`
OSInfo string `json:"os_info,omitempty"`
VersionInfo string `json:"version_info,omitempty"`
Metadata map[string]interface{} `json:"metadata,omitempty"`
}
Device represents a network device.
type DeviceCapabilityEvent ¶ added in v1.0.55
type DeviceCapabilityEvent struct {
EventID string `json:"event_id"`
DeviceID string `json:"device_id"`
ServiceID string `json:"service_id,omitempty"`
ServiceType string `json:"service_type,omitempty"`
Capability string `json:"capability"`
State string `json:"state,omitempty"`
Enabled bool `json:"enabled"`
LastChecked time.Time `json:"last_checked"`
LastSuccess *time.Time `json:"last_success,omitempty"`
LastFailure *time.Time `json:"last_failure,omitempty"`
FailureReason string `json:"failure_reason,omitempty"`
Metadata map[string]any `json:"metadata,omitempty"`
RecordedBy string `json:"recorded_by,omitempty"`
}
DeviceCapabilityEvent captures a single capability check result emitted by a gateway/agent for audit purposes. Events land in the ClickHouse Stream `device_capabilities`.
type DeviceCapabilitySnapshot ¶ added in v1.0.55
type DeviceCapabilitySnapshot struct {
DeviceID string `json:"device_id"`
ServiceID string `json:"service_id,omitempty"`
ServiceType string `json:"service_type,omitempty"`
Capability string `json:"capability"`
State string `json:"state,omitempty"`
Enabled bool `json:"enabled"`
LastChecked time.Time `json:"last_checked"`
LastSuccess *time.Time `json:"last_success,omitempty"`
LastFailure *time.Time `json:"last_failure,omitempty"`
FailureReason string `json:"failure_reason,omitempty"`
Metadata map[string]any `json:"metadata,omitempty"`
RecordedBy string `json:"recorded_by,omitempty"`
}
DeviceCapabilitySnapshot reflects the most recent state for a capability in the versioned_kv registry (`device_capability_registry`).
type DeviceIdentifier ¶ added in v1.0.59
type DeviceIdentifier struct {
DeviceID string `json:"device_id"`
IDType string `json:"id_type"`
IDValue string `json:"id_value"`
Partition string `json:"partition,omitempty"`
Confidence string `json:"confidence"`
Source string `json:"source,omitempty"`
FirstSeen time.Time `json:"first_seen"`
LastSeen time.Time `json:"last_seen"`
Verified bool `json:"verified,omitempty"`
Metadata map[string]string `json:"metadata,omitempty"`
}
DeviceIdentifier captures a normalized identifier tied to a device.
type DeviceLifecycleEventData ¶ added in v1.0.55
type DeviceLifecycleEventData struct {
DeviceID string `json:"device_id"`
Partition string `json:"partition,omitempty"`
Action string `json:"action"` // e.g. deleted, restored
Actor string `json:"actor,omitempty"`
Reason string `json:"reason,omitempty"`
Timestamp time.Time `json:"timestamp"`
Severity string `json:"severity,omitempty"`
Level int32 `json:"level,omitempty"`
RemoteAddr string `json:"remote_addr,omitempty"`
Metadata map[string]string `json:"metadata,omitempty"`
}
DeviceLifecycleEventData represents lifecycle changes for a device (manual delete, restore, etc).
type DeviceStatsMeta ¶ added in v1.0.55
type DeviceStatsMeta struct {
RawRecords int `json:"raw_records"`
ProcessedRecords int `json:"processed_records"`
SkippedNilRecords int `json:"skipped_nil_records"`
SkippedTombstonedRecords int `json:"skipped_tombstoned_records"`
SkippedServiceComponents int `json:"skipped_service_components"`
SkippedNonCanonical int `json:"skipped_non_canonical_records"`
InferredCanonicalFallback int `json:"inferred_canonical_records"`
SkippedSweepOnlyRecords int `json:"skipped_sweep_only_records"`
}
DeviceStatsMeta captures bookkeeping details for debugging the stats snapshot pipeline.
type DeviceStatsSnapshot ¶ added in v1.0.55
type DeviceStatsSnapshot struct {
Timestamp time.Time `json:"timestamp"`
TotalDevices int `json:"total_devices"`
AvailableDevices int `json:"available_devices"`
ActiveDevices int `json:"active_devices"`
DevicesWithCollectors int `json:"devices_with_collectors"`
DevicesWithICMP int `json:"devices_with_icmp"`
DevicesWithSNMP int `json:"devices_with_snmp"`
DevicesWithSysmon int `json:"devices_with_sysmon"`
Partitions []PartitionStats `json:"partitions"`
}
DeviceStatsSnapshot aggregates system-wide device metrics that are expensive to compute directly from the warehouse. The core Service publishes updates at a fixed cadence.
type DeviceTarget ¶ added in v1.0.54
type DeviceTarget struct {
Network string `json:"network"` // CIDR or IP address
SweepModes []SweepMode `json:"sweep_modes,omitempty"` // Specific sweep modes for this device
QueryLabel string `json:"query_label,omitempty"` // Source query label
Source string `json:"source,omitempty"` // Discovery source (armis, netbox, etc.)
Metadata map[string]string `json:"metadata,omitempty"` // Additional metadata from discovery
}
DeviceTarget represents a single device/network with its specific sweep configuration
type DeviceUpdate ¶
type DeviceUpdate struct {
DeviceID string `json:"device_id"`
IP string `json:"ip"`
Source DiscoverySource `json:"source"`
AgentID string `json:"agent_id"`
GatewayID string `json:"gateway_id"`
Partition string `json:"partition,omitempty"` // Optional partition for isolated deployments
ServiceType *ServiceType `json:"service_type,omitempty"` // Type of service component (gateway/agent/checker)
ServiceID string `json:"service_id,omitempty"` // ID of the service component
Timestamp time.Time `json:"timestamp"`
Hostname *string `json:"hostname,omitempty"`
MAC *string `json:"mac,omitempty"`
Metadata map[string]string `json:"metadata,omitempty"`
IsAvailable bool `json:"is_available"`
Confidence int `json:"confidence"`
}
DeviceUpdate represents an update to a device from a discovery source
func CreateCheckerDeviceUpdate ¶ added in v1.0.55
func CreateCheckerDeviceUpdate(checkerID, checkerKind, agentID, gatewayID, hostIP, partition string, metadata map[string]string) *DeviceUpdate
CreateCheckerDeviceUpdate creates a DeviceUpdate for a checker to register itself as a device
func CreateCoreServiceDeviceUpdate ¶ added in v1.0.61
func CreateCoreServiceDeviceUpdate(serviceType ServiceType, serviceID, hostIP, partition string, metadata map[string]string) *DeviceUpdate
CreateCoreServiceDeviceUpdate creates a DeviceUpdate for a core service (datasvc, sync, mapper, otel, zen, core) to register itself as a device with a stable service device ID that survives IP changes.
type DictionaryConfig ¶
type DictionaryConfig struct {
Name string `json:"name"` // e.g., "asn_dictionary"
Source string `json:"source"` // e.g., "/path/to/asn.csv"
Keys []string `json:"keys"` // e.g., ["ip"]
Attributes []string `json:"attributes"` // e.g., ["asn", "name"]
Layout string `json:"layout"` // e.g., "hashed"
}
DictionaryConfig represents a custom dictionary for enrichment
type DiscoveredInterface ¶
type DiscoveredInterface struct {
Timestamp time.Time `json:"timestamp"`
AgentID string `json:"agent_id"`
GatewayID string `json:"gateway_id"`
DeviceIP string `json:"device_ip"`
DeviceID string `json:"device_id"`
IfIndex int32 `json:"ifIndex"`
IfName string `json:"ifName"`
IfDescr string `json:"ifDescr"`
IfAlias string `json:"ifAlias"`
IfSpeed uint64 `json:"ifSpeed"`
IfPhysAddress string `json:"ifPhysAddress"`
IPAddresses []string `json:"ip_addresses"`
IfAdminStatus int32 `json:"ifAdminStatus"`
IfOperStatus int32 `json:"ifOperStatus"`
Metadata json.RawMessage `json:"metadata"`
}
DiscoveredInterface represents a network interface discovered by the system
type DiscoverySource ¶
type DiscoverySource string
DiscoverySource represents the different ways devices can be discovered
type DiscoverySourceInfo ¶
type DiscoverySourceInfo struct {
Source DiscoverySource `json:"source"`
AgentID string `json:"agent_id"`
GatewayID string `json:"gateway_id"`
FirstSeen time.Time `json:"first_seen"`
LastSeen time.Time `json:"last_seen"`
Confidence int `json:"confidence"`
}
DiscoverySourceInfo tracks when and how a device was discovered by each source
type DiskMetric ¶
type DiskMetric struct {
// Mount point path
MountPoint string `json:"mount_point" example:"/var"`
// Bytes currently in use
UsedBytes uint64 `json:"used_bytes" example:"10737418240"`
// Total capacity in bytes
TotalBytes uint64 `json:"total_bytes" example:"107374182400"`
// When this metric was collected
Timestamp time.Time `json:"timestamp" example:"2025-04-24T14:15:22Z"`
// Host identifier for the agent that collected this metric
HostID string `json:"host_id,omitempty" example:"server-east-1"`
// Host IP address for the agent that collected this metric
HostIP string `json:"host_ip,omitempty" example:"192.168.1.100"`
// ServiceRadar agent identifier
AgentID string `json:"agent_id,omitempty" example:"agent-1234"`
}
DiskMetric represents disk usage for a single mount point. @Description Storage usage metrics for a disk partition.
type EdgeOnboardingComponentType ¶ added in v1.0.55
type EdgeOnboardingComponentType string
EdgeOnboardingComponentType identifies the resource represented by a package.
const ( EdgeOnboardingComponentTypeGateway EdgeOnboardingComponentType = "gateway" EdgeOnboardingComponentTypeAgent EdgeOnboardingComponentType = "agent" EdgeOnboardingComponentTypeChecker EdgeOnboardingComponentType = "checker" EdgeOnboardingComponentTypeSync EdgeOnboardingComponentType = "sync" EdgeOnboardingComponentTypeNone EdgeOnboardingComponentType = "" )
type EdgeOnboardingConfig ¶ added in v1.0.55
type EdgeOnboardingConfig struct {
Enabled bool `json:"enabled"`
EncryptionKey string `json:"encryption_key" sensitive:"true"`
DefaultSelectors []string `json:"default_selectors,omitempty"`
DefaultMetadata map[string]map[string]string `json:"default_metadata,omitempty"`
DownstreamPathTemplate string `json:"downstream_path_template,omitempty"`
JoinTokenTTL Duration `json:"join_token_ttl,omitempty"`
DownloadTokenTTL Duration `json:"download_token_ttl,omitempty"`
GatewayIDPrefix string `json:"gateway_id_prefix,omitempty"`
MTLSCertBaseDir string `json:"mtls_cert_base_dir,omitempty"`
}
EdgeOnboardingConfig configures secure edge gateway enrollment.
type EdgeOnboardingCreateRequest ¶ added in v1.0.55
type EdgeOnboardingCreateRequest struct {
Label string
ComponentID string
ComponentType EdgeOnboardingComponentType
ParentType EdgeOnboardingComponentType
SecurityMode string
ParentID string
GatewayID string
Site string
Selectors []string
MetadataJSON string
CheckerKind string
CheckerConfigJSON string
Notes string
CreatedBy string
JoinTokenTTL time.Duration
DownloadTokenTTL time.Duration
DownstreamSPIFFEID string
DataSvcEndpoint string // DataSvc gRPC endpoint (e.g., "23.138.124.23:50057")
}
EdgeOnboardingCreateRequest drives package provisioning.
type EdgeOnboardingCreateResult ¶ added in v1.0.55
type EdgeOnboardingCreateResult struct {
Package *EdgeOnboardingPackage
JoinToken string
DownloadToken string
BundlePEM []byte
MTLSBundle []byte
DownstreamEntryID string
}
EdgeOnboardingCreateResult bundles the stored package and sensitive artifacts.
type EdgeOnboardingDeliverRequest ¶ added in v1.0.55
type EdgeOnboardingDeliverRequest struct {
PackageID string
DownloadToken string
Actor string
SourceIP string
}
EdgeOnboardingDeliverRequest captures download token verification.
type EdgeOnboardingDeliverResult ¶ added in v1.0.55
type EdgeOnboardingDeliverResult struct {
Package *EdgeOnboardingPackage
JoinToken string
BundlePEM []byte
MTLSBundle []byte
}
EdgeOnboardingDeliverResult contains decrypted artifacts for installers.
type EdgeOnboardingEvent ¶ added in v1.0.55
type EdgeOnboardingEvent struct {
PackageID string `json:"package_id"`
EventTime time.Time `json:"event_time"`
EventType string `json:"event_type"`
Actor string `json:"actor"`
SourceIP string `json:"source_ip,omitempty"`
DetailsJSON string `json:"details_json,omitempty"`
}
EdgeOnboardingEvent captures audit trail entries for onboarding packages.
type EdgeOnboardingListFilter ¶ added in v1.0.55
type EdgeOnboardingListFilter struct {
GatewayID string
ComponentID string
ParentID string
Statuses []EdgeOnboardingStatus
Limit int
Types []EdgeOnboardingComponentType
}
EdgeOnboardingListFilter allows filtering onboarding packages.
type EdgeOnboardingPackage ¶ added in v1.0.55
type EdgeOnboardingPackage struct {
PackageID string `json:"package_id"`
Label string `json:"label"`
ComponentID string `json:"component_id"`
ComponentType EdgeOnboardingComponentType `json:"component_type"`
ParentType EdgeOnboardingComponentType `json:"parent_type,omitempty"`
ParentID string `json:"parent_id,omitempty"`
GatewayID string `json:"gateway_id"`
Site string `json:"site,omitempty"`
Status EdgeOnboardingStatus `json:"status"`
SecurityMode string `json:"security_mode,omitempty"`
DownstreamEntryID string `json:"downstream_entry_id,omitempty"`
DownstreamSPIFFEID string `json:"downstream_spiffe_id"`
Selectors []string `json:"selectors,omitempty"`
JoinTokenCiphertext string `json:"join_token_ciphertext"`
JoinTokenExpiresAt time.Time `json:"join_token_expires_at"`
BundleCiphertext string `json:"bundle_ciphertext"`
DownloadTokenHash string `json:"download_token_hash"`
DownloadTokenExpiresAt time.Time `json:"download_token_expires_at"`
CreatedBy string `json:"created_by"`
CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"updated_at"`
DeliveredAt *time.Time `json:"delivered_at,omitempty"`
ActivatedAt *time.Time `json:"activated_at,omitempty"`
ActivatedFromIP *string `json:"activated_from_ip,omitempty"`
LastSeenSPIFFEID *string `json:"last_seen_spiffe_id,omitempty"`
RevokedAt *time.Time `json:"revoked_at,omitempty"`
DeletedAt *time.Time `json:"deleted_at,omitempty"`
DeletedBy string `json:"deleted_by,omitempty"`
DeletedReason string `json:"deleted_reason,omitempty"`
MetadataJSON string `json:"metadata_json,omitempty"`
CheckerKind string `json:"checker_kind,omitempty"`
CheckerConfigJSON string `json:"checker_config_json,omitempty"`
KVRevision uint64 `json:"kv_revision,omitempty"`
Notes string `json:"notes,omitempty"`
}
EdgeOnboardingPackage models the material tracked for an edge gateway bootstrap.
type EdgeOnboardingRevokeRequest ¶ added in v1.0.55
type EdgeOnboardingRevokeRequest struct {
PackageID string
Actor string
Reason string
SourceIP string
}
EdgeOnboardingRevokeRequest describes a package revocation.
type EdgeOnboardingRevokeResult ¶ added in v1.0.55
type EdgeOnboardingRevokeResult struct {
Package *EdgeOnboardingPackage
}
EdgeOnboardingRevokeResult returns the updated package after revocation.
type EdgeOnboardingStatus ¶ added in v1.0.55
type EdgeOnboardingStatus string
EdgeOnboardingStatus represents the lifecycle state of an onboarding package.
const ( EdgeOnboardingStatusIssued EdgeOnboardingStatus = "issued" EdgeOnboardingStatusDelivered EdgeOnboardingStatus = "delivered" EdgeOnboardingStatusActivated EdgeOnboardingStatus = "activated" EdgeOnboardingStatusRevoked EdgeOnboardingStatus = "revoked" EdgeOnboardingStatusExpired EdgeOnboardingStatus = "expired" EdgeOnboardingStatusDeleted EdgeOnboardingStatus = "deleted" )
type EdgeTemplate ¶ added in v1.0.69
type EdgeTemplate struct {
ComponentType EdgeOnboardingComponentType `json:"component_type"` // Component type (e.g., "checker")
Kind string `json:"kind"` // Component kind (e.g., "sysmon", "snmp", "rperf")
SecurityMode string `json:"security_mode"` // Security mode for the template (e.g., "mtls", "spire")
TemplateKey string `json:"template_key"` // Full KV key path (e.g., "templates/checkers/mtls/sysmon.json")
}
EdgeTemplate represents an available component template in KV.
type ErrorResponse ¶
type ErrorResponse struct {
// Error message
Message string `json:"message" example:"Invalid request parameters"`
// HTTP status code
Status int `json:"status" example:"400"`
}
ErrorResponse represents an API error response. @Description Error information returned from the API.
type EventsConfig ¶
type EventsConfig struct {
Enabled bool `json:"enabled"`
StreamName string `json:"stream_name"`
Subjects []string `json:"subjects"`
}
EventsConfig configures the event publishing system
func (*EventsConfig) Validate ¶
func (c *EventsConfig) Validate() error
Validate ensures the events configuration is valid
type FeatureFlags ¶ added in v1.0.55
type FeatureFlags struct {
UseLogDigest *bool `json:"use_log_digest,omitempty"`
UseStatsCache *bool `json:"use_stats_cache,omitempty"`
UseDeviceSearchPlanner *bool `json:"use_device_search_planner,omitempty"`
RequireDeviceRegistry *bool `json:"require_device_registry,omitempty"`
}
FeatureFlags captures optional feature toggles for the core service.
type FingerprintingConfig ¶ added in v1.0.59
type FingerprintingConfig struct {
Enabled bool `json:"enabled"`
PortBudget int `json:"port_budget,omitempty"`
Timeout Duration `json:"timeout,omitempty"`
}
FingerprintingConfig configures lightweight fingerprinting probes.
type GatewayConfig ¶ added in v1.0.79
type GatewayConfig struct {
Agents map[string]AgentDefinition `json:"agents"` // Map of agent ID to agent definition
CloudAddress string `json:"cloud_address"` // Address of cloud service
PollInterval Duration `json:"poll_interval"` // How often to poll agents
GatewayID string `json:"gateway_id"` // Unique identifier for this gateway
}
GatewayConfig represents the configuration for a gateway instance.
type GatewayHealthEventData ¶ added in v1.0.79
type GatewayHealthEventData struct {
GatewayID string `json:"gateway_id"`
PreviousState string `json:"previous_state"`
CurrentState string `json:"current_state"`
Timestamp time.Time `json:"timestamp"`
LastSeen time.Time `json:"last_seen"`
Host string `json:"host,omitempty"`
RemoteAddr string `json:"remote_addr,omitempty"`
SourceIP string `json:"source_ip,omitempty"`
Partition string `json:"partition,omitempty"`
AlertSent bool `json:"alert_sent"`
RecoveryReason string `json:"recovery_reason,omitempty"`
}
GatewayHealthEventData represents the data payload for gateway health events.
type GatewayHistory ¶ added in v1.0.79
type GatewayHistory struct {
// Unique identifier for the gateway
GatewayID string `json:"gateway_id" example:"gateway-prod-east-01"`
// When this status was recorded
Timestamp time.Time `json:"timestamp" example:"2025-04-24T14:15:22Z"`
// Whether the gateway was healthy at this time
IsHealthy bool `json:"is_healthy" example:"true"`
// Services status at this time
Services []ServiceStatus `json:"services"`
}
GatewayHistory represents historical status of a gateway. @Description Historical status information for a gateway.
type GatewayHistoryPoint ¶ added in v1.0.79
type GatewayHistoryPoint struct {
// When this status was recorded
Timestamp time.Time `json:"timestamp" example:"2025-04-24T14:15:22Z"`
// Whether the gateway was healthy at this time
IsHealthy bool `json:"is_healthy" example:"true"`
}
GatewayHistoryPoint represents a simplified historical health state. @Description Simplified historical health state for a gateway.
type GatewayStatus ¶ added in v1.0.79
type GatewayStatus struct {
// Unique identifier for the gateway
GatewayID string `json:"gateway_id" example:"gateway-prod-east-01"`
// Whether the gateway is currently healthy
IsHealthy bool `json:"is_healthy" example:"true"`
// List of services monitored by this gateway
Services []ServiceStatus `json:"services"`
// How long the gateway has been running
UpTime string `json:"uptime" example:"3d 2h 15m"`
// When the gateway was first seen by the system
FirstSeen time.Time `json:"first_seen" example:"2025-04-20T10:00:00Z"`
// Last time the gateway reported its status
LastSeen time.Time `json:"last_seen" example:"2025-04-24T14:15:22Z"`
// IP address of the host where the gateway is running
HostIP string `json:"host_ip,omitempty" example:"192.168.1.100"`
// Optional metrics data points
Metrics []MetricPoint `json:"metrics,omitempty"`
// Metadata about the gateway
LastEvaluated time.Time `json:"last_evaluated" example:"2025-04-24T14:15:22Z"`
// AlertSent indicates if an alert has been sent for this gateway
AlertSent bool `json:"alert_sent" example:"false"`
}
GatewayStatus represents the status of a gateway. @Description Status information about a service gateway.
type HostResult ¶
type HostResult struct {
Host string `json:"host"`
Available bool `json:"available"`
FirstSeen time.Time `json:"first_seen"`
LastSeen time.Time `json:"last_seen"`
PortResults []*PortResult `json:"port_results,omitempty"`
PortMap map[int]*PortResult `json:"-"` // O(1) port lookup, excluded from JSON
ICMPStatus *ICMPStatus `json:"icmp_status,omitempty"`
ResponseTime time.Duration `json:"response_time"`
}
HostResult represents all results for a single host.
func DeepCopyHostResult ¶ added in v1.0.79
func DeepCopyHostResult(src *HostResult) HostResult
DeepCopyHostResult returns a snapshot copy of src that does not alias any of the pointer/slice/map fields of the source HostResult.
type ICMPStatus ¶
type ICMPStatus struct {
Available bool `json:"available"`
RoundTrip time.Duration `json:"round_trip"`
PacketLoss float64 `json:"packet_loss"`
}
ICMPStatus represents ICMP ping results.
type IdentityDriftConfig ¶ added in v1.0.59
type IdentityDriftConfig struct {
BaselineDevices int `json:"baseline_devices,omitempty"`
TolerancePercent int `json:"tolerance_percent,omitempty"`
PauseOnDrift bool `json:"pause_on_drift,omitempty"`
AlertOnDrift bool `json:"alert_on_drift,omitempty"`
}
IdentityDriftConfig configures gating based on device cardinality drift.
type IdentityReaperConfig ¶ added in v1.0.59
type IdentityReaperConfig struct {
Interval Duration `json:"interval,omitempty"`
Profiles map[string]IdentityReaperProfile `json:"profiles,omitempty"`
}
IdentityReaperConfig configures the sightings/low-confidence reaper.
type IdentityReaperProfile ¶ added in v1.0.59
type IdentityReaperProfile struct {
TTL Duration `json:"ttl"`
AllowIPAsID bool `json:"allow_ip_as_id,omitempty"`
}
IdentityReaperProfile configures TTL and policy toggles for a subnet class.
type IdentityReconciliationConfig ¶ added in v1.0.59
type IdentityReconciliationConfig struct {
Enabled bool `json:"enabled"`
SightingsOnly bool `json:"sightings_only_mode,omitempty"`
Promotion PromotionConfig `json:"promotion,omitempty"`
Fingerprinting FingerprintingConfig `json:"fingerprinting,omitempty"`
Reaper IdentityReaperConfig `json:"reaper,omitempty"`
Drift IdentityDriftConfig `json:"drift,omitempty"`
}
IdentityReconciliationConfig gates the new IRE pipeline.
type KVEndpoint ¶ added in v1.0.55
type KVEndpoint struct {
ID string `json:"id"`
Name string `json:"name"`
Address string `json:"address"`
Domain string `json:"domain"`
Type string `json:"type,omitempty"` // hub | leaf | other
}
KVEndpoint describes a reachable KV gRPC endpoint and its JetStream domain.
type LogCounters ¶ added in v1.0.55
type LogCounters struct {
UpdatedAt time.Time `json:"updated_at"`
Window1H SeverityWindowCounts `json:"window_1h"`
Window24H SeverityWindowCounts `json:"window_24h"`
}
LogCounters tracks rolling window statistics for recent high-severity logs.
type LogDigestSnapshot ¶ added in v1.0.55
type LogDigestSnapshot struct {
Entries []LogSummary `json:"entries"`
Counters LogCounters `json:"counters"`
}
LogDigestSnapshot represents a pre-computed digest of critical logs and counters.
type LogSummary ¶ added in v1.0.55
type LogSummary struct {
Timestamp time.Time `json:"timestamp"`
Severity string `json:"severity"`
ServiceName string `json:"service_name,omitempty"`
Body string `json:"body,omitempty"`
TraceID string `json:"trace_id,omitempty"`
SpanID string `json:"span_id,omitempty"`
}
LogSummary provides a compact view of high-severity log entries that are surfaced on dashboards.
type LoginRequest ¶
type LoginRequest struct {
// Username for authentication
Username string `json:"username" example:"admin"`
// Password for authentication
Password string `json:"password" example:"p@ssw0rd"`
}
LoginRequest represents a login request. @Description Authentication request with username and password.
type MCPConfigRef ¶
type MCPConfigRef struct {
Enabled bool `json:"enabled"`
APIKey string `json:"api_key" sensitive:"true"`
}
MCPConfigRef represents MCP configuration to avoid circular imports
type MemoryMetric ¶
type MemoryMetric struct {
// Bytes currently in use
UsedBytes uint64 `json:"used_bytes" example:"4294967296"`
// Total memory capacity in bytes
TotalBytes uint64 `json:"total_bytes" example:"17179869184"`
// When this metric was collected
Timestamp time.Time `json:"timestamp" example:"2025-04-24T14:15:22Z"`
// Host identifier for the agent that collected this metric
HostID string `json:"host_id,omitempty" example:"server-east-1"`
// Host IP address for the agent that collected this metric
HostIP string `json:"host_ip,omitempty" example:"192.168.1.100"`
// ServiceRadar agent identifier
AgentID string `json:"agent_id,omitempty" example:"agent-1234"`
}
MemoryMetric represents system memory usage. @Description System memory utilization metrics.
type MergeAuditEvent ¶ added in v1.0.59
type MergeAuditEvent struct {
EventID string `json:"event_id"`
FromDeviceID string `json:"from_device_id"`
ToDeviceID string `json:"to_device_id"`
Reason string `json:"reason,omitempty"`
ConfidenceScore *float64 `json:"confidence_score,omitempty"`
Source string `json:"source,omitempty"`
Details map[string]string `json:"details,omitempty"`
CreatedAt time.Time `json:"created_at"`
}
MergeAuditEvent records merges between devices for auditability.
type MetricPoint ¶
type MetricPoint struct {
// The time when this metric was collected
Timestamp time.Time `json:"timestamp" example:"2025-04-24T14:15:22Z"`
// The response time in milliseconds
ResponseTime int64 `json:"response_time" example:"42"`
// The name of the service this metric is for
ServiceName string `json:"service_name" example:"postgres"`
// The device ID this metric is associated with (partition:ip)
DeviceID string `json:"device_id,omitempty" example:"default:192.168.1.100"`
// The partition this metric belongs to
Partition string `json:"partition,omitempty" example:"default"`
// The agent ID that collected this metric
AgentID string `json:"agent_id,omitempty" example:"agent-1234"`
// The gateway ID that requested this metric
GatewayID string `json:"gateway_id,omitempty" example:"demo-staging"`
}
MetricPoint represents a single performance metric measurement. @Description A single point of performance metric data with timestamp information.
type MetricsConfig ¶
type MetricsConfig struct {
// Whether metrics collection is enabled
Enabled bool `json:"metrics_enabled" example:"true"`
// How long metrics are kept before being purged (in days)
Retention int32 `json:"metrics_retention" example:"30"`
// Maximum number of gateways to track metrics for
MaxGateways int32 `json:"max_gateways" example:"1000"`
}
MetricsConfig contains configuration for metrics collection. @Description Configuration settings for metrics collection and storage.
type NATSConfig ¶
type NATSConfig struct {
URL string `json:"url"`
Domain string `json:"domain,omitempty"`
Security *SecurityConfig `json:"security,omitempty"`
CredsFile string `json:"creds_file,omitempty"`
}
NATSConfig configures NATS connectivity
func (*NATSConfig) Validate ¶
func (c *NATSConfig) Validate() error
Validate ensures the NATS configuration is valid
type NatsCredential ¶ added in v1.0.79
type NatsCredential struct {
CredentialID string `json:"credential_id"`
UserName string `json:"user_name"`
UserPublicKey string `json:"user_public_key"`
CredentialType string `json:"credential_type"` // collector, service, admin
CollectorType CollectorType `json:"collector_type,omitempty"`
Status string `json:"status"` // active, revoked, expired
IssuedAt time.Time `json:"issued_at"`
ExpiresAt *time.Time `json:"expires_at,omitempty"`
RevokedAt *time.Time `json:"revoked_at,omitempty"`
RevokeReason string `json:"revoke_reason,omitempty"`
Metadata map[string]interface{} `json:"metadata,omitempty"`
}
NatsCredential represents a NATS user credential issued to a collector.
type NetflowConfig ¶
type NetflowConfig struct {
ListenAddr string `json:"listen_addr"`
NATSURL string `json:"nats_url"`
NATSCredsFile string `json:"nats_creds_file,omitempty"`
StreamName string `json:"stream_name"`
ConsumerName string `json:"consumer_name"`
Security *SecurityConfig `json:"security"`
EnabledFields []ColumnKey `json:"enabled_fields"`
DisabledFields []ColumnKey `json:"disabled_fields"`
Dictionaries []DictionaryConfig `json:"dictionaries"`
CNPG *CNPGDatabase `json:"cnpg"`
}
NetflowConfig holds the configuration for the NetFlow consumer service.
type NetflowMetric ¶
type NetflowMetric struct {
Timestamp time.Time `json:"timestamp"`
SrcAddr string `json:"src_addr"`
DstAddr string `json:"dst_addr"`
SrcPort uint32 `json:"src_port"`
DstPort uint32 `json:"dst_port"`
Protocol uint32 `json:"protocol"`
Bytes uint64 `json:"bytes"`
Packets uint64 `json:"packets"`
ForwardingStatus uint32 `json:"forwarding_status"`
NextHop string `json:"next_hop"`
SamplerAddress string `json:"sampler_address"`
SrcAs uint32 `json:"src_as"`
DstAs uint32 `json:"dst_as"`
IPTos uint32 `json:"ip_tos"`
VlanID uint32 `json:"vlan_id"`
BgpNextHop string `json:"bgp_next_hop"`
Metadata string `json:"metadata"`
}
NetflowMetric represents a NetFlow datapoint for the netflow_metrics stream.
type NetworkSighting ¶ added in v1.0.59
type NetworkSighting struct {
SightingID string `json:"sighting_id,omitempty"`
Partition string `json:"partition"`
IP string `json:"ip"`
SubnetID *string `json:"subnet_id,omitempty"`
Source DiscoverySource `json:"source"`
Status NetworkSightingStatus `json:"status"`
FirstSeen time.Time `json:"first_seen"`
LastSeen time.Time `json:"last_seen"`
TTLExpiresAt *time.Time `json:"ttl_expires_at,omitempty"`
FingerprintID *string `json:"fingerprint_id,omitempty"`
Metadata map[string]string `json:"metadata,omitempty"`
Promotion *SightingPromotionStatus `json:"promotion,omitempty"`
}
NetworkSighting captures a low-confidence observation prior to promotion.
type NetworkSightingStatus ¶ added in v1.0.59
type NetworkSightingStatus string
NetworkSightingStatus represents the lifecycle state for a sighting.
const ( SightingStatusActive NetworkSightingStatus = "active" SightingStatusPromoted NetworkSightingStatus = "promoted" SightingStatusExpired NetworkSightingStatus = "expired" SightingStatusDismissed NetworkSightingStatus = "dismissed" )
type OCSFAgent ¶ added in v1.0.79
type OCSFAgent struct {
UID string `json:"uid,omitempty"`
Name string `json:"name,omitempty"`
Type string `json:"type,omitempty"`
TypeID *int `json:"type_id,omitempty"`
Version string `json:"version,omitempty"`
VendorName string `json:"vendor_name,omitempty"`
}
OCSFAgent represents an agent installed on the device
type OCSFAgentPolicy ¶ added in v1.0.79
type OCSFAgentPolicy struct {
Name string `json:"name,omitempty"`
UID string `json:"uid,omitempty"`
Version string `json:"version,omitempty"`
}
OCSFAgentPolicy represents a policy applied to an agent
type OCSFAgentRecord ¶ added in v1.0.79
type OCSFAgentRecord struct {
// OCSF Core Identity (per https://schema.ocsf.io/1.7.0/objects/agent)
UID string `json:"uid" db:"uid"` // Unique agent identifier (sensor ID)
Name string `json:"name,omitempty" db:"name"` // Agent designation (e.g., "serviceradar-agent")
TypeID int `json:"type_id" db:"type_id"` // OCSF agent type enum
Type string `json:"type,omitempty" db:"type"` // Human-readable agent type name
// OCSF Extended Identity
Version string `json:"version,omitempty" db:"version"` // Semantic version of the agent
VendorName string `json:"vendor_name,omitempty" db:"vendor_name"` // Agent vendor (e.g., "ServiceRadar")
UIDAlt string `json:"uid_alt,omitempty" db:"uid_alt"` // Alternate unique identifier
Policies []OCSFAgentPolicy `json:"policies,omitempty" db:"policies"` // Applied policies array
// ServiceRadar Extensions
GatewayID string `json:"gateway_id,omitempty" db:"gateway_id"` // Parent gateway reference
Capabilities []string `json:"capabilities,omitempty" db:"capabilities"` // Registered checker capabilities
IP string `json:"ip,omitempty" db:"ip"` // Agent IP address
FirstSeenTime time.Time `json:"first_seen_time,omitempty" db:"first_seen_time"`
LastSeenTime time.Time `json:"last_seen_time,omitempty" db:"last_seen_time"`
CreatedTime time.Time `json:"created_time" db:"created_time"`
ModifiedTime time.Time `json:"modified_time" db:"modified_time"`
Metadata map[string]string `json:"metadata,omitempty" db:"metadata"`
}
OCSFAgentRecord represents an agent record in the ocsf_agents table. This is the full database record with ServiceRadar extensions.
func CreateOCSFAgentFromRegistration ¶ added in v1.0.79
func CreateOCSFAgentFromRegistration(agentID, gatewayID, hostIP, version string, capabilities []string, metadata map[string]string) *OCSFAgentRecord
CreateOCSFAgentFromRegistration creates an OCSFAgentRecord from registration data
func NewOCSFAgentRecord ¶ added in v1.0.79
func NewOCSFAgentRecord(uid, gatewayID, ip string, capabilities []string) *OCSFAgentRecord
NewOCSFAgentRecord creates a new OCSFAgentRecord with defaults set
func (*OCSFAgentRecord) GetTypeName ¶ added in v1.0.79
func (a *OCSFAgentRecord) GetTypeName() string
GetTypeName returns the human-readable name for the agent type
func (*OCSFAgentRecord) MergeCapabilities ¶ added in v1.0.79
func (a *OCSFAgentRecord) MergeCapabilities(newCaps []string)
MergeCapabilities merges new capabilities into existing ones without duplicates
func (*OCSFAgentRecord) ToJSONFields ¶ added in v1.0.79
func (a *OCSFAgentRecord) ToJSONFields() (policiesJSON, metadataJSON []byte, err error)
ToJSONFields serializes nested objects to JSON for database storage
func (*OCSFAgentRecord) ToOCSFAgent ¶ added in v1.0.79
func (a *OCSFAgentRecord) ToOCSFAgent() OCSFAgent
ToOCSFAgent converts the full record to the embedded OCSFAgent format for device agent_list
func (*OCSFAgentRecord) UpdateHeartbeat ¶ added in v1.0.79
func (a *OCSFAgentRecord) UpdateHeartbeat(ip string, capabilities []string)
UpdateHeartbeat updates the last seen time and optionally capabilities
type OCSFDevice ¶ added in v1.0.79
type OCSFDevice struct {
// OCSF Core Identity
UID string `json:"uid" db:"uid"` // Canonical device ID from DIRE (sr: prefixed UUID)
TypeID int `json:"type_id" db:"type_id"` // OCSF device type enum
Type string `json:"type,omitempty" db:"type"` // Human-readable device type name
Name string `json:"name,omitempty" db:"name"` // Administrator-assigned device name
Hostname string `json:"hostname,omitempty" db:"hostname"`
IP string `json:"ip,omitempty" db:"ip"`
MAC string `json:"mac,omitempty" db:"mac"`
// OCSF Extended Identity
UIDAlt string `json:"uid_alt,omitempty" db:"uid_alt"` // Alternate unique identifier
VendorName string `json:"vendor_name,omitempty" db:"vendor_name"` // Device manufacturer
Model string `json:"model,omitempty" db:"model"` // Device model
Domain string `json:"domain,omitempty" db:"domain"` // Network domain
Zone string `json:"zone,omitempty" db:"zone"` // Network zone
SubnetUID string `json:"subnet_uid,omitempty" db:"subnet_uid"` // Subnet identifier
VlanUID string `json:"vlan_uid,omitempty" db:"vlan_uid"` // VLAN identifier
Region string `json:"region,omitempty" db:"region"` // Geographic region
// OCSF Temporal
FirstSeenTime *time.Time `json:"first_seen_time,omitempty" db:"first_seen_time"`
LastSeenTime *time.Time `json:"last_seen_time,omitempty" db:"last_seen_time"`
CreatedTime time.Time `json:"created_time" db:"created_time"`
ModifiedTime time.Time `json:"modified_time" db:"modified_time"`
// OCSF Risk and Compliance
RiskLevelID *int `json:"risk_level_id,omitempty" db:"risk_level_id"`
RiskLevel string `json:"risk_level,omitempty" db:"risk_level"`
RiskScore *int `json:"risk_score,omitempty" db:"risk_score"`
IsManaged *bool `json:"is_managed,omitempty" db:"is_managed"`
IsCompliant *bool `json:"is_compliant,omitempty" db:"is_compliant"`
IsTrusted *bool `json:"is_trusted,omitempty" db:"is_trusted"`
// OCSF Nested Objects (stored as JSONB in DB)
OS *OCSFDeviceOS `json:"os,omitempty" db:"os"`
HWInfo *OCSFDeviceHWInfo `json:"hw_info,omitempty" db:"hw_info"`
NetworkInterfaces []OCSFNetworkInterface `json:"network_interfaces,omitempty" db:"network_interfaces"`
Owner *OCSFUser `json:"owner,omitempty" db:"owner"`
Org *OCSFOrganization `json:"org,omitempty" db:"org"`
Groups []OCSFGroup `json:"groups,omitempty" db:"groups"`
AgentList []OCSFAgent `json:"agent_list,omitempty" db:"agent_list"`
// ServiceRadar-specific fields
GatewayID string `json:"gateway_id,omitempty" db:"gateway_id"`
AgentID string `json:"agent_id,omitempty" db:"agent_id"`
DiscoverySources []string `json:"discovery_sources,omitempty" db:"discovery_sources"`
IsAvailable *bool `json:"is_available,omitempty" db:"is_available"`
Metadata map[string]string `json:"metadata,omitempty" db:"metadata"`
}
OCSFDevice represents a device aligned with OCSF v1.7.0 Device object schema
func NewOCSFDeviceFromUpdate ¶ added in v1.0.79
func NewOCSFDeviceFromUpdate(update *DeviceUpdate) *OCSFDevice
NewOCSFDeviceFromUpdate creates a new OCSFDevice from a DeviceUpdate
func (*OCSFDevice) GetRiskLevelName ¶ added in v1.0.79
func (d *OCSFDevice) GetRiskLevelName() string
GetRiskLevelName returns the human-readable name for the risk level
func (*OCSFDevice) GetTypeName ¶ added in v1.0.79
func (d *OCSFDevice) GetTypeName() string
GetTypeName returns the human-readable name for the device type
func (*OCSFDevice) ToJSONFields ¶ added in v1.0.79
func (d *OCSFDevice) ToJSONFields() (osJSON, hwInfoJSON, networkInterfacesJSON, ownerJSON, orgJSON, groupsJSON, agentListJSON, metadataJSON []byte, err error)
ToJSON serializes nested objects to JSON for database storage
func (*OCSFDevice) ToLegacyDevice ¶ added in v1.0.79
func (d *OCSFDevice) ToLegacyDevice() *Device
ToLegacyDevice converts an OCSFDevice to the legacy Device format for compatibility
type OCSFDeviceHWInfo ¶ added in v1.0.79
type OCSFDeviceHWInfo struct {
CPUArchitecture string `json:"cpu_architecture,omitempty"` // CPU architecture (x86_64, arm64)
CPUBits *int `json:"cpu_bits,omitempty"` // CPU bits (32 or 64)
CPUCores *int `json:"cpu_cores,omitempty"` // Number of CPU cores
CPUCount *int `json:"cpu_count,omitempty"` // Number of physical CPUs
CPUSpeedMhz *int `json:"cpu_speed_mhz,omitempty"` // CPU speed in MHz
CPUType string `json:"cpu_type,omitempty"` // CPU model name
RAMSize *int64 `json:"ram_size,omitempty"` // Total RAM in bytes
SerialNumber string `json:"serial_number,omitempty"` // Device serial number
Chassis string `json:"chassis,omitempty"` // Chassis type
BIOSManufacturer string `json:"bios_manufacturer,omitempty"` // BIOS manufacturer
BIOSVer string `json:"bios_ver,omitempty"` // BIOS version
BIOSDate string `json:"bios_date,omitempty"` // BIOS release date
UUID string `json:"uuid,omitempty"` // Hardware UUID
}
OCSFDeviceHWInfo represents hardware information
type OCSFDeviceOS ¶ added in v1.0.79
type OCSFDeviceOS struct {
Name string `json:"name,omitempty"`
Type string `json:"type,omitempty"` // OS family (Windows, Linux, macOS)
TypeID *int `json:"type_id,omitempty"` // OCSF OS type enum
Version string `json:"version,omitempty"` // OS version string
Build string `json:"build,omitempty"` // OS build number
Edition string `json:"edition,omitempty"` // OS edition (Enterprise, Pro)
KernelRelease string `json:"kernel_release,omitempty"` // Kernel version for Linux/Unix
CPUBits *int `json:"cpu_bits,omitempty"` // Architecture bits (32 or 64)
SPName string `json:"sp_name,omitempty"` // Service pack name
SPVer string `json:"sp_ver,omitempty"` // Service pack version
Lang string `json:"lang,omitempty"` // OS language
}
OCSFDeviceOS represents the operating system information
type OCSFEventRow ¶ added in v1.0.79
type OCSFEventRow struct {
ID string
Time time.Time
ClassUID int32
CategoryUID int32
TypeUID int32
ActivityID int32
ActivityName string
SeverityID int32
Severity string
Message string
StatusID *int32
Status string
StatusCode string
StatusDetail string
Metadata json.RawMessage
Observables json.RawMessage
TraceID string
SpanID string
Actor json.RawMessage
Device json.RawMessage
SrcEndpoint json.RawMessage
DstEndpoint json.RawMessage
LogName string
LogProvider string
LogLevel string
LogVersion string
Unmapped json.RawMessage
RawData string
CreatedAt time.Time
}
OCSFEventRow represents a row in the ocsf_events table.
type OCSFGroup ¶ added in v1.0.79
type OCSFGroup struct {
UID string `json:"uid,omitempty"`
Name string `json:"name,omitempty"`
Type string `json:"type,omitempty"`
Desc string `json:"desc,omitempty"`
}
OCSFGroup represents a device group
type OCSFNetworkActivity ¶ added in v1.0.90
type OCSFNetworkActivity struct {
// OCSF Core Fields
Time time.Time `json:"time" db:"time"`
ClassUID int `json:"class_uid" db:"class_uid"`
CategoryUID int `json:"category_uid" db:"category_uid"`
ActivityID int `json:"activity_id" db:"activity_id"`
TypeUID int `json:"type_uid" db:"type_uid"`
SeverityID int `json:"severity_id" db:"severity_id"`
// Timestamps
StartTime *time.Time `json:"start_time,omitempty" db:"start_time"`
EndTime *time.Time `json:"end_time,omitempty" db:"end_time"`
// Source Endpoint (extracted for indexing)
SrcEndpointIP string `json:"src_endpoint_ip,omitempty" db:"src_endpoint_ip"`
SrcEndpointPort *int `json:"src_endpoint_port,omitempty" db:"src_endpoint_port"`
SrcASNumber *int `json:"src_as_number,omitempty" db:"src_as_number"`
// Destination Endpoint (extracted for indexing)
DstEndpointIP string `json:"dst_endpoint_ip,omitempty" db:"dst_endpoint_ip"`
DstEndpointPort *int `json:"dst_endpoint_port,omitempty" db:"dst_endpoint_port"`
DstASNumber *int `json:"dst_as_number,omitempty" db:"dst_as_number"`
// Connection Info (extracted for filtering)
ProtocolNum *int `json:"protocol_num,omitempty" db:"protocol_num"`
ProtocolName string `json:"protocol_name,omitempty" db:"protocol_name"`
TCPFlags *int `json:"tcp_flags,omitempty" db:"tcp_flags"`
// Traffic (extracted for aggregations)
BytesTotal int64 `json:"bytes_total" db:"bytes_total"`
PacketsTotal int64 `json:"packets_total" db:"packets_total"`
BytesIn int64 `json:"bytes_in" db:"bytes_in"`
BytesOut int64 `json:"bytes_out" db:"bytes_out"`
// Observer
SamplerAddress string `json:"sampler_address,omitempty" db:"sampler_address"`
// Full OCSF event
OCSFPayload json.RawMessage `json:"ocsf_payload" db:"ocsf_payload"`
// ServiceRadar metadata
Partition string `json:"partition" db:"partition"`
CreatedAt time.Time `json:"created_at" db:"created_at"`
}
OCSFNetworkActivity represents OCSF 1.7.0 network_activity class events Reference: https://schema.ocsf.io/1.7.0/classes/network_activity
func (OCSFNetworkActivity) TableName ¶ added in v1.0.90
func (OCSFNetworkActivity) TableName() string
TableName returns the table name for this model
type OCSFNetworkInterface ¶ added in v1.0.79
type OCSFNetworkInterface struct {
MAC string `json:"mac,omitempty"`
IP string `json:"ip,omitempty"`
Hostname string `json:"hostname,omitempty"`
Name string `json:"name,omitempty"` // Interface name (eth0, ens192)
UID string `json:"uid,omitempty"` // Interface unique identifier
Type string `json:"type,omitempty"` // Interface type name
TypeID *int `json:"type_id,omitempty"` // OCSF interface type enum
}
OCSFNetworkInterface represents a network interface
type OCSFOrganization ¶ added in v1.0.79
type OCSFOrganization struct {
UID string `json:"uid,omitempty"`
Name string `json:"name,omitempty"`
OUUid string `json:"ou_uid,omitempty"`
OUName string `json:"ou_name,omitempty"`
}
OCSFOrganization represents an organization
type OCSFUser ¶ added in v1.0.79
type OCSFUser struct {
UID string `json:"uid,omitempty"`
Name string `json:"name,omitempty"`
Email string `json:"email,omitempty"`
Type string `json:"type,omitempty"`
TypeID *int `json:"type_id,omitempty"`
}
OCSFUser represents a user or owner
type OTELLogRow ¶ added in v1.0.55
type OTELLogRow struct {
Timestamp time.Time
ObservedTimestamp *time.Time
TraceID string
SpanID string
TraceFlags *int32
SeverityText string
SeverityNumber int32
Body string
EventName string
Source string
ServiceName string
ServiceVersion string
ServiceInstance string
ScopeName string
ScopeVersion string
ScopeAttributes string
Attributes string
ResourceAttributes string
}
OTELLogRow represents a normalized log entry emitted by OTEL collectors.
type OTELMetricRow ¶ added in v1.0.55
type OTELMetricRow struct {
Timestamp time.Time
TraceID string
SpanID string
ServiceName string
SpanName string
SpanKind string
DurationMs float64
DurationSeconds float64
MetricType string
HTTPMethod string
HTTPRoute string
HTTPStatusCode string
GRPCService string
GRPCMethod string
GRPCStatusCode string
IsSlow bool
Component string
Level string
Unit string // Unit of measurement (e.g., "ms", "s", "bytes", "1" for counts)
}
OTELMetricRow captures a single OTEL performance metric sample.
type OTELTraceRow ¶ added in v1.0.55
type OTELTraceRow struct {
Timestamp time.Time
TraceID string
SpanID string
ParentSpanID string
Name string
Kind int32
StartTimeUnixNano int64
EndTimeUnixNano int64
ServiceName string
ServiceVersion string
ServiceInstance string
ScopeName string
ScopeVersion string
StatusCode int32
StatusMessage string
Attributes string
ResourceAttributes string
Events string
Links string
}
OTELTraceRow stores a single OTEL trace span row.
type PartitionStats ¶ added in v1.0.55
type PartitionStats struct {
PartitionID string `json:"partition_id"`
DeviceCount int `json:"device_count"`
ActiveCount int `json:"active_count"`
AvailableCount int `json:"available_count"`
}
PartitionStats captures per-partition device counts for dashboard consumption.
type PortResult ¶
type PortResult struct {
Port int `json:"port"`
Available bool `json:"available"`
RespTime time.Duration `json:"response_time"`
Service string `json:"service,omitempty"` // Optional service identification
}
PortResult represents a single port scan result.
type PortStatus ¶
PortStatus represents port availability information.
type ProcessMetric ¶
type ProcessMetric struct {
// Process ID
PID uint32 `json:"pid" example:"1234"`
// Process name
Name string `json:"name" example:"nginx"`
// CPU usage percentage
CPUUsage float32 `json:"cpu_usage" example:"2.5"`
// Memory usage in bytes
MemoryUsage uint64 `json:"memory_usage" example:"104857600"`
// Process status
Status string `json:"status" example:"Running"`
// Process start time
StartTime string `json:"start_time" example:"2025-04-24T14:15:22Z"`
// When this metric was collected
Timestamp time.Time `json:"timestamp" example:"2025-04-24T14:15:22Z"`
// Host identifier for the agent that collected this metric
HostID string `json:"host_id,omitempty" example:"server-east-1"`
// Host IP address for the agent that collected this metric
HostIP string `json:"host_ip,omitempty" example:"192.168.1.100"`
// ServiceRadar agent identifier
AgentID string `json:"agent_id,omitempty" example:"agent-1234"`
}
ProcessMetric represents system process metrics. @Description Process utilization metrics for running processes.
type PromotionConfig ¶ added in v1.0.59
type PromotionConfig struct {
Enabled bool `json:"enabled"`
ShadowMode bool `json:"shadow_mode,omitempty"`
MinPersistence Duration `json:"min_persistence,omitempty"`
RequireHostname bool `json:"require_hostname,omitempty"`
RequireFingerprint bool `json:"require_fingerprint,omitempty"`
}
PromotionConfig configures automated promotion thresholds.
type QueryConfig ¶
type QueryConfig struct {
Label string `json:"label"` // Name or description of the query
Query string `json:"query"` // The query string
SweepModes []SweepMode `json:"sweep_modes"` // Sweep modes to apply to devices from this query
}
QueryConfig represents a single labeled query.
type RBACConfig ¶ added in v1.0.55
type RBACConfig struct {
// Map of identities to roles. Keys can be one of:
// - "provider:subject" (preferred, e.g., "google:1122334455")
// - "provider:email" (lowercased, e.g., "github:admin@company.com")
// - legacy "username-or-email" (lowercased)
// Example: {"local:admin":["admin"], "google:1122334455":["admin"], "user1":["user"]}
UserRoles map[string][]string `json:"user_roles"`
// Map of roles to their permissions
RolePermissions map[string][]string `json:"role_permissions" example:"admin:[config:read,config:write,config:delete],user:[config:read]"`
// Map of routes to required roles (can be string array or map of methods to roles)
RouteProtection map[string]interface{} `json:"route_protection"`
}
RBACConfig contains role-based access control configuration.
type ReaperConfig ¶ added in v1.0.59
ReaperConfig configures the stale device reaper.
type RefreshTokenRequest ¶
type RefreshTokenRequest struct {
// JWT refresh token
RefreshToken string `json:"refresh_token" example:"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."`
}
RefreshTokenRequest represents a token refresh request. @Description Request to refresh an expired access token.
type Result ¶
type Result struct {
Target Target
Available bool
FirstSeen time.Time
LastSeen time.Time
RespTime time.Duration
PacketLoss float64
Error error
Metadata map[string]interface{}
}
Result represents the outcome of a sweep against a target.
type ResultFilter ¶
type ResultFilter struct {
Host string
Port int
StartTime time.Time
EndTime time.Time
Available *bool
}
ResultFilter defines criteria for retrieving results.
type RperfMetric ¶
type RperfMetric struct {
// When the test was performed
Timestamp time.Time `json:"timestamp" example:"2025-04-24T14:15:22Z"`
// Test name or identifier
Name string `json:"name" example:"rperf_tcp_test"`
// Network throughput in bits per second
BitsPerSec float64 `json:"bits_per_second" example:"943215000"`
// Total bytes received during the test
BytesReceived int64 `json:"bytes_received" example:"12582912"`
// Total bytes sent during the test
BytesSent int64 `json:"bytes_sent" example:"12582912"`
// Test duration in seconds
Duration float64 `json:"duration" example:"10.05"`
// Network jitter in milliseconds
JitterMs float64 `json:"jitter_ms" example:"0.85"`
// Percentage of packets lost during the test
LossPercent float64 `json:"loss_percent" example:"0.02"`
// Number of packets lost during the test
PacketsLost int64 `json:"packets_lost" example:"2"`
// Number of packets received during the test
PacketsReceived int64 `json:"packets_received" example:"9998"`
// Number of packets sent during the test
PacketsSent int64 `json:"packets_sent" example:"10000"`
// Whether the test was successful
Success bool `json:"success" example:"true"`
// Target hostname or IP address
Target string `json:"target" example:"192.168.1.1"`
// ResponseTime in milliseconds
ResponseTime int64 `json:"response_time" example:"15"`
// Error message if test failed (null if successful)
Error *string `json:"error,omitempty" example:"connection refused"`
// AgentID of the agent that performed the test
AgentID string `json:"agent_id"`
// ServiceName of the service that performed the test
ServiceName string `json:"service_name"`
// ServiceType of the service that performed the test
ServiceType string `json:"service_type"`
// Version of the rperf service used for the test
Version string `json:"version"`
}
RperfMetric represents a single network performance test result. @Description Single network performance test result for a specific target.
type RperfMetricData ¶
type RperfMetricData struct {
// Array of test results for different targets
Results []struct {
// Target hostname or IP address
Target string `json:"target" example:"192.168.1.1"`
// Whether the test was successful
Success bool `json:"success" example:"true"`
// Error message if test failed
Error *string `json:"error" example:"connection refused"`
// Performance test summary results
Summary struct {
// Network throughput in bits per second
BitsPerSecond float64 `json:"bits_per_second" example:"943215000"`
// Total bytes received during the test
BytesReceived int64 `json:"bytes_received" example:"12582912"`
// Total bytes sent during the test
BytesSent int64 `json:"bytes_sent" example:"12582912"`
// Test duration in seconds
Duration float64 `json:"duration" example:"10.05"`
// Network jitter in milliseconds
JitterMs float64 `json:"jitter_ms" example:"0.85"`
// Percentage of packets lost during the test
LossPercent float64 `json:"loss_percent" example:"0.02"`
// Number of packets lost during the test
PacketsLost int64 `json:"packets_lost" example:"2"`
// Number of packets received during the test
PacketsReceived int64 `json:"packets_received" example:"9998"`
// Number of packets sent during the test
PacketsSent int64 `json:"packets_sent" example:"10000"`
} `json:"summary"`
} `json:"results"`
// ISO8601 timestamp when data was collected
Timestamp string `json:"timestamp" example:"2025-04-24T14:15:22Z"`
}
RperfMetricData represents raw data received from the rperf service. @Description Raw network performance test data received from the rperf service.
type RperfMetricResponse ¶
type RperfMetricResponse struct {
// Array of performance metrics
Metrics []RperfMetric `json:"metrics"`
// Error information if retrieval failed (not serialized)
Err error `json:"-"`
}
RperfMetricResponse represents the API response for rperf metrics. @Description API response containing rperf metrics data.
type RperfMetrics ¶
type RperfMetrics struct {
// Array of performance metrics for different targets
Results []RperfMetric `json:"results"`
}
RperfMetrics represents processed network performance metrics. @Description Processed network performance metrics from rperf tests.
type SNMPConfig ¶
type SNMPConfig struct {
NodeAddress string `json:"node_address"`
Timeout Duration `json:"timeout"`
ListenAddr string `json:"listen_addr"`
Security *SecurityConfig `json:"security"`
Targets []Target `json:"targets"`
}
SNMPConfig represents SNMP checker configuration.
type SNMPDiscoveryDataPayload ¶
type SNMPDiscoveryDataPayload struct {
Devices []*discoverypb.DiscoveredDevice `json:"devices"`
Interfaces []*discoverypb.DiscoveredInterface `json:"interfaces"`
Topology []*discoverypb.TopologyLink `json:"topology"`
AgentID string `json:"agent_id"` // Agent that ran the discovery engine
GatewayID string `json:"gateway_id"` // Gateway that initiated the discovery
}
type SNMPMetric ¶
type SNMPMetric struct {
// The name of the OID (Object Identifier)
// @example "sysUpTime"
OIDName string `json:"oid_name"`
// The value of the metric
// @example 12345
Value interface{} `json:"value"`
// The type of the value (e.g., integer, string)
// @example "integer"
ValueType string `json:"value_type"`
// The time when the metric was collected
// @example "2025-04-24T14:15:22Z"
Timestamp time.Time `json:"timestamp"`
// The scale factor applied to the value
// @example 1.0
Scale float64 `json:"scale"`
// Whether the metric represents a delta value
// @example false
IsDelta bool `json:"is_delta"`
}
SNMPMetric represents an SNMP metric. @Description A metric collected via SNMP, including its value, type, and timestamp.
type SNMPMetricsPayload ¶
type SNMPMetricsPayload struct {
GatewayID string `json:"gateway_id"` // Gateway that collected the metrics
AgentID string `json:"agent_id"` // Agent that the gateway belongs to
Partition string `json:"partition"` // Partition from SNMP checker config
Targets json.RawMessage `json:"targets"` // Target statuses and metrics (map[string]snmp.TargetStatus)
}
SNMPMetricsPayload is the enhanced payload structure for SNMP metrics reports. It includes metadata about the collector infrastructure along with the target data. Deprecated: Use ServiceMetricsPayload instead
type SRQLConfig ¶ added in v1.0.55
type SRQLConfig struct {
Enabled bool `json:"enabled"`
BaseURL string `json:"base_url"`
APIKey string `json:"api_key,omitempty" sensitive:"true"`
Timeout Duration `json:"timeout,omitempty"`
Path string `json:"path,omitempty"`
}
SRQLConfig configures the external SRQL microservice integration.
type SSOConfig ¶
type SSOConfig struct {
// OAuth client ID
ClientID string `json:"client_id" example:"oauth-client-id"`
// OAuth client secret
ClientSecret string `json:"client_secret" example:"oauth-client-secret"`
// OAuth scopes requested
Scopes []string `json:"scopes" example:"profile,email"`
}
SSOConfig contains configuration for a single SSO provider. @Description Configuration for a single Single Sign-On provider.
type ScannerStats ¶ added in v1.0.79
type ScannerStats struct {
// Packet statistics
PacketsSent uint64 `json:"packets_sent"`
PacketsRecv uint64 `json:"packets_recv"`
PacketsDropped uint64 `json:"packets_dropped"`
// Ring buffer statistics (TPACKET_V3)
RingBlocksProcessed uint64 `json:"ring_blocks_processed"`
RingBlocksDropped uint64 `json:"ring_blocks_dropped"`
// Retry statistics
RetriesAttempted uint64 `json:"retries_attempted"`
RetriesSuccessful uint64 `json:"retries_successful"`
// Port allocation statistics
PortsAllocated uint64 `json:"ports_allocated"`
PortsReleased uint64 `json:"ports_released"`
PortExhaustionCount uint64 `json:"port_exhaustion_count"`
// Rate limiting statistics
RateLimitDeferrals uint64 `json:"rate_limit_deferrals"`
// Computed metrics
RxDropRatePercent float64 `json:"rx_drop_rate_percent"`
}
ScannerStats contains performance metrics from network scanners. These metrics help diagnose scan performance and network conditions.
type SecurityConfig ¶
type SecurityConfig struct {
Mode SecurityMode `json:"mode"`
CertDir string `json:"cert_dir"`
ServerName string `json:"server_name,omitempty"`
Role ServiceRole `json:"role"`
TLS TLSConfig `json:"tls"`
TrustDomain string `json:"trust_domain,omitempty"` // For SPIFFE
ServerSPIFFEID string `json:"server_spiffe_id,omitempty"` // Expected SPIFFE ID when acting as client
WorkloadSocket string `json:"workload_socket,omitempty"` // For SPIFFE
}
SecurityConfig holds common security configuration.
type SecurityMode ¶
type SecurityMode string
SecurityMode defines the type of security to use.
const ( SecurityModeMTLS SecurityMode = "mtls" SecurityModeSPIFFE SecurityMode = "spiffe" SecurityModeNone SecurityMode = "none" )
type Service ¶
type Service struct {
GatewayID string `json:"gateway_id"`
ServiceName string `json:"service_name"`
ServiceType string `json:"service_type"`
AgentID string `json:"agent_id"`
DeviceID string `json:"device_id,omitempty"`
Partition string `json:"partition,omitempty"`
Timestamp time.Time `json:"timestamp"`
Config map[string]string `json:"config,omitempty"` // Service configuration including KV store info
}
Service represents a monitored service associated with a gateway.
type ServiceMetricsPayload ¶
type ServiceMetricsPayload struct {
GatewayID string `json:"gateway_id"` // Gateway that collected the metrics
AgentID string `json:"agent_id"` // Agent that the gateway belongs to
Partition string `json:"partition"` // Partition for the collection
ServiceType string `json:"service_type"` // Type of service (snmp, sysmon, icmp, etc.)
ServiceName string `json:"service_name"` // Name of the service instance
Data json.RawMessage `json:"data"` // Service-specific data payload
}
ServiceMetricsPayload is the enhanced payload structure for ALL service metrics reports. It includes metadata about the collector infrastructure along with the service-specific data.
type ServiceRole ¶
type ServiceRole string
const ( RoleGateway ServiceRole = "gateway" // Client and Server RoleAgent ServiceRole = "agent" // Server only RoleCore ServiceRole = "core" // Server only RoleKVStore ServiceRole = "kv" // Server only RoleDataService ServiceRole = "datasvc" // Client and Server (NATS + gRPC) RoleChecker ServiceRole = "checker" // Server only (for SNMP checkers) RoleSync ServiceRole = "sync" // Client and Server (gateway) )
type ServiceStatus ¶
type ServiceStatus struct {
// Name of the service
Name string `json:"name" example:"postgres"`
// Whether the service is currently available
Available bool `json:"available" example:"true"`
// Status message from the service
Message string `json:"message" example:"Service is running normally"`
// Type of service (e.g., "process", "port", "database", etc.)
Type string `json:"type" example:"database"`
// Detailed service-specific information as a JSON object
Details json.RawMessage `json:"details,omitempty"`
GatewayID string `json:"gateway_id" example:"gateway-prod-east-01"`
AgentID string `json:"agent_id" example:"agent-prod-east-01"`
ServiceName string `json:"service_name" example:"postgres"`
ServiceType string `json:"service_type" example:"database"`
DeviceID string `json:"device_id,omitempty" example:"default:192.168.1.100"`
Partition string `json:"partition,omitempty" example:"default"`
Timestamp time.Time `json:"timestamp" example:"2020-11-10T23:00:00+09:00"`
}
ServiceStatus represents the status of a monitored service. @Description Status information about a service monitored by a gateway.
type ServiceType ¶ added in v1.0.55
type ServiceType string
ServiceType represents the type of service component
const ( // ServiceTypeGateway represents a gateway service ServiceTypeGateway ServiceType = "gateway" // ServiceTypeAgent represents an agent service ServiceTypeAgent ServiceType = "agent" // ServiceTypeChecker represents a checker service ServiceTypeChecker ServiceType = "checker" // ServiceTypeNetworkDevice represents a discovered network device (not a service component) ServiceTypeNetworkDevice ServiceType = "network" // ServiceTypeDatasvc represents the datasvc/KV service ServiceTypeDatasvc ServiceType = "datasvc" // ServiceTypeKV is an alias for datasvc (legacy name) ServiceTypeKV ServiceType = "kv" // ServiceTypeSync represents the sync service ServiceTypeSync ServiceType = "sync" // ServiceTypeMapper represents the mapper service ServiceTypeMapper ServiceType = "mapper" // ServiceTypeOtel represents the OpenTelemetry collector service ServiceTypeOtel ServiceType = "otel" // ServiceTypeZen represents the zen service ServiceTypeZen ServiceType = "zen" // ServiceTypeCore represents the core service ServiceTypeCore ServiceType = "core" )
type SeverityWindowCounts ¶ added in v1.0.55
type SeverityWindowCounts struct {
Total int `json:"total"`
Fatal int `json:"fatal"`
Error int `json:"error"`
Warning int `json:"warning"`
Info int `json:"info"`
Debug int `json:"debug"`
Other int `json:"other"`
}
SeverityWindowCounts captures per-severity totals for a specific rolling window.
type SightingEvent ¶ added in v1.0.59
type SightingEvent struct {
EventID string `json:"event_id,omitempty"`
SightingID string `json:"sighting_id"`
DeviceID string `json:"device_id,omitempty"`
EventType string `json:"event_type"`
Actor string `json:"actor"`
Details map[string]string `json:"details,omitempty"`
CreatedAt time.Time `json:"created_at"`
}
SightingEvent tracks lifecycle events for sightings.
type SightingPromotionStatus ¶ added in v1.0.59
type SightingPromotionStatus struct {
MeetsPolicy bool `json:"meets_policy"`
Eligible bool `json:"eligible"`
ShadowMode bool `json:"shadow_mode,omitempty"`
Blockers []string `json:"blockers,omitempty"`
Satisfied []string `json:"satisfied,omitempty"`
NextEligibleAt *time.Time `json:"next_eligible_at,omitempty"`
}
SightingPromotionStatus captures promotion eligibility and blockers for a sighting.
type SourceConfig ¶
type SourceConfig struct {
Type string `json:"type"` // "armis", "netbox", etc.
Endpoint string `json:"endpoint"` // API endpoint
Credentials map[string]string `json:"credentials"` // e.g., {"api_key": "xyz"}
Prefix string `json:"prefix"` // Optional namespace prefix for device identifiers
InsecureSkipVerify bool `json:"insecure_skip_verify"` // For TLS connections
Queries []QueryConfig `json:"queries"` // List of queries
CustomField string `json:"custom_field,omitempty"` // Custom field for additional metadata
// AgentID and GatewayID allow assigning discovered devices to specific
// agents and gateways. When set, they override any global defaults for
// the Sync service.
AgentID string `json:"agent_id,omitempty"`
GatewayID string `json:"gateway_id,omitempty"`
Partition string `json:"partition,omitempty"`
SyncServiceID string `json:"sync_service_id,omitempty"`
// SweepInterval allows configuring how often agents should sweep the
// networks discovered by this source. If empty, a sensible default is
// used by each integration.
SweepInterval string `json:"sweep_interval,omitempty"`
// PollInterval allows configuring how often this specific source should be polled.
// If empty, uses the global PollInterval from the sync config.
PollInterval Duration `json:"poll_interval,omitempty"`
// DiscoveryInterval allows configuring how often full discovery runs should occur
// for this source. If empty, uses the global DiscoveryInterval from the sync config.
DiscoveryInterval Duration `json:"discovery_interval,omitempty"`
// NetworkBlacklist contains CIDR ranges to filter out from this specific source
NetworkBlacklist []string `json:"network_blacklist,omitempty"`
// BatchSize configures the number of items to process in each batch
// for bulk operations. If not specified, a default will be used.
BatchSize int `json:"batch_size,omitempty"`
}
type SpireAdminConfig ¶ added in v1.0.55
type SpireAdminConfig struct {
Enabled bool `json:"enabled"`
ServerAddress string `json:"server_address"`
ServerSPIFFEID string `json:"server_spiffe_id"`
WorkloadSocket string `json:"workload_socket,omitempty"`
BundlePath string `json:"bundle_path,omitempty"`
JoinTokenTTL Duration `json:"join_token_ttl,omitempty"`
}
SpireAdminConfig captures SPIRE server access for administrative APIs.
type SubnetPolicy ¶ added in v1.0.59
type SubnetPolicy struct {
SubnetID string `json:"subnet_id"`
CIDR string `json:"cidr"`
Classification string `json:"classification"`
PromotionRules map[string]interface{} `json:"promotion_rules,omitempty"`
ReaperProfile string `json:"reaper_profile"`
AllowIPAsID bool `json:"allow_ip_as_id"`
CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"updated_at"`
}
SubnetPolicy captures promotion/reaper behavior for a subnet.
type SweepConfig ¶
type SweepConfig struct {
Networks []string `json:"networks,omitempty"`
Ports []int `json:"ports,omitempty"`
SweepModes []string `json:"sweep_modes,omitempty"`
Interval string `json:"interval,omitempty"`
Concurrency int `json:"concurrency,omitempty"`
Timeout string `json:"timeout,omitempty"`
ICMPCount int `json:"icmp_count,omitempty"`
HighPerfICMP bool `json:"high_perf_icmp,omitempty"`
ICMPRateLimit int `json:"icmp_rate_limit,omitempty"`
DeviceTargets []DeviceTarget `json:"device_targets,omitempty"` // Per-device sweep configuration
SweepGroupID string `json:"sweep_group_id,omitempty"` // Sweep group UUID for result tracking
ConfigHash string `json:"config_hash,omitempty"` // Hash of config for change detection
}
SweepConfig defines the network sweep tool configuration.
type SweepData ¶
type SweepData struct {
Network string `json:"network"`
TotalHosts int32 `json:"total_hosts"`
AvailableHosts int32 `json:"available_hosts"`
LastSweep int64 `json:"last_sweep"`
Ports []PortStatus `json:"ports"`
}
SweepData represents network sweep results.
type SweepHostState ¶
type SweepHostState struct {
HostIP string `json:"host_ip"`
GatewayID string `json:"gateway_id"`
AgentID string `json:"agent_id"`
Partition string `json:"partition"`
NetworkCIDR *string `json:"network_cidr,omitempty"`
Hostname *string `json:"hostname,omitempty"`
MAC *string `json:"mac,omitempty"`
ICMPAvailable bool `json:"icmp_available"`
ICMPResponseTime *int64 `json:"icmp_response_time_ns,omitempty"` // nanoseconds
ICMPPacketLoss *float64 `json:"icmp_packet_loss,omitempty"`
TCPPortsScanned []int `json:"tcp_ports_scanned,omitempty"`
TCPPortsOpen []int `json:"tcp_ports_open,omitempty"`
PortScanResults []PortResult `json:"port_scan_results,omitempty"`
LastSweepTime time.Time `json:"last_sweep_time"`
FirstSeen time.Time `json:"first_seen"`
Metadata map[string]string `json:"metadata,omitempty"`
}
SweepHostState represents the latest sweep state for a host in the versioned KV store.
type SweepResult ¶
type SweepResult struct {
AgentID string `json:"agent_id"`
GatewayID string `json:"gateway_id"`
Partition string `json:"partition"`
DeviceID string `json:"device_id"`
DiscoverySource string `json:"discovery_source"`
IP string `json:"ip"`
MAC *string `json:"mac,omitempty"`
Hostname *string `json:"hostname,omitempty"`
Timestamp time.Time `json:"timestamp"`
Available bool `json:"available,omitempty"`
Metadata map[string]string `json:"metadata,omitempty"`
ExecutionID string `json:"execution_id,omitempty"` // Sweep execution UUID for result tracking
SweepGroupID string `json:"sweep_group_id,omitempty"` // Sweep group UUID this execution belongs to
}
SweepResult represents a single sweep result to be stored.
type SweepSummary ¶
type SweepSummary struct {
Network string `json:"network"`
TotalHosts int `json:"total_hosts"`
AvailableHosts int `json:"available_hosts"`
LastSweep int64 `json:"last_sweep"` // Unix timestamp
Ports []PortCount `json:"ports"`
Hosts []HostResult `json:"hosts"`
ExecutionID string `json:"execution_id,omitempty"` // Sweep execution UUID for result tracking
SweepGroupID string `json:"sweep_group_id,omitempty"` // Sweep group UUID this execution belongs to
}
SweepSummary provides aggregated sweep results.
type SysmonCPUResponse ¶
type SysmonCPUResponse struct {
Cpus []CPUMetric `json:"cpus"`
Clusters []CPUClusterMetric `json:"clusters,omitempty"`
Timestamp time.Time `json:"timestamp"`
}
SysmonCPUResponse represents a CPU metrics response grouped by timestamp.
type SysmonDiskResponse ¶
type SysmonDiskResponse struct {
Disks []DiskMetric `json:"disks"`
Timestamp time.Time `json:"timestamp"`
}
SysmonDiskResponse represents a disk metrics response grouped by timestamp.
type SysmonMemoryResponse ¶
type SysmonMemoryResponse struct {
Memory MemoryMetric `json:"memory"`
Timestamp time.Time `json:"timestamp"`
}
SysmonMemoryResponse represents a memory metrics response.
type SysmonMetricData ¶
type SysmonMetricData struct {
// ISO8601 timestamp when data was collected
Timestamp string `json:"timestamp" example:"2025-04-24T14:15:22Z"`
// Unique identifier for the host
HostID string `json:"host_id" example:"server-east-1"`
// IP address of the host
HostIP string `json:"host_ip" example:"192.168.1.100"`
// Partition identifier for device-centric model (optional)
Partition *string `json:"partition,omitempty" example:"demo-staging"`
// CPU metrics for each core
CPUs []struct {
// ID number of the CPU core
CoreID int32 `json:"core_id" example:"0"`
// Usage percentage (0-100)
UsagePercent float32 `json:"usage_percent" example:"45.2"`
} `json:"cpus"`
// Disk usage metrics for each mount point
Disks []struct {
// Mount point path
MountPoint string `json:"mount_point" example:"/var"`
// Bytes currently in use
UsedBytes uint64 `json:"used_bytes" example:"10737418240"`
// Total capacity in bytes
TotalBytes uint64 `json:"total_bytes" example:"107374182400"`
} `json:"disks"`
// Memory usage metrics
Memory struct {
// Bytes currently in use
UsedBytes uint64 `json:"used_bytes" example:"4294967296"`
// Total memory capacity in bytes
TotalBytes uint64 `json:"total_bytes" example:"17179869184"`
} `json:"memory"`
// Process usage metrics for running processes
Processes []struct {
// Process ID
PID uint32 `json:"pid" example:"1234"`
// Process name
Name string `json:"name" example:"nginx"`
// CPU usage percentage
CPUUsage float32 `json:"cpu_usage" example:"2.5"`
// Memory usage in bytes
MemoryUsage uint64 `json:"memory_usage" example:"104857600"`
// Process status
Status string `json:"status" example:"Running"`
// Process start time
StartTime string `json:"start_time" example:"2025-04-24T14:15:22Z"`
} `json:"processes"`
}
SysmonMetricData represents the raw data received from the sysmon service. @Description Raw system monitoring data received from the monitoring agent.
type SysmonMetrics ¶
type SysmonMetrics struct {
// CPU usage metrics for individual cores
CPUs []CPUMetric `json:"cpus"`
// Aggregate CPU cluster metrics (e.g., big.LITTLE clusters)
Clusters []CPUClusterMetric `json:"clusters,omitempty"`
// Disk usage metrics for various mount points
Disks []DiskMetric `json:"disks"`
// Memory usage metrics
Memory *MemoryMetric `json:"memory"`
// Process usage metrics for running processes
Processes []ProcessMetric `json:"processes"`
}
SysmonMetrics represents system monitoring metrics. @Description System monitoring metrics including CPU, disk, memory, and process usage.
type SysmonProcessResponse ¶
type SysmonProcessResponse struct {
Processes []ProcessMetric `json:"processes"`
Timestamp time.Time `json:"timestamp"`
}
SysmonProcessResponse represents a process metrics response grouped by timestamp.
type SystemStatus ¶
type SystemStatus struct {
// Total number of gateways in the system
TotalGateways int `json:"total_gateways" example:"15"`
// Number of gateways that are currently healthy
HealthyGateways int `json:"healthy_gateways" example:"12"`
// Last time the system status was updated
LastUpdate time.Time `json:"last_update" example:"2025-04-24T14:15:22Z"`
}
SystemStatus represents the overall system status. @Description Overall system status information.
type Target ¶
type Target struct {
Host string
Port int
Mode SweepMode
Metadata map[string]interface{} // Additional metadata about the scan
}
Target represents a network target to be scanned.
type TimeseriesMetric ¶
type TimeseriesMetric struct {
GatewayID string `json:"gateway_id"` // Unique identifier for the gateway that collected this metric
Name string `json:"name"`
TargetDeviceIP string `json:"target_device_ip"` // IP address of the device this metric is for
DeviceID string `json:"device_id"` // Device identifier in format "partition:ip"
Partition string `json:"partition"` // Partition identifier for this device
IfIndex int32 `json:"if_index"`
Value string `json:"value"` // Store as string for flexibility
Type string `json:"type"` // Metric type identifier
Timestamp time.Time `json:"timestamp"`
Metadata string `json:"metadata"`
}
TimeseriesMetric represents a generic timeseries datapoint.
type Token ¶
type Token struct {
// JWT access token used for API authorization
AccessToken string `json:"access_token" example:"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."`
// JWT refresh token used to obtain new access tokens
RefreshToken string `json:"refresh_token" example:"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."`
// When the access token expires
ExpiresAt time.Time `json:"expires_at" example:"2025-04-25T12:00:00Z"`
}
Token represents authentication tokens for API access. @Description Authentication tokens for API access.
type TopologyDiscoveryEvent ¶
type TopologyDiscoveryEvent struct {
Timestamp time.Time `json:"timestamp"`
AgentID string `json:"agent_id"`
GatewayID string `json:"gateway_id"`
LocalDeviceIP string `json:"local_device_ip"`
LocalDeviceID string `json:"local_device_id"`
LocalIfIndex int32 `json:"local_ifIndex"` // DB schema is int32; Postgres driver should handle
LocalIfName string `json:"local_ifName"`
ProtocolType string `json:"protocol_type"` // "LLDP" or "CDP"
NeighborChassisID string `json:"neighbor_chassis_id"`
NeighborPortID string `json:"neighbor_port_id"`
NeighborPortDescr string `json:"neighbor_port_descr"`
NeighborSystemName string `json:"neighbor_system_name"`
NeighborManagementAddr string `json:"neighbor_management_address"`
// BGP specific fields - added
NeighborBGPRouterID string `json:"neighbor_bgp_router_id,omitempty"`
NeighborIPAddress string `json:"neighbor_ip_address,omitempty"` // For BGP peer IP
NeighborAS uint32 `json:"neighbor_as,omitempty"`
BGPSessionState string `json:"bgp_session_state,omitempty"`
Metadata json.RawMessage `json:"metadata"`
}
TopologyDiscoveryEvent represents a topology discovery event
type User ¶
type User struct {
// Unique identifier for the user
ID string `json:"id" example:"u-1234567890"`
// Email address of the user
Email string `json:"email" example:"user@example.com"`
// Display name of the user
Name string `json:"name" example:"John Doe"`
// Authentication provider (e.g., "local", "google", "github")
Provider string `json:"provider" example:"google"`
// User roles for RBAC
Roles []string `json:"roles" example:"admin,user"`
// User permissions for fine-grained access control
Permissions []string `json:"permissions" example:"config:read,config:write"`
// When the user account was created
CreatedAt time.Time `json:"created_at" example:"2025-01-01T00:00:00Z"`
// When the user account was last updated
UpdatedAt time.Time `json:"updated_at" example:"2025-04-01T00:00:00Z"`
}
User contains information about an authenticated user. @Description Information about an authenticated user.
type WebhookConfig ¶
type WebhookConfig struct {
Enabled bool `json:"enabled"`
URL string `json:"url"`
Cooldown Duration `json:"cooldown"`
Template string `json:"template"`
Headers []Header `json:"headers,omitempty"` // Optional custom headers
}
WebhookConfig represents a webhook notification configuration.
type WriteBufferConfig ¶
type WriteBufferConfig struct {
MaxSize int `json:"max_size"` // Maximum buffer size before forced flush (default: 500)
FlushInterval Duration `json:"flush_interval"` // Maximum time to wait before flushing (default: 30s)
Enabled bool `json:"enabled"` // Whether buffering is enabled (default: true)
}
WriteBufferConfig configures the database write buffer for performance optimization
Source Files
¶
- api_types.go
- auth.go
- collector.go
- config.go
- cors.go
- db.go
- device.go
- device_capability.go
- discovery.go
- edge_onboarding.go
- events.go
- grpc.go
- identity_reconciliation.go
- logs.go
- metrics.go
- netflow.go
- ocsf_agent.go
- ocsf_device.go
- ocsf_event.go
- ocsf_network_activity.go
- otel.go
- rperf.go
- schema.go
- service.go
- service_device.go
- service_registration.go
- snmp.go
- stats.go
- sweep.go
- sync.go
- utils.go
Click to show internal directories.
Click to hide internal directories.