Documentation
¶
Index ¶
- Constants
- type AcceleratedQueryReadResponse
- type ApiActionsRequest
- type ApiDataResponse
- type ApiDistributedQueryRequest
- type ApiErrorResponse
- type ApiGenericResponse
- type ApiLoginRequest
- type ApiLoginResponse
- type ApiLookupRequest
- type ApiNodeGenericRequest
- type ApiNodeTagRequest
- type ApiQueriesResponse
- type ApiTagsRequest
- type ApiUserRequest
- type BuildMetadata
- type CarveBlockRequest
- type CarveBlockResponse
- type CarveInitRequest
- type CarveInitResponse
- type CertRequest
- type ConfigRequest
- type ConfigResponse
- type EnrollRequest
- type EnrollResponse
- type FlagsRequest
- type GenericRequest
- type GenericResponse
- type LogDecorations
- type LogGenericData
- type LogRequest
- type LogResponse
- type LogResultData
- type LogStatusData
- type OSVersionTable
- type OsqueryInfoTable
- type OsqueryTable
- type PlatformInfoTable
- type QueryCarveScheduled
- type QueryReadRequest
- type QueryReadResponse
- type QueryWriteData
- type QueryWriteMessages
- type QueryWriteQueries
- type QueryWriteRequest
- type QueryWriteResponse
- type QueryWriteStatuses
- type ScriptRequest
- type StringInt
- type SystemInfoTable
- type VerifyRequest
- type VerifyResponse
Constants ¶
const ( StatusLog string = "status" ResultLog string = "result" QueryLog string = "query" )
Types of log types
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AcceleratedQueryReadResponse ¶
type AcceleratedQueryReadResponse struct {
Queries map[string]string `json:"queries"`
NodeInvalid bool `json:"node_invalid"`
Accelerate int `json:"accelerate"`
}
AcceleratedQueryReadResponse for accelerated on-demand queries from nodes https://github.com/osquery/osquery/blob/master/osquery/distributed/distributed.cpp#L219-L231
type ApiActionsRequest ¶
type ApiActionsRequest struct {
Certificate string `json:"certificate"`
MacPkgURL string `json:"url_mac_pkg"`
MsiPkgURL string `json:"url_msi_pkg"`
RpmPkgURL string `json:"url_rpm_pkg"`
DebPkgURL string `json:"url_deb_pkg"`
}
ApiActionsRequest to receive action requests
type ApiDataResponse ¶
type ApiDataResponse struct {
Data string `json:"data"`
}
ApiDataResponse to be returned to API requests for generic data
type ApiDistributedQueryRequest ¶
type ApiDistributedQueryRequest struct {
UUIDs []string `json:"uuid_list"`
Platforms []string `json:"platform_list"`
Environments []string `json:"environment_list"`
Hosts []string `json:"host_list"`
Tags []string `json:"tag_list"`
Query string `json:"query"`
Path string `json:"path"`
Hidden bool `json:"hidden"`
ExpHours int `json:"exp_hours"`
}
ApiDistributedQueryRequest to receive query requests
type ApiErrorResponse ¶
type ApiErrorResponse struct {
Error string `json:"error"`
}
ApiErrorResponse to be returned to API requests with the error message
type ApiGenericResponse ¶
type ApiGenericResponse struct {
Message string `json:"message"`
}
ApiGenericResponse to be returned to API requests for anything
type ApiLoginRequest ¶
type ApiLoginRequest struct {
Username string `json:"username"`
Password string `json:"password"`
ExpHours int `json:"exp_hours"`
}
ApiLoginRequest to receive login requests
type ApiLoginResponse ¶
type ApiLoginResponse struct {
Token string `json:"token"`
}
ApiLoginResponse to be returned to API login requests with the generated token
type ApiLookupRequest ¶ added in v0.4.5
type ApiLookupRequest struct {
Identifier string `json:"identifier"`
}
ApiLookupRequest to receive lookup requests
type ApiNodeGenericRequest ¶
type ApiNodeGenericRequest struct {
UUID string `json:"uuid"`
}
ApiNodeGenericRequest to receive generic node requests
type ApiNodeTagRequest ¶ added in v0.4.6
type ApiNodeTagRequest struct {
UUID string `json:"uuid"`
Tag string `json:"tag"`
Type uint `json:"type"`
Custom string `json:"custom"`
}
ApiNodeTagRequest to receive tag node requests
type ApiQueriesResponse ¶
type ApiQueriesResponse struct {
Name string `json:"query_name"`
}
ApiQueriesResponse to be returned to API requests for queries
type ApiTagsRequest ¶
type ApiTagsRequest struct {
Name string `json:"name"`
Description string `json:"description"`
Color string `json:"color"`
Icon string `json:"icon"`
Env string `json:"env"`
TagType uint `json:"tagtype"`
Custom string `json:"custom"`
}
ApiTagsRequest to receive tag requests
type ApiUserRequest ¶ added in v0.4.6
type ApiUserRequest struct {
Username string `json:"username"`
Password string `json:"password"`
Email string `json:"email"`
Fullname string `json:"fullname"`
Admin bool `json:"admin"`
NotAdmin bool `json:"not_admin"`
Service bool `json:"service"`
NotService bool `json:"not_service"`
API bool `json:"api"`
Environments []string `json:"environments"`
}
ApiUserRequest to receive user requests
type BuildMetadata ¶ added in v0.4.6
BuildMetadata to show build metadata
type CarveBlockRequest ¶
type CarveBlockRequest struct {
BlockID int `json:"block_id"`
SessionID string `json:"session_id"`
RequestID string `json:"request_id"`
Data string `json:"data"`
}
CarveBlockRequest received to begin a carve
type CarveBlockResponse ¶
type CarveBlockResponse struct {
Success bool `json:"success"`
}
CarveBlockResponse for osquery nodes
type CarveInitRequest ¶
type CarveInitRequest struct {
BlockCount int `json:"block_count"`
BlockSize int `json:"block_size"`
CarveSize int `json:"carve_size"`
CarveID string `json:"carve_id"`
RequestID string `json:"request_id"`
NodeKey string `json:"node_key"`
}
CarveInitRequest received to begin a carve
type CarveInitResponse ¶
type CarveInitResponse struct {
Success bool `json:"success"`
SessionID string `json:"session_id"`
}
CarveInitResponse for osquery nodes
type ConfigRequest ¶
type ConfigRequest GenericRequest
ConfigRequest received when nodes request configuration
type ConfigResponse ¶
type ConfigResponse GenericResponse
ConfigResponse for configuration requests from nodes
type EnrollRequest ¶
type EnrollRequest struct {
EnrollSecret string `json:"enroll_secret"`
HostIdentifier string `json:"host_identifier"`
PlatformType string `json:"platform_type"`
HostDetails struct {
EnrollOSVersion OSVersionTable `json:"os_version"`
EnrollOsqueryInfo OsqueryInfoTable `json:"osquery_info"`
EnrollSystemInfo SystemInfoTable `json:"system_info"`
EnrollPlatformInfo PlatformInfoTable `json:"platform_info"`
} `json:"host_details"`
}
EnrollRequest received when nodes enroll
type EnrollResponse ¶
type EnrollResponse struct {
NodeKey string `json:"node_key"`
NodeInvalid bool `json:"node_invalid"`
}
EnrollResponse to be returned to agents
type FlagsRequest ¶
type FlagsRequest struct {
Secret string `json:"secret"`
SecrefFile string `json:"secretFile"`
CertFile string `json:"certFile"`
}
FlagsRequest to retrieve flags
type GenericRequest ¶
type GenericRequest struct {
NodeKey string `json:"node_key"`
}
GenericRequest to some endpoints
type GenericResponse ¶
type GenericResponse struct {
NodeInvalid bool `json:"node_invalid"`
}
GenericResponse for osquery nodes
type LogDecorations ¶
type LogDecorations struct {
Username string `json:"username"`
OsqueryUser string `json:"osquery_user"`
LocalHostname string `json:"local_hostname"`
Hostname string `json:"hostname"`
OsqueryVersion string `json:"osquery_version"`
ConfigHash string `json:"config_hash"`
DaemonHash string `json:"osquery_md5"`
}
LogDecorations for decorations field in node logs requests
type LogGenericData ¶
type LogGenericData struct {
HostIdentifier string `json:"hostIdentifier"`
Decorations LogDecorations `json:"decorations"`
Version string `json:"version"`
}
LogGenericData to parse both status and result logs
type LogRequest ¶
type LogRequest struct {
NodeKey string `json:"node_key"`
LogType string `json:"log_type"`
Data json.RawMessage `json:"data"`
}
LogRequest received to process logs
type LogResultData ¶
type LogResultData struct {
Name string `json:"name"`
Epoch int64 `json:"epoch"`
Action string `json:"action"`
Columns json.RawMessage `json:"columns"`
Counter int `json:"counter"`
UnixTime StringInt `json:"unixTime"`
Decorations LogDecorations `json:"decorations"`
CalendarTime string `json:"calendarTime"`
HostIdentifier string `json:"hostIdentifier"`
}
LogResultData to be used processing result logs from nodes
type LogStatusData ¶
type LogStatusData struct {
Line StringInt `json:"line"`
Message string `json:"message"`
Version string `json:"version"`
Filename string `json:"filename"`
Severity StringInt `json:"severity"`
UnixTime StringInt `json:"unixTime"`
Decorations LogDecorations `json:"decorations"`
CalendarTime string `json:"calendarTime"`
HostIdentifier string `json:"hostIdentifier"`
}
LogStatusData to be used processing status logs from nodes
type OSVersionTable ¶
type OSVersionTable struct {
ID string `json:"_id"`
Codename string `json:"codename"`
Major string `json:"major"`
Minor string `json:"minor"`
Name string `json:"name"`
Patch string `json:"patch"`
Platform string `json:"platform"`
PlatformLike string `json:"platform_like"`
Version string `json:"version"`
}
OSVersionTable provided on enrollment, table os_version
type OsqueryInfoTable ¶
type OsqueryInfoTable struct {
BuildDistro string `json:"build_distro"`
BuildPlatform string `json:"build_platform"`
ConfigHash string `json:"config_hash"`
ConfigValid string `json:"config_valid"`
Extension string `json:"extensions"`
InstanceID string `json:"instance_id"`
PID string `json:"pid"`
StartTime string `json:"start_time"`
UUID string `json:"uuid"`
Version string `json:"version"`
Watcher string `json:"watcher"`
}
OsqueryInfoTable provided on enrollment, table osquery_info
type OsqueryTable ¶
type OsqueryTable struct {
Name string `json:"name"`
URL string `json:"url"`
Platforms []string `json:"platforms"`
Filter string
}
OsqueryTable to show tables to query
type PlatformInfoTable ¶
type PlatformInfoTable struct {
Address string `json:"address"`
Date string `json:"date"`
Extra string `json:"extra"`
Revision string `json:"revision"`
Size string `json:"size"`
Vendor string `json:"vendor"`
Version string `json:"version"`
VolumeSize string `json:"volume_size"`
}
PlatformInfoTable provided on enrollment, table platform_info
type QueryCarveScheduled ¶
type QueryCarveScheduled struct {
Time string `json:"time"`
SHA256 string `json:"sha256"`
Size string `json:"size"`
Path string `json:"path"`
Status string `json:"status"`
CarveGUID string `json:"carve_guid"`
RequestID string `json:"request_id"`
Carve string `json:"carve"`
}
QueryCarveScheduled to receive confirmation for scheduled carved file
type QueryReadRequest ¶
type QueryReadRequest GenericRequest
QueryReadRequest received to get on-demand queries
type QueryReadResponse ¶
type QueryReadResponse struct {
Queries map[string]string `json:"queries"`
NodeInvalid bool `json:"node_invalid"`
}
QueryReadResponse for on-demand queries from nodes
type QueryWriteData ¶
type QueryWriteData struct {
Name string `json:"name"`
Result json.RawMessage `json:"result"`
Status int `json:"status"`
Message string `json:"message"`
}
QueryWriteData to store result of on-demand queries
type QueryWriteMessages ¶
QueryWriteMessages to hold the on-demand queries messages
type QueryWriteQueries ¶
type QueryWriteQueries map[string]json.RawMessage
QueryWriteQueries to hold the on-demand queries results
type QueryWriteRequest ¶
type QueryWriteRequest struct {
Queries QueryWriteQueries `json:"queries"`
Statuses QueryWriteStatuses `json:"statuses"`
Messages QueryWriteMessages `json:"messages"`
NodeKey string `json:"node_key"`
}
QueryWriteRequest to receive on-demand queries results
type QueryWriteResponse ¶
type QueryWriteResponse GenericResponse
QueryWriteResponse for on-demand queries results from nodes
type QueryWriteStatuses ¶
QueryWriteStatuses to hold the on-demand queries statuses
type ScriptRequest ¶
type ScriptRequest struct {
Secret string `json:"secret"`
SecrefFile string `json:"secretFile"`
FlagsFile string `json:"flagsFile"`
Certificate string `json:"certificate"`
}
ScriptRequest to retrieve script
type StringInt ¶
type StringInt int
StringInt to parse numbers that could be strings
func (*StringInt) UnmarshalJSON ¶
UnmarshalJSON implements the json.Unmarshaler interface, which allows us to ingest values of any json type as an int and run our custom conversion
type SystemInfoTable ¶
type SystemInfoTable struct {
ComputerName string `json:"computer_name"`
CPUBrand string `json:"cpu_brand"`
CPULogicalCores string `json:"cpu_logical_cores"`
CPUPhysicalCores string `json:"cpu_physical_cores"`
CPUSubtype string `json:"cpu_subtype"`
CPUType string `json:"cpu_type"`
HardwareModel string `json:"hardware_model"`
HardwareSerial string `json:"hardware_serial"`
HardwareVendor string `json:"hardware_vendor"`
HardwareVersion string `json:"hardware_version"`
Hostname string `json:"hostname"`
LocalHostname string `json:"local_hostname"`
PhysicalMemory string `json:"physical_memory"`
UUID string `json:"uuid"`
}
SystemInfoTable provided on enrollment, table system_info
type VerifyResponse ¶
type VerifyResponse struct {
Flags string `json:"flags"`
Certificate string `json:"certificate"`
OsqueryVersion string `json:"osquery_version"`
}
VerifyResponse for verify requests from osctrld
Source Files