Documentation
¶
Index ¶
- Constants
- type AcceleratedQueryReadResponse
- type AdminUserView
- type ApiActionsRequest
- type ApiDataResponse
- type ApiDistributedQueryRequest
- type ApiEnvRequest
- type ApiErrorResponse
- type ApiGenericResponse
- type ApiLoginRequest
- type ApiLoginResponse
- type ApiLookupRequest
- type ApiNodeGenericRequest
- type ApiNodeTagRequest
- type ApiQueriesResponse
- type ApiTagsRequest
- type ApiUserRequest
- type AuditLogView
- type AuditLogsPagedResponse
- type BIOSInfo
- type BuildMetadata
- type CarveBlockRequest
- type CarveBlockResponse
- type CarveDetailResponse
- type CarveFileView
- type CarveInitRequest
- type CarveInitResponse
- type CarvesPagedResponse
- type CertRequest
- type ConfigRequest
- type ConfigResponse
- type EnrollRequest
- type EnrollResponse
- type EnvAccessView
- type EnvConfigPatchRequest
- type EnvConfigResponse
- type EnvCreateRequest
- type EnvExpirationPatchRequest
- type EnvIntervalsPatchRequest
- type EnvUpdateRequest
- type FlagsRequest
- type GenericRequest
- type GenericResponse
- type LogDecorations
- type LogGenericData
- type LogRequest
- type LogResponse
- type LogResultData
- type LogStatusData
- type LoginEnvironment
- type NodeEnrichment
- type NodeView
- type NodesPagedResponse
- type OSInfo
- type OSVersionTable
- type OsqueryConfigRequest
- type OsqueryInfoTable
- type OsqueryRuntime
- type OsqueryTable
- type PasswordChangeRequest
- type PlatformInfoTable
- type QueriesPagedResponse
- type QueryCarveScheduled
- type QueryReadRequest
- type QueryReadResponse
- type QueryResultsResponse
- type QueryWriteData
- type QueryWriteMessages
- type QueryWriteQueries
- type QueryWriteRequest
- type QueryWriteResponse
- type QueryWriteStatuses
- type SavedQueriesPagedResponse
- type SavedQueryCreateRequest
- type SavedQueryUpdateRequest
- type SavedQueryView
- type ScriptRequest
- type SetPermissionsRequest
- type SettingPatchRequest
- type StringInt
- type SystemInfo
- type SystemInfoTable
- type TLSEnvironmentView
- type TokenResponse
- type UserMePatchRequest
- type UserMeResponse
- type VerifyRequest
- type VerifyResponse
Constants ¶
const ( StatusLog string = "status" ResultLog string = "result" QueryLog string = "query" )
Types of log types
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AcceleratedQueryReadResponse ¶
type AcceleratedQueryReadResponse struct {
Queries map[string]string `json:"queries"`
NodeInvalid bool `json:"node_invalid"`
Accelerate int `json:"accelerate"`
}
AcceleratedQueryReadResponse for accelerated on-demand queries from nodes https://github.com/osquery/osquery/blob/master/osquery/distributed/distributed.cpp#L219-L231
type AdminUserView ¶ added in v0.5.2
type AdminUserView struct {
ID uint `json:"id"`
CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"updated_at"`
Username string `json:"username"`
Email string `json:"email"`
Fullname string `json:"fullname"`
Admin bool `json:"admin"`
Service bool `json:"service"`
UUID string `json:"uuid"`
TokenExpire time.Time `json:"token_expire"`
EnvironmentID uint `json:"environment_id"`
}
AdminUserView is the PII-minimized projection of an AdminUser for the GET /api/v1/users and GET /api/v1/users/{username} endpoints. Drops LastIPAddress / LastUserAgent / LastAccess / LastTokenUse: a super-admin reading another super-admin's record gets enough to manage them (username, email, fullname, admin/service flags, env scope) but not the network/timing metadata that helps an attacker who later compromises one super-admin profile target the others.
Users querying THEIR OWN record see the metadata they need via the pre-existing UserMeResponse from /api/v1/users/me — this view is strictly for the cross-user "list / inspect another admin" paths.
type ApiActionsRequest ¶
type ApiActionsRequest struct {
Certificate string `json:"certificate"`
MacPkgURL string `json:"url_mac_pkg"`
MsiPkgURL string `json:"url_msi_pkg"`
RpmPkgURL string `json:"url_rpm_pkg"`
DebPkgURL string `json:"url_deb_pkg"`
}
ApiActionsRequest to receive action requests
type ApiDataResponse ¶
type ApiDataResponse struct {
Data string `json:"data"`
}
ApiDataResponse to be returned to API requests for generic data
type ApiDistributedQueryRequest ¶
type ApiDistributedQueryRequest struct {
UUIDs []string `json:"uuid_list"`
Platforms []string `json:"platform_list"`
Environments []string `json:"environment_list"`
Hosts []string `json:"host_list"`
Tags []string `json:"tag_list"`
Query string `json:"query"`
Path string `json:"path"`
Hidden bool `json:"hidden"`
ExpHours int `json:"exp_hours"`
}
ApiDistributedQueryRequest to receive query requests
type ApiEnvRequest ¶ added in v0.5.2
type ApiEnvRequest struct {
Action string `json:"action"`
Name string `json:"name"`
UUID string `json:"uuid"`
Hostname string `json:"hostname"`
Icon string `json:"icon"`
Type string `json:"type"`
}
ApiEnvRequest to receive environment action requests
type ApiErrorResponse ¶
ApiErrorResponse to be returned to API requests with the error message
type ApiGenericResponse ¶
type ApiGenericResponse struct {
Message string `json:"message"`
}
ApiGenericResponse to be returned to API requests for anything
type ApiLoginRequest ¶
type ApiLoginRequest struct {
Username string `json:"username"`
Password string `json:"password"`
ExpHours int `json:"exp_hours"`
}
ApiLoginRequest to receive login requests
type ApiLoginResponse ¶
type ApiLoginResponse struct {
Token string `json:"token"`
CSRFToken string `json:"csrf_token,omitempty"`
}
ApiLoginResponse to be returned to API login requests with the generated token
type ApiLookupRequest ¶ added in v0.4.5
type ApiLookupRequest struct {
Identifier string `json:"identifier"`
}
ApiLookupRequest to receive lookup requests
type ApiNodeGenericRequest ¶
type ApiNodeGenericRequest struct {
UUID string `json:"uuid"`
}
ApiNodeGenericRequest to receive generic node requests
type ApiNodeTagRequest ¶ added in v0.4.6
type ApiNodeTagRequest struct {
UUID string `json:"uuid"`
Tag string `json:"tag"`
Type uint `json:"type"`
Custom string `json:"custom"`
}
ApiNodeTagRequest to receive tag node requests
type ApiQueriesResponse ¶
type ApiQueriesResponse struct {
Name string `json:"query_name"`
}
ApiQueriesResponse to be returned to API requests for queries
type ApiTagsRequest ¶
type ApiTagsRequest struct {
Name string `json:"name"`
Description string `json:"description"`
Color string `json:"color"`
Icon string `json:"icon"`
Env string `json:"env"`
TagType uint `json:"tagtype"`
Custom string `json:"custom"`
}
ApiTagsRequest to receive tag requests
type ApiUserRequest ¶ added in v0.4.6
type ApiUserRequest struct {
Username string `json:"username"`
Password string `json:"password"`
Email string `json:"email"`
Fullname string `json:"fullname"`
Admin bool `json:"admin"`
NotAdmin bool `json:"not_admin"`
Service bool `json:"service"`
NotService bool `json:"not_service"`
API bool `json:"api"`
Environments []string `json:"environments"`
}
ApiUserRequest to receive user requests
type AuditLogView ¶ added in v0.5.2
type AuditLogView struct {
ID uint `json:"id"`
CreatedAt time.Time `json:"created_at"`
Service string `json:"service"`
Username string `json:"username"`
Line string `json:"line"`
LogType uint `json:"log_type"`
Severity uint `json:"severity"`
SourceIP string `json:"source_ip"`
EnvironmentID uint `json:"environment_id"`
EnvUUID string `json:"env_uuid,omitempty"`
}
AuditLogView is the SPA-canonical projection of one pkg/auditlog.AuditLog row. We use a hand-typed struct (rather than the storage struct directly) so the JSON envelope stays stable as the storage shape evolves. Timestamps are RFC3339 to match SavedQueryView / CarveFileView and the SPA's formatRelative parser.
type AuditLogsPagedResponse ¶ added in v0.5.2
type AuditLogsPagedResponse struct {
Items []AuditLogView `json:"items"`
Page int `json:"page"`
PageSize int `json:"page_size"`
TotalItems int64 `json:"total_items"`
TotalPages int `json:"total_pages"`
}
AuditLogsPagedResponse is the SPA-canonical paginated response for GET /api/v1/audit-logs.
type BIOSInfo ¶ added in v0.5.2
type BIOSInfo struct {
Vendor string `json:"vendor,omitempty"`
Version string `json:"version,omitempty"`
Date string `json:"date,omitempty"`
Revision string `json:"revision,omitempty"`
Address string `json:"address,omitempty"`
Size string `json:"size,omitempty"`
VolumeSize string `json:"volume_size,omitempty"`
}
BIOSInfo mirrors host_details.platform_info from the osquery enroll payload. "Platform info" in osquery's vocabulary is BIOS / firmware metadata; renamed here so the SPA naming aligns with what an operator expects to read.
type BuildMetadata ¶ added in v0.4.6
BuildMetadata to show build metadata
type CarveBlockRequest ¶
type CarveBlockRequest struct {
BlockID int `json:"block_id"`
SessionID string `json:"session_id"`
RequestID string `json:"request_id"`
Data string `json:"data"`
}
CarveBlockRequest received to begin a carve
type CarveBlockResponse ¶
type CarveBlockResponse struct {
Success bool `json:"success"`
}
CarveBlockResponse for osquery nodes
type CarveDetailResponse ¶ added in v0.5.2
type CarveDetailResponse struct {
Query queries.DistributedQuery `json:"query"`
Files []CarveFileView `json:"files"`
}
CarveDetailResponse is the SPA-canonical response for GET /api/v1/carves/{env}/{name}. It pairs the carve QUERY metadata with the per-node CarvedFile rows produced by the carve.
type CarveFileView ¶ added in v0.5.2
type CarveFileView struct {
CarveID string `json:"carve_id"`
SessionID string `json:"session_id"`
UUID string `json:"uuid"`
Path string `json:"path"`
Status string `json:"status"`
CarveSize int `json:"carve_size"`
BlockSize int `json:"block_size"`
TotalBlocks int `json:"total_blocks"`
CompletedBlocks int `json:"completed_blocks"`
Archived bool `json:"archived"`
CreatedAt time.Time `json:"created_at"`
CompletedAt time.Time `json:"completed_at"`
}
CarveFileView is the SPA-canonical projection of a single carved file row (one per node that completed the carve). Timestamps are RFC3339 so the SPA's formatRelative parser handles them; CarveID is the disambiguator when downloading the archive of a multi-node carve.
type CarveInitRequest ¶
type CarveInitRequest struct {
BlockCount int `json:"block_count"`
BlockSize int `json:"block_size"`
CarveSize int `json:"carve_size"`
CarveID string `json:"carve_id"`
RequestID string `json:"request_id"`
NodeKey string `json:"node_key"`
}
CarveInitRequest received to begin a carve
type CarveInitResponse ¶
type CarveInitResponse struct {
Success bool `json:"success"`
SessionID string `json:"session_id"`
}
CarveInitResponse for osquery nodes
type CarvesPagedResponse ¶ added in v0.5.2
type CarvesPagedResponse struct {
Items []queries.DistributedQuery `json:"items"`
Page int `json:"page"`
PageSize int `json:"page_size"`
TotalItems int64 `json:"total_items"`
TotalPages int `json:"total_pages"`
}
CarvesPagedResponse is the SPA-canonical paginated response for GET /api/v1/carves/{env}. Items are carve-type DistributedQuery rows (one per carve operation, regardless of how many nodes the carve targeted).
type ConfigRequest ¶
type ConfigRequest GenericRequest
ConfigRequest received when nodes request configuration
type ConfigResponse ¶
type ConfigResponse GenericResponse
ConfigResponse for configuration requests from nodes
type EnrollRequest ¶
type EnrollRequest struct {
EnrollSecret string `json:"enroll_secret"`
HostIdentifier string `json:"host_identifier"`
PlatformType string `json:"platform_type"`
HostDetails struct {
EnrollOSVersion OSVersionTable `json:"os_version"`
EnrollOsqueryInfo OsqueryInfoTable `json:"osquery_info"`
EnrollSystemInfo SystemInfoTable `json:"system_info"`
EnrollPlatformInfo PlatformInfoTable `json:"platform_info"`
} `json:"host_details"`
}
EnrollRequest received when nodes enroll
type EnrollResponse ¶
type EnrollResponse struct {
NodeKey string `json:"node_key"`
NodeInvalid bool `json:"node_invalid"`
}
EnrollResponse to be returned to agents
type EnvAccessView ¶ added in v0.5.2
type EnvAccessView struct {
User bool `json:"user"`
Query bool `json:"query"`
Carve bool `json:"carve"`
Admin bool `json:"admin"`
}
EnvAccessView mirrors users.EnvAccess but lives in the types package so the API request/response shapes don't pull in pkg/users for SPA-side codegen.
type EnvConfigPatchRequest ¶ added in v0.5.2
type EnvConfigPatchRequest struct {
Options *string `json:"options,omitempty"`
Schedule *string `json:"schedule,omitempty"`
Packs *string `json:"packs,omitempty"`
Decorators *string `json:"decorators,omitempty"`
ATC *string `json:"atc,omitempty"`
Flags *string `json:"flags,omitempty"`
}
EnvConfigPatchRequest is the body for PATCH /api/v1/environments/config/{env}. Pointer fields: nil means "leave this section alone", non-nil writes it. Each non-nil value is JSON-validated before persisting; the handler rejects the whole payload if any section is invalid (no partial writes).
type EnvConfigResponse ¶ added in v0.5.2
type EnvConfigResponse struct {
Options string `json:"options"`
Schedule string `json:"schedule"`
Packs string `json:"packs"`
Decorators string `json:"decorators"`
ATC string `json:"atc"`
Flags string `json:"flags"`
}
EnvConfigResponse is the GET /api/v1/environments/config/{env} payload — each field is the raw JSON string for that osquery config section so the SPA's Monaco editor can render and edit it as-is.
type EnvCreateRequest ¶ added in v0.5.2
type EnvCreateRequest struct {
Name string `json:"name"`
Hostname string `json:"hostname"`
Type string `json:"type,omitempty"`
Icon string `json:"icon,omitempty"`
}
EnvCreateRequest is the body for POST /api/v1/environments.
type EnvExpirationPatchRequest ¶ added in v0.5.2
type EnvExpirationPatchRequest struct {
Action string `json:"action"`
}
EnvExpirationPatchRequest is the body for PATCH /api/v1/environments/expiration/{env}. Action is one of: extend, expire, rotate, not-expire.
type EnvIntervalsPatchRequest ¶ added in v0.5.2
type EnvIntervalsPatchRequest struct {
ConfigInterval *int `json:"config_interval,omitempty"`
LogInterval *int `json:"log_interval,omitempty"`
QueryInterval *int `json:"query_interval,omitempty"`
}
EnvIntervalsPatchRequest is the body for PATCH /api/v1/environments/intervals/{env}. Each interval is in seconds; pointer semantics same as EnvConfigPatchRequest.
type EnvUpdateRequest ¶ added in v0.5.2
type EnvUpdateRequest struct {
Name *string `json:"name,omitempty"`
Hostname *string `json:"hostname,omitempty"`
Type *string `json:"type,omitempty"`
Icon *string `json:"icon,omitempty"`
DebugHTTP *bool `json:"debug_http,omitempty"`
AcceptEnrolls *bool `json:"accept_enrolls,omitempty"`
}
EnvUpdateRequest is the body for PATCH /api/v1/environments/{env}. Pointer fields distinguish "unset" from "set to empty"; only supplied fields are written.
type FlagsRequest ¶
type FlagsRequest struct {
Secret string `json:"secret"`
SecrefFile string `json:"secretFile"`
CertFile string `json:"certFile"`
}
FlagsRequest to retrieve flags
type GenericRequest ¶
type GenericRequest struct {
NodeKey string `json:"node_key"`
}
GenericRequest to some endpoints
type GenericResponse ¶
type GenericResponse struct {
NodeInvalid bool `json:"node_invalid"`
}
GenericResponse for osquery nodes
type LogDecorations ¶
type LogDecorations struct {
Username string `json:"username"`
OsqueryUser string `json:"osquery_user"`
LocalHostname string `json:"local_hostname"`
Hostname string `json:"hostname"`
OsqueryVersion string `json:"osquery_version"`
ConfigHash string `json:"config_hash"`
DaemonHash string `json:"osquery_md5"`
}
LogDecorations for decorations field in node logs requests
type LogGenericData ¶
type LogGenericData struct {
HostIdentifier string `json:"hostIdentifier"`
Decorations LogDecorations `json:"decorations"`
Version string `json:"version"`
}
LogGenericData to parse both status and result logs
type LogRequest ¶
type LogRequest struct {
NodeKey string `json:"node_key"`
LogType string `json:"log_type"`
Data json.RawMessage `json:"data"`
}
LogRequest received to process logs
type LogResultData ¶
type LogResultData struct {
Name string `json:"name"`
Epoch int64 `json:"epoch"`
Action string `json:"action"`
Columns json.RawMessage `json:"columns"`
Counter int `json:"counter"`
UnixTime StringInt `json:"unixTime"`
Decorations LogDecorations `json:"decorations"`
CalendarTime string `json:"calendarTime"`
HostIdentifier string `json:"hostIdentifier"`
}
LogResultData to be used processing result logs from nodes
type LogStatusData ¶
type LogStatusData struct {
Line StringInt `json:"line"`
Message string `json:"message"`
Version string `json:"version"`
Filename string `json:"filename"`
Severity StringInt `json:"severity"`
UnixTime StringInt `json:"unixTime"`
Decorations LogDecorations `json:"decorations"`
CalendarTime string `json:"calendarTime"`
HostIdentifier string `json:"hostIdentifier"`
}
LogStatusData to be used processing status logs from nodes
type LoginEnvironment ¶ added in v0.5.2
LoginEnvironment is the pre-auth-safe projection of an environment returned by GET /api/v1/login/environments. UUID + name only — every other field stays behind auth.
type NodeEnrichment ¶ added in v0.5.2
type NodeEnrichment struct {
System *SystemInfo `json:"system,omitempty"`
BIOS *BIOSInfo `json:"bios,omitempty"`
OS *OSInfo `json:"os,omitempty"`
Osquery *OsqueryRuntime `json:"osquery,omitempty"`
}
NodeEnrichment is the projected view of everything we want to expose from nodes.OsqueryNode.RawEnrollment that isn't already on OsqueryNode itself. Embedded into NodeView with `json:"system_info,omitempty"` — the outer key is a slight abuse of the name (it carries BIOS + OS + runtime too) but it matches the heaviest sub-object and reads well in the SPA.
type NodeView ¶ added in v0.5.2
type NodeView struct {
nodes.OsqueryNode
Enrichment *NodeEnrichment `json:"system_info,omitempty"`
}
NodeView is the JSON shape returned by the node show + list endpoints. It embeds OsqueryNode verbatim (so existing JSON fields stay) and adds the optional enrichment block. Consumers that don't care about the enrichment (CLI, dashboards) ignore the extra field; the SPA's Node Detail page reads from it directly.
func ProjectNode ¶ added in v0.5.2
func ProjectNode(n nodes.OsqueryNode) NodeView
ProjectNode wraps a single OsqueryNode into the SPA-facing NodeView, parsing RawEnrollment best-effort. A parse failure or an absent payload simply leaves Enrichment nil — the JSON `omitempty` then drops the key entirely so the SPA sees the same `OsqueryNode` shape it always saw, plus optional detail when available.
func ProjectNodes ¶ added in v0.5.2
func ProjectNodes(in []nodes.OsqueryNode) []NodeView
ProjectNodes wraps a slice with ProjectNode — used by the list endpoint to keep the table-row payload consistent with the show endpoint.
type NodesPagedResponse ¶ added in v0.5.2
type NodesPagedResponse struct {
Items []NodeView `json:"items"`
Page int `json:"page"`
PageSize int `json:"page_size"`
TotalItems int64 `json:"total_items"`
TotalPages int `json:"total_pages"`
}
NodesPagedResponse is the SPA-canonical paginated response for GET /api/v1/nodes/{env}. Items are NodeView — OsqueryNode plus the optional `system_info` enrichment block (CPU cores, BIOS, hardware vendor/model) parsed from RawEnrollment. The embed keeps every previous OsqueryNode JSON field at the same key, so existing consumers (CLI, dashboards) are unaffected.
type OSInfo ¶ added in v0.5.2
type OSInfo struct {
Name string `json:"name,omitempty"`
Version string `json:"version,omitempty"`
Codename string `json:"codename,omitempty"`
Major string `json:"major,omitempty"`
Minor string `json:"minor,omitempty"`
Patch string `json:"patch,omitempty"`
Platform string `json:"platform,omitempty"`
PlatformLike string `json:"platform_like,omitempty"`
}
OSInfo mirrors host_details.os_version. Adds the few fields beyond what OsqueryNode.Platform / PlatformVersion already expose (codename, family).
type OSVersionTable ¶
type OSVersionTable struct {
ID string `json:"_id"`
Codename string `json:"codename"`
Major string `json:"major"`
Minor string `json:"minor"`
Name string `json:"name"`
Patch string `json:"patch"`
Platform string `json:"platform"`
PlatformLike string `json:"platform_like"`
Version string `json:"version"`
}
OSVersionTable provided on enrollment, table os_version
type OsqueryConfigRequest ¶ added in v0.5.2
type OsqueryConfigRequest struct {
Configuration string `json:"configuration"`
Integrity string `json:"integrity"`
}
OsqueryConfigRequest to receive osquery configuration requests
type OsqueryInfoTable ¶
type OsqueryInfoTable struct {
BuildDistro string `json:"build_distro"`
BuildPlatform string `json:"build_platform"`
ConfigHash string `json:"config_hash"`
ConfigValid string `json:"config_valid"`
Extension string `json:"extensions"`
InstanceID string `json:"instance_id"`
PID string `json:"pid"`
StartTime string `json:"start_time"`
UUID string `json:"uuid"`
Version string `json:"version"`
Watcher string `json:"watcher"`
}
OsqueryInfoTable provided on enrollment, table osquery_info
type OsqueryRuntime ¶ added in v0.5.2
type OsqueryRuntime struct {
Version string `json:"version,omitempty"`
BuildPlatform string `json:"build_platform,omitempty"`
BuildDistro string `json:"build_distro,omitempty"`
Extensions string `json:"extensions,omitempty"`
StartTime string `json:"start_time,omitempty"`
ConfigValid string `json:"config_valid,omitempty"`
}
OsqueryRuntime mirrors host_details.osquery_info — the runtime / build metadata of the agent that enrolled. Useful for "this node is running an extensions-disabled build" diagnostics. Drops `instance_id`, `pid`, and `watcher` (PIDs) since they leak less-useful runtime detail; keep `start_time` so operators can see when the daemon last restarted.
type OsqueryTable ¶
type OsqueryTable struct {
Name string `json:"name"`
URL string `json:"url"`
Platforms []string `json:"platforms"`
Filter string
}
OsqueryTable to show tables to query
type PasswordChangeRequest ¶ added in v0.5.2
type PasswordChangeRequest struct {
CurrentPassword string `json:"current_password"`
NewPassword string `json:"new_password"`
}
PasswordChangeRequest is the body for POST /api/v1/users/me/password.
type PlatformInfoTable ¶
type PlatformInfoTable struct {
Address string `json:"address"`
Date string `json:"date"`
Extra string `json:"extra"`
Revision string `json:"revision"`
Size string `json:"size"`
Vendor string `json:"vendor"`
Version string `json:"version"`
VolumeSize string `json:"volume_size"`
}
PlatformInfoTable provided on enrollment, table platform_info
type QueriesPagedResponse ¶ added in v0.5.2
type QueriesPagedResponse struct {
Items []queries.DistributedQuery `json:"items"`
Page int `json:"page"`
PageSize int `json:"page_size"`
TotalItems int64 `json:"total_items"`
TotalPages int `json:"total_pages"`
}
QueriesPagedResponse is the SPA-canonical paginated response for GET /api/v1/queries/{env}/list/{target}.
type QueryCarveScheduled ¶
type QueryCarveScheduled struct {
Time string `json:"time"`
SHA256 string `json:"sha256"`
Size string `json:"size"`
Path string `json:"path"`
Status string `json:"status"`
CarveGUID string `json:"carve_guid"`
RequestID string `json:"request_id"`
Carve string `json:"carve"`
}
QueryCarveScheduled to receive confirmation for scheduled carved file
type QueryReadRequest ¶
type QueryReadRequest GenericRequest
QueryReadRequest received to get on-demand queries
type QueryReadResponse ¶
type QueryReadResponse struct {
Queries map[string]string `json:"queries"`
NodeInvalid bool `json:"node_invalid"`
}
QueryReadResponse for on-demand queries from nodes
type QueryResultsResponse ¶ added in v0.5.2
type QueryResultsResponse struct {
Items []map[string]any `json:"items"`
Page int `json:"page"`
PageSize int `json:"page_size"`
TotalItems int64 `json:"total_items"`
TotalPages int `json:"total_pages"`
Since string `json:"since,omitempty"`
}
QueryResultsResponse is the SPA-canonical paginated response for GET /api/v1/queries/{env}/results/{name}.
type QueryWriteData ¶
type QueryWriteData struct {
Name string `json:"name"`
Result json.RawMessage `json:"result"`
Status int `json:"status"`
Message string `json:"message"`
}
QueryWriteData to store result of on-demand queries
type QueryWriteMessages ¶
QueryWriteMessages to hold the on-demand queries messages
type QueryWriteQueries ¶
type QueryWriteQueries map[string]json.RawMessage
QueryWriteQueries to hold the on-demand queries results
type QueryWriteRequest ¶
type QueryWriteRequest struct {
Queries QueryWriteQueries `json:"queries"`
Statuses QueryWriteStatuses `json:"statuses"`
Messages QueryWriteMessages `json:"messages"`
NodeKey string `json:"node_key"`
}
QueryWriteRequest to receive on-demand queries results
type QueryWriteResponse ¶
type QueryWriteResponse GenericResponse
QueryWriteResponse for on-demand queries results from nodes
type QueryWriteStatuses ¶
QueryWriteStatuses to hold the on-demand queries statuses
type SavedQueriesPagedResponse ¶ added in v0.5.2
type SavedQueriesPagedResponse struct {
Items []SavedQueryView `json:"items"`
Page int `json:"page"`
PageSize int `json:"page_size"`
TotalItems int64 `json:"total_items"`
TotalPages int `json:"total_pages"`
}
SavedQueriesPagedResponse is the SPA-canonical paginated response for GET /api/v1/saved-queries/{env}.
type SavedQueryCreateRequest ¶ added in v0.5.2
SavedQueryCreateRequest is the body shape for POST /api/v1/saved-queries/{env}.
type SavedQueryUpdateRequest ¶ added in v0.5.2
type SavedQueryUpdateRequest struct {
Query string `json:"query"`
}
SavedQueryUpdateRequest is the body shape for PATCH /api/v1/saved-queries/{env}/{name}.
type SavedQueryView ¶ added in v0.5.2
type SavedQueryView struct {
ID uint `json:"id"`
CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"updated_at"`
Name string `json:"name"`
Creator string `json:"creator"`
Query string `json:"query"`
EnvironmentID uint `json:"environment_id"`
ExtraData string `json:"extra_data,omitempty"`
}
SavedQueryView is the SPA-canonical projection of a saved query. We use a hand-typed struct (rather than queries.SavedQuery directly) so the JSON envelope stays stable even if the storage struct gains fields. Timestamps are emitted as RFC3339 (Go time.Time default JSON encoding), to match the OpenAPI schema (date-time) and the SPA's formatRelative parser.
type ScriptRequest ¶
type ScriptRequest struct {
Secret string `json:"secret"`
SecrefFile string `json:"secretFile"`
FlagsFile string `json:"flagsFile"`
Certificate string `json:"certificate"`
}
ScriptRequest to retrieve script
type SetPermissionsRequest ¶ added in v0.5.2
type SetPermissionsRequest struct {
EnvUUID string `json:"env_uuid"`
Access EnvAccessView `json:"access"`
}
SetPermissionsRequest is the body for POST /api/v1/users/{username}/permissions.
type SettingPatchRequest ¶ added in v0.5.2
type SettingPatchRequest struct {
Type string `json:"type,omitempty"`
String *string `json:"string,omitempty"`
Boolean *bool `json:"boolean,omitempty"`
Integer *int64 `json:"integer,omitempty"`
}
SettingPatchRequest is the body for PATCH /api/v1/settings/{service}/{name}. Exactly one of String / Boolean / Integer must be supplied; the handler validates the type matches what's stored. Type is informational and optional — when omitted the handler infers from the supplied field.
type StringInt ¶
type StringInt int
StringInt to parse numbers that could be strings
func (*StringInt) UnmarshalJSON ¶
UnmarshalJSON implements the json.Unmarshaler interface, which allows us to ingest values of any json type as an int and run our custom conversion
type SystemInfo ¶ added in v0.5.2
type SystemInfo struct {
HardwareVendor string `json:"hardware_vendor,omitempty"`
HardwareModel string `json:"hardware_model,omitempty"`
HardwareVersion string `json:"hardware_version,omitempty"`
HardwareSerial string `json:"hardware_serial,omitempty"`
CPUBrand string `json:"cpu_brand,omitempty"`
CPUType string `json:"cpu_type,omitempty"`
CPUSubtype string `json:"cpu_subtype,omitempty"`
CPUPhysicalCores string `json:"cpu_physical_cores,omitempty"`
CPULogicalCores string `json:"cpu_logical_cores,omitempty"`
PhysicalMemory string `json:"physical_memory,omitempty"`
ComputerName string `json:"computer_name,omitempty"`
LocalHostname string `json:"local_hostname,omitempty"`
}
SystemInfo mirrors host_details.system_info from the osquery enroll payload, minus the host_identifier / instance_id fields which are duplicates of data we already expose via OsqueryNode.UUID.
type SystemInfoTable ¶
type SystemInfoTable struct {
ComputerName string `json:"computer_name"`
CPUBrand string `json:"cpu_brand"`
CPULogicalCores string `json:"cpu_logical_cores"`
CPUPhysicalCores string `json:"cpu_physical_cores"`
CPUSubtype string `json:"cpu_subtype"`
CPUType string `json:"cpu_type"`
HardwareModel string `json:"hardware_model"`
HardwareSerial string `json:"hardware_serial"`
HardwareVendor string `json:"hardware_vendor"`
HardwareVersion string `json:"hardware_version"`
Hostname string `json:"hostname"`
LocalHostname string `json:"local_hostname"`
PhysicalMemory string `json:"physical_memory"`
UUID string `json:"uuid"`
}
SystemInfoTable provided on enrollment, table system_info
type TLSEnvironmentView ¶ added in v0.5.2
type TLSEnvironmentView struct {
ID uint `json:"id"`
CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"updated_at"`
UUID string `json:"uuid"`
Name string `json:"name"`
Hostname string `json:"hostname"`
Type string `json:"type"`
Icon string `json:"icon"`
DebugHTTP bool `json:"debug_http"`
ConfigTLS bool `json:"config_tls"`
ConfigInterval int `json:"config_interval"`
LoggingTLS bool `json:"logging_tls"`
LogInterval int `json:"log_interval"`
QueryTLS bool `json:"query_tls"`
QueryInterval int `json:"query_interval"`
CarvesTLS bool `json:"carves_tls"`
AcceptEnrolls bool `json:"accept_enrolls"`
EnrollExpire time.Time `json:"enroll_expire"`
RemoveExpire time.Time `json:"remove_expire"`
}
TLSEnvironmentView is the low-privilege projection of an environment. UserLevel operators (env scope) need basic env metadata so the SPA can render its env switcher / dashboard / table chrome — but they MUST NOT receive the enroll secret, the certificate, or one-liner URLs that embed the secret. The full storage struct is admin-only via EnvironmentAdminHandler.
type TokenResponse ¶ added in v0.5.2
TokenResponse is returned by POST /api/v1/users/{username}/token/refresh and by login. The Token is shown ONCE to the operator (so they can copy it for CLI use); it isn't returned by any GET endpoint after refresh.
type UserMePatchRequest ¶ added in v0.5.2
UserMePatchRequest is the body for PATCH /api/v1/users/me — operators can update their own profile (email and fullname only).
type UserMeResponse ¶ added in v0.5.2
type UserMeResponse struct {
Username string `json:"username"`
Email string `json:"email"`
Fullname string `json:"fullname"`
Admin bool `json:"admin"`
Service bool `json:"service"`
UUID string `json:"uuid"`
TokenExpire time.Time `json:"token_expire"`
LastAccess time.Time `json:"last_access"`
}
UserMeResponse is the SPA-canonical projection of the currently-authenticated user. Used by GET /api/v1/users/me.
type VerifyResponse ¶
type VerifyResponse struct {
Flags string `json:"flags"`
Certificate string `json:"certificate"`
OsqueryVersion string `json:"osquery_version"`
}
VerifyResponse for verify requests from osctrld
Source Files