Documentation
¶
Index ¶
- Constants
- func ApplyFilters(records []types.Event, filters ...Filter) ([]types.Event, error)
- func FilterByRegion(region string, events []types.Event) []types.Event
- func FilterEventsAfter(events []types.Event, afterTime time.Time) []types.Event
- func FilterEventsBefore(events []types.Event, beforeTime time.Time) []types.Event
- func Filters(f WriteEventFilters, alllookupEvents []types.Event) []types.Event
- func IsIgnoredEvent(event types.Event, mergedRegex string, log *logrus.Logger) (bool, error)
- func NewCloudtrailCmd() *cobra.Command
- func ParseDurationAfter(input string, startTime time.Time) (time.Time, error)
- func ParseDurationBefore(input string, startTime time.Time) (time.Time, error)
- func ParseStartEndTime(start, end, duration string) (time.Time, time.Time, error)
- func ParseTimeAndValidate(timeStr string) (time.Time, error)
- func PrintEvents(filterEvents []types.Event, printUrl bool, printRaw bool)
- func PrintFormat(filterEvents []types.Event, printUrl bool, printRaw bool, table []string)
- func ValidateFilters(filters []string) error
- func ValidateFormat(table []string) error
- func Whoami(stsClient sts.Client) (accountArn string, accountId string, err error)
- type Cache
- type EventAPI
- type EventResult
- type Filter
- type Period
- type Periods
- type Printer
- type RawEventDetails
- type WriteEventFilters
Constants ¶
const DEFAULT_REGION = "us-east-1"
Variables ¶
This section is empty.
Functions ¶
func ApplyFilters ¶ added in v0.47.0
ApplyFilters takes the filteredEvents slice and applies an additional filter function. The filter function here is an inline function that calls isIgnoredEvent(event, mergedRegex). Only events for which isIgnoredEvent returns true (i.e., not ignored by the regex) are returned.
func FilterByRegion ¶ added in v0.47.1
func FilterEventsAfter ¶ added in v0.47.1
Filter events that occur after a specific time
func FilterEventsBefore ¶ added in v0.47.1
Filter events that occur before a specific time
func Filters ¶ added in v0.47.0
func Filters(f WriteEventFilters, alllookupEvents []types.Event) []types.Event
Filters applies inclusion and exclusion filters to all Cloudtrail Events applies inclusion filters then exclusion filters.
func IsIgnoredEvent ¶ added in v0.47.0
isIgnoredEvent filters out events based on the specified ignore list, which contains regular expression patterns. It returns true if the event should be kept, and false if it should be filtered out.
func NewCloudtrailCmd ¶
NewCloudtrailCmd represents the newCmdWriteEvents command
func ParseDurationAfter ¶ added in v0.47.0
parseDurationAfter parses the given startTime string as a duration and adds it from the current UTC time. It returns the resulting time and any parsing error encountered.
func ParseDurationBefore ¶ added in v0.47.0
parseDurationBefore parses the given startTime string as a duration and subtracts it from the current UTC time. It returns the resulting time and any parsing error encountered.
func ParseStartEndTime ¶ added in v0.47.0
ParseStartEndTime parses start time, end time, and duration parameters to calculate the actual time range for CloudTrail event queries.
Parameters:
- start: Start time in "YYYY-MM-DD,HH:MM:SS" format (--after flag)
- end: End time in "YYYY-MM-DD,HH:MM:SS" format (--until flag)
- duration: Duration string like "2h", "30m", "1d" (--since flag)
Time calculation logic:
- If both start and end are provided: Use exact time range
- If only start is provided: start + duration (forward in time)
- If only end is provided: end - duration (backward in time)
- If both start and end are no provided: Use time.Now().UTC() - duration (default 1h)
Returns:
- startTime: Calculated start time in UTC
- endTime: Calculated end time in UTC
- error: Any parsing or validation error
func ParseTimeAndValidate ¶ added in v0.47.0
parseTimeAndValidate takes YY-MM-DD,hh:mm:ss format, splits the year and time and convert it to current UTC time. It returns the parsed time and any parsing error encountered.
func PrintEvents ¶ added in v0.47.0
PrintEvents prints the filtered CloudTrail events in a human-readable format. Allows to print cloudtrail event url link or its raw JSON format. Allows to print cloutrail event resource name & type.
func PrintFormat ¶ added in v0.47.0
PrintFormat allows the user to specify which fields to print. Allows to print cloudtrail event url link
func ValidateFilters ¶ added in v0.47.0
ValidateFilters checks that all filters are in the correct "key=value" format Returns an error immediately if a filter is invalid.
func ValidateFormat ¶ added in v0.47.0
ValidateTable checks for the string list given and returns error if it does not match.
Types ¶
type Cache ¶ added in v0.47.1
Cache struct stores CloudTrail periods and their corresponding events,
func (*Cache) EnsureFilenameExist ¶ added in v0.47.1
func (*Cache) FilterByPeriod ¶ added in v0.47.1
type EventAPI ¶ added in v0.47.1
type EventAPI struct {
// contains filtered or unexported fields
}
func NewEventAPI ¶ added in v0.47.1
type EventResult ¶ added in v0.47.1
type Filter ¶ added in v0.47.0
Filter is a function type that takes a CloudTrail event and returns a boolean indicating whether the event passes the filter, and an error if the filter evaluation fails.
type Period ¶ added in v0.47.1
Period struct is a struct that consist of the Start and End time for the Cache
func Merge ¶ added in v0.47.1
Merge checks to see if the period overlaps the new period. If it overlaps it will merge the periods and return a new period. Input parameter has to be sorted before the function is called
func (*Period) Diff ¶ added in v0.47.1
Diff returns the missing time Period if there is an overlap If req.start is before p.start; StartTime: req.StartTime, EndTime: p.StartTime - 1s If req.end is after p.end; StartTime: p.EndTime, EndTime + 1: req.StartTime
func (Period) DiffMultiple ¶ added in v0.47.1
DiffMultiple takes the requested time range and compares it to the time period in the cache. If it overlaps, it will be added to the list and returned to the user.
type Periods ¶ added in v0.47.1
type Periods []Period
Periods is a slice of Period structs. It implements the sort.Interface so that a slice of Periods can be sorted by StartTime.
type Printer ¶ added in v0.47.1
type Printer struct {
// contains filtered or unexported fields
}
Printer struct handles the formatting and output of CloudTrail events.
func NewPrinter ¶ added in v0.47.1
NewPrinter creates a new Printer instance with the specified output options. Parameters:
- printUrl: If true, generates and includes AWS Console links for events
- printRaw: If true, displays events in raw JSON format
func (*Printer) PrintEvents ¶ added in v0.47.1
PrintEvents prints the filtered CloudTrail events in a human-readable format. Allows to print cloudtrail event url link or its raw JSON format. Allows to print cloutrail event resource name & type.
type RawEventDetails ¶
type RawEventDetails struct {
EventVersion string `json:"eventVersion"`
UserIdentity struct {
AccountId string `json:"accountId"`
SessionContext struct {
SessionIssuer struct {
Type string `json:"type"`
UserName string `json:"userName"`
Arn string `json:"arn"`
} `json:"sessionIssuer"`
} `json:"sessionContext"`
} `json:"userIdentity"`
EventRegion string `json:"awsRegion"`
EventId string `json:"eventID"`
ErrorCode string `json:"errorCode"`
}
RawEventDetails represents the structure of relevant fields extracted from a CloudTrail event JSON.
func ExtractUserDetails ¶ added in v0.47.0
func ExtractUserDetails(cloudTrailEvent *string) (*RawEventDetails, error)
ExtractUserDetails parses a CloudTrail event JSON string and extracts user identity details.
type WriteEventFilters ¶ added in v0.47.0
WriteEventFilters defines the structure for filters used in write-events.go
Source Files