securityhub_finding

package
v0.14.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 28, 2025 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

View Source 
const SecurityHubFindingTableIdentifier = "aws_securityhub_finding"

Variables

This section is empty.

Functions

func NewSecurityHubFindingExtractor 

func NewSecurityHubFindingExtractor() artifact_source.Extractor

NewSecurityHubFindingExtractor creates a new SecurityHubFindingExtractor

Types

type DetailFindingsData 

type DetailFindingsData struct {
	Version    *string    `json:"version,omitempty"`
	ID         *string    `json:"id,omitempty"`
	DetailType *string    `json:"detail-type,omitempty"`
	Source     *string    `json:"source,omitempty"`
	Account    *string    `json:"account,omitempty"`
	Time       *time.Time `json:"time,omitempty"`
	Region     *string    `json:"region,omitempty"`
	Detail     struct {
		Findings []types.AwsSecurityFinding `json:"findings" parquet:"name=findings, type=JSON"`
	} `json:"detail" parquet:"name=detail, type=JSON"`
}

DetailFindingsData maps the `detail` field containing findings The following struct will be used for only parse the log lines

type SecurityHubFinding 

type SecurityHubFinding struct {
	schema.CommonFields

	// Top level fields
	Version    *string    `json:"version,omitempty"`
	ID         *string    `json:"id,omitempty"`
	DetailType *string    `json:"detail_type,omitempty"`
	Source     *string    `json:"source,omitempty"`
	Account    *string    `json:"account,omitempty"`
	Time       *time.Time `json:"time,omitempty"`
	Region     *string    `json:"region,omitempty"`

	// Finding array schema
	AwsAccountName        *string                      `json:"aws_account_name" parquet:"name=aws_account_name"`
	CompanyName           *string                      `json:"company_name" parquet:"name=company_name"`
	Compliance            *types.Compliance            `json:"compliance" parquet:"name=compliance"`
	Confidence            *int32                       `json:"confidence" parquet:"name=confidence"`
	CreatedAt             *time.Time                   `json:"createdAt" parquet:"name=created_at"`
	Criticality           *int32                       `json:"criticality" parquet:"name=criticality"`
	Description           *string                      `json:"description" parquet:"name=description"`
	FirstObservedAt       *string                      `json:"first_observed_at" parquet:"name=first_observed_at"`
	GeneratorId           *string                      `json:"generatorId" parquet:"name=generator_id"`
	GeneratorDetails      *types.GeneratorDetails      `json:"generator_details" parquet:"name=generator_details"`
	FindingId             *string                      `json:"findingId" parquet:"name=finding_id"`
	FindingRegion         *string                      `json:"findingRegion" parquet:"name=finding_region"`
	LastObservedAt        *string                      `json:"last_observed_at" parquet:"name=last_observed_at"`
	Malware               []types.Malware              `json:"malware" parquet:"name=malware"`
	Network               *types.Network               `json:"network" parquet:"name=network"`
	NetworkPath           []types.NetworkPathComponent `json:"network_path" parquet:"name=network_path"`
	Note                  *types.Note                  `json:"note" parquet:"name=note"`
	PatchSummary          *types.PatchSummary          `json:"patch_summary" parquet:"name=patch_summary"`
	Process               *types.ProcessDetails        `json:"process" parquet:"name=process"`
	ProcessedAt           *string                      `json:"processed_at" parquet:"name=processed_at"`
	ProductArn            *string                      `json:"product_arn" parquet:"name=product_arn"`
	ProductFields         map[string]string            `json:"product_fields" parquet:"name=product_fields"`
	ProductName           *string                      `json:"product_name" parquet:"name=product_name"`
	RecordState           types.RecordState            `json:"record_state" parquet:"name=record_state"`
	RelatedFindings       []types.RelatedFinding       `json:"related_findings" parquet:"name=related_findings"`
	Remediation           *types.Remediation           `json:"remediation" parquet:"name=remediation"`
	Resources             []types.Resource             `json:"resources" parquet:"name=resources"`
	Action                *types.Action                `json:"action" parquet:"name=action"`
	Sample                *bool                        `json:"sample" parquet:"name=sample"`
	SchemaVersion         *string                      `json:"schema_version" parquet:"name=schema_version"`
	Severity              *types.Severity              `json:"severity" parquet:"name=severity"`
	SourceUrl             *string                      `json:"source_url" parquet:"name=source_url"`
	ThreatIntelIndicators []types.ThreatIntelIndicator `json:"threat_intel_indicators" parquet:"name=threat_intel_indicators"`
	Threats               []types.Threat               `json:"threats" parquet:"name=threats"`
	Title                 *string                      `json:"title" parquet:"name=title"`
	Types                 []string                     `json:"types" parquet:"name=types"`
	UpdatedAt             *string                      `json:"updated_at" parquet:"name=updated_at"`
	UserDefinedFields     map[string]string            `json:"user_defined_fields" parquet:"name=user_defined_fields"`
	VerificationState     types.VerificationState      `json:"verification_state" parquet:"name=verification_state"`
	Vulnerabilities       []types.Vulnerability        `json:"vulnerabilities" parquet:"name=vulnerabilities"`
	Workflow              *types.Workflow              `json:"workflow" parquet:"name=workflow"`
}

func (*SecurityHubFinding) GetColumnDescriptions 

func (c *SecurityHubFinding) GetColumnDescriptions() map[string]string

type SecurityHubFindingExtractor 

type SecurityHubFindingExtractor struct {
}

SecurityHubFindingExtractor is an extractor that receives JSON serialised SecurityHub findings and extracts SecurityHubFinding records from them

func (*SecurityHubFindingExtractor) Extract 

func (c *SecurityHubFindingExtractor) Extract(_ context.Context, a any) ([]any, error)

Extract unmarshalls the artifact data as SecurityHub findings and returns the SecurityHubFinding records

func (*SecurityHubFindingExtractor) Identifier 

func (c *SecurityHubFindingExtractor) Identifier() string

type SecurityHubFindingMapper 

type SecurityHubFindingMapper struct {
}

func (*SecurityHubFindingMapper) Identifier 

func (m *SecurityHubFindingMapper) Identifier() string

func (*SecurityHubFindingMapper) Map 

func (m *SecurityHubFindingMapper) Map(_ context.Context, a any, _ ...mappers.MapOption[*SecurityHubFinding]) (*SecurityHubFinding, error)

type SecurityHubFindingTable 

type SecurityHubFindingTable struct{}

func (*SecurityHubFindingTable) EnrichRow 

func (c *SecurityHubFindingTable) EnrichRow(row *SecurityHubFinding, sourceEnrichmentFields schema.SourceEnrichment) (*SecurityHubFinding, error)

func (*SecurityHubFindingTable) GetDescription 

func (c *SecurityHubFindingTable) GetDescription() string

func (*SecurityHubFindingTable) GetSourceMetadata 

func (c *SecurityHubFindingTable) GetSourceMetadata() ([]*table.SourceMetadata[*SecurityHubFinding], error)

func (*SecurityHubFindingTable) Identifier 

func (c *SecurityHubFindingTable) Identifier() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.