mirror of
https://github.com/empayre/fleet.git
synced 2024-11-07 17:28:54 +00:00
7a8f418d0f
Closes issue #1475 The command line tool that uses this endpoint -> https://github.com/kolide/configimporter * Added support for atomic imports and dry run imports * Added code so that imports are idempotent
32 lines
1.1 KiB
Go
32 lines
1.1 KiB
Go
package kolide
|
|
|
|
// YARAFilePaths represents the files_path section of an osquery config. The
|
|
// key maps to file_paths section_name and maps to one or more YARA signature
|
|
// group names
|
|
type YARAFilePaths map[string][]string
|
|
|
|
type YARAStore interface {
|
|
// NewYARASignatureGroup creates a new mapping of a name to
|
|
// a group of YARA signatures
|
|
NewYARASignatureGroup(ysg *YARASignatureGroup, opts ...OptionalArg) (*YARASignatureGroup, error)
|
|
// NewYARAFilePath maps a named set of files to one or more
|
|
// groups of YARA signatures
|
|
NewYARAFilePath(fileSectionName, sigGroupName string, opts ...OptionalArg) error
|
|
// YARASection creates the osquery configuration YARA section
|
|
YARASection() (*YARASection, error)
|
|
}
|
|
|
|
// YARASignatureGroup maps a name to a group of YARA Signatures
|
|
// See https://osquery.readthedocs.io/en/stable/deployment/yara/
|
|
type YARASignatureGroup struct {
|
|
ID uint
|
|
SignatureName string `db:"signature_name"`
|
|
Paths []string `db:"-"`
|
|
}
|
|
|
|
// YARASection represents the osquery config for YARA
|
|
type YARASection struct {
|
|
Signatures map[string][]string `json:"signatures"`
|
|
FilePaths map[string][]string `json:"file_paths"`
|
|
}
|