forked from 0xrawsec/whids
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathroutes.go
104 lines (87 loc) · 3.73 KB
/
routes.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
package api
// Routes used by Clients
const (
// GET based API routes
// EptAPIServerKeyPath API route used to get server key
EptAPIServerKeyPath = "/key"
// EptAPIConfigPath API route used to get/post endpoint configuration
EptAPIConfigPath = "/config"
EptAPIConfigSha256Path = "/config/sha256"
// EptAPIRulesPath API route used to get Gene rules available in server
EptAPIRulesPath = "/rules"
// EptAPIRulesSha256Path API route used to retrieve sha256 of latest batch of Gene rules
EptAPIRulesSha256Path = "/rules/sha256"
// Routes to work with sysmon configuration
EptAPISysmonConfigPath = "/sysmon/config"
EptAPISysmonConfigSha256Path = "/sysmon/config/sha256"
// EptAPIIoCsPath API route used to serve IOC container
EptAPIIoCsPath = "/iocs"
// EptAPIIoCsSha256Path API route used to serve sha256 of IOC container
EptAPIIoCsSha256Path = "/iocs/sha256"
// EptAPITools API route used to update local tools
EptAPITools = "/tools"
// POST based API routes
// EptAPIPostLogsPath API route used to post logs
EptAPIPostLogsPath = "/logs"
// EptAPIPostDumpPath API route used to dump things
EptAPIPostDumpPath = "/upload/dumps"
// EptAPIPostSystemInfo API route used to send system information
EptAPIPostSystemInfo = "/info/system"
// GET and POST routes
// EptAPICommandPath used to GET commands and POST results
EptAPICommandPath = "/commands"
)
var (
EptAPIVerbosePaths = []string{
EptAPIServerKeyPath,
EptAPICommandPath,
EptAPIRulesSha256Path,
EptAPIIoCsSha256Path,
}
)
// Routes used for Admin API
const (
uuidRe = "[[:xdigit:]]{8}-[[:xdigit:]]{4}-[[:xdigit:]]{4}-[[:xdigit:]]{4}-[[:xdigit:]]{12}"
AdmAPIUsers = "/users"
AdmAPIUserByID = AdmAPIUsers + "/{uuuid:" + uuidRe + "}"
AdmAPIStatsPath = "/stats"
AdmAPIIocsPath = "/iocs"
AdmAPIRulesPath = "/rules"
AdmAPIEndpointsPath = "/endpoints"
AdmAPIEndpointsOSPath = AdmAPIEndpointsPath + `/{os:\w+}`
// Sysmon related
AdmAPIEndpointsSysmonPath = AdmAPIEndpointsOSPath + `/sysmon`
AdmAPIEndpointsSysmonBinary = AdmAPIEndpointsSysmonPath + `/binary`
AdmAPIEndpointsSysmonConfig = AdmAPIEndpointsSysmonPath + `/config`
// OSQueryi related
AdmAPIEndpointsOSQueryiPath = AdmAPIEndpointsOSPath + `/osqueryi`
AdmAPIEndpointsOSQueryiBinary = AdmAPIEndpointsOSQueryiPath + `/binary`
// Endpoint by UUID
AdmAPIEndpointsByIDPath = AdmAPIEndpointsPath + "/{euuid:" + uuidRe + "}"
// Config related
AdmAPIConfigSuffix = "/config"
AdmAPIEndpointConfigPath = AdmAPIEndpointsByIDPath + AdmAPIConfigSuffix
// Command related
AdmAPICommandSuffix = "/command"
AdmAPIEndpointCommandPath = AdmAPIEndpointsByIDPath + AdmAPICommandSuffix
AdmAPIEndpointCommandFieldPath = AdmAPIEndpointCommandPath + "/{field}"
// Logs related
AdmAPILogsSuffix = "/logs"
AdmAPIEndpointLogsPath = AdmAPIEndpointsByIDPath + AdmAPILogsSuffix
AdmAPIDetectionSuffix = "/detections"
AdmAPIEndpointDetectionsPath = AdmAPIEndpointsByIDPath + AdmAPIDetectionSuffix
// Reports related
AdmAPIReportSuffix = "/report"
AdmAPIEndpointsReportsPath = AdmAPIEndpointsPath + "/reports"
AdmAPIEndpointReportPath = AdmAPIEndpointsByIDPath + AdmAPIReportSuffix
AdmAPIArchiveSuffix = "/archive"
AdmAPIEndpointReportArchivePath = AdmAPIEndpointReportPath + AdmAPIArchiveSuffix
// Dumps related
AdmAPIArticfactsSuffix = "/artifacts"
AdmAPIEndpointsArtifactsPath = AdmAPIEndpointsPath + AdmAPIArticfactsSuffix
AdmAPIEndpointArtifacts = AdmAPIEndpointsByIDPath + AdmAPIArticfactsSuffix
AdmAPIEndpointArtifact = AdmAPIEndpointArtifacts + "/{pguid:" + uuidRe + "}/{ehash:[[:xdigit:]]+}/{fname:.*}"
//Websockets
AdmAPIStreamEvents = "/stream/events"
AdmAPIStreamDetections = "/stream/detections"
)