From babcbbb0cf574aa446e8af01b5b91d3c4ec3c108 Mon Sep 17 00:00:00 2001 From: jnathangreeg Date: Tue, 27 Jan 2026 16:39:41 +0100 Subject: [PATCH] Update armoapi-go dependency to v0.0.669 and add ECS-specific methods to EnrichEvent interface and related types --- go.mod | 2 +- go.sum | 4 +-- pkg/rulemanager/types/failure.go | 13 ++++++++ pkg/utils/datasource_event.go | 56 ++++++++++++++++++++++++++++++++ pkg/utils/events.go | 13 ++++++++ pkg/utils/struct_event.go | 45 +++++++++++++++++++++++++ 6 files changed, 130 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index c4da66c734..b5934818a8 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,7 @@ require ( github.com/Masterminds/semver/v3 v3.4.0 github.com/anchore/syft v1.32.0 github.com/aquilax/truncate v1.0.0 - github.com/armosec/armoapi-go v0.0.667 + github.com/armosec/armoapi-go v0.0.669 github.com/armosec/utils-k8s-go v0.0.35 github.com/cenkalti/backoff v2.2.1+incompatible github.com/cenkalti/backoff/v4 v4.3.0 diff --git a/go.sum b/go.sum index 9b3f97365c..cefae86b31 100644 --- a/go.sum +++ b/go.sum @@ -761,8 +761,8 @@ github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= -github.com/armosec/armoapi-go v0.0.667 h1:LrFowKvthnL676Gx+hjhvqP4pQ2+CjykFO9SdIYDc/c= -github.com/armosec/armoapi-go v0.0.667/go.mod h1:9jAH0g8ZsryhiBDd/aNMX4+n10bGwTx/doWCyyjSxts= +github.com/armosec/armoapi-go v0.0.669 h1:7tGk7+u94C7OqA81QqWV9UWbH28LKCb/j4Gt9ybfXmI= +github.com/armosec/armoapi-go v0.0.669/go.mod h1:9jAH0g8ZsryhiBDd/aNMX4+n10bGwTx/doWCyyjSxts= github.com/armosec/gojay v1.2.17 h1:VSkLBQzD1c2V+FMtlGFKqWXNsdNvIKygTKJI9ysY8eM= github.com/armosec/gojay v1.2.17/go.mod h1:vuvX3DlY0nbVrJ0qCklSS733AWMoQboq3cFyuQW9ybc= github.com/armosec/utils-go v0.0.58 h1:g9RnRkxZAmzTfPe2ruMo2OXSYLwVSegQSkSavOfmaIE= diff --git a/pkg/rulemanager/types/failure.go b/pkg/rulemanager/types/failure.go index 8bd5682de3..638dabfd1d 100644 --- a/pkg/rulemanager/types/failure.go +++ b/pkg/rulemanager/types/failure.go @@ -20,6 +20,7 @@ type GenericRuleFailure struct { TriggerEvent utils.EnrichEvent RuleAlert apitypes.RuleAlert RuntimeAlertK8sDetails apitypes.RuntimeAlertK8sDetails + RuntimeAlertECSDetails apitypes.RuntimeAlertECSDetails RuleID string CloudServices []string HttpRuleAlert apitypes.HttpRuleAlert @@ -41,6 +42,8 @@ type RuleFailure interface { GetRuleAlert() apitypes.RuleAlert // Get K8s Runtime Details GetRuntimeAlertK8sDetails() apitypes.RuntimeAlertK8sDetails + // Get ECS Runtime Details + GetRuntimeAlertEcsDetails() apitypes.RuntimeAlertECSDetails // Get Rule ID GetRuleId() string // Get Cloud Services @@ -66,6 +69,8 @@ type RuleFailure interface { SetRuleAlert(ruleAlert apitypes.RuleAlert) // Set K8s Runtime Details SetRuntimeAlertK8sDetails(runtimeAlertK8sDetails apitypes.RuntimeAlertK8sDetails) + // Set ECS Runtime Details + SetRuntimeAlertEcsDetails(runtimeAlertEcsDetails apitypes.RuntimeAlertECSDetails) // Set Cloud Services SetCloudServices(cloudServices []string) // Set Alert Platform @@ -102,6 +107,10 @@ func (rule *GenericRuleFailure) GetRuntimeAlertK8sDetails() apitypes.RuntimeAler return rule.RuntimeAlertK8sDetails } +func (rule *GenericRuleFailure) GetRuntimeAlertEcsDetails() apitypes.RuntimeAlertECSDetails { + return rule.RuntimeAlertECSDetails +} + func (rule *GenericRuleFailure) GetRuleId() string { return rule.RuleID } @@ -150,6 +159,10 @@ func (rule *GenericRuleFailure) SetRuntimeAlertK8sDetails(runtimeAlertK8sDetails rule.RuntimeAlertK8sDetails = runtimeAlertK8sDetails } +func (rule *GenericRuleFailure) SetRuntimeAlertEcsDetails(runtimeAlertEcsDetails apitypes.RuntimeAlertECSDetails) { + rule.RuntimeAlertECSDetails = runtimeAlertEcsDetails +} + func (rule *GenericRuleFailure) SetWorkloadDetails(workloadDetails string) { if workloadDetails == "" { return diff --git a/pkg/utils/datasource_event.go b/pkg/utils/datasource_event.go index b229c8246e..0c31c8b200 100644 --- a/pkg/utils/datasource_event.go +++ b/pkg/utils/datasource_event.go @@ -889,3 +889,59 @@ func (e *DatasourceEvent) SetExtra(extra interface{}) { func (e *DatasourceEvent) SetResponse(response *http.Response) { e.Response = response } + +// ECS-specific methods - implementing EnrichEvent interface +func (e *DatasourceEvent) GetEcsClusterName() string { + clusterName, _ := e.getFieldAccessor("ecs.clusterName").String(e.Data) + return clusterName +} + +func (e *DatasourceEvent) GetEcsClusterARN() string { + clusterARN, _ := e.getFieldAccessor("ecs.clusterARN").String(e.Data) + return clusterARN +} + +func (e *DatasourceEvent) GetEcsTaskARN() string { + taskARN, _ := e.getFieldAccessor("ecs.taskARN").String(e.Data) + return taskARN +} + +func (e *DatasourceEvent) GetEcsTaskFamily() string { + taskFamily, _ := e.getFieldAccessor("ecs.taskFamily").String(e.Data) + return taskFamily +} + +func (e *DatasourceEvent) GetEcsTaskDefinitionARN() string { + taskDefARN, _ := e.getFieldAccessor("ecs.taskDefinitionARN").String(e.Data) + return taskDefARN +} + +func (e *DatasourceEvent) GetEcsServiceName() string { + serviceName, _ := e.getFieldAccessor("ecs.serviceName").String(e.Data) + return serviceName +} + +func (e *DatasourceEvent) GetEcsContainerName() string { + containerName, _ := e.getFieldAccessor("ecs.containerName").String(e.Data) + return containerName +} + +func (e *DatasourceEvent) GetEcsContainerARN() string { + containerARN, _ := e.getFieldAccessor("ecs.containerARN").String(e.Data) + return containerARN +} + +func (e *DatasourceEvent) GetEcsContainerInstance() string { + containerInstance, _ := e.getFieldAccessor("ecs.containerInstance").String(e.Data) + return containerInstance +} + +func (e *DatasourceEvent) GetEcsAvailabilityZone() string { + availabilityZone, _ := e.getFieldAccessor("ecs.availabilityZone").String(e.Data) + return availabilityZone +} + +func (e *DatasourceEvent) GetEcsLaunchType() string { + launchType, _ := e.getFieldAccessor("ecs.launchType").String(e.Data) + return launchType +} diff --git a/pkg/utils/events.go b/pkg/utils/events.go index f0073cc281..1b383c7e33 100644 --- a/pkg/utils/events.go +++ b/pkg/utils/events.go @@ -46,6 +46,19 @@ type EnrichEvent interface { GetPpid() uint32 GetUid() *uint32 SetExtra(extra interface{}) + + // ECS-specific methods + GetEcsClusterName() string + GetEcsClusterARN() string + GetEcsTaskARN() string + GetEcsTaskFamily() string + GetEcsTaskDefinitionARN() string + GetEcsServiceName() string + GetEcsContainerName() string + GetEcsContainerARN() string + GetEcsContainerInstance() string + GetEcsAvailabilityZone() string + GetEcsLaunchType() string } type BpfEvent interface { diff --git a/pkg/utils/struct_event.go b/pkg/utils/struct_event.go index f914f4f2df..674af7037d 100644 --- a/pkg/utils/struct_event.go +++ b/pkg/utils/struct_event.go @@ -670,3 +670,48 @@ func (e *StructEvent) SetExtra(extra interface{}) { func (e *StructEvent) SetResponse(response *http.Response) { e.Response = response } + +// ECS-specific methods - implementing EnrichEvent interface +func (e *StructEvent) GetEcsClusterName() string { + return "" +} + +func (e *StructEvent) GetEcsClusterARN() string { + return "" +} + +func (e *StructEvent) GetEcsTaskARN() string { + return "" +} + +func (e *StructEvent) GetEcsTaskFamily() string { + return "" +} + +func (e *StructEvent) GetEcsTaskDefinitionARN() string { + return "" +} + +func (e *StructEvent) GetEcsServiceName() string { + return "" +} + +func (e *StructEvent) GetEcsContainerName() string { + return "" +} + +func (e *StructEvent) GetEcsContainerARN() string { + return "" +} + +func (e *StructEvent) GetEcsContainerInstance() string { + return "" +} + +func (e *StructEvent) GetEcsAvailabilityZone() string { + return "" +} + +func (e *StructEvent) GetEcsLaunchType() string { + return "" +}