Updating Gravitational parsers (#1548)

glerb · Sep 16, 2020 · 110e21c · 110e21c
1 parent 99ac7a6
commit 110e21c
Showing 1 changed file with 49 additions and 53 deletions.
diff --git a/internal/log_analysis/log_processor/parsers/gravitationallogs/audit.go b/internal/log_analysis/log_processor/parsers/gravitationallogs/audit.go
@@ -19,12 +19,8 @@ package gravitationallogs
  */
 
 import (
-	"time"
-
-	jsoniter "github.com/json-iterator/go"
-
 	"github.com/panther-labs/panther/internal/log_analysis/log_processor/logtypes"
-	"github.com/panther-labs/panther/internal/log_analysis/log_processor/pantherlog/null"
+	"github.com/panther-labs/panther/internal/log_analysis/log_processor/pantherlog"
 )
 
 const LogTypePrefix = "Gravitational"
@@ -58,75 +54,75 @@ type TeleportAudit struct {
 	//   * user.login - A user logged into web UI or via tsh.
 	//   * user.update - A user was updated
 	//   * github.create - A user was created via github
-	Event null.String `json:"event" validate:"required" description:"Event type"`
-	Code  null.String `json:"code" validate:"required" description:"Event code"`
-	Time  time.Time   `json:"time" tcodec:"rfc3339" validate:"required" panther:"event_time" description:"Event timestamp"`
-	UID   null.String `json:"uid" validate:"required" description:"Event unique id"`
-
-	User      null.String `json:"user" description:"Teleport user name (event type is 'user.login')"`
-	Namespace null.String `json:"namespace" description:"Server namespace. This field is reserved for future use."`
-	ServerID  null.String `json:"server_id" description:"Unique server ID."`
-	SessionID null.String `json:"sid" panther:"trace_id" description:"Session ID. Can be used to replay the session."`
-	EventID   null.Int32  `json:"ei" description:"Event numeric id"`
-
-	Login         null.String `json:"login" description:"OS login"`
-	AddressLocal  null.String `json:"addr.local" panther:"net_addr" description:"Address of the SSH node"`
-	AddressRemote null.String `json:"addr.remote" panther:"net_addr" description:"Address of the connecting client (user)"`
-	TerminalSize  null.String `json:"size" description:"Size of terminal"`
+	Event pantherlog.String `json:"event" validate:"required" description:"Event type"`
+	Code  pantherlog.String `json:"code" validate:"required" description:"Event code"`
+	Time  pantherlog.Time   `json:"time" tcodec:"rfc3339" validate:"required" panther:"event_time" description:"Event timestamp"`
+	UID   pantherlog.String `json:"uid" validate:"required" description:"Event unique id"`
+
+	User      pantherlog.String `json:"user" description:"Teleport user name (event type is 'user.login')"`
+	Namespace pantherlog.String `json:"namespace" description:"Server namespace. This field is reserved for future use."`
+	ServerID  pantherlog.String `json:"server_id" description:"Unique server ID."`
+	SessionID pantherlog.String `json:"sid" panther:"trace_id" description:"Session ID. Can be used to replay the session."`
+	EventID   pantherlog.Int32  `json:"ei" description:"Event numeric id"`
+
+	Login         pantherlog.String `json:"login" description:"OS login"`
+	AddressLocal  pantherlog.String `json:"addr.local" panther:"net_addr" description:"Address of the SSH node"`
+	AddressRemote pantherlog.String `json:"addr.remote" panther:"net_addr" description:"Address of the connecting client (user)"`
+	TerminalSize  pantherlog.String `json:"size" description:"Size of terminal"`
 
 	// auth event type fields
-	Success null.Bool   `json:"success" description:"Authentication success (if event type is 'auth')"`
-	Error   null.String `json:"error" description:"Authentication error (event type is 'auth')"`
+	Success pantherlog.Bool   `json:"success" description:"Authentication success (if event type is 'auth')"`
+	Error   pantherlog.String `json:"error" description:"Authentication error (event type is 'auth')"`
 
 	// exec event type fields
-	Command   null.String `json:"command" description:"Command that was executed (event type is 'exec')"`
-	ExitCode  null.Int32  `json:"exitCode" description:"Exit code of the command (event type is 'exec')"`
-	ExitError null.String `json:"exitError" description:"Exit error of the command (event type is 'exec')"`
+	Command   pantherlog.String `json:"command" description:"Command that was executed (event type is 'exec')"`
+	ExitCode  pantherlog.Int32  `json:"exitCode" description:"Exit code of the command (event type is 'exec')"`
+	ExitError pantherlog.String `json:"exitError" description:"Exit error of the command (event type is 'exec')"`
 
 	// session.command type fields
-	PID        null.Int64  `json:"pid" description:"Process id of command"`
-	ParentPID  null.Int64  `json:"ppid" description:"Process id of the parent process"`
-	CGroupID   null.Int64  `json:"cgroup_id" description:"Control group id"`
-	ReturnCode null.Int32  `json:"return_code" description:"Return code of the command"`
-	Program    null.String `json:"program" description:"Name of the command"`
-	ArgV       []string    `json:"argv" description:"Arguments passed to command"`
+	PID        pantherlog.Int64  `json:"pid" description:"Process id of command"`
+	ParentPID  pantherlog.Int64  `json:"ppid" description:"Process id of the parent process"`
+	CGroupID   pantherlog.Int64  `json:"cgroup_id" description:"Control group id"`
+	ReturnCode pantherlog.Int32  `json:"return_code" description:"Return code of the command"`
+	Program    pantherlog.String `json:"program" description:"Name of the command"`
+	ArgV       []string          `json:"argv" description:"Arguments passed to command"`
 
 	// scp event type fields
-	Path   null.String `json:"path" description:"Executable path or SCP action target file path (scp, session.command)"`
-	Len    null.Int64  `json:"len" description:"SCP target file size (scp)"`
-	Action null.String `json:"action" description:"SCP action (scp)"`
+	Path   pantherlog.String `json:"path" description:"Executable path or SCP action target file path (scp, session.command)"`
+	Len    pantherlog.Int64  `json:"len" description:"SCP target file size (scp)"`
+	Action pantherlog.String `json:"action" description:"SCP action (scp)"`
 
 	// user.login event type fields
-	Method     null.String          `json:"method" description:"Login method used (user.login)"`
-	Attributes *jsoniter.RawMessage `json:"attributes" description:"User login attributes (user.login)"`
+	Method     pantherlog.String      `json:"method" description:"Login method used (user.login)"`
+	Attributes *pantherlog.RawMessage `json:"attributes" description:"User login attributes (user.login)"`
 
 	// user.create event type fields
-	Roles     []string    `json:"roles" description:"Roles for the new user (user.create)"`
-	Connector null.String `json:"connector" description:"Connector that created the user (user.create)"`
-	Expires   time.Time   `json:"expires" tcodec:"rfc3339" description:"Expiration date "`
+	Roles     []string          `json:"roles" description:"Roles for the new user (user.create)"`
+	Connector pantherlog.String `json:"connector" description:"Connector that created the user (user.create)"`
+	Expires   pantherlog.Time   `json:"expires" tcodec:"rfc3339" description:"Expiration date "`
 
 	// user.create, user.update, github.create
-	Name null.String `json:"name" description:"Name of user or service (github.created, user.create, user.update)"`
+	Name pantherlog.String `json:"name" description:"Name of user or service (github.created, user.create, user.update)"`
 
 	// session.data
-	BytesSent     null.Int64 `json:"tx" description:"Number of bytes sent"`
-	BytesReceived null.Int64 `json:"rx" description:"Number of bytes received"`
+	BytesSent     pantherlog.Int64 `json:"tx" description:"Number of bytes sent"`
+	BytesReceived pantherlog.Int64 `json:"rx" description:"Number of bytes received"`
 
 	// session.start
 	ServerLabels   map[string]string `json:"server_labels" description:"Server labels"`
-	ServerHostname null.String       `json:"server_hostname" panther:"hostname" description:"Server hostname"`
-	ServerAddress  null.String       `json:"server_addr" panther:"net_addr" description:"Server hostname"`
+	ServerHostname pantherlog.String `json:"server_hostname" panther:"hostname" description:"Server hostname"`
+	ServerAddress  pantherlog.String `json:"server_addr" panther:"net_addr" description:"Server hostname"`
 
 	// session.end
-	SessionStart      time.Time `json:"session_start" tcodec:"rfc3339" description:"Timestamp of session start"`
-	SessionStop       time.Time `json:"session_stop" tcodec:"rfc3339" description:"Timestamp of session end"`
-	Interactive       null.Bool `json:"interactive" description:"Whether the session was interactive"`
-	EnhancedRecording null.Bool `json:"enhanced_recording" description:"Whether enhanced recording is enabled"`
-	Participants      []string  `json:"participants" description:"Users that participated in the session"`
+	SessionStart      pantherlog.Time `json:"session_start" tcodec:"rfc3339" description:"Timestamp of session start"`
+	SessionStop       pantherlog.Time `json:"session_stop" tcodec:"rfc3339" description:"Timestamp of session end"`
+	Interactive       pantherlog.Bool `json:"interactive" description:"Whether the session was interactive"`
+	EnhancedRecording pantherlog.Bool `json:"enhanced_recording" description:"Whether enhanced recording is enabled"`
+	Participants      []string        `json:"participants" description:"Users that participated in the session"`
 
 	// session.network
-	DestinationAddress null.String `json:"dst_addr" panther:"ip" description:"Destination IP address"`
-	SourceAddress      null.String `json:"src_addr" panther:"ip" description:"Source IP address"`
-	DestinationPort    null.Uint16 `json:"dst_port" description:"Destination port"`
-	Version            null.Int32  `json:"version" description:"Event version"`
+	DestinationAddress pantherlog.String `json:"dst_addr" panther:"ip" description:"Destination IP address"`
+	SourceAddress      pantherlog.String `json:"src_addr" panther:"ip" description:"Source IP address"`
+	DestinationPort    pantherlog.Uint16 `json:"dst_port" description:"Destination port"`
+	Version            pantherlog.Int32  `json:"version" description:"Event version"`
 }