Loggicat solves data leaks by shifting data security left
For Loggicat Watcher
For Loggicat Cloud
- Overview What is Loggicat
- Versions Choose the right Loggicat Watcher version to use
- Features Available features
- Prerequisite Before running Loggicat Watcher
- Configuration Settings and configurations
- CLI Usages How to use Loggicat Watcher CLI
- Important Notes Please read this section before your first login
More information is available at Loggicat Cloud Wiki
There are two versions available. This repo is the open-source version and should only be used to understand how Loggicat Watcher can be integrated in your dev environment, please use the closed-source version for production use and for better performance.
| How to scan | Scan speed | Keep data to local only | Limit | |
|---|---|---|---|---|
| Open-Source Ver | Use Loggicat Cloud Engine API | Slow, this depends on network speed | No, the open-source version must send text to Loggicat Cloud | 100 MB per user per day for free users |
| Closed-Source Ver | Scan engine is built-in | fast | Yes, scan engine can be used locally without sending anything to Loggicat Cloud | There is no limit |
- Scan local code for secrets and PII (Github repo scan and commit scan will be released in the future releases)
- Scan local logs for secrets and PII
- Monitoring local logs, vulnerable lines will be temporarily on-hold until released by an user (Log streaming is currentely not supported)
GoLang 1.15 or above
A configuration json file should contain following information
{
"operationMode": "", //scan or monitor
"scope": "", //log or code
"token": "", //Loggicat Cloud API token
"uuid": "", //Loggicat Cloud API token UUID
"engineType": "", //cloud or local
"engineURL": "", //only used when engineType is local
"refreshTime": , //time gap to pull releases from Loggicat Cloud
"path": [ //folders to scan
""
],
"outputMode": "", //cloud or local
"outputLocation": "" //output file location, only used when outputMode is local
}
- Monitor : monitor files, changes will be scanned as well, this should be used for logs
- Scan : one time scan, this should be used for logs and code
In the Monitor mode, clean logs and released security findings will be appended to new logs files with .loggicat extension.
For example, if you are forward myAppLog.txt to a log ingestion platform, you should now use myAppLog.txt.loggicat instead.
- Code : Server will try to parse the supported languages such as .go or .xml before scanning
- Log : Server will try to parse logs in the popular formats before scanning
API token and UUID can be generated on Loggicat Cloud.
Put "local" for the type if you use Loggicat Scan Engine
Loggicat Clouds never push contents to Loggicat Watcher so in order to append triaged result to logs, Watcher periodically pulls the result from Loggicat Cloud, this configuration value is in minutes.
Folders to be scanned
- Cloud : Scan results will be sent to Loggicat Cloud
- local : Generate a local json file to store scan results, many features are not available in this mode. Output location is used i nthis mode.
//A template will be generated if configs/watcherConfig.json does not exist
go run main.go
- Non-nessccary builtin rules should be disabled to speed up the scan speed, however, generic rules such as "Generic Secrets" should always be enabled.
- Ignore list has higher priority than redact list, so your finding will be ignored if you have the same keyword in both ignore and redact lists, a feature to improve this behavior is under development.
- Monitor mode should only be used for logs, local code monitoring mode and code push monitoring are under development.