vault_audit_tools/commands/
mod.rs

1//! Command implementations for analyzing Vault audit logs.
2//!
3//! Each module in this package implements a specific analysis command,
4//! providing specialized insights into different aspects of Vault usage.
5//!
6//! ## Command Categories
7//!
8//! ### Entity Analysis Commands
9//!
10//! Track and analyze Vault identity entities across time:
11//!
12//! - [`entity_creation`] - Identify when entities first appear in logs
13//! - [`entity_churn`] - Compare entity activity across multiple days to detect churn
14//! - [`entity_gaps`] - Find gaps in entity activity patterns
15//! - [`entity_timeline`] - Visualize entity activity over time
16//! - [`entity_list`] - List all entities found in audit logs
17//! - [`preprocess_entities`] - Extract entity data for external processing
18//!
19//! ### Token Analysis Commands
20//!
21//! Analyze token lifecycle and usage patterns:
22//!
23//! - [`token_operations`] - Track token creation, renewal, and revocation
24//! - [`token_lookup_abuse`] - Detect suspicious token lookup patterns
25//! - [`token_export`] - Export token metadata for analysis
26//!
27//! ### KV Secrets Analysis Commands
28//!
29//! Understand KV secrets engine usage:
30//!
31//! - [`kv_analyzer`] - Analyze KV secret access patterns and frequency
32//! - [`kv_summary`] - Summarize KV usage by mount point
33//! - [`kv_compare`] - Compare KV usage across different time periods
34//!
35//! ### Authentication Analysis Commands
36//!
37//! Analyze authentication patterns:
38//!
39//! - [`k8s_auth`] - Analyze Kubernetes authentication patterns and service accounts
40//!
41//! ### System Analysis Commands
42//!
43//! High-level system insights:
44//!
45//! - [`system_overview`] - Generate high-level statistics about audit logs
46//! - [`path_hotspots`] - Identify most frequently accessed paths
47//! - [`client_activity`] - Analyze client access patterns
48//! - [`airflow_polling`] - Detect Airflow polling behavior patterns
49
50pub mod airflow_polling;
51pub mod client_activity;
52pub mod entity_churn;
53pub mod entity_creation;
54pub mod entity_gaps;
55pub mod entity_list;
56pub mod entity_timeline;
57pub mod k8s_auth;
58pub mod kv_analyzer;
59pub mod kv_compare;
60pub mod kv_summary;
61pub mod path_hotspots;
62pub mod preprocess_entities;
63pub mod system_overview;
64pub mod token_export;
65pub mod token_lookup_abuse;
66pub mod token_operations;