vault_audit_tools/commands/mod.rs
1//! Command implementations for analyzing Vault audit logs.
2//!
3//! Each module in this package implements a specific analysis command,
4//! providing specialized insights into different aspects of Vault usage.
5//!
6//! ## Command Categories
7//!
8//! ### Entity Analysis Commands
9//!
10//! Track and analyze Vault identity entities across time:
11//!
12//! - [`entity_analysis`] - Unified entity lifecycle analysis, creation tracking, and preprocessing
13//! - `entity-analysis churn` - Compare entity activity across multiple days to detect churn
14//! - `entity-analysis creation` - Identify when entities first appear in logs
15//! - `entity-analysis gaps` - Find gaps in entity activity patterns
16//! - `entity-analysis timeline` - Visualize entity activity over time
17//! - `entity-analysis preprocess` - Extract entity data for external processing
18//! - [`entity_list`] - List all entities found in audit logs
19//! - [`entity_creation`] - ⚠️ DEPRECATED: Use `entity-analysis creation` instead
20//! - [`entity_churn`] - ⚠️ DEPRECATED: Use `entity-analysis churn` instead
21//! - [`entity_gaps`] - ⚠️ DEPRECATED: Use `entity-analysis gaps` instead
22//! - [`entity_timeline`] - ⚠️ DEPRECATED: Use `entity-analysis timeline` instead
23//! - [`preprocess_entities`] - ⚠️ DEPRECATED: Use `entity-analysis preprocess` instead
24//!
25//! ### Token Analysis Commands
26//!
27//! Analyze token lifecycle and usage patterns:
28//!
29//! - [`token_analysis`] - Unified token operations, abuse detection, and export
30//! - [`token_operations`] - ⚠️ DEPRECATED: Use `token-analysis` instead
31//! - [`token_lookup_abuse`] - ⚠️ DEPRECATED: Use `token-analysis --abuse-threshold` instead
32//! - [`token_export`] - ⚠️ DEPRECATED: Use `token-analysis --export` instead
33//!
34//! ### KV Secrets Analysis Commands
35//!
36//! Understand KV secrets engine usage:
37//!
38//! - [`kv_analysis`] - Unified KV secrets analysis - usage, comparison, and summarization
39//! - `kv-analysis analyze` - Analyze KV secret access patterns and frequency
40//! - `kv-analysis compare` - Compare KV usage across different time periods
41//! - `kv-analysis summary` - Summarize KV usage by mount point
42//! - [`kv_analyzer`] - ⚠️ DEPRECATED: Use `kv-analysis analyze` instead
43//! - [`kv_summary`] - ⚠️ DEPRECATED: Use `kv-analysis summary` instead
44//! - [`kv_compare`] - ⚠️ DEPRECATED: Use `kv-analysis compare` instead
45//!
46//! ### Authentication Analysis Commands
47//!
48//! Analyze authentication patterns:
49//!
50//! - [`k8s_auth`] - Analyze Kubernetes authentication patterns and service accounts
51//!
52//! ### System Analysis Commands
53//!
54//! High-level system insights:
55//!
56//! - [`system_overview`] - Generate high-level statistics about audit logs
57//! - [`path_hotspots`] - Identify most frequently accessed paths
58//! - [`client_activity`] - Analyze client access patterns
59//! - [`airflow_polling`] - Detect Airflow polling behavior patterns
60
61pub mod airflow_polling;
62pub mod client_activity;
63pub mod entity_analysis;
64pub mod entity_churn;
65pub mod entity_creation;
66pub mod entity_gaps;
67pub mod entity_list;
68pub mod entity_timeline;
69pub mod k8s_auth;
70pub mod kv_analysis;
71pub mod kv_analyzer;
72pub mod kv_compare;
73pub mod kv_summary;
74pub mod path_hotspots;
75pub mod preprocess_entities;
76pub mod system_overview;
77pub mod token_analysis;
78pub mod token_export;
79pub mod token_lookup_abuse;
80pub mod token_operations;