event

package

v1.8.0-beta.7 Latest Latest Go to latest Published: Jul 27, 2022 License: AGPL-3.0 Imports: 6 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/0xrawsec/whids

Links

Open Source Insights

Documentation ¶

Index ¶

type EdrData
type EdrEvent
- func NewEdrEvent(e *etw.Event) *EdrEvent
type InnerEvent

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type EdrData ¶

type EdrData struct {
	Endpoint struct {
		UUID     string
		IP       string
		Hostname string
		Group    string
	}
	Event struct {
		Hash        string
		Detection   bool
		ReceiptTime time.Time
	}
}

type EdrEvent ¶

type EdrEvent struct {
	Event InnerEvent
}

func NewEdrEvent ¶

func NewEdrEvent(e *etw.Event) *EdrEvent

func (*EdrEvent) Channel ¶

func (e *EdrEvent) Channel() string

func (*EdrEvent) Computer ¶

func (e *EdrEvent) Computer() string

func (*EdrEvent) Copy ¶

func (er *EdrEvent) Copy() (new *EdrEvent)

func (*EdrEvent) EventID ¶

func (e *EdrEvent) EventID() int64

func (*EdrEvent) Get ¶

func (e *EdrEvent) Get(p *engine.XPath) (i interface{}, ok bool)

func (*EdrEvent) GetBool ¶

func (e *EdrEvent) GetBool(p *engine.XPath) (b bool, ok bool)

func (*EdrEvent) GetDetection ¶

func (e *EdrEvent) GetDetection() *engine.Detection

func (*EdrEvent) GetInt ¶

func (e *EdrEvent) GetInt(p *engine.XPath) (i int64, ok bool)

func (*EdrEvent) GetIntOr ¶

func (e *EdrEvent) GetIntOr(p *engine.XPath, or int64) int64

func (*EdrEvent) GetString ¶

func (e *EdrEvent) GetString(p *engine.XPath) (s string, ok bool)

func (*EdrEvent) GetStringOr ¶

func (e *EdrEvent) GetStringOr(p *engine.XPath, or string) string

func (*EdrEvent) GetUint ¶

func (e *EdrEvent) GetUint(p *engine.XPath) (i uint64, ok bool)

func (*EdrEvent) GetUintOr ¶

func (e *EdrEvent) GetUintOr(p *engine.XPath, or uint64) uint64

func (*EdrEvent) Hash ¶

func (e *EdrEvent) Hash() string

func (*EdrEvent) InitEdrData ¶

func (e *EdrEvent) InitEdrData()

func (*EdrEvent) IsDetection ¶

func (e *EdrEvent) IsDetection() bool

func (*EdrEvent) IsSkipped ¶

func (e *EdrEvent) IsSkipped() bool

IsSkipped returns true if the event has been marked to be skipped

func (*EdrEvent) Set ¶

func (e *EdrEvent) Set(p *engine.XPath, i interface{}) (err error)

func (*EdrEvent) SetDetection ¶

func (e *EdrEvent) SetDetection(d *engine.Detection)

func (*EdrEvent) SetIf ¶

func (e *EdrEvent) SetIf(p *engine.XPath, value interface{}, cond bool) (err error)

SetIfOr set value if cond == true

func (*EdrEvent) SetIfMissing ¶

func (e *EdrEvent) SetIfMissing(p *engine.XPath, i interface{}) (err error)

func (*EdrEvent) SetIfOr ¶

func (e *EdrEvent) SetIfOr(p *engine.XPath, value interface{}, cond bool, other interface{}) (err error)

SetIfOr set value if cond == true or other

func (*EdrEvent) Skip ¶

func (e *EdrEvent) Skip()

Skip mark the event to be skipped subsequent calls to IsSkipped will return true

func (*EdrEvent) Timestamp ¶

func (e *EdrEvent) Timestamp() time.Time

type InnerEvent ¶

type InnerEvent struct {
	*etw.Event
	EdrData   *EdrData          `json:",omitempty"`
	Detection *engine.Detection `json:",omitempty"`
	// contains filtered or unexported fields
}

Source Files ¶

View all Source files

event.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL