manager

package

v0.7.2 Latest Latest Go to latest Published: Oct 24, 2025 License: BSD-3-Clause, GPL-3.0 Imports: 17 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/dreadl0ck/netcap

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func Render(out string)
func ResetStats()
func Stats(target io.Writer)
type AttackInfo
type LabelManager
- func NewLabelManager(progress bool, debug bool, removeFilesWithoutMatches bool, scatterplot bool, ...) *LabelManager
- func (m *LabelManager) Init(pathMappingInfo string)
- func (m *LabelManager) Label(record types.AuditRecord) string

Constants ¶

This section is empty.

Variables ¶

View Source

var Location = time.Local

Location is the location to use for timestamp parsing and comparison.

Functions ¶

func Render ¶

func Render(out string)

Render will render the current label manager

func ResetStats ¶

func ResetStats()

func Stats ¶

func Stats(target io.Writer)

Types ¶

type AttackInfo ¶

type AttackInfo struct {

	// Attack instance number
	Num int `csv:"num" yaml:"num"`

	// Attack Name
	Name string `csv:"name" yaml:"name"`

	// Attack timeframe
	Start string `csv:"start" yaml:"start"`
	End   string `csv:"end" yaml:"end"`

	// any traffic going from and towards the specified IPs in the given timeframe
	// the field value from parsed CSV is going to be split by ";"
	IPs []string `csv:"ips" yaml:"ips"`

	// Underlying Protocol(s)
	Proto string `csv:"proto" yaml:"proto"`

	// Additional notes
	Notes string `csv:"notes" yaml:"notes"`

	// Associated category
	Category string `csv:"category" yaml:"category"`

	// MITRE Tactic or Technique Name
	MITRE string `csv:"mitre" yaml:"mitre"`

	// Day of Attack
	Date string `yaml:"date" yaml:"date"`

	// Separate victims and attacks, flag any traffic BETWEEN the specified IPs.
	Victims   []string `csv:"victims" yaml:"victims"`
	Attackers []string `csv:"attackers" yaml:"attackers"`

	// FlagVictimTraffic will also label traffic from and towards the victim for the current attack timeframe,
	// and can be used when specifying victim and attacker IPs separately.
	// This is useful for example during infiltration scenarios,
	// where malicious activity is conducted by an infected host.
	FlagVictimTraffic bool `yaml:"flagVictimTraffic"`
}

AttackInfo models an attack and contains meta information. Timestamps are provided as strings to support custom time formats.

type LabelManager ¶

type LabelManager struct {

	// debug mode
	Debug bool

	sync.Mutex
	// contains filtered or unexported fields
}

LabelManager keeps track of attack information that shall be mapped onto the audit records.

func NewLabelManager ¶

func NewLabelManager(progress bool, debug bool, removeFilesWithoutMatches bool, scatterplot bool, scatterDuration time.Duration) *LabelManager

NewLabelManager returns a new label manager instance.

func (*LabelManager) Init ¶

func (m *LabelManager) Init(pathMappingInfo string)

Init will load the attack information from disk.

func (*LabelManager) Label ¶

func (m *LabelManager) Label(record types.AuditRecord) string

Label returns the label for the current audit record according to the loaded label mapping.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL