rule

package
v0.7.6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 25, 2025 License: BSD-3-Clause, GPL-3.0 Imports: 4 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Action 

type Action func() error

Action to execute when the rule applies.

type Config 

type Config struct {
	Rules []*Rule
}

Config holds all rules.

type Operation 

type Operation func() bool

Operation to compare values

type Rule 

type Rule struct {

	// Audit record type for which the rule shall be applied
	Typ types.Type

	// or apply to all audit records
	ApplyToAllTypes bool

	// todo: make timezone configurable!
	// fire if record has a timestamp in a given interval
	StartAt time.Time
	EndAt   time.Time

	// Description text for the event
	Description string

	// Logic to execute
	Action Action

	// Comparison Operations
	// ==, <, >, >=, <= etc
	Operation Operation

	// Port number
	Port int

	// IP address
	IP net.IP

	// MAC address
	MAC string

	// Regular expression to match against packet contents or stream banners
	Regex regexp.Regexp
	// contains filtered or unexported fields
}

Rule models a generic detection rule, that will be executed based on the provided information. Simple rules could be created as a YAML configuration, while more complex ones should be written in Go in order to implement a custom Action.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.