Documentation
¶
Overview ¶
Package types Contains the type definitions for the supported network protocols
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ( // StructureBegin marks the beginning of a structure in CSV. StructureBegin = "" // StructureEnd marks the end of a structure in CSV. StructureEnd = "" // FieldSeparator separates fields within a structure in CSV. FieldSeparator = "," )
View Source
var Metrics = []prometheus.Collector{
sipMetric,
enipMetric,
credentialsMetric,
llcMetric,
ipSecEspMetric,
tlsClientMetric,
dnsMetric,
ethernetCTPMetric,
ethernetMetric,
ethernetPayloadEntropy,
ethernetPayloadSize,
dhcp4Metric,
serviceMetric,
icmp6raMetric,
eapMetric,
ipv6fragMetric,
icmp6Metric,
tlsServerMetric,
ntpMetric,
sctpMetric,
ciscoDiscoveryMetric,
usbRequestBlockSetupMetric,
mplsMetric,
icmp6rsMetric,
snapMetric,
eapPolKeyMetric,
geneveMetric,
ipSecAhMetric,
ip4Metric,
ip4PayloadEntropy,
ip4PayloadSize,
vrrp2Metric,
ethernetCTPReplyMetric,
igmpMetric,
greMetric,
ip6hopMetric,
vxlanMetric,
modbusTCPMetric,
smtpMetric,
ciscoDiscoveryInfoMetric,
arpMetric,
httpMetric,
lldiMetric,
ip6Metric,
ip6PayloadEntropy,
ip6PayloadSize,
fileMetric,
udpMetric,
udpPayloadEntropy,
udpPayloadSize,
cipMetric,
lcmMetric,
pop3Metric,
connectionsMetric,
connTotalSize,
connAppPayloadSize,
connNumPackets,
connDuration,
dot11Metric,
tcpMetric,
tcpPayloadEntropy,
tcpPayloadSize,
icmp6nsMetric,
softwareMetric,
fddiMetric,
eapPolMetric,
diameterMetric,
dot1qMetric,
ospf3Metric,
exploitMetric,
nortelDiscoveryMetric,
vulnerabilityMetric,
usbMetric,
ospf2Metric,
icmp4Metric,
sshMetric,
icmp6eMetric,
icmp6naMetric,
lldMetric,
dhcp6Metric,
bfdMetric,
}
Metrics contains all available prometheus collectors.
View Source
var ( // UTC allows to print timestamp in the utc format. UTC bool )
Functions ¶
Types ¶
type AuditRecord ¶ added in v0.4.0
type AuditRecord interface {
// CSVRecord returns CSV values
CSVRecord() []string
// CSVHeader returns CSV header fields
CSVHeader() []string
// Time used to retrieve the timestamp of the audit record for labeling
Time() int64
// Src returns the source of an audit record
// for Layer 2 records this shall be the MAC address
// for Layer 3+ records this shall be the IP address
Src() string
// Dst returns the source of an audit record
// for Layer 2 records this shall be the MAC address
// for Layer 3+ records this shall be the IP address
Dst() string
// Inc increments the metric for the audit record
Inc()
// JSON returns the audit record as JSON
JSON() (string, error)
// SetPacketContext can be implemented to set additional information for each audit record
// important:
// - MUST be implemented on a pointer of an instance
// - the passed in packet context MUST be set on the Context field of the current audit record
SetPacketContext(ctx *PacketContext)
// Encode this audit record into numerical data for processing by machine learning algorithms,
// and return the result as CSV.
Encode() []string
// Analyze will feed this audit record to an analyzer.
// This could either be a static rule based analyzer, or one that is based on a more complex Anomaly Detector (statistical or ML).
// TODO: define AnomalyDetector interface
Analyze()
// NetcapType returns the audit record type
NetcapType() Type
}
AuditRecord is the interface for basic operations with NETCAP audit records this includes dumping as CSV or JSON or prometheus metrics and provides access to the timestamp of the audit record.
Source Files
¶
- alert.go
- arp.go
- audit_record.go
- bacnetip.go
- bfd.go
- bgp.go
- cip.go
- cisco_discovery.go
- cisco_discovery_info.go
- cldap.go
- connection.go
- credentials.go
- dcerpc.go
- device_profile.go
- dhcp4.go
- dhcp6.go
- diameter.go
- dnp3.go
- dns.go
- dot11.go
- dot1q.go
- eap.go
- eapol.go
- eapolkey.go
- enip.go
- ethctp.go
- ethctpr.go
- ethernet.go
- exploit.go
- fddi.go
- file.go
- ftp.go
- geneve.go
- gre.go
- gtp.go
- http.go
- icmp4.go
- icmp6.go
- icmp6e.go
- icmp6na.go
- icmp6ns.go
- icmp6ra.go
- icmp6rs.go
- iec62351.go
- igmp.go
- imap.go
- ip4.go
- ip6.go
- ip6hop.go
- ip_profile.go
- ipp.go
- ipsecah.go
- ipsecesp.go
- ipv6fragment.go
- irc.go
- isis.go
- kerberos.go
- lcm.go
- llc.go
- lld.go
- lldi.go
- llmnr.go
- mail.go
- metrics.go
- mldv2_query.go
- mldv2_report.go
- modbus.go
- mpls.go
- mqttsn.go
- netflowv9.go
- nortel_discovery.go
- ntp.go
- ocsp.go
- opcua.go
- ospfv2.go
- ospfv3.go
- pim.go
- pop3.go
- ppp.go
- pppoe.go
- profinet.go
- protobuf.go
- quic.go
- quic_client_hello.go
- radius.go
- rarp.go
- rdp.go
- rmcp.go
- s7comm.go
- sctp.go
- service.go
- sip.go
- smb.go
- smtp.go
- snap.go
- socks.go
- software.go
- ssh.go
- stp.go
- stun.go
- syslog.go
- tacacs.go
- tcp.go
- tls_certificate.go
- tls_client_hello.go
- tls_server_hello.go
- udp.go
- usb.go
- usb_request_block_setup.go
- utils.go
- vrrpv2.go
- vulnerability.go
- vxlan.go
- zabbix.go
Click to show internal directories.
Click to hide internal directories.