Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var CustomFunctions = []struct { Name string Func []any }{ { Name: "Distance", Func: []any{ new(func(string, string, string, string) (float64, error)), }, }, { Name: "GetFromStash", Func: []any{ new(func(string, string) (string, error)), }, }, { Name: "Atof", Func: []any{ new(func(string) float64), }, }, { Name: "JsonExtract", Func: []any{ new(func(string, string) string), }, }, { Name: "JsonExtractUnescape", Func: []any{ new(func(string, ...string) string), }, }, { Name: "JsonExtractLib", Func: []any{ new(func(string, ...string) string), }, }, { Name: "JsonExtractSlice", Func: []any{ new(func(string, string) []any), }, }, { Name: "JsonExtractObject", Func: []any{ new(func(string, string) map[string]any), }, }, { Name: "ToJsonString", Func: []any{ new(func(any) string), }, }, { Name: "File", Func: []any{ new(func(string) []string), }, }, { Name: "RegexpInFile", Func: []any{ new(func(string, string) bool), }, }, { Name: "Upper", Func: []any{ new(func(string) string), }, }, { Name: "Lower", Func: []any{ new(func(string) string), }, }, { Name: "IpInRange", Func: []any{ new(func(string, string) bool), }, }, { Name: "TimeNow", Func: []any{ new(func() string), }, }, { Name: "ParseUri", Func: []any{ new(func(string) map[string][]string), }, }, { Name: "PathUnescape", Func: []any{ new(func(string) string), }, }, { Name: "QueryUnescape", Func: []any{ new(func(string) string), }, }, { Name: "PathEscape", Func: []any{ new(func(string) string), }, }, { Name: "QueryEscape", Func: []any{ new(func(string) string), }, }, { Name: "XMLGetAttributeValue", Func: []any{ new(func(string, string, string) string), }, }, { Name: "XMLGetNodeValue", Func: []any{ new(func(string, string) string), }, }, { Name: "IpToRange", Func: []any{ new(func(string, string) string), }, }, { Name: "IsIPV6", Func: []any{ new(func(string) bool), }, }, { Name: "IsIPV4", Func: []any{ new(func(string) bool), }, }, { Name: "IsIP", Func: []any{ new(func(string) bool), }, }, { Name: "LookupHost", Func: []any{ new(func(string) []string), }, }, { Name: "GetDecisionsCount", Func: []any{ new(func(string) int), }, }, { Name: "GetDecisionsSinceCount", Func: []any{ new(func(string, string) int), }, }, { Name: "Sprintf", Func: []any{ new(func(string, ...any) string), }, }, { Name: "ParseUnix", Func: []any{ new(func(string) string), }, }, { Name: "SetInStash", Func: []any{ new(func(string, string, string, *time.Duration) error), }, }, { Name: "Fields", Func: []any{ new(func(string) []string), }, }, { Name: "Index", Func: []any{ new(func(string, string) int), }, }, { Name: "IndexAny", Func: []any{ new(func(string, string) int), }, }, { Name: "Join", Func: []any{ new(func([]string, string) string), }, }, { Name: "Split", Func: []any{ new(func(string, string) []string), }, }, { Name: "SplitAfter", Func: []any{ new(func(string, string) []string), }, }, { Name: "SplitAfterN", Func: []any{ new(func(string, string, int) []string), }, }, { Name: "SplitN", Func: []any{ new(func(string, string, int) []string), }, }, { Name: "Replace", Func: []any{ new(func(string, string, string, int) string), }, }, { Name: "ReplaceAll", Func: []any{ new(func(string, string, string) string), }, }, { Name: "Trim", Func: []any{ new(func(string, string) string), }, }, { Name: "TrimLeft", Func: []any{ new(func(string, string) string), }, }, { Name: "TrimRight", Func: []any{ new(func(string, string) string), }, }, { Name: "TrimSpace", Func: []any{ new(func(string) string), }, }, { Name: "TrimPrefix", Func: []any{ new(func(string, string) string), }, }, { Name: "TrimSuffix", Func: []any{ new(func(string, string) string), }, }, { Name: "Get", Func: []any{ new(func([]string, int) string), }, }, { Name: "ToString", Func: []any{ new(func(any) string), }, }, { Name: "Match", Func: []any{ new(func(string, string) bool), }, }, { Name: "KeyExists", Func: []any{ new(func(string, map[string]any) bool), }, }, { Name: "LogInfo", Func: []any{ new(func(string, ...any) bool), }, }, { Name: "B64Decode", Func: []any{ new(func(string) string), }, }, { Name: "UnmarshalJSON", Func: []any{ new(func(string, map[string]any, string) error), }, }, { Name: "ParseKV", Func: []any{ new(func(string, map[string]any, string) error), }, }, { Name: "Hostname", Func: []any{ new(func() (string, error)), }, }, }
Functions ¶
This section is empty.
Types ¶
type Alert ¶
type Alert struct {
Capacity *int32 `json:"capacity"`
CreatedAt string `json:"created_at,omitempty"`
Decisions []*Decision `json:"decisions"`
Events []*Event `json:"events"`
EventsCount *int32 `json:"events_count"`
ID int64 `json:"id,omitempty"`
Labels []string `json:"labels"`
Leakspeed *string `json:"leakspeed"`
MachineID string `json:"machine_id,omitempty"`
Message *string `json:"message"`
Meta Meta `json:"meta,omitempty"`
Remediation bool `json:"remediation,omitempty"`
Scenario *string `json:"scenario"`
ScenarioHash *string `json:"scenario_hash"`
ScenarioVersion *string `json:"scenario_version"`
Simulated *bool `json:"simulated"`
Source *Source `json:"source"`
StartAt *string `json:"start_at"`
StopAt *string `json:"stop_at"`
UUID string `json:"uuid,omitempty"`
Edges AlertEdges `json:"edges"`
}
func (*Alert) GetEventsCount ¶
func (*Alert) GetScenario ¶
func (*Alert) HasRemediation ¶
type AlertEdges ¶
type AlertEdges struct {
Owner *Machine `json:"owner,omitempty"`
Decisions []*Decision `json:"decisions,omitempty"`
Events []*Event `json:"events,omitempty"`
Metas []*Meta `json:"metas,omitempty"`
}
func (AlertEdges) DecisionsOrErr ¶
func (e AlertEdges) DecisionsOrErr() ([]*Decision, error)
func (AlertEdges) EventsOrErr ¶
func (e AlertEdges) EventsOrErr() ([]*Event, error)
func (AlertEdges) MetasOrErr ¶
func (e AlertEdges) MetasOrErr() ([]*Meta, error)
func (AlertEdges) OwnerOrErr ¶
func (e AlertEdges) OwnerOrErr() (*Machine, error)
type Decision ¶
type Decision struct {
Duration *string `json:"duration"`
ID int64 `json:"id,omitempty"`
Origin *string `json:"origin"`
Scenario *string `json:"scenario"`
Scope *string `json:"scope"`
Simulated *bool `json:"simulated,omitempty"`
Type *string `json:"type"`
Until string `json:"until,omitempty"`
UUID string `json:"uuid,omitempty"`
Value *string `json:"value"`
}
type Event ¶
type Event struct {
Type int `yaml:"Type,omitempty" json:"Type,omitempty"`
ExpectMode int `yaml:"ExpectMode,omitempty" json:"ExpectMode,omitempty"`
Whitelisted bool `yaml:"Whitelisted,omitempty" json:"Whitelisted,omitempty"`
WhitelistReason string `yaml:"WhitelistReason,omitempty" json:"whitelist_reason,omitempty"`
Stage string `yaml:"Stage,omitempty" json:"Stage,omitempty"`
Line Line `yaml:"Line,omitempty" json:"Line,omitempty"`
Parsed map[string]string `yaml:"Parsed,omitempty" json:"Parsed,omitempty"`
Enriched map[string]string `yaml:"Enriched,omitempty" json:"Enriched,omitempty"`
Unmarshaled map[string]any `yaml:"Unmarshaled,omitempty" json:"Unmarshaled,omitempty"`
Overflow RuntimeAlert `yaml:"Overflow,omitempty" json:"Alert,omitempty"`
Time time.Time `yaml:"Time,omitempty" json:"Time,omitempty"`
StrTime string `yaml:"StrTime,omitempty" json:"StrTime,omitempty"`
StrTimeFormat string `yaml:"StrTimeFormat,omitempty" json:"StrTimeFormat,omitempty"`
MarshaledTime string `yaml:"MarshaledTime,omitempty" json:"MarshaledTime,omitempty"`
Process bool `yaml:"Process,omitempty" json:"Process,omitempty"`
Meta map[string]string `yaml:"Meta,omitempty" json:"Meta,omitempty"`
}
type Machine ¶
type Machine struct {
ID int `json:"id,omitempty"`
CreatedAt *time.Time `json:"created_at,omitempty"`
UpdatedAt *time.Time `json:"updated_at,omitempty"`
LastPush *time.Time `json:"last_push,omitempty"`
LastHeartbeat *time.Time `json:"last_heartbeat,omitempty"`
MachineId string `json:"machineId,omitempty"`
Password string `json:"-"`
IpAddress string `json:"ipAddress,omitempty"`
Scenarios string `json:"scenarios,omitempty"`
Version string `json:"version,omitempty"`
IsValidated bool `json:"isValidated,omitempty"`
Status string `json:"status,omitempty"`
AuthType string `json:"auth_type"`
Edges MachineEdges `json:"edges"`
}
type MachineEdges ¶
type MachineEdges struct {
Alerts []*Alert `json:"alerts,omitempty"`
}
type Meta ¶
type Meta []*MetaItems0
type MetaItems0 ¶
type RuntimeAlert ¶
type RuntimeAlert struct {
Mapkey string `yaml:"MapKey,omitempty" json:"MapKey,omitempty"`
BucketId string `yaml:"BucketId,omitempty" json:"BucketId,omitempty"`
Whitelisted bool `yaml:"Whitelisted,omitempty" json:"Whitelisted,omitempty"`
Reprocess bool `yaml:"Reprocess,omitempty" json:"Reprocess,omitempty"`
Sources map[string]Source `yaml:"Sources,omitempty" json:"Sources,omitempty"`
Alert *Alert `yaml:"Alert,omitempty" json:"Alert,omitempty"`
APIAlerts []Alert `yaml:"APIAlerts,omitempty" json:"APIAlerts,omitempty"`
}
func (RuntimeAlert) GetSources ¶
func (r RuntimeAlert) GetSources() []string
type Source ¶
type Source struct {
AsName string `json:"as_name,omitempty"`
AsNumber string `json:"as_number,omitempty"`
Cn string `json:"cn,omitempty"`
IP string `json:"ip,omitempty"`
Latitude float32 `json:"latitude,omitempty"`
Longitude float32 `json:"longitude,omitempty"`
Range string `json:"range,omitempty"`
Scope *string `json:"scope"`
Value *string `json:"value"`
}
func (Source) GetAsNumberName ¶
Source Files
Click to show internal directories.
Click to hide internal directories.