Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Analyzer ¶
type Analyzer struct {
// contains filtered or unexported fields
}
Analyzer analyzes SID statistics and generates recommendations
func NewAnalyzer ¶
NewAnalyzer creates a new recommendations analyzer
func (*Analyzer) AnalyzeAll ¶
func (a *Analyzer) AnalyzeAll() ([]*Recommendation, error)
AnalyzeAll generates all recommendations
func (*Analyzer) GenerateSummary ¶
GenerateSummary creates a summary report
func (*Analyzer) GetRecentThreats ¶
GetRecentThreats returns recently triggered rules
type Recommendation ¶
type Recommendation struct {
Type RecommendationType
SID string
Signature string
Category string
Severity string // high, medium, low
Reason string
Evidence []string
Action string
TriggerCount int
SourceCount int
Ratio float64 // Triggers per unique source
}
Recommendation represents a single recommendation
type RecommendationType ¶
type RecommendationType string
RecommendationType represents the type of recommendation
const ( FalsePositive RecommendationType = "false_positive" NoiseReduction RecommendationType = "noise_reduction" DropMode RecommendationType = "drop_mode" DisableRule RecommendationType = "disable_rule" InvestigateFurther RecommendationType = "investigate" )
Source Files
Click to show internal directories.
Click to hide internal directories.