Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ErrRuleShouldNotBeAlerted = errors.New("rule should not be alerted")
Functions ¶
This section is empty.
Types ¶
type EventMetadataSetter ¶
type EventMetadataSetter interface {
SetFailureMetadata(failure types.RuleFailure, enrichedEvent *events.EnrichedEvent, state map[string]any)
}
type EventRuleAdapter ¶
type EventRuleAdapter interface {
SetFailureMetadata(failure types.RuleFailure, enrichedEvent *events.EnrichedEvent, state map[string]any)
ToMap(enrichedEvent *events.EnrichedEvent) map[string]interface{}
}
type EventRuleAdapterFactory ¶
type EventRuleAdapterFactory struct {
// contains filtered or unexported fields
}
func NewEventRuleAdapterFactory ¶
func NewEventRuleAdapterFactory() *EventRuleAdapterFactory
func (*EventRuleAdapterFactory) GetAdapter ¶
func (f *EventRuleAdapterFactory) GetAdapter(eventType utils.EventType) (EventRuleAdapter, bool)
func (*EventRuleAdapterFactory) RegisterAdapter ¶
func (f *EventRuleAdapterFactory) RegisterAdapter(eventType utils.EventType, adapter EventRuleAdapter)
type FileHashCache ¶
type RuleFailureCreator ¶
type RuleFailureCreator struct {
// contains filtered or unexported fields
}
func NewRuleFailureCreator ¶
func NewRuleFailureCreator(enricher types.Enricher, dnsManager dnsmanager.DNSResolver, adapterFactory *EventRuleAdapterFactory) *RuleFailureCreator
func (*RuleFailureCreator) CreateRuleFailure ¶
func (r *RuleFailureCreator) CreateRuleFailure(rule typesv1.Rule, enrichedEvent *events.EnrichedEvent, objectCache objectcache.ObjectCache, message, uniqueID, apChecksum string, state map[string]any) types.RuleFailure
type RuleFailureCreatorInterface ¶
type RuleFailureCreatorInterface interface {
CreateRuleFailure(rule typesv1.Rule, enrichedEvent *events.EnrichedEvent, objectCache objectcache.ObjectCache, message, uniqueID, apChecksum string, state map[string]any) types.RuleFailure
}
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.