Documentation
¶
Overview ¶
Package detect includes the "API" of the rule-engine and includes public facing types that consumers of the rule engine should work with
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ErrDataNotFound = errors.New("requested data was not found")
View Source
var ErrKeyNotSupported = errors.New("queried key is not supported")
Functions ¶
This section is empty.
Types ¶
type DataSource ¶
type DataSource interface {
// Get a value from the data source. Make sure the key matches one of the keys allowed in Keys.
// The following errors should be returned for the appropriate cases:
//
// - ErrDataNotFound - When the key does not match to any existing data
// - ErrKeyNotSupported - When the key used does not match to a support key
// - Otherwise errors may vary.
Get(interface{}) (map[string]interface{}, error)
// Version of the data fetched. Whenever the schema has a breaking change the version should be incremented.
// Consumers of the data source should verify they are running against a support version before using it.
Version() uint
// The types of keys the data source supports.
Keys() []string
// JSON Schema of the data source's result. All Get results should conform to the schema described.
Schema() string
// Namespace of the data source (to avoid ID collisions)
Namespace() string
// ID of the data source, any unique name works.
ID() string
}
type Finding ¶
type Finding struct {
Data map[string]interface{}
Event protocol.Event // Event is the causal event of the Finding
SigMetadata SignatureMetadata
}
Finding is the main output of a signature. It represents a match result for the signature business logic
type Logger ¶
type Logger interface {
Debugw(format string, v ...interface{})
Infow(format string, v ...interface{})
Warnw(format string, v ...interface{})
Errorw(format string, v ...interface{})
}
Logger interface to inject in signatures
type SignalSourceComplete ¶
type SignalSourceComplete string
SignalSourceComplete signals that an input source the signature was subscribed to had ended
type Signature ¶
type Signature interface {
// GetMetadata allows the signature to declare information about itself
GetMetadata() (SignatureMetadata, error)
// GetSelectedEvents allows the signature to declare which events it subscribes to
GetSelectedEvents() ([]SignatureEventSelector, error)
// Init allows the signature to initialize its internal state
Init(ctx SignatureContext) error
// Close cleans the signature after Init operation
Close()
// OnEvent allows the signature to process events passed by the Engine. this is the business logic of the signature
OnEvent(event protocol.Event) error
// OnSignal allows the signature to handle lifecycle events of the signature
OnSignal(signal Signal) error
}
Signature is the basic unit of business logic for the rule-engine
type SignatureContext ¶
type SignatureContext struct {
Callback SignatureHandler
Logger Logger
GetDataSource func(namespace string, id string) (DataSource, bool)
}
type SignatureEventSelector ¶
SignatureEventSelector represents events the signature is subscribed to
type SignatureHandler ¶
type SignatureHandler func(found Finding)
SignatureHandler is a callback function that reports a finding
Source Files
Click to show internal directories.
Click to hide internal directories.