Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var VERSION = "undefined"
VERSION is filled at compile time with the git version of RITA
Functions ¶
This section is empty.
Types ¶
type BeaconCfg ¶
type BeaconCfg struct {
DefaultConnectionThresh int `yaml:"DefaultConnectionThresh"`
BeaconTable string `yaml:"BeaconTable"`
}
BeaconCfg is used to control the beaconing analysis module
type BlacklistedCfg ¶
type BlacklistedCfg struct {
ThreadCount int `yaml:"ThreadCount"`
ChannelSize int `yaml:"ChannelSize"`
BlacklistTable string `yaml:"BlackListTable"`
BlacklistDatabase string `yaml:"Database"`
}
BlacklistedCfg is used to control the blacklisted analysis module
type BroCfg ¶
type BroCfg struct {
LogPath string `yaml:"LogPath"`
DBPrefix string `yaml:"DBPrefix"`
MetaDB string `yaml:"MetaDB"`
DirectoryMap map[string]string `yaml:"DirectoryMap"`
DefaultDatabase string `yaml:"DefaultDatabase"`
UseDates bool `yaml:"UseDates"`
ImportBuffer int `yaml:"ImportBuffer"`
}
BroCfg controls the file parser
type CrossrefCfg ¶
type CrossrefCfg struct {
InternalTable string `yaml:"InternalTable"`
ExternalTable string `yaml:"ExternalTable"`
BeaconThreshold float64 `yaml:"BeaconThreshold"`
}
CrossrefCfg is used to control the crossref analysis module
type DNSCfg ¶
type DNSCfg struct {
ExplodedDNSTable string `yaml:"ExplodedDnsTable"`
HostnamesTable string `yaml:"HostnamesTable"`
}
DNSCfg is used to control the dns analysis module
type LogCfg ¶
type LogCfg struct {
LogLevel int `yaml:"LogLevel"`
RitaLogPath string `yaml:"RitaLogPath"`
LogToFile bool `yaml:"LogToFile"`
RitaLogTable string `yaml:"RitaLogTable"`
LogToDB bool `yaml:"LogToDB"`
}
LogCfg contains the configuration for logging
type MetaCfg ¶
type MetaCfg struct {
FilesTable string `yaml:"FilesTable"`
DatabasesTable string `yaml:"DatabasesTable"`
}
MetaCfg contains the meta db collection names
type SafeBrowsingCfg ¶
SafeBrowsingCfg contains the details for contacting Google's safebrowsing api
type ScanningCfg ¶
type ScanningCfg struct {
ScanThreshold int `yaml:"ScanThreshold"`
ScanTable string `yaml:"ScanTable"`
}
ScanningCfg is used to control the scanning analysis module
type StructureCfg ¶
type StructureCfg struct {
ConnTable string `yaml:"ConnectionTable"`
HTTPTable string `yaml:"HttpTable"`
DNSTable string `yaml:"DnsTable"`
UniqueConnTable string `yaml:"UniqueConnectionTable"`
HostTable string `yaml:"HostTable"`
}
StructureCfg contains the names of the base level collections
type SystemConfig ¶
type SystemConfig struct {
BatchSize int `yaml:"BatchSize"`
DatabaseHost string `yaml:"DatabaseHost"`
Prefetch float64 `yaml:"Prefetch"`
LogConfig LogCfg `yaml:"LogConfig"`
BlacklistedConfig BlacklistedCfg `yaml:"BlackListed"`
DNSConfig DNSCfg `yaml:"Dns"`
CrossrefConfig CrossrefCfg `yaml:"Crossref"`
ScanningConfig ScanningCfg `yaml:"Scanning"`
StructureConfig StructureCfg `yaml:"Structure"`
BeaconConfig BeaconCfg `yaml:"Beacon"`
UrlsConfig UrlsCfg `yaml:"Urls"`
UserAgentConfig UserAgentCfg `yaml:"UserAgent"`
BroConfig BroCfg `yaml:"Bro"`
SafeBrowsing SafeBrowsingCfg `yaml:"SafeBrowsing"`
MetaTables MetaCfg `yaml:"MetaTables"`
Version string
}
SystemConfig is the container for other config sections
func GetConfig ¶
func GetConfig(cfgPath string) (*SystemConfig, bool)
GetConfig retrieves a configuration in order of precedence
type UrlsCfg ¶
type UrlsCfg struct {
UrlsTable string `yaml:"UrlsTable"`
}
UrlsCfg is used to control the urls analysis module
type UserAgentCfg ¶
type UserAgentCfg struct {
UserAgentTable string `yaml:"UserAgentTable"`
}
UserAgentCfg is used to control the urls analysis module
Source Files