suricatalogs

package
v1.16.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 10, 2021 License: AGPL-3.0 Imports: 6 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	TypeDNS     = "Suricata.DNS"
	TypeAnomaly = "Suricata.Anomaly"
)

Variables

This section is empty.

Functions

func LogTypes added in v1.12.0 

func LogTypes() logtypes.Group

Types

type Anomaly 

type Anomaly struct {
	Anomaly      *AnomalyDetails              `json:"anomaly" validate:"required,dive" description:"Suricata Anomaly Anomaly"`
	AppProto     *string                      `json:"app_proto,omitempty" description:"Suricata Anomaly AppProto"`
	CommunityID  *string                      `json:"community_id,omitempty" description:"Suricata Anomaly CommunityID"`
	DestIP       *string                      `json:"dest_ip,omitempty" description:"Suricata Anomaly DestIP"`
	DestPort     *uint16                      `json:"dest_port,omitempty" description:"Suricata Anomaly DestPort"`
	EventType    *string                      `json:"event_type" validate:"required,eq=anomaly" description:"Suricata Anomaly EventType"`
	FlowID       *int                         `json:"flow_id,omitempty" description:"Suricata Anomaly FlowID"`
	IcmpCode     *int                         `json:"icmp_code,omitempty" description:"Suricata Anomaly IcmpCode"`
	IcmpType     *int                         `json:"icmp_type,omitempty" description:"Suricata Anomaly IcmpType"`
	Metadata     *AnomalyMetadata             `json:"metadata,omitempty" validate:"omitempty,dive" description:"Suricata Anomaly Metadata"`
	Packet       *string                      `json:"packet,omitempty" description:"Suricata Anomaly Packet"`
	PacketInfo   *AnomalyPacketInfo           `json:"packet_info,omitempty" validate:"omitempty,dive" description:"Suricata Anomaly PacketInfo"`
	PcapCnt      *int                         `json:"pcap_cnt,omitempty" description:"Suricata Anomaly PcapCnt"`
	PcapFilename *string                      `json:"pcap_filename,omitempty" description:"Suricata Anomaly PcapFilename"`
	Proto        *numerics.Integer            `json:"proto,omitempty" description:"Suricata Anomaly Proto"`
	SrcIP        *string                      `json:"src_ip,omitempty" description:"Suricata Anomaly SrcIP"`
	SrcPort      *uint16                      `json:"src_port,omitempty" description:"Suricata Anomaly SrcPort"`
	Timestamp    *timestamp.SuricataTimestamp `json:"timestamp" validate:"required" description:"Suricata Anomaly Timestamp"`
	TxID         *int                         `json:"tx_id,omitempty" description:"Suricata Anomaly TxID"`
	Vlan         []int                        `json:"vlan,omitempty" description:"Suricata Anomaly Vlan"`

	parsers.PantherLog
}

type AnomalyDetails 

type AnomalyDetails struct {
	Code  *int    `json:"code,omitempty" description:"Suricata AnomalyDetails Code"`
	Event *string `json:"event,omitempty" description:"Suricata AnomalyDetails Event"`
	Layer *string `json:"layer,omitempty" description:"Suricata AnomalyDetails Layer"`
	Type  *string `json:"type,omitempty" description:"Suricata AnomalyDetails Type"`
}

type AnomalyMetadata 

type AnomalyMetadata struct {
	Flowbits []string                 `json:"flowbits,omitempty" description:"Suricata AnomalyMetadata Flowbits"`
	Flowints *AnomalyMetadataFlowints `json:"flowints,omitempty" validate:"omitempty,dive" description:"Suricata AnomalyMetadata Flowints"`
}

type AnomalyMetadataFlowints 

type AnomalyMetadataFlowints struct {
	ApplayerAnomalyCount   *int `json:"applayer.anomaly.count,omitempty" description:"Suricata AnomalyMetadataFlowints ApplayerAnomalyCount"`
	HTTPAnomalyCount       *int `json:"http.anomaly.count,omitempty" description:"Suricata AnomalyMetadataFlowints HTTPAnomalyCount"`
	TCPRetransmissionCount *int `json:"tcp.retransmission.count,omitempty" description:"Suricata AnomalyMetadataFlowints TCPRetransmissionCount"`
	TLSAnomalyCount        *int `json:"tls.anomaly.count,omitempty" description:"Suricata AnomalyMetadataFlowints TLSAnomalyCount"`
}

type AnomalyPacketInfo 

type AnomalyPacketInfo struct {
	Linktype *int `json:"linktype,omitempty" description:"Suricata AnomalyPacketInfo Linktype"`
}

type AnomalyParser 

type AnomalyParser struct{}

AnomalyParser parses Suricata Anomaly alerts in the JSON format

func (*AnomalyParser) LogType 

func (p *AnomalyParser) LogType() string

LogType returns the log type supported by this parser

func (*AnomalyParser) New 

func (p *AnomalyParser) New() parsers.LogParser

func (*AnomalyParser) Parse 

func (p *AnomalyParser) Parse(log string) ([]*parsers.PantherLog, error)

Parse returns the parsed events or nil if parsing failed

type DNS 

type DNS struct {
	CommunityID  *string                      `json:"community_id,omitempty" description:"Suricata DNS CommunityID"`
	DNS          *DNSDetails                  `json:"dns" validate:"required,dive" description:"Suricata DNS DNS"`
	DestIP       *string                      `json:"dest_ip" validate:"required" description:"Suricata DNS DestIP"`
	DestPort     *uint16                      `json:"dest_port,omitempty" description:"Suricata DNS DestPort"`
	EventType    *string                      `json:"event_type" validate:"required,eq=dns" description:"Suricata DNS EventType"`
	FlowID       *int                         `json:"flow_id,omitempty" description:"Suricata DNS FlowID"`
	PcapCnt      *int                         `json:"pcap_cnt,omitempty" description:"Suricata DNS PcapCnt"`
	PcapFilename *string                      `json:"pcap_filename,omitempty" description:"Suricata DNS PcapFilename"`
	Proto        *numerics.Integer            `json:"proto" validate:"required" description:"Suricata DNS Proto"`
	SrcIP        *string                      `json:"src_ip" validate:"required" description:"Suricata DNS SrcIP"`
	SrcPort      *uint16                      `json:"src_port,omitempty" description:"Suricata DNS SrcPort"`
	Timestamp    *timestamp.SuricataTimestamp `json:"timestamp" validate:"required" description:"Suricata DNS Timestamp"`
	Vlan         []int                        `json:"vlan,omitempty" description:"Suricata DNS Vlan"`

	parsers.PantherLog
}

type DNSDetails 

type DNSDetails struct {
	Aa          *bool                   `json:"aa,omitempty" description:"Suricata DNSDetails Aa"`
	Answers     []DNSDetailsAnswers     `json:"answers,omitempty" validate:"omitempty,dive" description:"Suricata DNSDetails Answers"`
	Authorities []DNSDetailsAuthorities `json:"authorities,omitempty" validate:"omitempty,dive" description:"Suricata DNSDetails Authorities"`
	Flags       *string                 `json:"flags,omitempty" description:"Suricata DNSDetails Flags"`
	Grouped     *DNSDetailsGrouped      `json:"grouped,omitempty" validate:"omitempty,dive" description:"Suricata DNSDetails Grouped"`
	ID          *int                    `json:"id,omitempty" description:"Suricata DNSDetails ID"`
	Qr          *bool                   `json:"qr,omitempty" description:"Suricata DNSDetails Qr"`
	Ra          *bool                   `json:"ra,omitempty" description:"Suricata DNSDetails Ra"`
	Rcode       *string                 `json:"rcode,omitempty" description:"Suricata DNSDetails Rcode"`
	Rd          *bool                   `json:"rd,omitempty" description:"Suricata DNSDetails Rd"`
	Rrname      *string                 `json:"rrname,omitempty" description:"Suricata DNSDetails Rrname"`
	RData       *string                 `json:"rdata,omitempty" description:"Suricata DNSDetails RData"`
	Rrtype      *string                 `json:"rrtype,omitempty" description:"Suricata DNSDetails Rrtype"`
	TTL         *int                    `json:"ttl,omitempty" description:"Suricata DNSDetails TTL"`
	TxID        *int                    `json:"tx_id,omitempty" description:"Suricata DNSDetails TxID"`
	Type        *string                 `json:"type,omitempty" description:"Suricata DNSDetails Type"`
	Version     *int                    `json:"version,omitempty" description:"Suricata DNSDetails Version"`
}

type DNSDetailsAnswers 

type DNSDetailsAnswers struct {
	Rdata  *string `json:"rdata,omitempty" description:"Suricata DNSDetailsAnswers Rdata"`
	Rrname *string `json:"rrname,omitempty" description:"Suricata DNSDetailsAnswers Rrname"`
	Rrtype *string `json:"rrtype,omitempty" description:"Suricata DNSDetailsAnswers Rrtype"`
	TTL    *int    `json:"ttl,omitempty" description:"Suricata DNSDetailsAnswers TTL"`
}

type DNSDetailsAuthorities 

type DNSDetailsAuthorities struct {
	Rrname *string `json:"rrname,omitempty" description:"Suricata DNSDetailsAuthorities Rrname"`
	Rrtype *string `json:"rrtype,omitempty" description:"Suricata DNSDetailsAuthorities Rrtype"`
	TTL    *int    `json:"ttl,omitempty" description:"Suricata DNSDetailsAuthorities TTL"`
}

type DNSDetailsGrouped 

type DNSDetailsGrouped struct {
	A     []string `json:"A,omitempty" description:"Suricata DNSDetailsGrouped A"`
	Aaaa  []string `json:"AAAA,omitempty" description:"Suricata DNSDetailsGrouped Aaaa"`
	Cname []string `json:"CNAME,omitempty" description:"Suricata DNSDetailsGrouped Cname"`
	Mx    []string `json:"MX,omitempty" description:"Suricata DNSDetailsGrouped Mx"`
	Ptr   []string `json:"PTR,omitempty" description:"Suricata DNSDetailsGrouped Ptr"`
	Txt   []string `json:"TXT,omitempty" description:"Suricata DNSDetailsGrouped Txt"`
}

type DNSParser 

type DNSParser struct{}

DNSParser parses Suricata DNS alerts in the JSON format

func (*DNSParser) LogType 

func (p *DNSParser) LogType() string

LogType returns the log type supported by this parser

func (*DNSParser) New 

func (p *DNSParser) New() parsers.LogParser

func (*DNSParser) Parse 

func (p *DNSParser) Parse(log string) ([]*parsers.PantherLog, error)

Parse returns the parsed events or nil if parsing failed

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.