README
¶
= schema Matt Nicholls <transientvariable@protonmail.com> :keywords: golang,schema :experimental: true :icons: font :iconfont-cdn: //cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@6.1.1/css/fontawesome.min.css :imagesdir: docs/image :sectanchors: true :source-highlighter: prettify ifdef::env-github[] :tip-caption: :bulb: :note-caption: :information_source: :important-caption: :heavy_exclamation_mark: :caution-caption: :fire: :warning-caption: :warning: endif::[] CAUTION: WIP == Overview Common schema definitions that define the _shape_ of various things. == Installation .Prerequisites * The link:https://golang.org/dl/[Golang Runtime], version 1.24.x or later [source%nowrap,bash] ---- ❯ go get -u github.com/transientvariable/schema-go ---- == License This project is licensed under the link:LICENSE[MIT License].
Documentation
¶
Index ¶
Constants ¶
View Source
const ( EventKindAlert = "alert" EventKindEnrichment = "enrichment" EventKindEvent = "event" EventKindMetric = "metric" EventKindState = "state" EventKindPipelineError = "pipeline_error" EventKindSignal = "signal" )
Enumeration of event kind values.
View Source
const ( EventCategoryAuthentication = "authentication" EventCategoryConfiguration = "configuration" EventCategoryDatabase = "database" EventCategoryDriver = "driver" EventCategoryEmail = "email" EventCategoryFile = "file" EventCategoryHost = "host" EventCategoryIAM = "iam" EventCategoryNetwork = "network" EventCategoryPackage = "package" EventCategoryProcess = "process" EventCategoryRegistry = "registry" EventCategorySession = "session" EventCategoryWeb = "web" )
Enumeration of event category values.
View Source
const ( EventTypeAccess = "access" EventTypeAdmin = "admin" EventTypeAllowed = "allowed" EventTypeChange = "change" EventTypeConnection = "connection" EventTypeCreation = "creation" EventTypeDeletion = "deletion" EventTypeDenied = "denied" EventTypeEnd = "end" EventTypeError = "error" EventTypeGroup = "group" EventTypeInfo = "info" EventTypeProtocol = "protocol" EventTypeStart = "start" EventTypeUser = "user" )
Enumeration of event type values.
View Source
const ( EventOutcomeFailure = "failure" EventOutcomeSuccess = "success" EventOutcomeUnknown = "unknown" )
Enumeration of event outcome values.
View Source
const ( EventActionFileCreated = "file-created" EventActionFileMoved = "file-changed" EventActionFileRemoved = "file-removed" )
Enumeration of event action values.
View Source
const ( // ZeroLengthMD5 defines the MD5 digest that is generated from zero-length content, e.g. md5.New().Write([]byte{}). ZeroLengthMD5 = `d41d8cd98f00b204e9800998ecf8427e` // ZeroLengthSHA256 defines the MD5 digest that is generated from zero-length content, e.g. sha256.Sum256([]byte{}). ZeroLengthSHA256 = `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Base ¶
type Base struct {
// Timestamp is the date/time when an event originated. This is the date/time extracted from the event, typically
// representing when the event was generated by the source. If the timestamp cannot be derived from the original
// event, the date/time the event was encountered by the pipeline should be used.
Timestamp *time.Time `json:"@timestamp,omitempty"`
// Tags is an optional list of keywords used to tag a schema type.
Tags string `json:"tags,omitempty"`
// Labels is an optional collection of key/value pairs for adding metadata to a schema type.
Labels map[string]any `json:"labels,omitempty"`
// Message is the message from the source event, if any.
Message string `json:"message,omitempty"`
}
Base represents the common properties shared between composite data types. For example, for a composite type named `FooEvent` that represents some arbitrary event, Base would be used as follows:
import "github.com/transientvariable/schema/ecs"
type FooEvent struct {
ecs.Base
DataStream ecs.DataStream `json:"data_stream"`
Event ecs.Event `json:"event"`
FooFieldOne string `json:"foo_field_one"`
}
type DataStream ¶
type DataStream struct {
Type string `json:"type"`
Dataset string `json:"dataset"`
Namespace string `json:"namespace"`
}
DataStream defines the attributes for uniquely identifying data streams. Attributes values are combined into the following canonical form: `{DataStream.Type}-{DataStream.Dataset}-{DataStream.Namespace}`
func (DataStream) String ¶
func (d DataStream) String() string
String returns a string representing the canonical form of the DataStream.
type Event ¶
type Event struct {
Action string `json:"action,omitempty"`
Category []string `json:"category"`
Code string `json:"code,omitempty"`
Created *time.Time `json:"created,omitempty"`
Dataset string `json:"dataset,omitempty"`
Duration time.Duration `json:"duration,omitempty"`
End *time.Time `json:"end,omitempty"`
Hash string `json:"hash,omitempty"`
ID string `json:"id,omitempty"`
Ingested *time.Time `json:"ingested,omitempty"`
Kind string `json:"kind"`
Module string `json:"module,omitempty"`
Outcome string `json:"outcome,omitempty"`
Provider string `json:"provider,omitempty"`
Reason string `json:"reason,omitempty"`
Sequence int64 `json:"sequence,omitempty"`
Severity int64 `json:"severity,omitempty"`
Start *time.Time `json:"start,omitempty"`
Type []string `json:"type"`
}
Event defines the attributes for context information about an event.
type File ¶
type File struct {
Accessed *time.Time `json:"accessed,omitempty" swaggerignore:"true"`
Attributes []string `json:"attributes,omitempty" swaggerignore:"true"`
CID string `json:"cid,omitempty"`
Ctime *time.Time `json:"ctime,omitempty"`
Created *time.Time `json:"created,omitempty"`
Directory string `json:"directory,omitempty"`
Extension string `json:"extension,omitempty" swaggerignore:"true"`
GID string `json:"gid,omitempty" swaggerignore:"true"`
Group string `json:"group,omitempty" swaggerignore:"true"`
Hash *Hash `json:"hash,omitempty"`
Inode string `json:"inode,omitempty" swaggerignore:"true"`
MimeType string `json:"mime_type,omitempty"`
Mode string `json:"mode,omitempty" swaggerignore:"true"`
Mtime *time.Time `json:"mtime,omitempty"`
Name string `json:"name,omitempty"`
Owner string `json:"owner,omitempty" swaggerignore:"true"`
Path string `json:"path,omitempty"`
Size int64 `json:"size,omitempty"`
Type string `json:"type,omitempty"`
UID string `json:"uid,omitempty" swaggerignore:"true"`
URL string `json:"url,omitempty" swaggerignore:"true"`
// contains filtered or unexported fields
} // @name File
File godoc @Description Represents metadata for a file/object on a local/remote file system or storage service.
func (*File) Content ¶
Content returns the File content. If the size of the File content > 0, then the returned byte slice will be a copy of the content, otherwise it will be the zero value.
func (*File) HashOf ¶
HashOf returns the value for the specified hash algorithm for the File.
The zero-value will be returned if the File Hash is nil, the provided algorithm is empty, or does not match one of the algorithms for File.Hash.
func (*File) SetContent ¶
SetContent sets the File content. If the size of the provided content > 0, then File content will be set to a copy.
type Hash ¶
type Hash struct {
Adler32 string `json:"adler32,omitempty" swaggerignore:"true"`
Md5 string `json:"md5,omitempty"`
Sha1 string `json:"sha1,omitempty" swaggerignore:"true"`
Sha256 string `json:"sha256,omitempty"`
Sha512 string `json:"sha512,omitempty"`
Ssdeep string `json:"ssdeep,omitempty" swaggerignore:"true"`
} // @name Hash
Hash godoc @Description represents a cryptographic hash digest.
type Log ¶
type Log struct {
Level string `json:"level,omitempty"`
FilePath string `json:"file.path,omitempty"`
Logger string `json:"logger,omitempty"`
OriginFileName string `json:"origin.file.name,omitempty"`
OriginFileLine int64 `json:"origin.file.line,omitempty"`
OriginFunction string `json:"origin.function,omitempty"`
Syslog map[string]any `json:"syslog,omitempty"`
SyslogSeverityCode int64 `json:"syslog.severity.code,omitempty"`
SyslogSeverityName string `json:"syslog.severity.name,omitempty"`
SyslogFacilityCode int64 `json:"syslog.facility.code,omitempty"`
SyslogFacilityName string `json:"syslog.facility.name,omitempty"`
SyslogPriority int64 `json:"syslog.priority,omitempty"`
}
Log defines attributes for representing details about a logging mechanism or transport.
type Network ¶
type Network struct {
// Application is the name given to an application level protocol. This can be arbitrarily assigned for things like
// microservices, but also apply to things like skype, icq, facebook, twitter. This would be used in situations
// where the vendor or service can be decoded such as from the source/dest IP owners, ports, or wire format.
Application string `json:"application"`
// Bytes Total bytes transferred in both directions.
Bytes int64 `json:"bytes"`
// CommunityID is a hash of source and destination IPs and ports, as well as the protocol used in a communication.
// This is a tool-agnostic standard to identify flows. See: https://github.com/corelight/community-id-spec.
CommunityID string `json:"community_id"`
// Direction of the network traffic.
//
// Recommended values:
//
// * ingress
// * egress
// * inbound
// * outbound
// * internal
// * external
// * unknown
//
// When mapping events from a host-based monitoring context, populate this field from the host's point of view,
// using the values "ingress" or "egress".
//
// When mapping events from a network or perimeter-based monitoring context, populate this field from the point of
// view of the network perimeter, using the values "inbound", "outbound", "internal" or "external".
//
// Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two
// hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that
// are external to the perimeter. This could for example be useful for ISPs or VPN service providers.
Direction string `json:"direction"`
// ForwardedIP is the host IP address when the source IP address is the proxy.
ForwardedIP string `json:"forwarded_ip"`
// IANANumber is the IANA Protocol Number (https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml).
// This aligns well with NetFlow and sFlow related logs which use the IANA protocol number.
IANANumber string `json:"iana_number"`
// Inner are the fields are added in addition to network.vlan fields to describe the innermost VLAN when q-in-q VLAN
// tagging is present. Allowed fields include vlan.id and vlan.name. Inner vlan fields are typically used when
// sending traffic with multiple 802.1q encapsulations to a network sensor (e.g. Zeek, Wireshark.)
Inner map[string]any `json:"inner"`
// Name given by operators to sections of their network.
Name string `json:"name"`
// Packets is the total packets transferred in both directions.
Packets int64 `json:"packets"`
// Protocol is the L7 network protocol name (e.g. support, lumberjack).
Protocol string `json:"protocol"`
// Transport is same as Network.IANANumber, but instead using the Keyword name of the transport layer
// (udp, tcp, ipv6-icmp, etc.)
Transport string `json:"transport"`
// Type is the network layer of the OSI Model (ipv4, ipv6, ipsec, pim, etc.).
Type string `json:"type"`
}
Network represents metadata for a communication path over which a host or network event happens.
type Organization ¶
type Organization struct {
Active bool `json:"active"`
Created *time.Time `json:"created"`
BillingEmail sql.NullString `json:"billing_email,omitempty"`
ID uuid.UUID `json:"id" swaggerignore:"true"`
Name string `json:"name,omitempty"`
StoragePath []string `json:"storage_path,omitempty"`
Updated *time.Time `json:"updated"`
}
Organization defines the properties for an organization.
func (*Organization) String ¶
func (o *Organization) String() string
String returns a string representation of the Organization.
func (*Organization) Validate ¶
func (o *Organization) Validate(result *validation.Result)
Validate performs validation of an Organization.
type OrganizationUser ¶
type OrganizationUser struct {
OrgID uuid.UUID `json:"org_id"`
UserID uuid.UUID `json:"user_id"`
Role string `json:"role"`
}
OrganizationUser ...
func (*OrganizationUser) String ¶
func (o *OrganizationUser) String() string
String returns a string representation of the OrganizationUser.
type Service ¶
type Service struct {
Address string `json:"address,omitempty"`
Environment string `json:"environment,omitempty"`
EphemeralID string `json:"ephemeral_id,omitempty"`
ID string `json:"id,omitempty"`
Name string `json:"name,omitempty"`
NodeName string `json:"node.name,omitempty"`
State string `json:"state,omitempty"`
Type string `json:"type,omitempty"`
Version string `json:"version,omitempty"`
}
Service fields for describing the service for or from which the data was collected.
type Team ¶
type Team struct {
ID uuid.UUID `json:"id"`
Name string `json:"name"`
Creator uuid.UUID `json:"creator"`
Created *time.Time `json:"created"`
Updated *time.Time `json:"updated"`
}
Team ...
type TeamUser ¶
type TeamUser struct {
ID uuid.UUID `json:"id"`
UserID uuid.UUID `json:"user_id"`
TeamID uuid.UUID `json:"team_id"`
Created *time.Time `json:"created"`
Updated *time.Time `json:"updated"`
}
TeamUser defines the attributes for a single mapping of a User to a Team.
type User ¶
type User struct {
Active bool `json:"active" swaggerignore:"true"`
Created *time.Time `json:"created"`
DisplayName sql.NullString `json:"display_name,omitempty"`
Email string `json:"email"`
EmailVerified bool `json:"email_verified" swaggerignore:"true"`
FullName sql.NullString `json:"full_name,omitempty"`
ID uuid.UUID `json:"id" swaggerignore:"true"`
LastLogin *time.Time `json:"last_login,omitempty"`
Updated *time.Time `json:"updated"`
}
User defines the properties for a user.
func (*User) Validate ¶
func (u *User) Validate(result *validation.Result)
Validate performs validation of a User.
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.