README
¶
l9format
l9format is a schema declaration targeted at interoperability between network recon tools used at LeakIX.
Golang
This repository includes the Golang headers used as library in our components.
Other languages
Check l9event.json can be used to derive classes for your favorite language ( python, php ect)
Documentation
¶
Index ¶
- Constants
- func UseLineForFringerprint(line string) bool
- type Certificate
- type DatasetSummary
- type GeoLocation
- type GeoPoint
- type L9Event
- func (event *L9Event) AddSource(source string)
- func (event *L9Event) AddTag(tag string)
- func (event *L9Event) HasSource(source string) bool
- func (event *L9Event) HasTag(tag string) bool
- func (event *L9Event) HasTransport(transport string) bool
- func (event *L9Event) RemoveTransport(transportCheck string)
- func (event *L9Event) UpdateFingerprint() error
- func (event *L9Event) Url() string
- type L9HttpEvent
- type L9LeakEvent
- type L9SSHEvent
- type L9SSLEvent
- type L9ServiceEvent
- type Network
- type ServiceCredentials
- type Software
- type SoftwareModule
Constants ¶
View Source
const SEVERITY_CRITICAL = "critical"
View Source
const SEVERITY_HIGH = "high"
View Source
const SEVERITY_INFO = "info"
View Source
const SEVERITY_LOW = "low"
View Source
const SEVERITY_MEDIUM = "medium"
View Source
const STAGE_EXFILTRATE = "exfiltrate"
View Source
const STAGE_EXPLORE = "explore"
View Source
const STAGE_OPEN = "open"
Variables ¶
This section is empty.
Functions ¶
func UseLineForFringerprint ¶
Types ¶
type Certificate ¶
type Certificate struct {
CommonName string `json:"cn"`
Domains []string `json:"domain"`
Fingerprint string `json:"fingerprint"`
KeyAlgo string `json:"key_algo"`
KeySize int `json:"key_size"`
IssuerName string `json:"issuer_name"`
NotBefore time.Time `json:"not_before"`
NotAfter time.Time `json:"not_after"`
Valid bool `json:"valid"`
}
type DatasetSummary ¶
type GeoLocation ¶
type GeoLocation struct {
ContinentName string `json:"continent_name"`
RegionISOCode string `json:"region_iso_code"`
CityName string `json:"city_name"`
CountryISOCode string `json:"country_iso_code"`
CountryName string `json:"country_name"`
RegionName string `json:"region_name"`
GeoPoint GeoPoint `json:"location"`
}
type L9Event ¶
type L9Event struct {
EventType string `json:"event_type"`
EventSource string `json:"event_source"`
EventPipeline []string `json:"event_pipeline"`
EventFingerprint string `json:"event_fingerprint"`
Ip string `json:"ip"`
Host string `json:"host"`
Reverse string `json:"reverse"`
Port string `json:"port"`
Mac string `json:"mac"`
Vendor string `json:"vendor"`
Transports []string `json:"transport"`
Protocol string `json:"protocol"`
Http L9HttpEvent `json:"http"`
Summary string `json:"summary"`
Time time.Time `json:"time"`
SSL L9SSLEvent `json:"ssl"`
SSH L9SSHEvent `json:"ssh"`
Service L9ServiceEvent `json:"service"`
Leak L9LeakEvent `json:"leak"`
Tags []string `json:"tags"`
GeoIp GeoLocation `json:"geoip"`
Network Network `json:"network"`
}
func (*L9Event) HasTransport ¶
func (*L9Event) RemoveTransport ¶
func (*L9Event) UpdateFingerprint ¶
type L9HttpEvent ¶
type L9LeakEvent ¶
type L9LeakEvent struct {
Stage string `json:"stage"`
Type string `json:"type"`
Severity string `json:"severity"`
Dataset DatasetSummary `json:"dataset"`
}
type L9SSHEvent ¶
type L9SSLEvent ¶
type L9ServiceEvent ¶
type L9ServiceEvent struct {
Credentials ServiceCredentials `json:"credentials"`
Software Software `json:"software"`
}
type ServiceCredentials ¶
type Software ¶
type Software struct {
Name string `json:"name"`
Version string `json:"version"`
OperatingSystem string `json:"os"`
Modules []SoftwareModule `json:"modules"`
Fingerprint string `json:"fingerprint"`
}
type SoftwareModule ¶
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.