Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Event ¶
type Event struct {
Date time.Time `json:"date"`
Process string `json:"process"`
Protocol string `json:"protocol"`
Host string `json:"host"`
Port int `json:"port"`
PortName string `json:"port_name"`
Whois whois.Whois `json:"whois"`
Count int `json:"count"`
}
Event of Sysmon
type EventsSortDate ¶
type EventsSortDate []Event
EventsSortDate are Sysmon events sorted by Date
func (EventsSortDate) Len ¶
func (slice EventsSortDate) Len() int
func (EventsSortDate) Less ¶
func (slice EventsSortDate) Less(i, j int) bool
func (EventsSortDate) Swap ¶
func (slice EventsSortDate) Swap(i, j int)
type EventsSortHost ¶
type EventsSortHost []Event
EventsSortHost are Sysmon events sorted by Host
func (EventsSortHost) Len ¶
func (slice EventsSortHost) Len() int
func (EventsSortHost) Less ¶
func (slice EventsSortHost) Less(i, j int) bool
func (EventsSortHost) Swap ¶
func (slice EventsSortHost) Swap(i, j int)
type EvtxData ¶
type EvtxData struct {
DestinationHostname string `json:"DestinationHostname"`
DestinationIp string `json:"DestinationIp"`
DestinationIsIpv6 string `json:"DestinationIsIpv6"`
DestinationPort string `json:"DestinationPort"`
DestinationPortName string `json:"DestinationPortName"`
Image string `json:"Image"`
Initiated string `json:"Initiated"`
ProcessGuid string `json:"ProcessGuid"`
ProcessId string `json:"ProcessId"`
Protocol string `json:"Protocol"`
SourceHostname string `json:"SourceHostname"`
SourceIp string `json:"SourceIp"`
SourceIsIpv6 string `json:"SourceIsIpv6"`
SourcePort string `json:"SourcePort"`
SourcePortName string `json:"SourcePortName"`
User string `json:"User"`
UtcTime string `json:"UtcTime"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.