processing

package
v0.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 12, 2024 License: GPL-3.0 Imports: 19 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ConsumeRedis added in v0.6.0 

func ConsumeRedis(c ConfigConsumeRedis) error

func CorrelateSuricataEvents added in v0.6.0 

func CorrelateSuricataEvents(c SuricataCorrelateConfig) error

func CorrelateSysmonEvents added in v0.5.0 

func CorrelateSysmonEvents(c SysmonCorrelateConfig) error

func OutputWISE added in v0.5.0 

func OutputWISE(c WiseConfig) error

Types

type Bucket 

type Bucket struct {
	Data any
	Time time.Time
}

type BucketsConfig 

type BucketsConfig struct {
	// TODO - would be more intuitive if this was actually calculated from global duration
	Count int
	Size  time.Duration
}

BucketsConfig is public config object to be exposed to users

type CommandEvents 

type CommandEvents map[string]*datamodels.SafeMap

type ConfigConsumeRedis added in v0.6.0 

type ConfigConsumeRedis struct {
	ConfigStreamWorkers
	ConfigStreamRedis

	Handler MapHandlerFunc
}

type ConfigStreamRedis added in v0.6.0 

type ConfigStreamRedis struct {
	Client *redis.Client
	Key    string
}

func (ConfigStreamRedis) Validate added in v0.6.0 

func (c ConfigStreamRedis) Validate() error

type ConfigStreamWorkers added in v0.6.0 

type ConfigStreamWorkers struct {
	Name    string
	Workers int
	Pool    *errgroup.Group
	Ctx     context.Context
	Logger  *logrus.Logger
}

func (*ConfigStreamWorkers) SetNoWorkers added in v0.6.0 

func (c *ConfigStreamWorkers) SetNoWorkers() ConfigStreamWorkers

func (ConfigStreamWorkers) Validate added in v0.6.0 

func (c ConfigStreamWorkers) Validate() error

type DataMapShards added in v0.5.0 

type DataMapShards struct {
	Name            string
	Channels        []chan *datamodels.SafeMap
	Ctx             context.Context
	Len             uint64
	CountMissingKey uint64
}

func NewDataMapShards added in v0.5.0 

func NewDataMapShards(ctx context.Context, workers int, name string) (*DataMapShards, error)

func (*DataMapShards) Close added in v0.5.0 

func (s *DataMapShards) Close() error

func (*DataMapShards) Handler added in v0.5.0 

func (s *DataMapShards) Handler(balanceKey ...string) (MapHandlerFunc, error)

type EncodedEntry added in v0.5.0 

type EncodedEntry struct {
	Key   string
	Entry []byte
}

type ErrInvalidEvent 

type ErrInvalidEvent struct {
	Key string
	Raw datamodels.Map
}

func (ErrInvalidEvent) Error 

func (e ErrInvalidEvent) Error() string

type MapHandlerFunc added in v0.5.0 

type MapHandlerFunc func(*datamodels.SafeMap)

type SafeCorrelationEventMap added in v0.6.0 

type SafeCorrelationEventMap struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

SafeCorrelationEventMap is a naive verion of bucketing system for simple lookups For now, only needed for doing correlation lookups for Suricata events

func NewSafeConcurrentMap added in v0.6.0 

func NewSafeConcurrentMap() *SafeCorrelationEventMap

func (*SafeCorrelationEventMap) Insert added in v0.6.0 

func (s *SafeCorrelationEventMap) Insert(key string, value datamodels.Map)

func (*SafeCorrelationEventMap) Len added in v0.6.0 

func (s *SafeCorrelationEventMap) Len() int

func (*SafeCorrelationEventMap) Lookup added in v0.6.0 

func (s *SafeCorrelationEventMap) Lookup(key string) (datamodels.Map, bool)

type SuricataCorrelateConfig added in v0.6.0 

type SuricataCorrelateConfig struct {
	ConfigStreamWorkers
	Output ConfigStreamRedis

	InputEventShards      *DataMapShards
	CorrelatedEventShards *DataMapShards
}

type SysmonCorrelateConfig added in v0.5.0 

type SysmonCorrelateConfig struct {
	ConfigStreamWorkers

	Shards          *DataMapShards
	LogCorrelations bool
	WinlogConfig
}

type Winlog 

type Winlog struct {
	gommunityid.CommunityID

	// SuricataHandler assigns resulting correlations to correct suricata worker
	SuricataHandler []MapHandlerFunc

	Stats winlogStats
	// contains filtered or unexported fields
}

Winlog is handler for enrichment

func (*Winlog) Close 

func (c *Winlog) Close() error

func (Winlog) CmdLen 

func (c Winlog) CmdLen() int

func (*Winlog) Process 

func (c *Winlog) Process(e *datamodels.SafeMap) error

type WinlogBucketsConfig 

type WinlogBucketsConfig struct {
	Command BucketsConfig
	Network BucketsConfig
}

type WinlogConfig 

type WinlogConfig struct {
	Commands             buckets
	Buckets              WinlogBucketsConfig
	StoreNetEvents       bool
	WorkDir              string
	ChanCorrelated       chan EncodedEntry
	ChanOnlyNetwork      chan EncodedEntry
	ForwardNetworkEvents bool
	SuricataHandler      []MapHandlerFunc
}

type WiseConfig added in v0.5.0 

type WiseConfig struct {
	ConfigStreamWorkers

	ClientCorrelated  *redis.Client
	ClientOnlyNetwork *redis.Client

	ForwardNetworkEvents bool

	ChanCorrelated  <-chan EncodedEntry
	ChanOnlyNetwork <-chan EncodedEntry
}

func (*WiseConfig) SetNoWorkers added in v0.6.0 

func (c *WiseConfig) SetNoWorkers() WiseConfig

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.