label

package

v0.6.11 Latest Latest Go to latest Published: Jan 30, 2022 License: BSD-3-Clause, GPL-3.0 Imports: 24 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/dreadl0ck/netcap

Links

Open Source Insights

Documentation ¶

Overview ¶

Package label implements mapping alerts from suricata to netcap audit records

Index ¶

Variables
func CustomLabels(pathMappingInfo, outputPath, separator, selection string) error
func CustomMap(man *manager.LabelManager, wg *sync.WaitGroup, file, typ string, ...) *pb.ProgressBar
func SetExcluded(arg string)
func Suricata(inputPcap, outputPath string, useDescription bool, separator, selection string) error

Constants ¶

This section is empty.

Variables ¶

View Source

var (

	// StopOnDuplicateLabels will stop execution and print info
	// in case more than one label for the same timestamp exists
	// this affects layers being labeled, because they use the labelMap
	// other record types use the label array, which is not affected.
	// handling this needs to be improved in the future.
	StopOnDuplicateLabels = false

	// DisableLayerMapping can be used to disable mapping gopacket layer types.
	DisableLayerMapping = false

	// SuricataConfigPath contains the path for the suricata config file.
	SuricataConfigPath string
)

regular expressions to match data from suricata fast.log.

View Source

var (
	// UseProgressBars whether to use the progress bar.
	UseProgressBars = false

	// Debug mode.
	Debug bool
)

View Source

var CollectLabels bool

CollectLabels indicates whether labels should be collected.

Functions ¶

func CustomLabels ¶ added in v0.4.3

func CustomLabels(pathMappingInfo, outputPath, separator, selection string) error

CustomLabels uses info from a csv file to label the data.

func CustomMap ¶ added in v0.4.3

func CustomMap(man *manager.LabelManager, wg *sync.WaitGroup, file, typ string, outDir, separator, selection string) *pb.ProgressBar

CustomMap uses info from a csv file to label the data func customMap(wg *sync.WaitGroup, file string, typ string, labelMap map[int64]*suricataAlert, labels []*suricataAlert, outDir, separator, selection string) *pb.ProgressBar {.

func SetExcluded ¶

func SetExcluded(arg string)

SetExcluded takes a comma separated list of strings to exclude from labeling.

func Suricata ¶

func Suricata(inputPcap, outputPath string, useDescription bool, separator, selection string) error

Suricata creates labeled CSV files for audit records derived from the provided input file alerts are generated by using suricata to scan the input pcap file a directory named after the input file is created, all suricata logs go there if no output directory is specified, netcap audit records are expected in the current directory. otherwise audit records are expected in the output directory.

Types ¶

This section is empty.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
manager

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL