Documentation ¶
Overview ¶
Package label implements mapping alerts from suricata to netcap audit records
Index ¶
- Variables
- func CustomLabels(pathMappingInfo, outputPath, separator, selection string) error
- func CustomMap(man *manager.LabelManager, wg *sync.WaitGroup, file, typ string, ...) *pb.ProgressBar
- func SetExcluded(arg string)
- func Suricata(inputPcap, outputPath string, useDescription bool, separator, selection string) error
Constants ¶
This section is empty.
Variables ¶
var ( // StopOnDuplicateLabels will stop execution and print info // in case more than one label for the same timestamp exists // this affects layers being labeled, because they use the labelMap // other record types use the label array, which is not affected. // handling this needs to be improved in the future. StopOnDuplicateLabels = false // DisableLayerMapping can be used to disable mapping gopacket layer types. DisableLayerMapping = false // SuricataConfigPath contains the path for the suricata config file. SuricataConfigPath string )
regular expressions to match data from suricata fast.log.
var ( // UseProgressBars whether to use the progress bar. UseProgressBars = false // Debug mode. Debug bool )
var CollectLabels bool
CollectLabels indicates whether labels should be collected.
Functions ¶
func CustomLabels ¶ added in v0.4.3
CustomLabels uses info from a csv file to label the data.
func CustomMap ¶ added in v0.4.3
func CustomMap(man *manager.LabelManager, wg *sync.WaitGroup, file, typ string, outDir, separator, selection string) *pb.ProgressBar
CustomMap uses info from a csv file to label the data func customMap(wg *sync.WaitGroup, file string, typ string, labelMap map[int64]*suricataAlert, labels []*suricataAlert, outDir, separator, selection string) *pb.ProgressBar {.
func SetExcluded ¶
func SetExcluded(arg string)
SetExcluded takes a comma separated list of strings to exclude from labeling.
func Suricata ¶
Suricata creates labeled CSV files for audit records derived from the provided input file alerts are generated by using suricata to scan the input pcap file a directory named after the input file is created, all suricata logs go there if no output directory is specified, netcap audit records are expected in the current directory. otherwise audit records are expected in the output directory.
Types ¶
This section is empty.