Documentation ¶
Index ¶
- Constants
- func IsScalar(value interface{}) bool
- type AlertsStatus
- type Analyzer
- type Artifact
- type ArtifactStream
- type Auditable
- type BaseSegment
- func (segment *BaseSegment) AddField(field string) error
- func (segment *BaseSegment) Clear()
- func (segment *BaseSegment) Fields() []string
- func (segment *BaseSegment) RawFields() []string
- func (segment *BaseSegment) RemoveTermsWith(raw string) int
- func (segment *BaseSegment) Terms() []*QueryTerm
- func (segment *BaseSegment) TermsAsString() string
- type Case
- type Comment
- type EventAckCriteria
- type EventIndexResults
- type EventMetric
- type EventRecord
- type EventResults
- type EventSearchCriteria
- type EventSearchResults
- type EventUpdateCriteria
- type EventUpdateResults
- type Filter
- type GridStatus
- type GroupBySegment
- type Info
- type Job
- type JobResult
- type Node
- type Packet
- type Query
- func (query *Query) AddSegment(segment QuerySegment)
- func (query *Query) Filter(field string, value string, scalar bool, mode string, condense bool) (string, error)
- func (query *Query) Group(segmentIdx int, field string) (string, error)
- func (query *Query) NamedSegment(name string) QuerySegment
- func (query *Query) NamedSegments(name string) []QuerySegment
- func (query *Query) Parse(str string) error
- func (query *Query) RemoveSegment(name string) QuerySegment
- func (query *Query) Sort(field string) (string, error)
- func (query *Query) String() string
- type QuerySegment
- type QueryTerm
- type RelatedEvent
- type SearchSegment
- type SortBySegment
- type SortCriteria
- type Status
- type Unauthorized
- type User
Constants ¶
View Source
const CASE_STATUS_NEW = "new"
View Source
const DEFAULT_JOB_KIND = "pcap"
View Source
const FILTER_DRILLDOWN = "DRILLDOWN"
View Source
const FILTER_EXACT = "EXACT"
View Source
const FILTER_EXCLUDE = "EXCLUDE"
View Source
const FILTER_INCLUDE = "INCLUDE"
View Source
const JobStatusCompleted = 1
View Source
const JobStatusDeleted = 3
View Source
const JobStatusIncomplete = 2
View Source
const JobStatusPending = 0
View Source
const NodeStatusFault = "fault"
View Source
const NodeStatusOk = "ok"
View Source
const NodeStatusUnknown = "unknown"
View Source
const SegmentKind_GroupBy = "groupby"
View Source
const SegmentKind_Search = "search"
View Source
const SegmentKind_SortBy = "sortby"
Variables ¶
This section is empty.
Functions ¶
Types ¶
type AlertsStatus ¶
type AlertsStatus struct {
NewCount int `json:"newCount"`
}
type Analyzer ¶
func NewAnalyzer ¶
func (*Analyzer) GetRequirementsPath ¶
func (*Analyzer) GetSitePackagesPath ¶
func (*Analyzer) GetSourcePackagesPath ¶
type Artifact ¶
type Artifact struct { Auditable CaseId string `json:"caseId"` GroupType string `json:"groupType"` GroupId string `json:"groupId"` ArtifactType string `json:"artifactType"` Value string `json:"value"` MimeType string `json:"mimeType"` StreamLen int `json:"streamLength"` StreamId string `json:"streamId"` Tlp string `json:"tlp"` Tags []string `json:"tags"` Description string `json:"description"` Ioc bool `json:"ioc"` Md5 string `json:"md5"` Sha1 string `json:"sha1"` Sha256 string `json:"sha256"` }
func NewArtifact ¶
func NewArtifact() *Artifact
type ArtifactStream ¶
func NewArtifactStream ¶
func NewArtifactStream() *ArtifactStream
func (*ArtifactStream) Read ¶
func (stream *ArtifactStream) Read() io.Reader
type BaseSegment ¶
type BaseSegment struct {
// contains filtered or unexported fields
}
func (*BaseSegment) AddField ¶
func (segment *BaseSegment) AddField(field string) error
func (*BaseSegment) Clear ¶
func (segment *BaseSegment) Clear()
func (*BaseSegment) Fields ¶
func (segment *BaseSegment) Fields() []string
func (*BaseSegment) RawFields ¶
func (segment *BaseSegment) RawFields() []string
func (*BaseSegment) RemoveTermsWith ¶
func (segment *BaseSegment) RemoveTermsWith(raw string) int
func (*BaseSegment) Terms ¶
func (segment *BaseSegment) Terms() []*QueryTerm
func (*BaseSegment) TermsAsString ¶
func (segment *BaseSegment) TermsAsString() string
type Case ¶
type Case struct { Auditable StartTime *time.Time `json:"startTime"` CompleteTime *time.Time `json:"completeTime"` Title string `json:"title"` Description string `json:"description"` Priority int `json:"priority"` Severity string `json:"severity"` Status string `json:"status"` Template string `json:"template"` Tlp string `json:"tlp"` Pap string `json:"pap"` Category string `json:"category"` AssigneeId string `json:"assigneeId"` Tags []string `json:"tags"` }
func (*Case) ProcessWorkflowForStatus ¶
type Comment ¶
type Comment struct { Auditable CaseId string `json:"caseId"` Description string `json:"description"` }
func NewComment ¶
func NewComment() *Comment
type EventAckCriteria ¶
type EventAckCriteria struct { SearchFilter string `json:"searchFilter"` EventFilter map[string]interface{} `json:"eventFilter"` DateRange string `json:"dateRange"` DateRangeFormat string `json:"dateRangeFormat"` Timezone string `json:"timezone"` Escalate bool `json:"escalate"` Acknowledge bool `json:"acknowledge"` }
func NewEventAckCriteria ¶
func NewEventAckCriteria() *EventAckCriteria
type EventIndexResults ¶
func NewEventIndexResults ¶
func NewEventIndexResults() *EventIndexResults
type EventMetric ¶
type EventMetric struct { Keys []interface{} `json:"keys"` Value int `json:"value"` }
type EventRecord ¶
type EventResults ¶
type EventResults struct { CreateTime time.Time `json:"createTime"` CompleteTime time.Time `json:"completeTime"` ElapsedMs int `json:"elapsedMs"` Errors []string `json:"errors"` }
func (*EventResults) Complete ¶
func (results *EventResults) Complete()
type EventSearchCriteria ¶
type EventSearchCriteria struct { RawQuery string `json:"query"` DateRange string `json:"dateRange"` MetricLimit int `json:"metricLimit"` EventLimit int `json:"eventLimit"` BeginTime time.Time EndTime time.Time CreateTime time.Time ParsedQuery *Query SortFields []*SortCriteria }
func NewEventSearchCriteria ¶
func NewEventSearchCriteria() *EventSearchCriteria
type EventSearchResults ¶
type EventSearchResults struct { EventResults Criteria *EventSearchCriteria `json:"criteria"` TotalEvents int `json:"totalEvents"` Events []*EventRecord `json:"events"` Metrics map[string]([]*EventMetric) `json:"metrics"` }
func NewEventSearchResults ¶
func NewEventSearchResults() *EventSearchResults
type EventUpdateCriteria ¶
type EventUpdateCriteria struct { EventSearchCriteria UpdateScripts []string `json:"updateScripts"` Asynchronous bool `json:"async"` }
func NewEventUpdateCriteria ¶
func NewEventUpdateCriteria() *EventUpdateCriteria
func (*EventUpdateCriteria) AddUpdateScript ¶
func (criteria *EventUpdateCriteria) AddUpdateScript(script string)
type EventUpdateResults ¶
type EventUpdateResults struct { EventResults Criteria *EventUpdateCriteria `json:"criteria"` UpdatedCount int `json:"updatedCount"` UnchangedCount int `json:"unchangedCount"` }
func NewEventUpdateResults ¶
func NewEventUpdateResults() *EventUpdateResults
func (*EventUpdateResults) AddEventUpdateResults ¶
func (results *EventUpdateResults) AddEventUpdateResults(newResults *EventUpdateResults)
type Filter ¶
type GridStatus ¶
type GroupBySegment ¶
type GroupBySegment struct {
*BaseSegment
}
func NewGroupBySegment ¶
func NewGroupBySegment(terms []*QueryTerm) (*GroupBySegment, error)
func NewGroupBySegmentEmpty ¶
func NewGroupBySegmentEmpty() *GroupBySegment
func (*GroupBySegment) Kind ¶
func (segment *GroupBySegment) Kind() string
func (*GroupBySegment) String ¶
func (segment *GroupBySegment) String() string
type Job ¶
type Job struct { Id int `json:"id"` CreateTime time.Time `json:"createTime"` Status int `json:"status"` CompleteTime time.Time `json:"completeTime"` FailTime time.Time `json:"failTime"` Failure string `json:"failure"` FailCount int `json:"failCount"` Owner string `json:"owner"` NodeId string `json:"nodeId"` LegacySensorId string `json:"sensorId"` FileExtension string `json:"fileExtension"` Filter *Filter `json:"filter"` UserId string `json:"userId"` Kind string `json:"kind"` Results []*JobResult `json:"results"` }
func (*Job) CanProcess ¶
type JobResult ¶
type JobResult struct { Id string `json:"id"` Data interface{} `json:"data"` Summary string `json:"summary"` }
func NewJobResult ¶
type Node ¶
type Node struct { Id string `json:"id"` OnlineTime time.Time `json:"onlineTime"` UpdateTime time.Time `json:"updateTime"` EpochTime time.Time `json:"epochTime"` UptimeSeconds int `json:"uptimeSeconds"` Description string `json:"description"` Address string `json:"address"` Role string `json:"role"` Model string `json:"model"` ImageFront string `json:"imageFront"` ImageBack string `json:"imageBack"` Status string `json:"status"` Version string `json:"version"` ConnectionStatus string `json:"connectionStatus"` RaidStatus string `json:"raidStatus"` ProcessStatus string `json:"processStatus"` ProductionEps int `json:"productionEps"` ConsumptionEps int `json:"consumptionEps"` FailedEvents int `json:"failedEvents"` MetricsEnabled bool `json:"metricsEnabled"` }
func (*Node) UpdateOverallStatus ¶
type Packet ¶
type Packet struct { Number int `json:"number"` Type string `json:"type"` SrcMac string `json:"srcMac"` DstMac string `json:"dstMac"` SrcIp string `json:"srcIp"` SrcPort int `json:"srcPort"` DstIp string `json:"dstIp"` DstPort int `json:"dstPort"` Length int `json:"length"` Timestamp time.Time `json:"timestamp"` Sequence int `json:"sequence"` Acknowledge int `json:"acknowledge"` Window int `json:"window"` Checksum int `json:"checksum"` Flags []string `json:"flags"` Payload string `json:"payload"` PayloadOffset int `json:"payloadOffset"` }
type Query ¶
type Query struct {
Segments []QuerySegment
}
func (*Query) AddSegment ¶
func (query *Query) AddSegment(segment QuerySegment)
func (*Query) NamedSegment ¶
func (query *Query) NamedSegment(name string) QuerySegment
func (*Query) NamedSegments ¶
func (query *Query) NamedSegments(name string) []QuerySegment
func (*Query) RemoveSegment ¶
func (query *Query) RemoveSegment(name string) QuerySegment
type QuerySegment ¶
func NewSegment ¶
func NewSegment(kind string, terms []*QueryTerm) (QuerySegment, error)
type QueryTerm ¶
func NewQueryTerm ¶
type RelatedEvent ¶
type RelatedEvent struct { Auditable CaseId string `json:"caseId"` Fields map[string]interface{} `json:"fields"` }
func NewRelatedEvent ¶
func NewRelatedEvent() *RelatedEvent
type SearchSegment ¶
type SearchSegment struct {
*BaseSegment
}
func NewSearchSegment ¶
func NewSearchSegment(terms []*QueryTerm) (*SearchSegment, error)
func NewSearchSegmentEmpty ¶
func NewSearchSegmentEmpty() *SearchSegment
func (*SearchSegment) Kind ¶
func (segment *SearchSegment) Kind() string
func (*SearchSegment) String ¶
func (segment *SearchSegment) String() string
type SortBySegment ¶
type SortBySegment struct {
*BaseSegment
}
func NewSortBySegment ¶
func NewSortBySegment(terms []*QueryTerm) (*SortBySegment, error)
func NewSortBySegmentEmpty ¶
func NewSortBySegmentEmpty() *SortBySegment
func (*SortBySegment) Kind ¶
func (segment *SortBySegment) Kind() string
func (*SortBySegment) String ¶
func (segment *SortBySegment) String() string
type SortCriteria ¶
type Status ¶
type Status struct { Grid *GridStatus `json:"grid"` Alerts *AlertsStatus `json:"alerts"` }
type Unauthorized ¶
type Unauthorized struct {}
func NewUnauthorized ¶
func NewUnauthorized(subject string, operation string, target string) *Unauthorized
func (*Unauthorized) Error ¶
func (err *Unauthorized) Error() string
type User ¶
type User struct { Id string `json:"id"` CreateTime time.Time `json:"createTime"` UpdateTime time.Time `json:"updateTime"` Email string `json:"email"` FirstName string `json:"firstName"` LastName string `json:"lastName"` MfaStatus string `json:"mfaStatus"` Note string `json:"note"` Roles []string `json:"roles"` Status string `json:"status"` SearchUsername string `json:"searchUsername"` }
Click to show internal directories.
Click to hide internal directories.