Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Config ¶
type Config struct {
Title string // A short description of what this configuration does
Order int // Defines the order of expansion when multiple config files are applicable
Backends []string // Lists the Sigma implementations that this config file is compatible with
FieldMappings map[string]FieldMapping
Placeholders map[string][]interface{} // Defines values for placeholders that might appear in Yara rules
}
Config is a struct that defines the Sigma configuration
func ParseConfig ¶
ParseConfig takes a byte slice of YAML data and returns a Config struct or an error if unmarshaling fails
type FieldMapping ¶
type FieldMapping struct {
TargetNames []string // The name(s) that appear in the events being matched
}
FieldMapping is a struct that defines the target fields to be matched in Yara rules
func (*FieldMapping) UnmarshalYAML ¶
func (f *FieldMapping) UnmarshalYAML(value *yaml.Node) error
UnmarshalYAML is a custom method for unmarshaling YAML data into FieldMapping
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.