Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AlertEvent ¶
type AlertEvent struct { Timestamp string `json:"timestamp"` EventTime int64 `parquet:"name=event_time, type=INT64, convertedtype=TIMESTAMP_MILLIS"` EventType string `json:"event_type"` SrcIP string `json:"src_ip" parquet:"name=src_ip, type=BYTE_ARRAY, convertedtype=UTF8"` DestIP string `json:"dest_ip" parquet:"name=dest_ip, type=BYTE_ARRAY, convertedtype=UTF8"` SrcPort int `json:"src_port" parquet:"name=src_port, type=INT32"` DestPort int `json:"dest_port" parquet:"name=dest_port, type=INT32"` Proto string `json:"proto" parquet:"name=proto, type=BYTE_ARRAY, convertedtype=UTF8"` AppProto string `json:"app_proto" parquet:"name=app_proto, type=BYTE_ARRAY, convertedtype=UTF8"` FlowID int64 `json:"flow_id" parquet:"name=flow_id, type=INT64"` InIface string `json:"in_iface" parquet:"name=in_iface, type=BYTE_ARRAY, convertedtype=UTF8"` Vlan int `json:"vlan" parquet:"name=vlan, type=INT32"` TxID int `json:"tx_id" parquet:"name=tx_id, type=INT32"` Alert struct { Action string `json:"action" parquet:"name=action, type=BYTE_ARRAY, convertedtype=UTF8"` GID int `json:"gid" parquet:"name=gid, type=INT32"` SignatureID int `json:"signature_id" parquet:"name=signature_id, type=INT32"` Rev int `json:"rev" parquet:"name=rev, type=INT32"` AppProto string `json:"app_proto" parquet:"name=app_proto, type=BYTE_ARRAY, convertedtype=UTF8"` Signature string `json:"signature" parquet:"name=signature, type=BYTE_ARRAY, convertedtype=UTF8"` Severity int `json:"severity" parquet:"name=severity, type=INT32"` Source struct { IP string `json:"ip" parquet:"name=ip, type=BYTE_ARRAY, convertedtype=UTF8"` Port int `json:"port" parquet:"name=port, type=INT32"` } `json:"source" parquet:"name=source"` Target struct { IP string `json:"ip" parquet:"name=ip, type=BYTE_ARRAY, convertedtype=UTF8"` Port int `json:"port" parquet:"name=port, type=INT32"` } `json:"target" parquet:"name=target"` } `json:"alert" parquet:"name=alert"` GeoIPData struct { Source GeoIPData `json:"source" parquet:"name=source"` Dest GeoIPData `json:"dest" parquet:"name=dest"` } `json:"geoip_data" parquet:"name=geoip_data"` }
func (AlertEvent) GetDateHourKey ¶
func (e AlertEvent) GetDateHourKey() storage.DateHourKey
func (*AlertEvent) UpdateFields ¶
func (e *AlertEvent) UpdateFields() error
func (*AlertEvent) UpdateGeoIP ¶
func (e *AlertEvent) UpdateGeoIP(reader *geoip2.Reader) error
type DHCPEvent ¶
type DHCPEvent struct { Timestamp string `json:"timestamp"` EventTime int64 `parquet:"name=event_time, type=INT64, convertedtype=TIMESTAMP_MILLIS"` EventType string `json:"event_type"` SrcIP string `json:"src_ip" parquet:"name=src_ip, type=BYTE_ARRAY, convertedtype=UTF8"` DestIP string `json:"dest_ip" parquet:"name=dest_ip, type=BYTE_ARRAY, convertedtype=UTF8"` SrcPort int `json:"src_port" parquet:"name=src_port, type=INT32"` DestPort int `json:"dest_port" parquet:"name=dest_port, type=INT32"` Proto string `json:"proto" parquet:"name=proto, type=BYTE_ARRAY, convertedtype=UTF8"` AppProto string `json:"app_proto" parquet:"name=app_proto, type=BYTE_ARRAY, convertedtype=UTF8"` FlowID int64 `json:"flow_id" parquet:"name=flow_id, type=INT64"` InIface string `json:"in_iface" parquet:"name=in_iface, type=BYTE_ARRAY, convertedtype=UTF8"` Vlan int `json:"vlan" parquet:"name=vlan, type=INT32"` TxID int `json:"tx_id" parquet:"name=tx_id, type=INT32"` DHCP struct { Type string `json:"type" parquet:"name=type, type=BYTE_ARRAY, convertedtype=UTF8"` ID int `json:"id" parquet:"name=id, type=INT32"` ClientMac string `json:"client_mac" parquet:"name=client_mac, type=BYTE_ARRAY, convertedtype=UTF8"` AssignedIP string `json:"assigned_ip" parquet:"name=assigned_ip, type=BYTE_ARRAY, convertedtype=UTF8"` DHCPType string `json:"dhcp_type" parquet:"name=dhcp_type, type=BYTE_ARRAY, convertedtype=UTF8"` RenewalTime int `json:"renewal_time" parquet:"name=renewal_time, type=INT32"` } `json:"dhcp" parquet:"name=dhcp"` GeoIPData struct { Source GeoIPData `json:"source" parquet:"name=source"` Dest GeoIPData `json:"dest" parquet:"name=dest"` } `json:"geoip_data" parquet:"name=geoip_data"` }
func (DHCPEvent) GetDateHourKey ¶
func (e DHCPEvent) GetDateHourKey() storage.DateHourKey
func (*DHCPEvent) UpdateFields ¶
func (*DHCPEvent) UpdateGeoIP ¶
type DNSEvent ¶
type DNSEvent struct { Timestamp string `json:"timestamp"` EventTime int64 `parquet:"name=event_time, type=INT64, convertedtype=TIMESTAMP_MILLIS"` EventType string `json:"event_type"` SrcIP string `json:"src_ip" parquet:"name=src_ip, type=BYTE_ARRAY, convertedtype=UTF8"` DestIP string `json:"dest_ip" parquet:"name=dest_ip, type=BYTE_ARRAY, convertedtype=UTF8"` SrcPort int `json:"src_port" parquet:"name=src_port, type=INT32"` DestPort int `json:"dest_port" parquet:"name=dest_port, type=INT32"` Proto string `json:"proto" parquet:"name=proto, type=BYTE_ARRAY, convertedtype=UTF8"` AppProto string `json:"app_proto" parquet:"name=app_proto, type=BYTE_ARRAY, convertedtype=UTF8"` FlowID int64 `json:"flow_id" parquet:"name=flow_id, type=INT64"` InIface string `json:"in_iface" parquet:"name=in_iface, type=BYTE_ARRAY, convertedtype=UTF8"` Vlan int `json:"vlan" parquet:"name=vlan, type=INT32"` TxID int `json:"tx_id" parquet:"name=tx_id, type=INT32"` DNS *struct { Version int `json:"version" parquet:"name=version, type=INT32"` Type string `json:"type" parquet:"name=type, type=BYTE_ARRAY, convertedtype=UTF8"` ID int `json:"id" parquet:"name=id, type=INT32"` Flags string `json:"flags" parquet:"name=flags, type=BYTE_ARRAY, convertedtype=UTF8"` QR bool `json:"qr" parquet:"name=qr, type=BOOLEAN"` RD bool `json:"rd" parquet:"name=rd, type=BOOLEAN"` RA bool `json:"ra" parquet:"name=ra, type=BOOLEAN"` RRName string `json:"rrname" parquet:"name=rrname, type=BYTE_ARRAY, convertedtype=UTF8"` RRType string `json:"rrtype" parquet:"name=rrtype, type=BYTE_ARRAY, convertedtype=UTF8"` RCode string `json:"rcode" parquet:"name=rcode, type=BYTE_ARRAY, convertedtype=UTF8"` Answers []struct { RRName string `json:"rrname" parquet:"name=rrname, type=BYTE_ARRAY, convertedtype=UTF8"` RRType string `json:"rrtype" parquet:"name=rrtype, type=BYTE_ARRAY, convertedtype=UTF8"` TTL int `json:"ttl" parquet:"name=ttl, type=INT32"` RData string `json:"rdata" parquet:"name=rdata, type=BYTE_ARRAY, convertedtype=UTF8"` } `json:"answers" parquet:"name=answers"` } `json:"dns" parquet:"name=dns"` GeoIPData struct { Source GeoIPData `json:"source" parquet:"name=source"` Dest GeoIPData `json:"dest" parquet:"name=dest"` } `json:"geoip_data" parquet:"name=geoip_data"` }
func (DNSEvent) GetDateHourKey ¶
func (e DNSEvent) GetDateHourKey() storage.DateHourKey
func (*DNSEvent) UpdateFields ¶
func (*DNSEvent) UpdateGeoIP ¶
type FlowEvent ¶
type FlowEvent struct { Timestamp string `json:"timestamp"` EventTime int64 `parquet:"name=event_time, type=INT64, convertedtype=TIMESTAMP_MILLIS"` EventType string `json:"event_type"` SrcIP string `json:"src_ip" parquet:"name=src_ip, type=BYTE_ARRAY, convertedtype=UTF8"` DestIP string `json:"dest_ip" parquet:"name=dest_ip, type=BYTE_ARRAY, convertedtype=UTF8"` SrcPort int `json:"src_port" parquet:"name=src_port, type=INT32"` DestPort int `json:"dest_port" parquet:"name=dest_port, type=INT32"` Proto string `json:"proto" parquet:"name=proto, type=BYTE_ARRAY, convertedtype=UTF8"` AppProto string `json:"app_proto" parquet:"name=app_proto, type=BYTE_ARRAY, convertedtype=UTF8"` FlowID int64 `json:"flow_id" parquet:"name=flow_id, type=INT64"` InIface string `json:"in_iface" parquet:"name=in_iface, type=BYTE_ARRAY, convertedtype=UTF8"` Vlan int `json:"vlan" parquet:"name=vlan, type=INT32"` TxID int `json:"tx_id" parquet:"name=tx_id, type=INT32"` Flow struct { PktsToServer int64 `json:"pkts_toserver" parquet:"name=pkts_toserver, type=INT64"` PktsToClient int64 `json:"pkts_toclient" parquet:"name=pkts_toclient, type=INT64"` BytesToServer int64 `json:"bytes_toserver" parquet:"name=bytes_toserver, type=INT64"` BytesToClient int64 `json:"bytes_toclient" parquet:"name=bytes_toclient, type=INT64"` Start string `json:"start" parquet:"name=start, type=BYTE_ARRAY, convertedtype=UTF8"` End string `json:"end" parquet:"name=end, type=BYTE_ARRAY, convertedtype=UTF8"` Age int `json:"age" parquet:"name=age, type=INT32"` State string `json:"state" parquet:"name=state, type=BYTE_ARRAY, convertedtype=UTF8"` Reason string `json:"reason" parquet:"name=reason, type=BYTE_ARRAY, convertedtype=UTF8"` Alerted bool `json:"alerted" parquet:"name=alerted, type=BOOLEAN"` } `json:"flow" parquet:"name=flow"` TCP struct { TCPFlags string `json:"tcp_flags" parquet:"name=tcp_flags, type=BYTE_ARRAY, convertedtype=UTF8"` TCPFlagsTS string `json:"tcp_flags_ts" parquet:"name=tcp_flags_ts, type=BYTE_ARRAY, convertedtype=UTF8"` TCPFlagsTC string `json:"tcp_flags_tc" parquet:"name=tcp_flags_tc, type=BYTE_ARRAY, convertedtype=UTF8"` Syn bool `json:"syn" parquet:"name=syn, type=BOOLEAN"` Rst bool `json:"rst" parquet:"name=rst, type=BOOLEAN"` Ack bool `json:"ack" parquet:"name=ack, type=BOOLEAN"` Ecn bool `json:"ecn" parquet:"name=ecn, type=BOOLEAN"` Cwr bool `json:"cwr" parquet:"name=cwr, type=BOOLEAN"` Psh bool `json:"psh" parquet:"name=psh, type=BOOLEAN"` Fin bool `json:"fin" parquet:"name=fin, type=BOOLEAN"` Urg bool `json:"urg" parquet:"name=urg, type=BOOLEAN"` State string `json:"state" parquet:"name=state, type=BYTE_ARRAY, convertedtype=UTF8"` } `json:"tcp" parquet:"name=tcp"` GeoIPData struct { Source GeoIPData `json:"source" parquet:"name=source"` Dest GeoIPData `json:"dest" parquet:"name=dest"` } `json:"geoip_data" parquet:"name=geoip_data"` }
func (FlowEvent) GetDateHourKey ¶
func (e FlowEvent) GetDateHourKey() storage.DateHourKey
func (*FlowEvent) UpdateFields ¶
func (*FlowEvent) UpdateGeoIP ¶
type GeoIPData ¶
type GeoIPData struct { CityName string `json:"city_name" parquet:"name=city_name, type=BYTE_ARRAY, convertedtype=UTF8"` ContinentCode string `json:"continent_code" parquet:"name=continent_code, type=BYTE_ARRAY, convertedtype=UTF8"` ContinentName string `json:"continent_name" parquet:"name=continent_name, type=BYTE_ARRAY, convertedtype=UTF8"` CountryIsoCode string `json:"country_iso_code" parquet:"name=country_iso_code, type=BYTE_ARRAY, convertedtype=UTF8"` CountryName string `json:"country_name" parquet:"name=country_name, type=BYTE_ARRAY, convertedtype=UTF8"` Latitude float64 `json:"latitude" parquet:"name=latitude, type=DOUBLE"` Longitude float64 `json:"longitude" parquet:"name=longitude, type=DOUBLE"` LocationAccuracyRadius int `json:"location_accuracy_radius" parquet:"name=location_accuracy_radius, type=INT32"` TimeZone string `json:"time_zone" parquet:"name=time_zone, type=BYTE_ARRAY, convertedtype=UTF8"` PostalCode string `json:"postal_code" parquet:"name=postal_code, type=BYTE_ARRAY, convertedtype=UTF8"` IsAnonymousProxy bool `json:"is_anonymous_proxy" parquet:"name=is_anonymous_proxy, type=BOOLEAN"` IsSatelliteProvider bool `json:"is_satellite_provider" parquet:"name=is_satellite_provider, type=BOOLEAN"` Subdivisions []struct { IsoCode string `json:"iso_code" parquet:"name=iso_code, type=BYTE_ARRAY, convertedtype=UTF8"` Name string `json:"name" parquet:"name=name, type=BYTE_ARRAY, convertedtype=UTF8"` } `json:"subdivisions" parquet:"name=subdivisions, type=LIST"` }
func GetGeoIPData ¶
type GeoIPModel ¶
type GeoIPModel interface {
UpdateGeoIP(reader *geoip2.Reader) error
}
type HTTPEvent ¶
type HTTPEvent struct { Timestamp string `json:"timestamp"` EventTime int64 `parquet:"name=event_time, type=INT64, convertedtype=TIMESTAMP_MILLIS"` EventType string `json:"event_type"` SrcIP string `json:"src_ip" parquet:"name=src_ip, type=BYTE_ARRAY, convertedtype=UTF8"` DestIP string `json:"dest_ip" parquet:"name=dest_ip, type=BYTE_ARRAY, convertedtype=UTF8"` SrcPort int `json:"src_port" parquet:"name=src_port, type=INT32"` DestPort int `json:"dest_port" parquet:"name=dest_port, type=INT32"` Proto string `json:"proto" parquet:"name=proto, type=BYTE_ARRAY, convertedtype=UTF8"` AppProto string `json:"app_proto" parquet:"name=app_proto, type=BYTE_ARRAY, convertedtype=UTF8"` FlowID int64 `json:"flow_id" parquet:"name=flow_id, type=INT64"` InIface string `json:"in_iface" parquet:"name=in_iface, type=BYTE_ARRAY, convertedtype=UTF8"` Vlan int `json:"vlan" parquet:"name=vlan, type=INT32"` TxID int `json:"tx_id" parquet:"name=tx_id, type=INT32"` HTTP struct { HTTPPort int `json:"http_port" parquet:"name=http_port, type=INT32"` Hostname string `json:"hostname" parquet:"name=hostname, type=BYTE_ARRAY, convertedtype=UTF8"` URL string `json:"url" parquet:"name=url, type=BYTE_ARRAY, convertedtype=UTF8"` HTTPUserAgent string `json:"http_user_agent" parquet:"name=http_user_agent, type=BYTE_ARRAY, convertedtype=UTF8"` HTTPContentType string `json:"http_content_type" parquet:"name=http_content_type, type=BYTE_ARRAY, convertedtype=UTF8"` HTTPRefer string `json:"http_refer" parquet:"name=http_refer, type=BYTE_ARRAY, convertedtype=UTF8"` HTTPMethod string `json:"http_method" parquet:"name=http_method, type=BYTE_ARRAY, convertedtype=UTF8"` Protocol string `json:"protocol" parquet:"name=protocol, type=BYTE_ARRAY, convertedtype=UTF8"` Status int `json:"status" parquet:"name=status, type=INT32"` Length int `json:"length" parquet:"name=length, type=INT32"` } `json:"http" parquet:"name=http"` GeoIPData struct { Source GeoIPData `json:"source" parquet:"name=source"` Dest GeoIPData `json:"dest" parquet:"name=dest"` } `json:"geoip_data" parquet:"name=geoip_data"` }
func (HTTPEvent) GetDateHourKey ¶
func (e HTTPEvent) GetDateHourKey() storage.DateHourKey
func (*HTTPEvent) UpdateFields ¶
func (*HTTPEvent) UpdateGeoIP ¶
type StatsEvent ¶
type StatsEvent struct { Timestamp string `json:"timestamp"` EventTime int64 `parquet:"name=event_time, type=INT64, convertedtype=TIMESTAMP_MILLIS"` EventType string `json:"event_type"` Stats struct { Uptime int64 `json:"uptime" parquet:"name=uptime, type=INT64"` Capture struct { KernelPackets int64 `json:"kernel_packets" parquet:"name=kernel_packets, type=INT64"` KernelDrops int64 `json:"kernel_drops" parquet:"name=kernel_drops, type=INT64"` Errors int64 `json:"errors" parquet:"name=errors, type=INT64"` } `json:"capture" parquet:"name=capture"` Decoder struct { Pkts int64 `json:"pkts" parquet:"name=pkts, type=INT64"` Bytes int64 `json:"bytes" parquet:"name=bytes, type=INT64"` Invalid int64 `json:"invalid" parquet:"name=invalid, type=INT64"` IPv4 int64 `json:"ipv4" parquet:"name=ipv4, type=INT64"` IPv6 int64 `json:"ipv6" parquet:"name=ipv6, type=INT64"` Ethernet int64 `json:"ethernet" parquet:"name=ethernet, type=INT64"` Chdlc int64 `json:"chdlc" parquet:"name=chdlc, type=INT64"` Raw int64 `json:"raw" parquet:"name=raw, type=INT64"` Null int64 `json:"null" parquet:"name=null, type=INT64"` SLL int64 `json:"sll" parquet:"name=sll, type=INT64"` TCP int64 `json:"tcp" parquet:"name=tcp, type=INT64"` UDP int64 `json:"udp" parquet:"name=udp, type=INT64"` SCTP int64 `json:"sctp" parquet:"name=sctp, type=INT64"` ICMPv4 int64 `json:"icmpv4" parquet:"name=icmpv4, type=INT64"` ICMPv6 int64 `json:"icmpv6" parquet:"name=icmpv6, type=INT64"` PPP int64 `json:"ppp" parquet:"name=ppp, type=INT64"` PPPoE int64 `json:"pppoe" parquet:"name=pppoe, type=INT64"` Geneve int64 `json:"geneve" parquet:"name=geneve, type=INT64"` GRE int64 `json:"gre" parquet:"name=gre, type=INT64"` VLAN int64 `json:"vlan" parquet:"name=vlan, type=INT64"` VLANQinQ int64 `json:"vlan_qinq" parquet:"name=vlan_qinq, type=INT64"` VXLAN int64 `json:"vxlan" parquet:"name=vxlan, type=INT64"` VNTAG int64 `json:"vntag" parquet:"name=vntag, type=INT64"` IEEE8021ah int64 `json:"ieee8021ah" parquet:"name=ieee8021ah, type=INT64"` Teredo int64 `json:"teredo" parquet:"name=teredo, type=INT64"` IPv4InIPv6 int64 `json:"ipv4_in_ipv6" parquet:"name=ipv4_in_ipv6, type=INT64"` IPv6InIPv6 int64 `json:"ipv6_in_ipv6" parquet:"name=ipv6_in_ipv6, type=INT64"` MPLS int64 `json:"mpls" parquet:"name=mpls, type=INT64"` AvgPacketSize int64 `json:"avg_packet_size" parquet:"name=avg_packet_size, type=INT64"` MaxPacketSize int64 `json:"max_packet_size" parquet:"name=max_packet_size, type=INT64"` MaxMacAddrsSrc int64 `json:"max_mac_addrs_src" parquet:"name=max_mac_addrs_src, type=INT64"` MaxMacAddrsDst int64 `json:"max_mac_addrs_dst" parquet:"name=max_mac_addrs_dst, type=INT64"` ERSpan int64 `json:"erspan" parquet:"name=erspan, type=INT64"` } `json:"decoder" parquet:"name=decoder"` Flow struct { Memcap int64 `json:"memcap" parquet:"name=memcap, type=INT64"` TCP int64 `json:"tcp" parquet:"name=tcp, type=INT64"` UDP int64 `json:"udp" parquet:"name=udp, type=INT64"` ICMPv4 int64 `json:"icmpv4" parquet:"name=icmpv4, type=INT64"` ICMPv6 int64 `json:"icmpv6" parquet:"name=icmpv6, type=INT64"` TCPReuse int64 `json:"tcp_reuse" parquet:"name=tcp_reuse, type=INT64"` GetUsed int64 `json:"get_used" parquet:"name=get_used, type=INT64"` GetUsedEval int64 `json:"get_used_eval" parquet:"name=get_used_eval, type=INT64"` GetUsedEvalReject int64 `json:"get_used_eval_reject" parquet:"name=get_used_eval_reject, type=INT64"` GetUsedEvalBusy int64 `json:"get_used_eval_busy" parquet:"name=get_used_eval_busy, type=INT64"` GetUsedFailed int64 `json:"get_used_failed" parquet:"name=get_used_failed, type=INT64"` } `json:"flow" parquet:"name=flow"` TCP struct { Sessions int64 `json:"sessions" parquet:"name=sessions, type=INT64"` SSNMemcapDrop int64 `json:"ssn_memcap_drop" parquet:"name=ssn_memcap_drop, type=INT64"` Pseudo int64 `json:"pseudo" parquet:"name=pseudo, type=INT64"` PseudoFailed int64 `json:"pseudo_failed" parquet:"name=pseudo_failed, type=INT64"` InvalidChecksum int64 `json:"invalid_checksum" parquet:"name=invalid_checksum, type=INT64"` NoFlow int64 `json:"no_flow" parquet:"name=no_flow, type=INT64"` Syn int64 `json:"syn" parquet:"name=syn, type=INT64"` Synack int64 `json:"synack" parquet:"name=synack, type=INT64"` Rst int64 `json:"rst" parquet:"name=rst, type=INT64"` } `json:"tcp" parquet:"name=tcp"` } `json:"stats" parquet:"name=stats"` }
func (StatsEvent) GetDateHourKey ¶
func (e StatsEvent) GetDateHourKey() storage.DateHourKey
func (*StatsEvent) UpdateFields ¶
func (e *StatsEvent) UpdateFields() error
type TLSEvent ¶
type TLSEvent struct { Timestamp string `json:"timestamp"` EventTime int64 `parquet:"name=event_time, type=INT64, convertedtype=TIMESTAMP_MILLIS"` EventType string `json:"event_type"` SrcIP string `json:"src_ip" parquet:"name=src_ip, type=BYTE_ARRAY, convertedtype=UTF8"` DestIP string `json:"dest_ip" parquet:"name=dest_ip, type=BYTE_ARRAY, convertedtype=UTF8"` SrcPort int `json:"src_port" parquet:"name=src_port, type=INT32"` DestPort int `json:"dest_port" parquet:"name=dest_port, type=INT32"` Proto string `json:"proto" parquet:"name=proto, type=BYTE_ARRAY, convertedtype=UTF8"` AppProto string `json:"app_proto" parquet:"name=app_proto, type=BYTE_ARRAY, convertedtype=UTF8"` FlowID int64 `json:"flow_id" parquet:"name=flow_id, type=INT64"` InIface string `json:"in_iface" parquet:"name=in_iface, type=BYTE_ARRAY, convertedtype=UTF8"` Vlan int `json:"vlan" parquet:"name=vlan, type=INT32"` TxID int `json:"tx_id" parquet:"name=tx_id, type=INT32"` Traffic *struct { ID []string `json:"id" parquet:"name=id, type=MAP, convertedtype=LIST, valuetype=BYTE_ARRAY, valueconvertedtype=UTF8"` Label []string `json:"label" parquet:"name=label, type=MAP, convertedtype=LIST, valuetype=BYTE_ARRAY, valueconvertedtype=UTF8"` } `json:"traffic" parquet:"name=traffic"` TLS struct { Subject string `json:"subject" parquet:"name=subject, type=BYTE_ARRAY, convertedtype=UTF8"` IssuerDN string `json:"issuerdn" parquet:"name=issuerdn, type=BYTE_ARRAY, convertedtype=UTF8"` Serial string `json:"serial" parquet:"name=serial, type=BYTE_ARRAY, convertedtype=UTF8"` Fingerprint string `json:"fingerprint" parquet:"name=fingerprint, type=BYTE_ARRAY, convertedtype=UTF8"` SNI string `json:"sni" parquet:"name=sni, type=BYTE_ARRAY, convertedtype=UTF8"` Version string `json:"version" parquet:"name=version, type=BYTE_ARRAY, convertedtype=UTF8"` NotBefore string `json:"notbefore" parquet:"name=notbefore, type=BYTE_ARRAY, convertedtype=UTF8"` NotAfter string `json:"notafter" parquet:"name=notafter, type=BYTE_ARRAY, convertedtype=UTF8"` JA3 struct { Hash string `json:"hash" parquet:"name=hash, type=BYTE_ARRAY, convertedtype=UTF8"` String string `json:"string" parquet:"name=string, type=BYTE_ARRAY, convertedtype=UTF8"` } `json:"ja3" parquet:"name=ja3"` JA3S struct { Hash string `json:"hash" parquet:"name=hash, type=BYTE_ARRAY, convertedtype=UTF8"` String string `json:"string" parquet:"name=string, type=BYTE_ARRAY, convertedtype=UTF8"` } `json:"ja3s" parquet:"name=ja3s"` } `json:"tls" parquet:"name=tls"` GeoIPData struct { Source GeoIPData `json:"source" parquet:"name=source"` Dest GeoIPData `json:"dest" parquet:"name=dest"` } `json:"geoip_data" parquet:"name=geoip_data"` }
func (TLSEvent) GetDateHourKey ¶
func (e TLSEvent) GetDateHourKey() storage.DateHourKey
func (*TLSEvent) UpdateFields ¶
func (*TLSEvent) UpdateGeoIP ¶
Click to show internal directories.
Click to hide internal directories.