Documentation
¶
Index ¶
- Constants
- func IsScalar(value interface{}) bool
- type AlertsStatus
- type Analyzer
- type Artifact
- type ArtifactStream
- type Auditable
- type BaseSegment
- func (segment *BaseSegment) AddField(field string) error
- func (segment *BaseSegment) Clear()
- func (segment *BaseSegment) Fields() []string
- func (segment *BaseSegment) RawFields() []string
- func (segment *BaseSegment) RemoveTermsWith(raw string) int
- func (segment *BaseSegment) Terms() []*QueryTerm
- func (segment *BaseSegment) TermsAsString() string
- type Case
- type Comment
- type EventAckCriteria
- type EventIndexResults
- type EventMetric
- type EventRecord
- type EventResults
- type EventSearchCriteria
- type EventSearchResults
- type EventUpdateCriteria
- type EventUpdateResults
- type Filter
- type GridStatus
- type GroupBySegment
- type Info
- type Job
- type JobResult
- type Node
- type Packet
- type Query
- func (query *Query) AddSegment(segment QuerySegment)
- func (query *Query) Filter(field string, value string, scalar bool, mode string, condense bool) (string, error)
- func (query *Query) Group(segmentIdx int, field string) (string, error)
- func (query *Query) NamedSegment(name string) QuerySegment
- func (query *Query) NamedSegments(name string) []QuerySegment
- func (query *Query) Parse(str string) error
- func (query *Query) RemoveSegment(name string) QuerySegment
- func (query *Query) Sort(field string) (string, error)
- func (query *Query) String() string
- type QuerySegment
- type QueryTerm
- type RelatedEvent
- type SearchSegment
- type SortBySegment
- type SortCriteria
- type Status
- type Unauthorized
- type User
Constants ¶
View Source
const CASE_STATUS_NEW = "new"
View Source
const DEFAULT_JOB_KIND = "pcap"
View Source
const FILTER_DRILLDOWN = "DRILLDOWN"
View Source
const FILTER_EXACT = "EXACT"
View Source
const FILTER_EXCLUDE = "EXCLUDE"
View Source
const FILTER_INCLUDE = "INCLUDE"
View Source
const JobStatusCompleted = 1
View Source
const JobStatusDeleted = 3
View Source
const JobStatusIncomplete = 2
View Source
const JobStatusPending = 0
View Source
const NodeStatusFault = "fault"
View Source
const NodeStatusOk = "ok"
View Source
const NodeStatusUnknown = "unknown"
View Source
const SegmentKind_GroupBy = "groupby"
View Source
const SegmentKind_Search = "search"
View Source
const SegmentKind_SortBy = "sortby"
Variables ¶
This section is empty.
Functions ¶
Types ¶
type AlertsStatus ¶
type AlertsStatus struct {
NewCount int `json:"newCount"`
}
type Analyzer ¶
func NewAnalyzer ¶
func (*Analyzer) GetRequirementsPath ¶
func (*Analyzer) GetSitePackagesPath ¶
func (*Analyzer) GetSourcePackagesPath ¶
type Artifact ¶
type Artifact struct {
Auditable
CaseId string `json:"caseId"`
GroupType string `json:"groupType"`
GroupId string `json:"groupId"`
ArtifactType string `json:"artifactType"`
Value string `json:"value"`
MimeType string `json:"mimeType"`
StreamLen int `json:"streamLength"`
StreamId string `json:"streamId"`
Tlp string `json:"tlp"`
Tags []string `json:"tags"`
Description string `json:"description"`
Ioc bool `json:"ioc"`
Md5 string `json:"md5"`
Sha1 string `json:"sha1"`
Sha256 string `json:"sha256"`
}
func NewArtifact ¶
func NewArtifact() *Artifact
type ArtifactStream ¶
func NewArtifactStream ¶
func NewArtifactStream() *ArtifactStream
func (*ArtifactStream) Read ¶
func (stream *ArtifactStream) Read() io.Reader
type BaseSegment ¶
type BaseSegment struct {
// contains filtered or unexported fields
}
func (*BaseSegment) AddField ¶
func (segment *BaseSegment) AddField(field string) error
func (*BaseSegment) Clear ¶
func (segment *BaseSegment) Clear()
func (*BaseSegment) Fields ¶
func (segment *BaseSegment) Fields() []string
func (*BaseSegment) RawFields ¶
func (segment *BaseSegment) RawFields() []string
func (*BaseSegment) RemoveTermsWith ¶
func (segment *BaseSegment) RemoveTermsWith(raw string) int
func (*BaseSegment) Terms ¶
func (segment *BaseSegment) Terms() []*QueryTerm
func (*BaseSegment) TermsAsString ¶
func (segment *BaseSegment) TermsAsString() string
type Case ¶
type Case struct {
Auditable
StartTime *time.Time `json:"startTime"`
CompleteTime *time.Time `json:"completeTime"`
Title string `json:"title"`
Description string `json:"description"`
Priority int `json:"priority"`
Severity string `json:"severity"`
Status string `json:"status"`
Template string `json:"template"`
Tlp string `json:"tlp"`
Pap string `json:"pap"`
Category string `json:"category"`
AssigneeId string `json:"assigneeId"`
Tags []string `json:"tags"`
}
func (*Case) ProcessWorkflowForStatus ¶
type Comment ¶
type Comment struct {
Auditable
CaseId string `json:"caseId"`
Description string `json:"description"`
}
func NewComment ¶
func NewComment() *Comment
type EventAckCriteria ¶
type EventAckCriteria struct {
SearchFilter string `json:"searchFilter"`
EventFilter map[string]interface{} `json:"eventFilter"`
DateRange string `json:"dateRange"`
DateRangeFormat string `json:"dateRangeFormat"`
Timezone string `json:"timezone"`
Escalate bool `json:"escalate"`
Acknowledge bool `json:"acknowledge"`
}
func NewEventAckCriteria ¶
func NewEventAckCriteria() *EventAckCriteria
type EventIndexResults ¶
func NewEventIndexResults ¶
func NewEventIndexResults() *EventIndexResults
type EventMetric ¶
type EventMetric struct {
Keys []interface{} `json:"keys"`
Value int `json:"value"`
}
type EventRecord ¶
type EventResults ¶
type EventResults struct {
CreateTime time.Time `json:"createTime"`
CompleteTime time.Time `json:"completeTime"`
ElapsedMs int `json:"elapsedMs"`
Errors []string `json:"errors"`
}
func (*EventResults) Complete ¶
func (results *EventResults) Complete()
type EventSearchCriteria ¶
type EventSearchCriteria struct {
RawQuery string `json:"query"`
DateRange string `json:"dateRange"`
MetricLimit int `json:"metricLimit"`
EventLimit int `json:"eventLimit"`
BeginTime time.Time
EndTime time.Time
CreateTime time.Time
ParsedQuery *Query
SortFields []*SortCriteria
}
func NewEventSearchCriteria ¶
func NewEventSearchCriteria() *EventSearchCriteria
type EventSearchResults ¶
type EventSearchResults struct {
EventResults
Criteria *EventSearchCriteria `json:"criteria"`
TotalEvents int `json:"totalEvents"`
Events []*EventRecord `json:"events"`
Metrics map[string]([]*EventMetric) `json:"metrics"`
}
func NewEventSearchResults ¶
func NewEventSearchResults() *EventSearchResults
type EventUpdateCriteria ¶
type EventUpdateCriteria struct {
EventSearchCriteria
UpdateScripts []string `json:"updateScripts"`
Asynchronous bool `json:"async"`
}
func NewEventUpdateCriteria ¶
func NewEventUpdateCriteria() *EventUpdateCriteria
func (*EventUpdateCriteria) AddUpdateScript ¶
func (criteria *EventUpdateCriteria) AddUpdateScript(script string)
type EventUpdateResults ¶
type EventUpdateResults struct {
EventResults
Criteria *EventUpdateCriteria `json:"criteria"`
UpdatedCount int `json:"updatedCount"`
UnchangedCount int `json:"unchangedCount"`
}
func NewEventUpdateResults ¶
func NewEventUpdateResults() *EventUpdateResults
func (*EventUpdateResults) AddEventUpdateResults ¶
func (results *EventUpdateResults) AddEventUpdateResults(newResults *EventUpdateResults)
type Filter ¶
type GridStatus ¶
type GroupBySegment ¶
type GroupBySegment struct {
*BaseSegment
}
func NewGroupBySegment ¶
func NewGroupBySegment(terms []*QueryTerm) (*GroupBySegment, error)
func NewGroupBySegmentEmpty ¶
func NewGroupBySegmentEmpty() *GroupBySegment
func (*GroupBySegment) Kind ¶
func (segment *GroupBySegment) Kind() string
func (*GroupBySegment) String ¶
func (segment *GroupBySegment) String() string
type Job ¶
type Job struct {
Id int `json:"id"`
CreateTime time.Time `json:"createTime"`
Status int `json:"status"`
CompleteTime time.Time `json:"completeTime"`
FailTime time.Time `json:"failTime"`
Failure string `json:"failure"`
FailCount int `json:"failCount"`
Owner string `json:"owner"`
NodeId string `json:"nodeId"`
LegacySensorId string `json:"sensorId"`
FileExtension string `json:"fileExtension"`
Filter *Filter `json:"filter"`
UserId string `json:"userId"`
Kind string `json:"kind"`
Results []*JobResult `json:"results"`
}
func (*Job) CanProcess ¶
type JobResult ¶
type JobResult struct {
Id string `json:"id"`
Data interface{} `json:"data"`
Summary string `json:"summary"`
}
func NewJobResult ¶
type Node ¶
type Node struct {
Id string `json:"id"`
OnlineTime time.Time `json:"onlineTime"`
UpdateTime time.Time `json:"updateTime"`
EpochTime time.Time `json:"epochTime"`
UptimeSeconds int `json:"uptimeSeconds"`
Description string `json:"description"`
Address string `json:"address"`
Role string `json:"role"`
Model string `json:"model"`
ImageFront string `json:"imageFront"`
ImageBack string `json:"imageBack"`
Status string `json:"status"`
Version string `json:"version"`
ConnectionStatus string `json:"connectionStatus"`
RaidStatus string `json:"raidStatus"`
ProcessStatus string `json:"processStatus"`
ProductionEps int `json:"productionEps"`
ConsumptionEps int `json:"consumptionEps"`
FailedEvents int `json:"failedEvents"`
MetricsEnabled bool `json:"metricsEnabled"`
}
func (*Node) UpdateOverallStatus ¶
type Packet ¶
type Packet struct {
Number int `json:"number"`
Type string `json:"type"`
SrcMac string `json:"srcMac"`
DstMac string `json:"dstMac"`
SrcIp string `json:"srcIp"`
SrcPort int `json:"srcPort"`
DstIp string `json:"dstIp"`
DstPort int `json:"dstPort"`
Length int `json:"length"`
Timestamp time.Time `json:"timestamp"`
Sequence int `json:"sequence"`
Acknowledge int `json:"acknowledge"`
Window int `json:"window"`
Checksum int `json:"checksum"`
Flags []string `json:"flags"`
Payload string `json:"payload"`
PayloadOffset int `json:"payloadOffset"`
}
type Query ¶
type Query struct {
Segments []QuerySegment
}
func (*Query) AddSegment ¶
func (query *Query) AddSegment(segment QuerySegment)
func (*Query) NamedSegment ¶
func (query *Query) NamedSegment(name string) QuerySegment
func (*Query) NamedSegments ¶
func (query *Query) NamedSegments(name string) []QuerySegment
func (*Query) RemoveSegment ¶
func (query *Query) RemoveSegment(name string) QuerySegment
type QuerySegment ¶
func NewSegment ¶
func NewSegment(kind string, terms []*QueryTerm) (QuerySegment, error)
type QueryTerm ¶
func NewQueryTerm ¶
type RelatedEvent ¶
type RelatedEvent struct {
Auditable
CaseId string `json:"caseId"`
Fields map[string]interface{} `json:"fields"`
}
func NewRelatedEvent ¶
func NewRelatedEvent() *RelatedEvent
type SearchSegment ¶
type SearchSegment struct {
*BaseSegment
}
func NewSearchSegment ¶
func NewSearchSegment(terms []*QueryTerm) (*SearchSegment, error)
func NewSearchSegmentEmpty ¶
func NewSearchSegmentEmpty() *SearchSegment
func (*SearchSegment) Kind ¶
func (segment *SearchSegment) Kind() string
func (*SearchSegment) String ¶
func (segment *SearchSegment) String() string
type SortBySegment ¶
type SortBySegment struct {
*BaseSegment
}
func NewSortBySegment ¶
func NewSortBySegment(terms []*QueryTerm) (*SortBySegment, error)
func NewSortBySegmentEmpty ¶
func NewSortBySegmentEmpty() *SortBySegment
func (*SortBySegment) Kind ¶
func (segment *SortBySegment) Kind() string
func (*SortBySegment) String ¶
func (segment *SortBySegment) String() string
type SortCriteria ¶
type Status ¶
type Status struct {
Grid *GridStatus `json:"grid"`
Alerts *AlertsStatus `json:"alerts"`
}
type Unauthorized ¶
type Unauthorized struct {
}
func NewUnauthorized ¶
func NewUnauthorized(subject string, operation string, target string) *Unauthorized
func (*Unauthorized) Error ¶
func (err *Unauthorized) Error() string
type User ¶
type User struct {
Id string `json:"id"`
CreateTime time.Time `json:"createTime"`
UpdateTime time.Time `json:"updateTime"`
Email string `json:"email"`
FirstName string `json:"firstName"`
LastName string `json:"lastName"`
MfaStatus string `json:"mfaStatus"`
Note string `json:"note"`
Roles []string `json:"roles"`
Status string `json:"status"`
SearchUsername string `json:"searchUsername"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.