Documentation
¶
Index ¶
- func BoundedScoreFormula(score, max int) float64
- type ReducedStats
- type Reducer
- func (r *Reducer) BoundedScore(identifier string) float64
- func (r *Reducer) CountUniqSigs() int
- func (r *Reducer) Delete(identifier string)
- func (r *Reducer) Lock()
- func (r *Reducer) MaxScore() (max int)
- func (r *Reducer) Print()
- func (r *Reducer) RLock()
- func (r *Reducer) RUnlock()
- func (r *Reducer) ReduceCopy(identifier string) (crs *ReducedStats)
- func (r *Reducer) Reset(identifier string)
- func (r *Reducer) Score(identifier string) int
- func (r *Reducer) Unlock()
- func (r *Reducer) Update(t time.Time, identifier string, matches []string)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func BoundedScoreFormula ¶
Types ¶
type ReducedStats ¶
type ReducedStats struct {
Identifier string `json:"identifier"`
CntAlerts int `json:"alert-count"`
CntBySig map[string]int `json:"count-by-signature"`
UniqSigs []string `json:"signatures"`
Techniques []string `json:"techniques"`
Tactics []string `json:"tactics"`
TotalSigs int `json:"signature-count"`
SumAlertCrit int `json:"sum-alert-criticality"`
AvgAlertCrit float64 `json:"avg-alert-criticality"`
StdDevAlertCrit float64 `json:"std-dev-alert-criticality"`
SumRuleCrit int `json:"sum-rule-criticality"`
AvgSigCrit float64 `json:"avg-signature-criticality"`
StdDevSigCrit float64 `json:"std-dev-signature-criticality"`
SigDiv float64 `json:"signature-diversity"`
CntUniqSigs int `json:"count-uniq-signatures"`
// signature criticality metric, the higher it is the more attention should be given to the report
CntUniqByAvgCritBySig int `json:"signature-criticality-metric"`
// alert criticality metric, the higher it is the more attention should be given to the report
AvgAlertCritBySigDiv int `json:"alert-criticality-metric"`
// aggregated metric used to sort statistic reports between them. Higher the score higher the priority
Score int `json:"score"`
BoundedScore float64 `json:"bounded-score"`
StartTime time.Time `json:"start-time"`
MedianTime time.Time `json:"median-time"`
StopTime time.Time `json:"stop-time"`
// contains filtered or unexported fields
}
ReducedStats structrure definition
func NewReducedStats ¶
func NewReducedStats(e *engine.Engine, identifier string) *ReducedStats
NewReducedStats structure
func (*ReducedStats) ComputeScore ¶
func (rs *ReducedStats) ComputeScore(cntSigs int) int
func (*ReducedStats) Copy ¶
func (rs *ReducedStats) Copy() *ReducedStats
Copy returns a new copy of structure
func (*ReducedStats) Finalize ¶
func (rs *ReducedStats) Finalize(cntSigs, maxScore int)
Finalize the computation of the statistics
func (*ReducedStats) String ¶
func (rs *ReducedStats) String() string
type Reducer ¶
type Reducer struct {
// contains filtered or unexported fields
}
Reducer structure to store statistics about several machines
func NewReducer ¶
NewReducer creates a new Reducer structure
func (*Reducer) BoundedScore ¶
BoundedScore returns a bounded score in [0; 100] computed relatively to the maximum score found in the reducer
func (*Reducer) CountUniqSigs ¶
CountUniqSigs counts all the uniq signatures seen in the reduced stats
func (*Reducer) Print ¶
func (r *Reducer) Print()
Print prints out all the informations stored in the Reducer
func (*Reducer) ReduceCopy ¶
func (r *Reducer) ReduceCopy(identifier string) (crs *ReducedStats)
ReduceCopy reduces alerts of a single computer and returns a copy of ReducedStats
Source Files
Click to show internal directories.
Click to hide internal directories.