The highest tagged major version is v2.

reducer

package

v1.6.14 Latest Latest Go to latest Published: Jul 6, 2021 License: GPL-3.0 Imports: 9 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/0xrawsec/gene

Links

Open Source Insights

Documentation ¶

Index ¶

type ReducedStats
- func NewReducedStats(e *engine.Engine, identifier string) *ReducedStats
type Reducer
- func NewReducer(e *engine.Engine) *Reducer

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type ReducedStats ¶

type ReducedStats struct {
	Identifier      string         `json:"identifier"`
	CntAlerts       int            `json:"alert-count"`
	CntBySig        map[string]int `json:"count-by-signature"`
	UniqSigs        []string       `json:"signatures"`
	Techniques      []string       `json:"techniques"`
	Tactics         []string       `json:"tactics"`
	TotalSigs       int            `json:"signature-count"`
	SumAlertCrit    int            `json:"sum-alert-criticality"`
	AvgAlertCrit    float64        `json:"avg-alert-criticality"`
	StdDevAlertCrit float64        `json:"std-dev-alert-criticality"`
	SumRuleCrit     int            `json:"sum-rule-criticality"`
	AvgSigCrit      float64        `json:"avg-signature-criticality"`
	StdDevSigCrit   float64        `json:"std-dev-signature-criticality"`
	SigDiv          float64        `json:"signature-diversity"`
	CntUniqSigs     int            `json:"count-uniq-signatures"`
	// signature criticality metric, the higher it is the more attention should be given to the report
	CntUniqByAvgCritBySig int `json:"signature-criticality-metric"`
	// alert criticality metric, the higher it is the more attention should be given to the report
	AvgAlertCritBySigDiv int `json:"alert-criticality-metric"`
	// aggregated metric used to sort statistic reports between them. Higher the score higher the priority
	Score      int       `json:"score"`
	StartTime  time.Time `json:"start-time"`
	MedianTime time.Time `json:"median-time"`
	StopTime   time.Time `json:"stop-time"`
	// contains filtered or unexported fields
}

ReducedStats structrure definition

func NewReducedStats ¶

func NewReducedStats(e *engine.Engine, identifier string) *ReducedStats

NewReducedStats structure

func (*ReducedStats) ComputeScore ¶ added in v1.6.14

func (rs *ReducedStats) ComputeScore(cntSigs int) int

func (*ReducedStats) Copy ¶ added in v1.6.5

func (rs *ReducedStats) Copy() *ReducedStats

Copy returns a new copy of structure

func (*ReducedStats) Finalize ¶

func (rs *ReducedStats) Finalize(cntSigs int)

Finalize the computation of the statistics

func (ReducedStats) String ¶

func (rs ReducedStats) String() string

func (*ReducedStats) Update ¶

func (rs *ReducedStats) Update(t time.Time, matches []string)

Update ReducedStats with data

type Reducer ¶

type Reducer struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

Reducer structure to store statistics about several machines

func NewReducer ¶

func NewReducer(e *engine.Engine) *Reducer

NewReducer creates a new Reducer structure

func (*Reducer) CountUniqSigs ¶ added in v1.5.0

func (r *Reducer) CountUniqSigs() int

CountUniqSigs counts all the uniq signatures seen in the reduced stats

func (*Reducer) Delete ¶ added in v1.6.8

func (r *Reducer) Delete(identifier string)

Delete deletes ReducedStats according to its identifier

func (*Reducer) Print ¶

func (r *Reducer) Print()

Print prints out all the informations stored in the Reducer

func (*Reducer) ReduceCopy ¶ added in v1.6.5

func (r *Reducer) ReduceCopy(identifier string) (crs *ReducedStats)

ReduceCopy reduces alerts of a single computer and returns a copy of ReducedStats

func (*Reducer) Reset ¶ added in v1.6.7

func (r *Reducer) Reset(identifier string)

Reset ReducedStats according to its identifier

func (*Reducer) Score ¶ added in v1.6.14

func (r *Reducer) Score(identifier string) int

Score is a simpler primitive to return only the score

func (*Reducer) Update ¶

func (r *Reducer) Update(t time.Time, identifier string, matches []string)

Update a ReducedStats stored in Reducer with data

Source Files ¶

View all Source files

reducer.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL