Versions in this module Expand all Collapse all v1 v1.8.0-beta.8 Aug 8, 2022 v1.8.0-beta.7 Jul 27, 2022 v1.8.0-beta.6 Dec 10, 2021 v1.8.0-beta.5 Dec 7, 2021 v1.8.0-beta.4 Nov 18, 2021 v1.8.0-beta.3 Sep 21, 2021 v1.8.0-beta.2 Aug 24, 2021 v1.8.0-beta.1 Jul 28, 2021 v1.8.0-beta Jun 22, 2021 v1.7.0 Feb 25, 2021 Changes in this version + const AdmAPIDefaultPort + const AdmAPIEndpointAlertsPath + const AdmAPIEndpointCommandFieldPath + const AdmAPIEndpointCommandPath + const AdmAPIEndpointLogsPath + const AdmAPIEndpointReportPath + const AdmAPIEndpointsByIDPath + const AdmAPIEndpointsPath + const AdmAPIEndpointsReportsPath + const AdmAPIRulesPath + const AdmAPIRulesReloadPath + const AdmAPIRulesSavePath + const AdmAPIStatsPath + const ContainRuleName + const DefaultDirPerm + const DefaultKeySize + const DefaultLogPerm + const DefaultLogfileSize + const DefaultManagerLogSize + const DefaultMaxUploadSize + const DiskSpaceThreshold + const EptAPICommandPath + const EptAPIContainerListPath + const EptAPIContainerPath + const EptAPIContainerSha256Path + const EptAPIDefaultPort + const EptAPIPostDumpPath + const EptAPIPostLogsPath + const EptAPIRulesPath + const EptAPIRulesSha256Path + const EptAPIServerKeyPath + const Mega + const MinRotationInterval + const UserAgent + var ErrUnkEndpoint = fmt.Errorf("Unknown endpoint") + var Hostname string + func ContainAlias(ip net.IP) *exec.Cmd + func IPFromRequest(req *http.Request) (net.IP, error) + func KeyGen(size int) string + func Sha256StringArray(array []string) string + func UUIDGen() uuid.UUID + func UncontainAlias() *exec.Cmd + type AdminAPIConfig struct + Host string + Port int + Users []AdminUser + type AdminAPIResponse struct + Data interface{} + Error string + Message string + func NewAdminAPIRespError(err error) *AdminAPIResponse + func NewAdminAPIRespErrorString(err string) *AdminAPIResponse + func NewAdminAPIResponse(data interface{}) *AdminAPIResponse + func (r *AdminAPIResponse) ToJSON() []byte + func (r *AdminAPIResponse) UnmarshalData(i interface{}) error + type AdminUser struct + Identifier string + Key string + type AliasEnv struct + ManagerIP net.IP + type ClientConfig struct + Host string + Key string + MaxUploadSize int64 + Port int + Proto string + ServerFingerprint string + ServerKey string + UUID string + Unsafe bool + func (cc *ClientConfig) ManagerIP() net.IP + func (cc *ClientConfig) Transport() http.RoundTripper + type Command struct + Args []string + Background bool + Completed bool + Drop []*EndpointFile + Error string + Fetch map[string]*EndpointFile + Name string + Sent bool + SentTime time.Time + Stderr []byte + Stdout []byte + Timeout time.Duration + UUID string + func NewCommand() *Command + func NewCommandWithEnv(env *AliasEnv) *Command + func (c *Command) AddDropFile(filename, filepath string) error + func (c *Command) AddDropFileFromPath(path string) error + func (c *Command) AddFetchFile(filepath string) + func (c *Command) BuildCmd() (*exec.Cmd, error) + func (c *Command) Complete(other *Command) error + func (c *Command) Run() (err error) + func (c *Command) SetCommandLine(cl string) error + func (c *Command) Strip() + func (c Command) String() string + type CommandAPI struct + CommandLine string + DropFiles []string + FetchFiles []string + Timeout time.Duration + func (c *CommandAPI) ToCommand() (*Command, error) + type Endpoint struct + Command *Command + Hostname string + IP string + Key string + LastConnection time.Time + UUID string + func NewEndpoint(uuid, key string) *Endpoint + func (e *Endpoint) Copy() *Endpoint + func (e *Endpoint) UpdateLastConnection() + type EndpointAPIConfig struct + Endpoints []EndpointConfig + Host string + Port int + ServerKey string + func (ec *EndpointAPIConfig) DelEndpoint(uuid string) + type EndpointConfig struct + Key string + UUID string + type EndpointFile struct + Data []byte + Error string + Name string + UUID string + type Endpoints struct + func NewEndpoints() Endpoints + func (es *Endpoints) Add(e *Endpoint) + func (es *Endpoints) DelByUUID(uuid string) + func (es *Endpoints) Endpoints() []*Endpoint + func (es *Endpoints) GetByUUID(uuid string) (*Endpoint, bool) + func (es *Endpoints) GetMutByUUID(uuid string) (*Endpoint, bool) + func (es *Endpoints) Len() int + func (es *Endpoints) MutEndpoints() []*Endpoint + type FileUpload struct + Content []byte + EventHash string + GUID string + Name string + func (f *FileUpload) Dump(dir string) (err error) + func (f *FileUpload) Implode() string + func (f *FileUpload) Validate() error + type Forwarder struct + Client *ManagerClient + EventTresh uint64 + EventsPiped uint64 + Local bool + Pipe *bytes.Buffer + TimeTresh time.Duration + func NewForwarder(c *ForwarderConfig) (*Forwarder, error) + func (f *Forwarder) ArchiveLogs() + func (f *Forwarder) CleanOlderQueued() error + func (f *Forwarder) Close() + func (f *Forwarder) Collect() + func (f *Forwarder) DiskSpaceQueue() int64 + func (f *Forwarder) HasQueuedEvents() bool + func (f *Forwarder) LogfilePath() string + func (f *Forwarder) PipeEvent(e *evtx.GoEvtxMap) + func (f *Forwarder) ProcessQueue() + func (f *Forwarder) Reset() + func (f *Forwarder) Run() + func (f *Forwarder) Save() (err error) + type ForwarderConfig struct + Client ClientConfig + Local bool + Logging LoggingConfig + type LoggingConfig struct + Dir string + RotationInterval time.Duration + type Manager struct + Config *ManagerConfig + func NewManager(c *ManagerConfig) (*Manager, error) + func (m *Manager) AddCommand(uuid string, c *Command) error + func (m *Manager) AddEndpoint(uuid, key string) + func (m *Manager) Collect(wt http.ResponseWriter, rq *http.Request) + func (m *Manager) Command(wt http.ResponseWriter, rq *http.Request) + func (m *Manager) Container(wt http.ResponseWriter, rq *http.Request) + func (m *Manager) ContainerList(wt http.ResponseWriter, rq *http.Request) + func (m *Manager) ContainerSha256(wt http.ResponseWriter, rq *http.Request) + func (m *Manager) GetCommand(uuid string) (*Command, error) + func (m *Manager) IsDone() bool + func (m *Manager) LoadContainers() + func (m *Manager) LoadGeneEngine() error + func (m *Manager) Rules(wt http.ResponseWriter, rq *http.Request) + func (m *Manager) RulesSha256(wt http.ResponseWriter, rq *http.Request) + func (m *Manager) Run() + func (m *Manager) ServerKey(wt http.ResponseWriter, rq *http.Request) + func (m *Manager) Shutdown() error + func (m *Manager) UpdateReducer(identifier string, e *evtx.GoEvtxMap) + func (m *Manager) UploadDump(wt http.ResponseWriter, rq *http.Request) + func (m *Manager) Wait() + type ManagerClient struct + func NewManagerClient(c *ClientConfig) (*ManagerClient, error) + func (m *ManagerClient) Close() + func (m *ManagerClient) ExecuteCommand() error + func (m *ManagerClient) GetContainer(name string) ([]string, error) + func (m *ManagerClient) GetContainerSha256(name string) (string, error) + func (m *ManagerClient) GetContainersList() ([]string, error) + func (m *ManagerClient) GetRules() (string, error) + func (m *ManagerClient) GetRulesSha256() (string, error) + func (m *ManagerClient) IsServerAuthEnforced() bool + func (m *ManagerClient) IsServerAuthenticated() (auth bool, up bool) + func (m *ManagerClient) IsServerUp() bool + func (m *ManagerClient) PostDump(f *FileUpload) error + func (m *ManagerClient) PostLogs(r io.Reader) error + func (m *ManagerClient) Prepare(method, url string, body io.Reader) (*http.Request, error) + func (m *ManagerClient) PrepareFileUpload(path, guid, evthash, filename string) (*FileUpload, error) + func (m *ManagerClient) PrepareGzip(method, url string, body io.Reader) (*http.Request, error) + type ManagerConfig struct + AdminAPI AdminAPIConfig + ContainersDir string + DumpDir string + EndpointAPI EndpointAPIConfig + Logging ManagerLogConfig + MISP MispConfig + RulesDir string + TLS TLSConfig + func LoadManagerConfig(path string) (*ManagerConfig, error) + func (mc *ManagerConfig) AddEndpointConfig(uuid, key string) + func (mc *ManagerConfig) Save() error + func (mc *ManagerConfig) SetPath(path string) + type ManagerLogConfig struct + EnEnptLogs bool + LogBasename string + Root string + VerboseHTTP bool + func (c *ManagerLogConfig) AlertPath(uuid string, date time.Time) string + func (c *ManagerLogConfig) LogPath(uuid string, date time.Time) string + type MispConfig struct + APIKey string + Host string + Proto string + type TLSConfig struct + Cert string + Key string + func (t *TLSConfig) Empty() bool + func (t *TLSConfig) Verify() error