Documentation
¶
Index ¶
- func WriteEvents(ffsEvents interface{}, query config.FFSQuery) error
- func WriteInProgressQueries(query config.FFSQuery, inProgressQueries *[]InProgressQuery) error
- func WriteLastCompletedQuery(query config.FFSQuery, lastCompletedQuery InProgressQuery) error
- type Cloud
- type Device
- type ElasticFFSEvent
- type ElasticFileEvent
- type Event
- type FFSEvent
- type File
- type GeoPoint
- type Geoip
- type InProgressQuery
- type InProgressQueryString
- type Insertion
- type Process
- type RemovableMedia
- type SemiElasticFFSEvent
- type SemiElasticFileEvent
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func WriteEvents ¶
func WriteInProgressQueries ¶
func WriteInProgressQueries(query config.FFSQuery, inProgressQueries *[]InProgressQuery) error
func WriteLastCompletedQuery ¶
func WriteLastCompletedQuery(query config.FFSQuery, lastCompletedQuery InProgressQuery) error
Types ¶
type Cloud ¶ added in v0.1.6
type Cloud struct {
Actor string `json:"actor,omitempty"`
DirectoryId []string `json:"directory_id,omitempty"` //An array of something, I am not sure
Source string `json:"source,omitempty"`
Url string `json:"url,omitempty"`
SharingTypeAdded []string `json:"sharing_type_added,omitempty"`
CloudDriveId string `json:"drive_id,omitempty"`
DetectionSourceAlias string `json:"detection_source_alias,omitempty"`
FileId string `json:"file_id,omitempty"`
}
type Device ¶ added in v0.1.6
type Device struct {
DeviceUsername string `json:"username,omitempty"`
DeviceUid string `json:"uid,omitempty"`
UserUid string `json:"user_uid,omitempty"`
OsHostname string `json:"os_hostname,omitempty"`
DomainName string `json:"domain_name,omitempty"`
PublicIpAddress string `json:"public_ip_address,omitempty"`
PrivateIpAddresses []string `json:"private_ip_address,omitempty"` //Array of IP address strings
}
type ElasticFFSEvent ¶ added in v0.1.5
type ElasticFFSEvent struct {
FileEvent ElasticFileEvent `json:"file_event"`
Geoip *Geoip `json:"geoip,omitempty"`
}
type ElasticFileEvent ¶ added in v0.1.5
type ElasticFileEvent struct {
Event *Event `json:"event,omitempty"`
Insertion *Insertion `json:"insertion,omitempty"`
File *File `json:"file,omitempty"`
Device *Device `json:"device,omitempty"`
Cloud *Cloud `json:"cloud,omitempty"`
Exposure []string `json:"exposure,omitempty"`
Process *Process `json:"process,omitempty"`
RemovableMedia *RemovableMedia `json:"removable_media,omitempty"`
SyncDestination string `json:"sync_destination,omitempty"`
}
type FFSEvent ¶
type FFSEvent struct {
ffs.FileEvent
*ip_api.Location `json:",omitempty"`
*GeoPoint `json:"geoPoint,omitempty"`
}
type File ¶ added in v0.1.6
type File struct {
FilePath string `json:"path,omitempty"`
FileName string `json:"name,omitempty"`
FileType string `json:"type,omitempty"`
FileCategory string `json:"category,omitempty"`
FileSize *int `json:"size.bytes,omitempty"`
FileOwner []string `json:"owner,omitempty"` //Array of owners
Md5Checksum string `json:"md5_checksum,omitempty"`
Sha256Checksum string `json:"sha256_checksum,omitempty"`
CreatedTimestamp *time.Time `json:"created_timestamp,omitempty"`
ModifyTimestamp *time.Time `json:"modify_timestamp,omitempty"`
}
type Geoip ¶ added in v0.1.5
type Geoip struct {
Status string `json:"status,omitempty"`
Message string `json:"message,omitempty"`
Continent string `json:"continent,omitempty"`
ContinentCode string `json:"continent_code,omitempty"`
Country string `json:"country_name,omitempty"`
CountryCode string `json:"country_code2,omitempty"`
Region string `json:"region,omitempty"`
RegionName string `json:"region_name,omitempty"`
City string `json:"city_name,omitempty"`
District string `json:"district,omitempty"`
ZIP string `json:"postal_code,omitempty"`
Lat float32 `json:"latitude,omitempty"`
Lon float32 `json:"longitude,omitempty"`
Timezone string `json:"timezone,omitempty"`
Currency string `json:"currency,omitempty"`
ISP string `json:"isp,omitempty"`
Org string `json:"org,omitempty"`
AS string `json:"as,omitempty"`
ASName string `json:"as_name,omitempty"`
Reverse string `json:"reverse,omitempty"`
Mobile bool `json:"mobile,omitempty"`
Proxy bool `json:"proxy,omitempty"`
Query string `json:"ip,omitempty"`
GeoPoint *GeoPoint `json:"location,omitempty"`
}
type InProgressQuery ¶
In progress query struct
func ReadInProgressQueries ¶
func ReadInProgressQueries(query config.FFSQuery) ([]InProgressQuery, error)
func ReadLastCompletedQuery ¶
func ReadLastCompletedQuery(query config.FFSQuery) (InProgressQuery, error)
type InProgressQueryString ¶
In progress query struct using strings
type RemovableMedia ¶ added in v0.1.6
type RemovableMedia struct {
RemovableMediaVendor string `json:"vendor,omitempty"`
RemovableMediaName string `json:"name,omitempty"`
RemovableMediaSerialNumber string `json:"serial_number,omitempty"`
RemovableMediaCapacity *int `json:"capacity.bytes,omitempty"`
RemovableMediaBusType string `json:"bus_type,omitempty"`
RemovableMediaMediaName string `json:"media_name,omitempty"`
RemovableMediaVolumeName string `json:"volume_name,omitempty"`
RemovableMediaPartitionId string `json:"partition_id,omitempty"`
}
type SemiElasticFFSEvent ¶ added in v0.1.8
type SemiElasticFFSEvent struct {
FileEvent SemiElasticFileEvent `json:"file_event"`
Geoip *Geoip `json:"geoip,omitempty"`
}
type SemiElasticFileEvent ¶ added in v0.1.8
type SemiElasticFileEvent struct {
EventId string `json:"event_id"`
EventType string `json:"event_type"`
EventTimestamp *time.Time `json:"event_timestamp,omitempty"`
InsertionTimestamp *time.Time `json:"insertion_timestamp,omitempty"`
FilePath string `json:"file_path,omitempty"`
FileName string `json:"file_name"`
FileType string `json:"file_type,omitempty"`
FileCategory string `json:"file_category,omitempty"`
FileSize *int `json:"file_size"`
FileOwner []string `json:"file_owner,omitempty"` //Array of owners
Md5Checksum string `json:"md5_checksum,omitempty"`
Sha256Checksum string `json:"sha256_checksum,omitempty"`
CreatedTimestamp *time.Time `json:"created_timestamp,omitempty"`
ModifyTimestamp *time.Time `json:"modify_timestamp,omitempty"`
DeviceUsername string `json:"device_username,omitempty"`
DeviceUid string `json:"device_uid,omitempty"`
UserUid string `json:"user_uid,omitempty"`
OsHostname string `json:"os_hostname,omitempty"`
DomainName string `json:"domain_name,omitempty"`
PublicIpAddress string `json:"public_ip_address,omitempty"`
PrivateIpAddresses []string `json:"private_ip_addresses,omitempty"` //Array of IP address strings
Actor string `json:"actor,omitempty"`
DirectoryId []string `json:"directory_id,omitempty"` //An array of something, I am not sure
Source string `json:"source,omitempty"`
Url string `json:"url,omitempty"`
SharingTypeAdded []string `json:"sharing_type_added,omitempty"`
CloudDriveId string `json:"cloud_drive_id,omitempty"`
DetectionSourceAlias string `json:"detection_source_alias,omitempty"`
FileId string `json:"file_id,omitempty"`
Exposure []string `json:"exposure,omitempty"`
ProcessOwner string `json:"process_owner,omitempty"`
ProcessName string `json:"process_name,omitempty"`
RemovableMediaVendor string `json:"removable_media_vendor,omitempty"`
RemovableMediaName string `json:"removable_media_name,omitempty"`
RemovableMediaSerialNumber string `json:"removable_media_serial_number,omitempty"`
RemovableMediaCapacity *int `json:"removable_media_capacity,omitempty"`
RemovableMediaBusType string `json:"removable_media_bus_type,omitempty"`
RemovableMediaMediaName string `json:"removable_media_media_name,omitempty"`
RemovableMediaVolumeName string `json:"removable_media_volume_name,omitempty"`
RemovableMediaPartitionId string `json:"removable_media_partition_id,omitempty"`
SyncDestination string `json:"sync_destination,omitempty"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.