Documentation
¶
Index ¶
- func WriteEvents(ffsEvents interface{}, query config.FFSQuery) error
- func WriteInProgressQueries(query config.FFSQuery, inProgressQueries []InProgressQuery) error
- func WriteLastCompletedQuery(query config.FFSQuery, lastCompletedQuery InProgressQuery) error
- type AS
- type Client
- type ElasticFileEvent
- type EmailDlp
- type Event
- type FFSEvent
- type File
- type Geo
- type Hash
- type Host
- type InProgressQuery
- type InProgressQueryString
- type Location
- type Nat
- type Organization
- type Printer
- type Printing
- type Process
- type RemovableMedia
- type SemiElasticFFSEvent
- type SemiElasticFileEvent
- type Tab
- type URL
- type User
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func WriteEvents ¶
func WriteInProgressQueries ¶
func WriteInProgressQueries(query config.FFSQuery, inProgressQueries []InProgressQuery) error
func WriteLastCompletedQuery ¶
func WriteLastCompletedQuery(query config.FFSQuery, lastCompletedQuery InProgressQuery) error
Types ¶
type AS ¶ added in v0.2.3
type AS struct {
Organization *Organization `json:"organization,omitempty"`
}
type ElasticFileEvent ¶ added in v0.1.5
type ElasticFileEvent struct {
Event *Event `json:"event,omitempty"`
Timestamp *time.Time `json:"@timestamp,omitempty"`
File *File `json:"file,omitempty"`
User *User `json:"user,omitempty"`
Host *Host `json:"host,omitempty"`
Client *Client `json:"client,omitempty"`
Process *Process `json:"process,omitempty"`
Tab *Tab `json:"tab,omitempty"`
RemovableMedia *RemovableMedia `json:"removable_media,omitempty"`
EmailDlp *EmailDlp `json:"email_dlp,omitempty"`
Printing *Printing `json:"printing,omitempty"`
}
type Event ¶ added in v0.1.6
type Event struct {
Id string `json:"id,omitempty"`
Type string `json:"type,omitempty"`
Ingested *time.Time `json:"ingested,omitempty"`
Created *time.Time `json:"created,omitempty"`
Module string `json:"module,omitempty"`
Dataset []string `json:"dataset,omitempty"`
OutsideActiveHours *bool `json:"outside_active_hours,omitempty"`
}
type FFSEvent ¶
type FFSEvent struct {
ffs.FileEvent
*ip_api.Location `json:",omitempty"`
GeoLocation *Location `json:"geoPoint,omitempty"`
}
type File ¶ added in v0.1.6
type File struct {
Path string `json:"path,omitempty"`
Name string `json:"name,omitempty"`
Type string `json:"type,omitempty"`
Category string `json:"category,omitempty"`
IdentifiedExtensionCategory string `json:"identified_extension_category,omitempty"`
CurrentExtensionCategory string `json:"current_extension_category,omitempty"`
Extension []string `json:"extension,omitempty"` //Array of extensions
Size *int `json:"size,omitempty"`
Owner []string `json:"owner,omitempty"` //Array of owners
Hash *Hash `json:"hash,omitempty"`
Created *time.Time `json:"created,omitempty"`
Mtime *time.Time `json:"mtime,omitempty"`
Directory []string `json:"directory,omitempty"`
URL *URL `json:"url,omitempty"`
SharingTypeAdded []string `json:"sharing_type_added,omitempty"`
CloudDriveId string `json:"cloud_drive_id,omitempty"`
DetectionSourceAlias string `json:"detection_source_alias,omitempty"`
SyncDestination string `json:"sync_destination,omitempty"`
SyncDestinationUser *User `json:"sync_destination_user,omitempty"`
Id string `json:"id,omitempty"`
IdentifiedExtensionMIMEType string `json:"identified_extension_mime_type,omitempty"`
CurrentExtensionMIMEType string `json:"current_extension_mime_type,omitempty"`
SuspiciousFileTypeMismatch *bool `json:"suspicious_file_type_mismatch,omitempty"`
RemoteActivity string `json:"remote_activity,omitempty"`
Trusted *bool `json:"trusted,omitempty"`
}
type Geo ¶ added in v0.2.3
type Geo struct {
Status string `json:"status,omitempty"`
Message string `json:"message,omitempty"`
Continent string `json:"continent_name,omitempty"`
ContinentCode string `json:"continent_iso_code,omitempty"`
Country string `json:"country_name,omitempty"`
CountryCode string `json:"country_iso_code,omitempty"`
Region string `json:"region_iso_code,omitempty"`
RegionName string `json:"region_name,omitempty"`
City string `json:"city_name,omitempty"`
District string `json:"district,omitempty"`
ZIP string `json:"postal_code,omitempty"`
Lat *float32 `json:"lat,omitempty"`
Lon *float32 `json:"lon,omitempty"`
Timezone string `json:"timezone,omitempty"`
Currency string `json:"currency,omitempty"`
ISP string `json:"isp,omitempty"`
Org string `json:"org,omitempty"`
AS string `json:"as,omitempty"`
ASName string `json:"as_name,omitempty"`
Reverse string `json:"reverse,omitempty"`
Mobile *bool `json:"mobile,omitempty"`
Proxy *bool `json:"proxy,omitempty"`
Hosting *bool `json:"hosting,omitempty"`
Query string `json:"query,omitempty"`
Location *Location `json:"location,omitempty"`
}
type InProgressQuery ¶
In progress query struct
func ReadInProgressQueries ¶
func ReadInProgressQueries(query config.FFSQuery) ([]InProgressQuery, error)
func ReadLastCompletedQuery ¶
func ReadLastCompletedQuery(query config.FFSQuery) (InProgressQuery, error)
type InProgressQueryString ¶
In progress query struct using strings
type Organization ¶ added in v0.2.3
type Organization struct {
Name string `json:"name,omitempty"`
}
type RemovableMedia ¶ added in v0.1.6
type RemovableMedia struct {
Vendor string `json:"vendor,omitempty"`
Name string `json:"name,omitempty"`
SerialNumber string `json:"serial_number,omitempty"`
Capacity *int `json:"capacity,omitempty"`
BusType string `json:"bus_type,omitempty"`
MediaName string `json:"media_name,omitempty"`
VolumeName string `json:"volume_name,omitempty"`
PartitionId string `json:"partition_id,omitempty"`
}
type SemiElasticFFSEvent ¶ added in v0.1.8
type SemiElasticFFSEvent struct {
FileEvent SemiElasticFileEvent `json:"file_event"`
Geo *Geo `json:"geo,omitempty"`
}
type SemiElasticFileEvent ¶ added in v0.1.8
type SemiElasticFileEvent struct {
EventId string `json:"event_id"`
EventType string `json:"event_type"`
EventTimestamp *time.Time `json:"event_timestamp,omitempty"`
InsertionTimestamp *time.Time `json:"insertion_timestamp,omitempty"`
FilePath string `json:"file_path,omitempty"`
FileName string `json:"file_name"`
FileType string `json:"file_type,omitempty"`
FileCategory string `json:"file_category,omitempty"`
IdentifiedExtensionCategory string `json:"identified_extension_category,omitempty"`
CurrentExtensionCategory string `json:"current_extension_category,omitempty"`
FileSize *int `json:"file_size"`
FileOwner []string `json:"file_owner,omitempty"` //Array of owners
Md5Checksum string `json:"md5_checksum,omitempty"`
Sha256Checksum string `json:"sha256_checksum,omitempty"`
CreatedTimestamp *time.Time `json:"created_timestamp,omitempty"`
ModifyTimestamp *time.Time `json:"modify_timestamp,omitempty"`
DeviceUsername string `json:"device_username,omitempty"`
DeviceUid string `json:"device_uid,omitempty"`
UserUid string `json:"user_uid,omitempty"`
OsHostname string `json:"os_hostname,omitempty"`
DomainName string `json:"domain_name,omitempty"`
PublicIpAddress string `json:"public_ip_address,omitempty"`
PrivateIpAddresses []string `json:"private_ip_addresses,omitempty"` //Array of IP address strings
Actor string `json:"actor,omitempty"`
DirectoryId []string `json:"directory_id,omitempty"` //An array of something, I am not sure
Source string `json:"source,omitempty"`
Url string `json:"url,omitempty"`
SharingTypeAdded []string `json:"sharing_type_added,omitempty"`
CloudDriveId string `json:"cloud_drive_id,omitempty"`
DetectionSourceAlias string `json:"detection_source_alias,omitempty"`
FileId string `json:"file_id,omitempty"`
Exposure []string `json:"exposure,omitempty"`
ProcessOwner string `json:"process_owner,omitempty"`
ProcessName string `json:"process_name,omitempty"`
TabWindowTitle string `json:"tab_window_title,omitempty"`
TabUrl string `json:"tab_url,omitempty"`
RemovableMediaVendor string `json:"removable_media_vendor,omitempty"`
RemovableMediaName string `json:"removable_media_name,omitempty"`
RemovableMediaSerialNumber string `json:"removable_media_serial_number,omitempty"`
RemovableMediaCapacity *int `json:"removable_media_capacity,omitempty"`
RemovableMediaBusType string `json:"removable_media_bus_type,omitempty"`
RemovableMediaMediaName string `json:"removable_media_media_name,omitempty"`
RemovableMediaVolumeName string `json:"removable_media_volume_name,omitempty"`
RemovableMediaPartitionId string `json:"removable_media_partition_id,omitempty"`
SyncDestination string `json:"sync_destination,omitempty"`
SyncDestinationUsername string `json:"sync_destination_username,omitempty"`
EmailDLPPolicyNames []string `json:"email_dlp_policy_names,omitempty"`
EmailDLPSubject string `json:"email_dlp_subject,omitempty"`
EmailDLPSender string `json:"email_dlp_sender,omitempty"`
EmailDLPFrom string `json:"email_dlp_from,omitempty"`
EmailDLPRecipients []string `json:"email_dlp_recipients,omitempty"`
OutsideActiveHours *bool `json:"outside_active_hours,omitempty"`
IdentifiedExtensionMIMEType string `json:"identified_extension_mime_type,omitempty"`
CurrentExtensionMIMEType string `json:"current_extension_mime_type,omitempty"`
SuspiciousFileTypeMismatch *bool `json:"suspicious_file_type_mismatch,omitempty"`
PrintJobName string `json:"print_job_name,omitempty"`
PrinterName string `json:"printer_name,omitempty"`
PrintedFilesBackupPath string `json:"printed_files_backup_path,omitempty"`
RemoteActivity string `json:"remote_activity,omitempty"`
Trusted *bool `json:"trusted,omitempty"`
LoggedInOperatingSystemUser string `json:"logged_in_operating_system_user,omitempty"`
}
type URL ¶ added in v0.2.3
type URL struct {
Full string `json:"full,omitempty"`
Domain string `json:"domain,omitempty"`
Extension string `json:"extension,omitempty"`
Fragment string `json:"fragment,omitempty"`
Path string `json:"path,omitempty"`
Port *int `json:"port,omitempty"`
Query string `json:"query,omitempty"`
Scheme string `json:"scheme,omitempty"`
Username string `json:"username,omitempty"`
Password string `json:"password,omitempty"`
RegisteredDomain string `json:"registered_domain,omitempty"`
TopLevelDomain string `json:"top_level_domain,omitempty"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.