rule

package
v0.2.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 16, 2020 License: GPL-3.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func RenderConditionAsHTML 

func RenderConditionAsHTML(conditions []Conditions) string

func RenderConditionAsText 

func RenderConditionAsText(conditions []Conditions) string

Types

type Conditions 

type Conditions struct {
	Negate       bool
	Condition    string
	Selections   []string
	Dependencies []string
}

type ParsedRule 

type ParsedRule struct {
	Id               int
	Name             string
	Identifier       string
	CreationDate     time.Time
	ModificationDate time.Time
	Owner            string
	Enabled          bool
	Conditions       []Conditions
	RuleXML          string
	IsBuildingBlock  bool
}

type QRadarClient 

type QRadarClient struct {
	// contains filtered or unexported fields
}

func NewClient 

func NewClient(baseUrl string, securityToken string) (*QRadarClient, error)

func (*QRadarClient) GenerateRuleGraph added in v0.2.0 

func (client *QRadarClient) GenerateRuleGraph(regexFilter string, filterIsInclusive bool) (*dag.DAG, error)

func (*QRadarClient) RetrieveParsedQRadarRules added in v0.2.0 

func (client *QRadarClient) RetrieveParsedQRadarRules(filter string) (map[string]*ParsedRule, error)

func (*QRadarClient) RetrieveRuleByIdentifier added in v0.2.0 

func (client *QRadarClient) RetrieveRuleByIdentifier(identifier string) (*ParsedRule, error)

type RuleTest 

type RuleTest struct {
	RequiredCapabilities string `xml:"requiredCapabilities,attr"`
	Group                string `xml:"group,attr"`
	Uid                  int    `xml:"uid,attr"`
	Name                 string `xml:"name,attr"`
	ID                   int    `xml:"id,attr"`
	GroupId              int    `xml:"groupId,attr"`
	Negate               bool   `xml:"negate,attr"`
	Text                 string `xml:"text"`
	Visable              bool   `xml:"visable,attr"`
	Parameter            []struct {
		Text           string `xml:",chardata"`
		ID             int    `xml:"id,attr"`
		InitialText    string `xml:"initialText"`
		SelectionLabel string `xml:"selectionLabel"`
		UserOptions    struct {
			Text        string `xml:",chardata"`
			Multiselect bool   `xml:"multiselect,attr"`
			Method      string `xml:"method,attr"`
			Source      string `xml:"source,attr"`
			Format      string `xml:"format,attr"`
			Errorkey    string `xml:"errorkey,attr"`
			Validation  string `xml:"validation,attr"`
			Ordered     bool   `xml:"ordered,attr"`
			Option      []struct {
				Text string `xml:",chardata"`
				ID   string `xml:"id,attr"`
			} `xml:"option"`
		} `xml:"userOptions"`
		UserSelection      string `xml:"userSelection"`
		UserSelectionTypes string `xml:"userSelectionTypes"`
		UserSelectionId    int    `xml:"userSelectionId"`
		Name               string `xml:"name"`
	} `xml:"parameter"`
}

type RuleXML 

type RuleXML struct {
	XMLName         xml.Name        `xml:"rule"`
	Text            string          `xml:",chardata"`
	OverrideId      int             `xml:"overrideid,attr"`
	Owner           string          `xml:"owner,attr"`
	Scope           string          `xml:"scope,attr"`
	Type            string          `xml:"type,attr"`
	RoleDefinition  bool            `xml:"roleDefinition,attr"`
	BuildingBlock   bool            `xml:"buildingBlock,attr"`
	Enabled         bool            `xml:"enabled,attr"`
	ID              int             `xml:"id,attr"`
	Name            string          `xml:"name"`
	Notes           string          `xml:"notes"`
	TestDefinitions TestDefinitions `xml:"testDefinitions"`
	Actions         struct {
		Text                          string `xml:",chardata"`
		FlowAnalysisInterval          string `xml:"flowAnalysisInterval,attr"`
		IncludeAttackerEventsInterval string `xml:"includeAttackerEventsInterval,attr"`
		ForceOffenseCreation          string `xml:"forceOffenseCreation,attr"`
		OffenseMapping                string `xml:"offenseMapping,attr"`
	} `xml:"actions"`
	Responses struct {
		Text                     string `xml:",chardata"`
		ReferenceTableRemove     bool   `xml:"referenceTableRemove,attr"`
		ReferenceMapOfMapsRemove bool   `xml:"referenceMapOfMapsRemove,attr"`
		ReferenceMapOfSetsRemove bool   `xml:"referenceMapOfSetsRemove,attr"`
		ReferenceMapRemove       bool   `xml:"referenceMapRemove,attr"`
		ReferenceTable           bool   `xml:"referenceTable,attr"`
		ReferenceMapOfMaps       bool   `xml:"referenceMapOfMaps,attr"`
		ReferenceMapOfSets       bool   `xml:"referenceMapOfSets,attr"`
		ReferenceMap             bool   `xml:"referenceMap,attr"`
		Newevent                 struct {
			Text                  string `xml:",chardata"`
			LowLevelCategory      string `xml:"lowLevelCategory,attr"`
			OffenseMapping        string `xml:"offenseMapping,attr"`
			ForceOffenseCreation  bool   `xml:"forceOffenseCreation,attr"`
			Qid                   int    `xml:"qid,attr"`
			ContributeOffenseName bool   `xml:"contributeOffenseName,attr"`
			OverrideOffenseName   bool   `xml:"overrideOffenseName,attr"`
			DescribeOffense       bool   `xml:"describeOffense,attr"`
			Relevance             string `xml:"relevance,attr"`
			Credibility           string `xml:"credibility,attr"`
			Severity              string `xml:"severity,attr"`
			Description           string `xml:"description,attr"`
			Name                  string `xml:"name,attr"`
		} `xml:"newevent"`
	} `xml:"responses"`
}

func UnmarshalRule 

func UnmarshalRule(rule_xml string) (RuleXML, error)

type TestDefinitions 

type TestDefinitions struct {
	Text string     `xml:",text"`
	Test []RuleTest `xml:"test"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.