Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ErrMalformedECSRecord = errors.New("encountered malformed data in ECSRecord")
Functions ¶
This section is empty.
Types ¶
type ECSMetadata ¶
type ECSMetadata struct {
Metadata Metadata `json:"@metadata"`
}
type ECSRecord ¶
type ECSRecord struct {
RFCTimestamp string `json:"@timestamp"`
Agent struct {
Hostname string
ID string
}
Host struct {
IP []string
}
Source struct {
IP string
Port json.Number
}
Destination struct {
IP string
Port json.Number
}
Network struct {
Transport string // RITA Proto
Protocol string // RITA Service
}
Event struct {
// Duration float64 // Not supported by sysmon/ winlogbeat. Use with packetbeat.
Provider string
Code json.Number
}
DNS struct {
Answers []Answer
Question struct {
Name string
}
}
}
ECSRecord is the union of Elastic comma schema fields used by *beats software
type ECSRecordv8 ¶
type ECSRecordv8 struct {
RFCTimestamp string `json:"@timestamp"`
Agent struct {
Name string
ID string
}
Host struct {
IP []string
}
Winlog struct {
EventData EventDatav8 `json:"event_data"`
}
Event struct {
Provider string
Code string
}
}
func (*ECSRecordv8) Process ¶
func (r *ECSRecordv8) Process() (*ECSRecord, error)
Processes a v8.x event log and converts it into an ECSRecord
type EventDatav8 ¶
Source Files
Click to show internal directories.
Click to hide internal directories.