The highest tagged major version is v5.

beacon

package

v2.0.0+incompatible Latest Latest Go to latest Published: Feb 15, 2019 License: GPL-3.0 Imports: 1 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/activecm/rita

Documentation ¶

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AnalysisInput ¶

type AnalysisInput struct {
	ID              bson.ObjectId `bson:"_id,omitempty"`    // Unique Connection ID
	Src             string        `bson:"src"`              // Source IP
	Dst             string        `bson:"dst"`              // Destination IP
	TsList          []int64       `bson:"ts_list"`          // Connection timestamps for this src, dst pair
	OrigIPBytes     []int64       `bson:"orig_bytes_list"`  // Src to dst connection sizes for each connection
	ConnectionCount int           `bson:"connection_count"` // Total connection count between pair
	AverageBytes    float32       `bson:"avg_bytes"`
}

AnalysisInput contains the summary statistics of a unique connection

type AnalysisOutput ¶ added in v1.1.1

type AnalysisOutput struct {
	UconnID          bson.ObjectId `bson:"uconn_id"`
	Src              string        `bson:"src"`
	Dst              string        `bson:"dst"`
	ConnectionCount  int           `bson:"connection_count"`
	AverageBytes     float32       `bson:"avg_bytes"`
	TSIRange         int64         `bson:"ts_iRange"`
	TSIMode          int64         `bson:"ts_iMode"`
	TSIModeCount     int64         `bson:"ts_iMode_count"`
	TSIntervals      []int64       `bson:"ts_intervals"`
	TSIntervalCounts []int64       `bson:"ts_interval_counts"`
	TSIDispersion    int64         `bson:"ts_iDispersion"`
	TSISkew          float64       `bson:"ts_iSkew"`
	TSDuration       float64       `bson:"ts_duration"`
	TSScore          float64       `bson:"ts_score"`
	DSRange          int64         `bson:"ds_range"`
	DSMode           int64         `bson:"ds_mode"`
	DSModeCount      int64         `bson:"ds_mode_count"`
	DSSizes          []int64       `bson:"ds_sizes"`
	DSSizeCounts     []int64       `bson:"ds_counts"`
	DSDispersion     int64         `bson:"ds_dispersion"`
	DSSkew           float64       `bson:"ds_skew"`
	DSScore          float64       `bson:"ds_score"`
	Score            float64       `bson:"score"`
}

AnalysisOutput contains the summary statistics of a unique beacon

type AnalysisView ¶ added in v1.1.1

type AnalysisView struct {
	Src           string  `bson:"src"`
	Dst           string  `bson:"dst"`
	LocalSrc      bool    `bson:"local_src"`
	LocalDst      bool    `bson:"local_dst"`
	Connections   int64   `bson:"connection_count"`
	AvgBytes      float64 `bson:"avg_bytes"`
	TSIRange      int64   `bson:"ts_iRange"`
	TSIMode       int64   `bson:"ts_iMode"`
	TSIModeCount  int64   `bson:"ts_iMode_count"`
	TSISkew       float64 `bson:"ts_iSkew"`
	TSIDispersion int64   `bson:"ts_iDispersion"`
	TSDuration    float64 `bson:"ts_duration"`
	Score         float64 `bson:"score"`
	DSSkew        float64 `bson:"ds_skew"`
	DSDispersion  int64   `bson:"ds_dispersion"`
	DSRange       int64   `bson:"ds_range"`
	DSMode        int64   `bson:"ds_mode"`
	DSModeCount   int64   `bson:"ds_mode_count"`
}

AnalysisView used in order to join the uconn and beacon tables

Source Files ¶

View all Source files

beacon.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL