Documentation
¶
Index ¶
- Variables
- func BuildResultsQuery(filter *Filter, currentPage, pageSize int, minTimestamp time.Time) (string, clickhouse.Parameters, bool)
- func CreateUI(_ *config.Config, db *database.DB, useCurrentTime bool, maxTimestamp time.Time, ...) error
- func FormatToCSV(items []list.Item, relativeTimestamp time.Time) (string, error)
- func GetCSVOutput(db *database.DB, minTimestamp, relativeTimestamp time.Time, search string, ...) (string, error)
- func GetResults(db *database.DB, filter *Filter, currentPage, pageSize int, ...) ([]list.Item, bool, error)
- func MakeList(items []list.Item, columns []column, width int, height int) listModel
- func NewFooterModel(dbName string) footerModel
- func NewSearchModel(initialValue string, width int) searchModel
- func NewSidebarModel(maxTS time.Time, useCurrentTime bool, initialData *Item) sidebarModel
- func Truncate(str string, style *lipgloss.Style) string
- type Filter
- type FinishedLoadingResults
- type FooterFlash
- type Item
- func (i Item) FilterValue() string
- func (i *Item) GetBeacon() string
- func (i *Item) GetDst() string
- func (i *Item) GetFirstSeen(relativeTimestamp time.Time) string
- func (i *Item) GetPortProtoService() []string
- func (i *Item) GetPrevalence() string
- func (i *Item) GetSeverity(color bool) string
- func (i *Item) GetSrc() string
- func (i *Item) GetSubdomains() string
- func (i *Item) GetThreatIntel() string
- func (i *Item) GetTotalDuration() string
- type MixtapeResult
- type Model
- type OperatorFilter
- type StillLoadingResults
- type UpdateItem
Constants ¶
This section is empty.
Variables ¶
View Source
var DebugMode bool // set true by rita if debug flag is passed in
Functions ¶
func BuildResultsQuery ¶
func BuildResultsQuery(filter *Filter, currentPage, pageSize int, minTimestamp time.Time) (string, clickhouse.Parameters, bool)
BuildResultsQuery builds a query for fetching mixtape results based on the filter and pagination parameters
func CreateUI ¶
func CreateUI(_ *config.Config, db *database.DB, useCurrentTime bool, maxTimestamp time.Time, minTimestamp time.Time) error
CreateUI creates the terminal UI
func GetCSVOutput ¶
func GetCSVOutput(db *database.DB, minTimestamp, relativeTimestamp time.Time, search string, limit int) (string, error)
can pass in filter here so that users can pass in a search as a cmdline flag func GetCSVOutput(items []list.Item, relativeTimestamp time.Time) string {
func GetResults ¶
func GetResults(db *database.DB, filter *Filter, currentPage, pageSize int, minTimestamp time.Time) ([]list.Item, bool, error)
GetResults queries the database for mixtape results based on the filter and pagination parameters
func NewFooterModel ¶
func NewFooterModel(dbName string) footerModel
func NewSearchModel ¶
func NewSidebarModel ¶
Types ¶
type Filter ¶
type Filter struct {
Src string
Dst string
Fqdn string
Severity []OperatorFilter
Count OperatorFilter
Beacon OperatorFilter
Duration OperatorFilter
Subdomains OperatorFilter
ThreatIntel string
SortSeverity string
SortBeacon string
SortDuration string
SortSubdomains string
// For testing
LastSeen time.Time
SortLastSeen string
}
func ParseSearchInput ¶
ParseSearchInput parses the search input and returns a filter struct
type FinishedLoadingResults ¶
type FinishedLoadingResults string
type FooterFlash ¶
type FooterFlash string
type Item ¶
type Item MixtapeResult
func (Item) FilterValue ¶
func (*Item) GetPortProtoService ¶
func (*Item) GetPrevalence ¶
func (*Item) GetSeverity ¶
GetSeverity returns the severity of the mixtape result based on the final score and adds a color based on the severity level if color is set to true
func (*Item) GetSubdomains ¶
func (*Item) GetThreatIntel ¶
func (*Item) GetTotalDuration ¶
type MixtapeResult ¶
type MixtapeResult struct {
Src net.IP `ch:"src" json:"src"`
Dst net.IP `ch:"dst" json:"dst"`
FQDN string `ch:"fqdn"`
FinalScore float32 `ch:"final_score"`
Count uint64 `ch:"count"`
ProxyCount uint64 `ch:"proxy_count"`
BeaconScore float32 `ch:"beacon_score"`
StrobeScore float32 `ch:"strobe_score"`
BeaconThreatScore float32 `ch:"beacon_threat_score"`
TotalDuration float32 `ch:"total_duration"`
LongConnScore float32 `ch:"long_conn_score"`
FirstSeen time.Time `ch:"first_seen_historical"`
FirstSeenScore float32 `ch:"first_seen_score"`
Prevalence float32 `ch:"prevalence"`
PrevalenceScore float32 `ch:"prevalence_score"`
PrevalenceTotal uint64 `ch:"prevalence_total"`
Subdomains uint64 `ch:"subdomains"`
PortProtoService []string `ch:"port_proto_service"`
C2OverDNSScore float32 `ch:"c2_over_dns_score"`
C2OverDNSDirectConnScore float32 `ch:"c2_over_dns_direct_conn_score"`
ThreatIntelScore float32 `ch:"threat_intel_score"`
ThreatIntelDataSizeScore float32 `ch:"threat_intel_data_size_score"`
TotalBytes uint64 `ch:"total_bytes"`
TotalBytesFormatted string `ch:"total_bytes_formatted"`
MissingHostHeaderScore float32 `ch:"missing_host_header_score"`
MissingHostCount uint64 `ch:"missing_host_count"`
ProxyIPs []net.IP `ch:"proxy_ips"`
Modifiers []map[string]string `ch:"modifiers"`
TotalModifierScore float32 `ch:"total_modifier_score"`
}
type Model ¶
type Model struct {
SearchBar *searchModel
SideBar sidebarModel
List listModel
ViewSearchHelp bool
ViewHelp bool
// contains filtered or unexported fields
}
func NewModel ¶
func NewModel(maxTimestamp, minTimestamp time.Time, useCurrentTime bool, db *database.DB) (*Model, error)
NewModel creates a new model
type OperatorFilter ¶
type StillLoadingResults ¶
type StillLoadingResults string
type UpdateItem ¶ added in v5.0.5
type UpdateItem *Item
Source Files
¶
Click to show internal directories.
Click to hide internal directories.