crowdsec

package

v1.15.5 Latest Latest Go to latest Published: Nov 24, 2023 License: MIT Imports: 1 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/antonmedv/expr

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
type Alert
type AlertEdges
type Decision
type Event
- func (e *Event) GetMeta(key string) string
- func (e *Event) GetType() string
type Line
type Machine
type MachineEdges
type Meta
type MetaItems0
type RuntimeAlert
- func (r RuntimeAlert) GetSources() []string
type ScopeType
type Source

Constants ¶

This section is empty.

Variables ¶

View Source

var CustomFunctions = []struct {
	Name string
	Func []any
}{
	{
		Name: "Distance",
		Func: []any{
			new(func(string, string, string, string) (float64, error)),
		},
	},
	{
		Name: "GetFromStash",
		Func: []any{
			new(func(string, string) (string, error)),
		},
	},
	{
		Name: "Atof",
		Func: []any{
			new(func(string) float64),
		},
	},
	{
		Name: "JsonExtract",
		Func: []any{
			new(func(string, string) string),
		},
	},
	{
		Name: "JsonExtractUnescape",
		Func: []any{
			new(func(string, ...string) string),
		},
	},
	{
		Name: "JsonExtractLib",
		Func: []any{
			new(func(string, ...string) string),
		},
	},
	{
		Name: "JsonExtractSlice",
		Func: []any{
			new(func(string, string) []any),
		},
	},
	{
		Name: "JsonExtractObject",
		Func: []any{
			new(func(string, string) map[string]any),
		},
	},
	{
		Name: "ToJsonString",
		Func: []any{
			new(func(any) string),
		},
	},
	{
		Name: "File",
		Func: []any{
			new(func(string) []string),
		},
	},
	{
		Name: "RegexpInFile",
		Func: []any{
			new(func(string, string) bool),
		},
	},
	{
		Name: "Upper",
		Func: []any{
			new(func(string) string),
		},
	},
	{
		Name: "Lower",
		Func: []any{
			new(func(string) string),
		},
	},
	{
		Name: "IpInRange",
		Func: []any{
			new(func(string, string) bool),
		},
	},
	{
		Name: "TimeNow",
		Func: []any{
			new(func() string),
		},
	},
	{
		Name: "ParseUri",
		Func: []any{
			new(func(string) map[string][]string),
		},
	},
	{
		Name: "PathUnescape",
		Func: []any{
			new(func(string) string),
		},
	},
	{
		Name: "QueryUnescape",
		Func: []any{
			new(func(string) string),
		},
	},
	{
		Name: "PathEscape",
		Func: []any{
			new(func(string) string),
		},
	},
	{
		Name: "QueryEscape",
		Func: []any{
			new(func(string) string),
		},
	},
	{
		Name: "XMLGetAttributeValue",
		Func: []any{
			new(func(string, string, string) string),
		},
	},
	{
		Name: "XMLGetNodeValue",
		Func: []any{
			new(func(string, string) string),
		},
	},
	{
		Name: "IpToRange",
		Func: []any{
			new(func(string, string) string),
		},
	},
	{
		Name: "IsIPV6",
		Func: []any{
			new(func(string) bool),
		},
	},
	{
		Name: "IsIPV4",
		Func: []any{
			new(func(string) bool),
		},
	},
	{
		Name: "IsIP",
		Func: []any{
			new(func(string) bool),
		},
	},
	{
		Name: "LookupHost",
		Func: []any{
			new(func(string) []string),
		},
	},
	{
		Name: "GetDecisionsCount",
		Func: []any{
			new(func(string) int),
		},
	},
	{
		Name: "GetDecisionsSinceCount",
		Func: []any{
			new(func(string, string) int),
		},
	},
	{
		Name: "Sprintf",
		Func: []any{
			new(func(string, ...any) string),
		},
	},
	{
		Name: "ParseUnix",
		Func: []any{
			new(func(string) string),
		},
	},
	{
		Name: "SetInStash",
		Func: []any{
			new(func(string, string, string, *time.Duration) error),
		},
	},
	{
		Name: "Fields",
		Func: []any{
			new(func(string) []string),
		},
	},
	{
		Name: "Index",
		Func: []any{
			new(func(string, string) int),
		},
	},
	{
		Name: "IndexAny",
		Func: []any{
			new(func(string, string) int),
		},
	},
	{
		Name: "Join",
		Func: []any{
			new(func([]string, string) string),
		},
	},
	{
		Name: "Split",
		Func: []any{
			new(func(string, string) []string),
		},
	},
	{
		Name: "SplitAfter",
		Func: []any{
			new(func(string, string) []string),
		},
	},
	{
		Name: "SplitAfterN",
		Func: []any{
			new(func(string, string, int) []string),
		},
	},
	{
		Name: "SplitN",
		Func: []any{
			new(func(string, string, int) []string),
		},
	},
	{
		Name: "Replace",
		Func: []any{
			new(func(string, string, string, int) string),
		},
	},
	{
		Name: "ReplaceAll",
		Func: []any{
			new(func(string, string, string) string),
		},
	},
	{
		Name: "Trim",
		Func: []any{
			new(func(string, string) string),
		},
	},
	{
		Name: "TrimLeft",
		Func: []any{
			new(func(string, string) string),
		},
	},
	{
		Name: "TrimRight",
		Func: []any{
			new(func(string, string) string),
		},
	},
	{
		Name: "TrimSpace",
		Func: []any{
			new(func(string) string),
		},
	},
	{
		Name: "TrimPrefix",
		Func: []any{
			new(func(string, string) string),
		},
	},
	{
		Name: "TrimSuffix",
		Func: []any{
			new(func(string, string) string),
		},
	},
	{
		Name: "Get",
		Func: []any{
			new(func([]string, int) string),
		},
	},
	{
		Name: "ToString",
		Func: []any{
			new(func(any) string),
		},
	},
	{
		Name: "Match",
		Func: []any{
			new(func(string, string) bool),
		},
	},
	{
		Name: "KeyExists",
		Func: []any{
			new(func(string, map[string]any) bool),
		},
	},
	{
		Name: "LogInfo",
		Func: []any{
			new(func(string, ...any) bool),
		},
	},
	{
		Name: "B64Decode",
		Func: []any{
			new(func(string) string),
		},
	},
	{
		Name: "UnmarshalJSON",
		Func: []any{
			new(func(string, map[string]any, string) error),
		},
	},
	{
		Name: "ParseKV",
		Func: []any{
			new(func(string, map[string]any, string) error),
		},
	},
	{
		Name: "Hostname",
		Func: []any{
			new(func() (string, error)),
		},
	},
}

Functions ¶

This section is empty.

Types ¶

type Alert ¶

type Alert struct {
	Capacity        *int32      `json:"capacity"`
	CreatedAt       string      `json:"created_at,omitempty"`
	Decisions       []*Decision `json:"decisions"`
	Events          []*Event    `json:"events"`
	EventsCount     *int32      `json:"events_count"`
	ID              int64       `json:"id,omitempty"`
	Labels          []string    `json:"labels"`
	Leakspeed       *string     `json:"leakspeed"`
	MachineID       string      `json:"machine_id,omitempty"`
	Message         *string     `json:"message"`
	Meta            Meta        `json:"meta,omitempty"`
	Remediation     bool        `json:"remediation,omitempty"`
	Scenario        *string     `json:"scenario"`
	ScenarioHash    *string     `json:"scenario_hash"`
	ScenarioVersion *string     `json:"scenario_version"`
	Simulated       *bool       `json:"simulated"`
	Source          *Source     `json:"source"`
	StartAt         *string     `json:"start_at"`
	StopAt          *string     `json:"stop_at"`
	UUID            string      `json:"uuid,omitempty"`
	Edges           AlertEdges  `json:"edges"`
}

func (*Alert) GetEventsCount ¶

func (a *Alert) GetEventsCount() int32

func (*Alert) GetMeta ¶

func (a *Alert) GetMeta(_ string) string

func (*Alert) GetScenario ¶

func (a *Alert) GetScenario() string

func (*Alert) GetScope ¶

func (a *Alert) GetScope() string

func (*Alert) GetValue ¶

func (a *Alert) GetValue() string

func (*Alert) HasRemediation ¶

func (a *Alert) HasRemediation() bool

type AlertEdges ¶

type AlertEdges struct {
	Owner     *Machine    `json:"owner,omitempty"`
	Decisions []*Decision `json:"decisions,omitempty"`
	Events    []*Event    `json:"events,omitempty"`
	Metas     []*Meta     `json:"metas,omitempty"`
}

func (AlertEdges) DecisionsOrErr ¶

func (e AlertEdges) DecisionsOrErr() ([]*Decision, error)

func (AlertEdges) EventsOrErr ¶

func (e AlertEdges) EventsOrErr() ([]*Event, error)

func (AlertEdges) MetasOrErr ¶

func (e AlertEdges) MetasOrErr() ([]*Meta, error)

func (AlertEdges) OwnerOrErr ¶

func (e AlertEdges) OwnerOrErr() (*Machine, error)

type Decision ¶

type Decision struct {
	Duration  *string `json:"duration"`
	ID        int64   `json:"id,omitempty"`
	Origin    *string `json:"origin"`
	Scenario  *string `json:"scenario"`
	Scope     *string `json:"scope"`
	Simulated *bool   `json:"simulated,omitempty"`
	Type      *string `json:"type"`
	Until     string  `json:"until,omitempty"`
	UUID      string  `json:"uuid,omitempty"`
	Value     *string `json:"value"`
}

type Event ¶

type Event struct {
	Type            int               `yaml:"Type,omitempty" json:"Type,omitempty"`
	ExpectMode      int               `yaml:"ExpectMode,omitempty" json:"ExpectMode,omitempty"`
	Whitelisted     bool              `yaml:"Whitelisted,omitempty" json:"Whitelisted,omitempty"`
	WhitelistReason string            `yaml:"WhitelistReason,omitempty" json:"whitelist_reason,omitempty"`
	Stage           string            `yaml:"Stage,omitempty" json:"Stage,omitempty"`
	Line            Line              `yaml:"Line,omitempty" json:"Line,omitempty"`
	Parsed          map[string]string `yaml:"Parsed,omitempty" json:"Parsed,omitempty"`
	Enriched        map[string]string `yaml:"Enriched,omitempty" json:"Enriched,omitempty"`
	Unmarshaled     map[string]any    `yaml:"Unmarshaled,omitempty" json:"Unmarshaled,omitempty"`
	Overflow        RuntimeAlert      `yaml:"Overflow,omitempty" json:"Alert,omitempty"`
	Time            time.Time         `yaml:"Time,omitempty" json:"Time,omitempty"`
	StrTime         string            `yaml:"StrTime,omitempty" json:"StrTime,omitempty"`
	StrTimeFormat   string            `yaml:"StrTimeFormat,omitempty" json:"StrTimeFormat,omitempty"`
	MarshaledTime   string            `yaml:"MarshaledTime,omitempty" json:"MarshaledTime,omitempty"`
	Process         bool              `yaml:"Process,omitempty" json:"Process,omitempty"`
	Meta            map[string]string `yaml:"Meta,omitempty" json:"Meta,omitempty"`
}

func (*Event) GetMeta ¶

func (e *Event) GetMeta(key string) string

func (*Event) GetType ¶

func (e *Event) GetType() string

type Line ¶

type Line struct {
	Raw     string `yaml:"Raw,omitempty"`
	Src     string `yaml:"Src,omitempty"`
	Time    time.Time
	Labels  map[string]string `yaml:"Labels,omitempty"`
	Process bool
	Module  string `yaml:"Module,omitempty"`
}

type Machine ¶

type Machine struct {
	ID            int          `json:"id,omitempty"`
	CreatedAt     *time.Time   `json:"created_at,omitempty"`
	UpdatedAt     *time.Time   `json:"updated_at,omitempty"`
	LastPush      *time.Time   `json:"last_push,omitempty"`
	LastHeartbeat *time.Time   `json:"last_heartbeat,omitempty"`
	MachineId     string       `json:"machineId,omitempty"`
	Password      string       `json:"-"`
	IpAddress     string       `json:"ipAddress,omitempty"`
	Scenarios     string       `json:"scenarios,omitempty"`
	Version       string       `json:"version,omitempty"`
	IsValidated   bool         `json:"isValidated,omitempty"`
	Status        string       `json:"status,omitempty"`
	AuthType      string       `json:"auth_type"`
	Edges         MachineEdges `json:"edges"`
}

type MachineEdges ¶

type MachineEdges struct {
	Alerts []*Alert `json:"alerts,omitempty"`
}

type Meta ¶

type Meta []*MetaItems0

type MetaItems0 ¶

type MetaItems0 struct {
	Key   string `json:"key,omitempty"`
	Value string `json:"value,omitempty"`
}

type RuntimeAlert ¶

type RuntimeAlert struct {
	Mapkey      string            `yaml:"MapKey,omitempty" json:"MapKey,omitempty"`
	BucketId    string            `yaml:"BucketId,omitempty" json:"BucketId,omitempty"`
	Whitelisted bool              `yaml:"Whitelisted,omitempty" json:"Whitelisted,omitempty"`
	Reprocess   bool              `yaml:"Reprocess,omitempty" json:"Reprocess,omitempty"`
	Sources     map[string]Source `yaml:"Sources,omitempty" json:"Sources,omitempty"`
	Alert       *Alert            `yaml:"Alert,omitempty" json:"Alert,omitempty"`
	APIAlerts   []Alert           `yaml:"APIAlerts,omitempty" json:"APIAlerts,omitempty"`
}

func (RuntimeAlert) GetSources ¶

func (r RuntimeAlert) GetSources() []string

type ScopeType ¶

type ScopeType struct {
	Scope  string `yaml:"type"`
	Filter string `yaml:"expression"`
}

type Source ¶

type Source struct {
	AsName    string  `json:"as_name,omitempty"`
	AsNumber  string  `json:"as_number,omitempty"`
	Cn        string  `json:"cn,omitempty"`
	IP        string  `json:"ip,omitempty"`
	Latitude  float32 `json:"latitude,omitempty"`
	Longitude float32 `json:"longitude,omitempty"`
	Range     string  `json:"range,omitempty"`
	Scope     *string `json:"scope"`
	Value     *string `json:"value"`
}

func (Source) GetAsNumberName ¶

func (s Source) GetAsNumberName() string

func (Source) GetScope ¶

func (s Source) GetScope() string

func (Source) GetValue ¶

func (s Source) GetValue() string

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL