Documentation ¶
Index ¶
- Constants
- type Config
- type Engine
- func (engine *Engine) GetSelectedEvents() []detect.SignatureEventSelector
- func (engine *Engine) LoadSignature(signature detect.Signature) (string, error)
- func (engine *Engine) Start(done chan bool)
- func (engine *Engine) Stats() *metrics.Stats
- func (engine *Engine) UnloadSignature(signatureId string) error
- type EventSources
Constants ¶
const ALL_EVENT_ORIGINS = "*"
const ALL_EVENT_TYPES = "*"
const EVENT_CONTAINER_ORIGIN = "container"
const EVENT_HOST_ORIGIN = "host"
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
SignatureBufferSize uint
}
Config defines the engine's configurable values
type Engine ¶
type Engine struct {
// contains filtered or unexported fields
}
Engine is a rule-engine that can process events coming from a set of input sources against a set of loaded signatures, and report the signatures' findings
func NewEngine ¶
func NewEngine(sigs []detect.Signature, sources EventSources, output chan detect.Finding, config Config) (*Engine, error)
NewEngine creates a new rules-engine with the given arguments inputs and outputs are given as channels created by the consumer
func (*Engine) GetSelectedEvents ¶
func (engine *Engine) GetSelectedEvents() []detect.SignatureEventSelector
GetSelectedEvents returns the event selectors that are relevant to the currently loaded signatures
func (*Engine) LoadSignature ¶
LoadSignature will call the internal signature loading logic and activate its handling business logics. It will return the signature ID as well as error.
func (*Engine) Start ¶
Start starts processing events and detecting signatures it runs continuously until stopped by the done channel once done, it cleans all internal resources, which means the engine is not reusable note that the input and output channels are created by the consumer and therefore are not closed
func (*Engine) UnloadSignature ¶
UnloadSignature will remove from Engine data structures the given signature and stop its handling goroutine
type EventSources ¶
EventSources is a bundle of input sources used to configure the Engine