events

package

v1.1.0 Latest Latest Go to latest Published: Apr 19, 2021 License: MIT Imports: 14 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/bonjourmalware/melody

Links

Open Source Insights

Documentation ¶

Index ¶

type BaseEvent
- func (ev *BaseEvent) AddAdditional(add map[string]string)
- func (ev *BaseEvent) AddTags(tags map[string]string)
- func (ev BaseEvent) GetDestPort() uint16
- func (ev BaseEvent) GetKind() string
- func (ev BaseEvent) GetSession() string
- func (ev BaseEvent) GetSourceIP() string
- func (ev BaseEvent) GetTags() map[string][]string
type Event
type EventLog
type HTTPEvent
- func NewHTTPEvent(r *http.Request, network gopacket.Flow, transport gopacket.Flow) (*HTTPEvent, error)
- func NewHTTPEventFromRequest(r *http.Request) (*HTTPEvent, error)
- func (ev HTTPEvent) GetHTTPData() HTTPEvent
- func (ev HTTPEvent) GetIPHeader() *layers.IPv4
- func (ev HTTPEvent) ToLog() EventLog
type ICMPv4Event
- func NewICMPv4Event(packet gopacket.Packet) (*ICMPv4Event, error)
- func (ev ICMPv4Event) ToLog() EventLog
type ICMPv6Event
- func NewICMPv6Event(packet gopacket.Packet) (*ICMPv6Event, error)
- func (ev ICMPv6Event) ToLog() EventLog
type TCPEvent
- func NewTCPEvent(packet gopacket.Packet, IPVersion uint) (*TCPEvent, error)
- func (ev TCPEvent) ToLog() EventLog
type Tags
type UDPEvent
- func NewUDPEvent(packet gopacket.Packet, IPVersion uint) (*UDPEvent, error)
- func (ev UDPEvent) ToLog() EventLog

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type BaseEvent ¶

type BaseEvent struct {
	IPVersion  uint
	Tags       Tags
	Kind       string
	SourceIP   string
	DestPort   uint16
	Session    string
	Timestamp  time.Time
	Additional map[string]string
	Event
	loggable.Loggable
}

BaseEvent described the common structure to all the events generated by the received packets

func (*BaseEvent) AddAdditional ¶

func (ev *BaseEvent) AddAdditional(add map[string]string)

AddAdditional fetches the Additional values of an event

func (*BaseEvent) AddTags ¶

func (ev *BaseEvent) AddTags(tags map[string]string)

AddTags add the given tag array to the event's tags

func (BaseEvent) GetDestPort ¶

func (ev BaseEvent) GetDestPort() uint16

GetDestPort fetches the DestPort of an event

func (BaseEvent) GetKind ¶

func (ev BaseEvent) GetKind() string

GetKind fetches the Kind of an event

func (BaseEvent) GetSession ¶ added in v1.0.1

func (ev BaseEvent) GetSession() string

GetSession fetches the Session of an event

func (BaseEvent) GetSourceIP ¶

func (ev BaseEvent) GetSourceIP() string

GetSourceIP fetches the SourceIP of an event

func (BaseEvent) GetTags ¶ added in v1.0.1

func (ev BaseEvent) GetTags() map[string][]string

GetTags fetches the Tags of an event

type Event ¶

type Event interface {
	//Match(rule rules.Rule) bool
	ToLog() EventLog
	GetIPHeader() *layers.IPv4
	GetICMPv6Header() *layers.ICMPv6
	GetICMPv4Header() *layers.ICMPv4
	GetUDPHeader() *layers.UDP
	GetTCPHeader() *layers.TCP
	GetHTTPData() HTTPEvent

	AddTags(tags map[string]string)
	AddAdditional(add map[string]string)
	loggable.Loggable
}

Event is the interface implementing common methods to generated events

type EventLog ¶

type EventLog interface {
	String() (string, error)
}

EventLog is the interface implementing common methods to generated events' log data

type HTTPEvent ¶

type HTTPEvent struct {
	Verb          string            `json:"verb"`
	Proto         string            `json:"proto"`
	RequestURI    string            `json:"URI"`
	SourcePort    uint16            `json:"src_port"`
	DestHost      string            `json:"dst_host"`
	DestPort      uint16            `json:"dst_port"`
	Headers       map[string]string `json:"headers"`
	HeadersKeys   []string          `json:"headers_keys"`
	HeadersValues []string          `json:"headers_values"`
	InlineHeaders []string
	Errors        []string        `json:"errors"`
	Body          logdata.Payload `json:"body"`
	IsTLS         bool            `json:"is_tls"`
	Req           *http.Request
	LogData       logdata.HTTPEventLog
	BaseEvent
}

HTTPEvent describes the structure of an event generated by a reassembled HTTP packet

func NewHTTPEvent ¶

func NewHTTPEvent(r *http.Request, network gopacket.Flow, transport gopacket.Flow) (*HTTPEvent, error)

NewHTTPEvent creates an HTTPEvent from a reassembled http.Request. It uses flow information if available to allow quality source and destination information. Only available to HTTP events, as HTTPS events are generated from a webserver and thus not reassembled

func NewHTTPEventFromRequest ¶

func NewHTTPEventFromRequest(r *http.Request) (*HTTPEvent, error)

NewHTTPEventFromRequest creates an HTTPEvent from an http.Request if flow information is not available. It is used for HTTPS events, as they're generated from the dummy webserver and not reassembled by Melody

func (HTTPEvent) GetHTTPData ¶

func (ev HTTPEvent) GetHTTPData() HTTPEvent

GetHTTPData returns the event's data

func (HTTPEvent) GetIPHeader ¶

func (ev HTTPEvent) GetIPHeader() *layers.IPv4

GetIPHeader satisfies the Event interface by returning nil. As they're application-level data, HTTP events does not support IP header data

func (HTTPEvent) ToLog ¶

func (ev HTTPEvent) ToLog() EventLog

ToLog parses the event structure and generate an EventLog almost ready to be sent to the logging file

type ICMPv4Event ¶

type ICMPv4Event struct {
	//ICMPv4Header *layers.ICMPv4
	LogData logdata.ICMPv4EventLog
	BaseEvent
	helpers.IPv4Layer
	helpers.ICMPv4Layer
}

ICMPv4Event describes the structure of an event generated by an ICPMv4 packet

func NewICMPv4Event ¶

func NewICMPv4Event(packet gopacket.Packet) (*ICMPv4Event, error)

NewICMPv4Event created a new ICMPv4Event from a packet

func (ICMPv4Event) ToLog ¶

func (ev ICMPv4Event) ToLog() EventLog

ToLog parses the event structure and generate an EventLog almost ready to be sent to the logging file

type ICMPv6Event ¶

type ICMPv6Event struct {
	LogData logdata.ICMPv6EventLog
	BaseEvent
	helpers.IPv6Layer
	helpers.ICMPv6Layer
}

ICMPv6Event describes the structure of an event generated by an ICPMv6 packet

func NewICMPv6Event ¶

func NewICMPv6Event(packet gopacket.Packet) (*ICMPv6Event, error)

NewICMPv6Event created a new ICMPv6Event from a packet

func (ICMPv6Event) ToLog ¶

func (ev ICMPv6Event) ToLog() EventLog

ToLog parses the event structure and generate an EventLog almost ready to be sent to the logging file

type TCPEvent ¶

type TCPEvent struct {
	LogData logdata.TCPEventLog
	BaseEvent
	helpers.TCPLayer
	helpers.IPv4Layer
	helpers.IPv6Layer
}

TCPEvent describes the structure of an event generated by an ICPMv4 packet

func NewTCPEvent ¶

func NewTCPEvent(packet gopacket.Packet, IPVersion uint) (*TCPEvent, error)

NewTCPEvent created a new TCPEvent from a packet

func (TCPEvent) ToLog ¶

func (ev TCPEvent) ToLog() EventLog

ToLog parses the event structure and generate an EventLog almost ready to be sent to the logging file

type Tags ¶

type Tags map[string][]string

Tags is an abstraction of map[string]interface{} allowing for the use of a set-like structure and a more graceful conversion to array

type UDPEvent ¶

type UDPEvent struct {
	LogData logdata.UDPEventLog
	BaseEvent
	helpers.UDPLayer
	helpers.IPv4Layer
	helpers.IPv6Layer
}

UDPEvent describes the structure of an event generated by an ICPMv4 packet

func NewUDPEvent ¶

func NewUDPEvent(packet gopacket.Packet, IPVersion uint) (*UDPEvent, error)

NewUDPEvent created a new UDPEvent from a packet

func (UDPEvent) ToLog ¶

func (ev UDPEvent) ToLog() EventLog

ToLog parses the event structure and generate an EventLog almost ready to be sent to the logging file

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
helpers

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL