alertcontext

package

v1.6.4-rc3 Latest Latest Go to latest Published: Nov 13, 2024 License: MIT Imports: 18 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/crowdsecurity/crowdsec

Documentation ¶

Index ¶

Constants
Variables
func AppsecEventToContext(event types.AppsecEvent, request *http.Request) (models.Meta, []error)
func EvalAlertContextRules(evt types.Event, match *types.MatchedRule, request *http.Request, ...) []error
func EventToContext(events []types.Event) (models.Meta, []error)
func LoadConsoleContext(c *csconfig.Config, hub *cwhub.Hub) error
func NewAlertContext(contextToSend map[string][]string, valueLength int) error
func TruncateContext(values []string, contextValueLen int) (string, error)
func TruncateContextMap(contextMap map[string][]string, contextValueLen int) ([]*models.MetaItems0, []error)
func ValidateContextExpr(key string, expressions []string) error
type Context
type HubItemWrapper

Constants ¶

View Source

const (
	MaxContextValueLen = 4000
)

Variables ¶

View Source

var ErrNoContextData = errors.New("no context to send")

Functions ¶

func AppsecEventToContext ¶

func AppsecEventToContext(event types.AppsecEvent, request *http.Request) (models.Meta, []error)

Iterate over the individual appsec matched rules to create the needed alert context.

func EvalAlertContextRules ¶

func EvalAlertContextRules(evt types.Event, match *types.MatchedRule, request *http.Request, tmpContext map[string][]string) []error

func EventToContext ¶

func EventToContext(events []types.Event) (models.Meta, []error)

Iterate over the individual events to create the needed alert context.

func LoadConsoleContext ¶ added in v1.6.0

func LoadConsoleContext(c *csconfig.Config, hub *cwhub.Hub) error

LoadConsoleContext loads the context from the hub (if provided) and the file console_context_path.

func NewAlertContext ¶

func NewAlertContext(contextToSend map[string][]string, valueLength int) error

func TruncateContext ¶ added in v1.6.2

func TruncateContext(values []string, contextValueLen int) (string, error)

Truncate an individual []string to fit in the context value length

func TruncateContextMap ¶

func TruncateContextMap(contextMap map[string][]string, contextValueLen int) ([]*models.MetaItems0, []error)

Truncate the context map to fit in the context value length

func ValidateContextExpr ¶

func ValidateContextExpr(key string, expressions []string) error

Types ¶

type Context ¶

type Context struct {
	ContextToSend         map[string][]string
	ContextValueLen       int
	ContextToSendCompiled map[string][]*vm.Program
	Log                   *log.Logger
}

type HubItemWrapper ¶ added in v1.6.0

type HubItemWrapper struct {
	Context map[string][]string `yaml:"context"`
}

HubItemWrapper is a wrapper around a hub item to unmarshal only the context part because there are other fields like name etc.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL