Documentation ¶
Index ¶
- Constants
- Variables
- func Addr2Ints(anyIP string) (int, int64, int64, int64, int64, error)
- func ConfigureLogger(clog *log.Logger) error
- func GetFSType(path string) (string, error)
- func GetOrigins() []string
- func IP2Ints(pip net.IP) (int, int64, int64, error)
- func IsNetworkFS(path string) (bool, string, error)
- func LastAddress(n net.IPNet) net.IP
- func NormalizeScope(scope string) string
- func Range2Ints(network net.IPNet) (int, int64, int64, int64, int64, error)
- func SetDefaultLoggerConfig(cfgMode string, cfgFolder string, cfgLevel log.Level, maxSize int, ...) error
- func UtcNow() time.Time
- type AppsecEvent
- type DataSource
- type Event
- type Field
- type Line
- type MatchedRule
- type MatchedRules
- func (w MatchedRules) ByAccuracy(accuracy string) MatchedRules
- func (w MatchedRules) ByDisruptiveness(is bool) MatchedRules
- func (w MatchedRules) ByID(id int) MatchedRules
- func (w MatchedRules) ByKind(kind string) MatchedRules
- func (w MatchedRules) BySeverity(severity string) MatchedRules
- func (w MatchedRules) ByTag(match string) MatchedRules
- func (w MatchedRules) ByTagRx(rx string) MatchedRules
- func (w MatchedRules) ByTags(match []string) MatchedRules
- func (w MatchedRules) GetField(field Field) []interface{}
- func (w MatchedRules) GetHash() string
- func (w MatchedRules) GetMatchedZones() []string
- func (w MatchedRules) GetMethod() string
- func (w MatchedRules) GetName() string
- func (w MatchedRules) GetRuleIDs() []int
- func (w MatchedRules) GetURI() string
- func (w MatchedRules) GetVersion() string
- func (w MatchedRules) Kinds() []string
- type Queue
- type RuntimeAlert
- type ScopeType
Constants ¶
View Source
const ( LIVE = iota TIMEMACHINE )
Leakybucket can be in mode LIVE or TIMEMACHINE
View Source
const ( LOG = iota OVFLW APPSEC )
View Source
const ( Undefined = "" Ip = "Ip" Range = "Range" Filter = "Filter" Country = "Country" AS = "AS" )
Move in leakybuckets
View Source
const ApiKeyAuthType = "api-key"
View Source
const CAPIBaseURL = "https://api.crowdsec.net/"
View Source
const CAPIOrigin = "CAPI"
View Source
const CommunityBlocklistPullSourceScope = "crowdsecurity/community-blocklist"
View Source
const ConsoleOrigin = "console"
View Source
const CrowdSecOrigin = "crowdsec"
View Source
const CscliImportOrigin = "cscli-import"
View Source
const CscliOrigin = "cscli"
View Source
const DecisionTypeBan = "ban"
View Source
const ListOrigin = "lists"
View Source
const PAPIBaseURL = "https://papi.api.crowdsec.net/"
View Source
const PAPIPermissionsUrl = "/permissions"
View Source
const PAPIPollUrl = "/decisions/stream/poll"
View Source
const PAPIVersion = "v1"
View Source
const PasswordAuthType = "password"
View Source
const TlsAuthType = "tls"
Variables ¶
View Source
var LogOutput *lumberjack.Logger //io.Writer
Functions ¶
func ConfigureLogger ¶ added in v0.1.0
func GetOrigins ¶ added in v1.5.0
func GetOrigins() []string
func LastAddress ¶
LastAddress returns the last address of a network
func NormalizeScope ¶ added in v1.6.3
func Range2Ints ¶ added in v1.0.3
size (16|4), nw_start, suffix_start, nw_end, suffix_end, error
func SetDefaultLoggerConfig ¶ added in v0.1.0
Types ¶
type AppsecEvent ¶ added in v1.6.0
type AppsecEvent struct {
HasInBandMatches, HasOutBandMatches bool
MatchedRules
Vars map[string]string
}
func (AppsecEvent) GetVar ¶ added in v1.6.0
func (w AppsecEvent) GetVar(varName string) string
type DataSource ¶ added in v0.1.0
type Event ¶
type Event struct { /* is it a log or an overflow */ Type int `yaml:"Type,omitempty" json:"Type,omitempty"` // Can be types.LOG (0) or types.OVFLOW (1) ExpectMode int `yaml:"ExpectMode,omitempty" json:"ExpectMode,omitempty"` // how to buckets should handle event : types.TIMEMACHINE or types.LIVE Whitelisted bool `yaml:"Whitelisted,omitempty" json:"Whitelisted,omitempty"` WhitelistReason string `yaml:"WhitelistReason,omitempty" json:"whitelist_reason,omitempty"` // should add whitelist reason ? /* the current stage of the line being parsed */ Stage string `yaml:"Stage,omitempty" json:"Stage,omitempty"` /* original line (produced by acquisition) */ Line Line `yaml:"Line,omitempty" json:"Line,omitempty"` /* output of groks */ Parsed map[string]string `yaml:"Parsed,omitempty" json:"Parsed,omitempty"` /* output of enrichment */ Enriched map[string]string `yaml:"Enriched,omitempty" json:"Enriched,omitempty"` /* output of Unmarshal */ Unmarshaled map[string]interface{} `yaml:"Unmarshaled,omitempty" json:"Unmarshaled,omitempty"` /* Overflow */ Overflow RuntimeAlert `yaml:"Overflow,omitempty" json:"Alert,omitempty"` Time time.Time `yaml:"Time,omitempty" json:"Time,omitempty"` // parsed time `json:"-"` “ StrTime string `yaml:"StrTime,omitempty" json:"StrTime,omitempty"` StrTimeFormat string `yaml:"StrTimeFormat,omitempty" json:"StrTimeFormat,omitempty"` MarshaledTime string `yaml:"MarshaledTime,omitempty" json:"MarshaledTime,omitempty"` Process bool `yaml:"Process,omitempty" json:"Process,omitempty"` // can be set to false to avoid processing line Appsec AppsecEvent `yaml:"Appsec,omitempty" json:"Appsec,omitempty"` /* Meta is the only part that will make it to the API - it should be normalized */ Meta map[string]string `yaml:"Meta,omitempty" json:"Meta,omitempty"` }
Event is the structure representing a runtime event (log or overflow)
func (*Event) ParseIPSources ¶ added in v1.5.5
type MatchedRule ¶
type MatchedRule map[string]interface{}
func NewMatchedRule ¶
func NewMatchedRule() *MatchedRule
type MatchedRules ¶ added in v1.6.0
type MatchedRules []MatchedRule
func (MatchedRules) ByAccuracy ¶ added in v1.6.0
func (w MatchedRules) ByAccuracy(accuracy string) MatchedRules
func (MatchedRules) ByDisruptiveness ¶ added in v1.6.0
func (w MatchedRules) ByDisruptiveness(is bool) MatchedRules
func (MatchedRules) ByKind ¶ added in v1.6.0
func (w MatchedRules) ByKind(kind string) MatchedRules
func (MatchedRules) BySeverity ¶ added in v1.6.0
func (w MatchedRules) BySeverity(severity string) MatchedRules
func (MatchedRules) ByTag ¶ added in v1.6.0
func (w MatchedRules) ByTag(match string) MatchedRules
func (MatchedRules) ByTagRx ¶ added in v1.6.0
func (w MatchedRules) ByTagRx(rx string) MatchedRules
func (MatchedRules) ByTags ¶ added in v1.6.0
func (w MatchedRules) ByTags(match []string) MatchedRules
func (MatchedRules) GetField ¶ added in v1.6.0
func (w MatchedRules) GetField(field Field) []interface{}
getters
func (MatchedRules) GetHash ¶ added in v1.6.0
func (w MatchedRules) GetHash() string
func (MatchedRules) GetMatchedZones ¶ added in v1.6.0
func (w MatchedRules) GetMatchedZones() []string
func (MatchedRules) GetMethod ¶ added in v1.6.0
func (w MatchedRules) GetMethod() string
func (MatchedRules) GetName ¶ added in v1.6.0
func (w MatchedRules) GetName() string
func (MatchedRules) GetRuleIDs ¶ added in v1.6.0
func (w MatchedRules) GetRuleIDs() []int
func (MatchedRules) GetURI ¶ added in v1.6.0
func (w MatchedRules) GetURI() string
func (MatchedRules) GetVersion ¶ added in v1.6.0
func (w MatchedRules) GetVersion() string
func (MatchedRules) Kinds ¶ added in v1.6.0
func (w MatchedRules) Kinds() []string
type Queue ¶ added in v1.6.0
Queue holds a limited size queue
type RuntimeAlert ¶ added in v1.0.0
type RuntimeAlert struct { Mapkey string `yaml:"MapKey,omitempty" json:"MapKey,omitempty"` BucketId string `yaml:"BucketId,omitempty" json:"BucketId,omitempty"` Whitelisted bool `yaml:"Whitelisted,omitempty" json:"Whitelisted,omitempty"` Reprocess bool `yaml:"Reprocess,omitempty" json:"Reprocess,omitempty"` Sources map[string]models.Source `yaml:"Sources,omitempty" json:"Sources,omitempty"` Alert *models.Alert `yaml:"Alert,omitempty" json:"Alert,omitempty"` // this one is a pointer to APIAlerts[0] for convenience. // APIAlerts will be populated at the end when there is more than one source APIAlerts []models.Alert `yaml:"APIAlerts,omitempty" json:"APIAlerts,omitempty"` }
func (RuntimeAlert) GetSources ¶ added in v1.2.1
func (r RuntimeAlert) GetSources() []string
Click to show internal directories.
Click to hide internal directories.