ecs

package
v0.27.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 12, 2024 License: MIT Imports: 7 Imported by: 0

Documentation

Overview

ECS event mapping functions.

ECS jumplist mapping functions.

ECS specification.

Index

Constants

View Source 
const (
	Version = "8.11"
)

Variables

This section is empty.

Functions

func GetHash added in v0.27.0 

func GetHash(s string) string

Types

type Agent 

type Agent struct {
	Type    string `json:"type"`
	Version string `json:"version"`
}

type Base 

type Base struct {
	Timestamp time.Time              `json:"@timestamp"`
	Message   string                 `json:"message"`
	Tags      string                 `json:"tags,omitempty"`
	Labels    map[string]interface{} `json:"labels,omitempty"`
}

type Ecs 

type Ecs struct {
	Version string `json:"version"`
}

type Evt 

type Evt struct {
	Kind     string    `json:"kind,omitempty"`
	Module   string    `json:"module,omitempty"`
	Dataset  string    `json:"dataset,omitempty"`
	Severity int64     `json:"severity,omitempty"`
	ID       string    `json:"id,omitempty"`
	Code     string    `json:"code,omitempty"`
	Provider string    `json:"provider,omitempty"`
	Timezone string    `json:"timezone,omitempty"`
	Created  time.Time `json:"created,omitempty"`
	Ingested time.Time `json:"ingested,omitempty"`
	Original string    `json:"original,omitempty"`
	Hash     string    `json:"hash,omitempty"`
}

type File 

type File struct {
	Name        string `json:"name,omitempty"`
	Directory   string `json:"directory,omitempty"`
	Extension   string `json:"extension,omitempty"`
	DriveLetter string `json:"drive_letter,omitempty"`
	Path        string `json:"path,omitempty"`
	Type        string `json:"type,omitempty"`
}

type Host 

type Host struct {
	Hostname string `json:"hostname,omitempty"`
	Name     string `json:"name,omitempty"`
	MAC      string `json:"mac,omitempty"`
}

type Log added in v0.27.0 

type Log struct {
	Ecs     Ecs     `json:"ecs"`
	Agent   Agent   `json:"agent"`
	Base    Base    `json:"base"`
	File    File    `json:"file,omitempty"`
	Event   Evt     `json:"event,omitempty"`
	Host    Host    `json:"host,omitempty"`
	User    User    `json:"user,omitempty"`
	Process Process `json:"process,omitempty"`
}

func MapEvent 

func MapEvent(s, src string) (log *Log, err error)

func MapJumpList added in v0.27.0 

func MapJumpList(s, src string) (log *Log, err error)

func NewLog added in v0.27.0 

func NewLog(src string, base Base, event Evt, host Host, user User, process Process) *Log

type Process 

type Process struct {
	PID              int64     `json:"pid,omitempty"`
	ThreadID         int64     `json:"thread.id,omitempty"`
	EntityID         string    `json:"entity_id,omitempty"`
	Start            time.Time `json:"start,omitempty"`
	Name             string    `json:"name,omitempty"`
	Title            string    `json:"title,omitempty"`
	Args             []string  `json:"args,omitempty"`
	ArgsCount        int64     `json:"args_count,omitempty"`
	Executable       string    `json:"executable,omitempty"`
	CommandLine      string    `json:"command_line,omitempty"`
	WorkingDirectory string    `json:"working_directory,omitempty"`
}

type User 

type User struct {
	ID string `json:"id,omitempty"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.