dpluger

package
v0.21.8 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 11, 2019 License: GPL-3.0 Imports: 25 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CreateConfig

func CreateConfig(confFile, address, index, name, typ string) error

CreateConfig generates dpluger config file

func CreateDirective added in v0.15.0

func CreateDirective(tsvFile, outFile, kingdom, category string, priority, reliability, dirNumber int) (err error)

CreateDirective starts directive creation

func CreatePlugin

func CreatePlugin(plugin Plugin, confFile, creator string, validate bool) (err error)

CreatePlugin starts plugin creation

Types

type FieldMapping

type FieldMapping struct {
	Title           string `json:"title,omitempty"`
	Timestamp       string `json:"timestamp"`
	TimestampFormat string `json:"timestamp_format"`
	Sensor          string `json:"sensor"`
	PluginID        string `json:"plugin_id,omitempty"`
	PluginSID       string `json:"plugin_sid,omitempty"`
	Product         string `json:"product,omitempty"`
	Category        string `json:"category,omitempty"`
	SubCategory     string `json:"subcategory,omitempty"`
	SrcIP           string `json:"src_ip"`
	SrcPort         string `json:"src_port"`
	DstIP           string `json:"dst_ip"`
	DstPort         string `json:"dst_port"`
	Protocol        string `json:"protocol,omitempty"`
	CustomData1     string `json:"custom_data1,omitempty"`
	CustomLabel1    string `json:"custom_label1,omitempty"`
	CustomData2     string `json:"custom_data2,omitempty"`
	CustomLabel2    string `json:"custom_label2,omitempty"`
	CustomData3     string `json:"custom_data3,omitempty"`
	CustomLabel3    string `json:"custom_label3,omitempty"`
}

FieldMapping defines field mapping

type Plugin

type Plugin struct {
	Name             string       `json:"name"`
	Type             string       `json:"type"` // SID || Taxonomy
	Output           string       `json:"output_file"`
	Index            string       `json:"index_pattern"`
	ES               string       `json:"elasticsearch_address"`
	IdentifierField  string       `json:"identifier_field"`
	IdentifierValue  string       `json:"identifier_value"`
	IdentifierFilter string       `json:"identifier_filter"`
	Fields           FieldMapping `json:"field_mapping"`
}

Plugin defines field mapping

func Parse

func Parse(confFile string) (plugin Plugin, err error)

Parse read dpluger config from confFile and returns a Plugin

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL