Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func InitBackLogManager ¶
InitBackLogManager initialize backlog and ticker
func InitDirectives ¶
func InitDirectives(confDir string, ch <-chan event.NormalizedEvent, minAlarmLifetime int) error
InitDirectives initialize directive from directive_*.json files in confDir then start backlog manager for each directive
Types ¶
type Directive ¶ added in v0.15.0
type Directive struct { ID int `json:"id"` Name string `json:"name"` Priority int `json:"priority"` Kingdom string `json:"kingdom"` Category string `json:"category"` Rules []rule.DirectiveRule `json:"rules"` StickyDiffs []rule.StickyDiffData `json:"-"` }
Directive represents a SIEM use case that has several correlation rules
type Directives ¶
type Directives struct {
Dirs []Directive `json:"directives"`
}
Directives group directive together
func LoadDirectivesFromFile ¶
func LoadDirectivesFromFile(confDir string, namePattern string) (res Directives, totalFromFile int, err error)
LoadDirectivesFromFile load directive from namePattern (glob) files in confDir
Click to show internal directories.
Click to hide internal directories.