siem

package
v0.25.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 8, 2019 License: GPL-3.0 Imports: 23 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func InitBackLogManager 

func InitBackLogManager(logFile string, bpChan chan<- bool, holdDuration int) (err error)

InitBackLogManager initialize backlog and ticker

func InitDirectives 

func InitDirectives(confDir string, ch <-chan event.NormalizedEvent, minAlarmLifetime int) error

InitDirectives initialize directive from directive_*.json files in confDir then start backlog manager for each directive

Types

type Directive added in v0.15.0 

type Directive struct {
	ID                   int                   `json:"id"`
	Name                 string                `json:"name"`
	Priority             int                   `json:"priority"`
	Disabled             bool                  `json:"disabled"`
	AllRulesAlwaysActive bool                  `json:"all_rules_always_active"`
	Kingdom              string                `json:"kingdom"`
	Category             string                `json:"category"`
	Rules                []rule.DirectiveRule  `json:"rules"`
	StickyDiffs          []rule.StickyDiffData `json:"-"`
}

Directive represents a SIEM use case that has several correlation rules

type Directives 

type Directives struct {
	Dirs []Directive `json:"directives"`
}

Directives group directive together

func LoadDirectivesFromFile 

func LoadDirectivesFromFile(confDir string, namePattern string, includeDisabled bool) (res Directives, totalFromFile int, err error)

LoadDirectivesFromFile load directive from namePattern (glob) files in confDir

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.