siem

package

v0.28.2 Latest Latest Go to latest Published: Nov 9, 2019 License: GPL-3.0 Imports: 25 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/defenxor/dsiem

Links

Open Source Insights

Documentation ¶

Index ¶

func CountBackLogs() (sum int, activeDirectives int, ttlDirectives int)
func InitBackLogManager(logFile string, bpChan chan<- bool, holdDuration int) (err error)
func InitDirectives(confDir string, ch <-chan event.NormalizedEvent, ...) error
type Directive
type Directives
- func LoadDirectivesFromFile(confDir string, namePattern string, includeDisabled bool) (res Directives, totalFromFile int, err error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CountBackLogs ¶ added in v0.26.2

func CountBackLogs() (sum int, activeDirectives int, ttlDirectives int)

CountBackLogs returns the number of active backlogs

func InitBackLogManager ¶

func InitBackLogManager(logFile string, bpChan chan<- bool, holdDuration int) (err error)

InitBackLogManager initialize backlog and ticker

func InitDirectives ¶

func InitDirectives(confDir string, ch <-chan event.NormalizedEvent, minAlarmLifetime, maxEPS, maxEventQueueLength int) error

InitDirectives initialize directive from directive_*.json files in confDir then start backlog manager for each directive

Types ¶

type Directive ¶ added in v0.15.0

type Directive struct {
	ID                   int                   `json:"id"`
	Name                 string                `json:"name"`
	Priority             int                   `json:"priority"`
	Disabled             bool                  `json:"disabled"`
	AllRulesAlwaysActive bool                  `json:"all_rules_always_active"`
	Kingdom              string                `json:"kingdom"`
	Category             string                `json:"category"`
	Rules                []rule.DirectiveRule  `json:"rules"`
	StickyDiffs          []rule.StickyDiffData `json:"-"`
}

Directive represents a SIEM use case that has several correlation rules

type Directives ¶

type Directives struct {
	Dirs []Directive `json:"directives"`
}

Directives group directive together

func LoadDirectivesFromFile ¶

func LoadDirectivesFromFile(confDir string, namePattern string, includeDisabled bool) (res Directives, totalFromFile int, err error)

LoadDirectivesFromFile load directive from namePattern (glob) files in confDir

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL