dpluger

package
v0.32.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 16, 2022 License: GPL-3.0 Imports: 29 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrCollectOnNonSID = errors.New("only SID-type plugin support collect: keyword")
)

Functions

func CreateConfig

func CreateConfig(confFile, address, index, name, typ string) error

CreateConfig generates dpluger config file

func CreateDirective added in v0.15.0

func CreateDirective(tsvFile, outFile, kingdom, titleTemplate string, priority, reliability, dirNumber int) error

CreateDirective starts directive creation

func CreatePlugin

func CreatePlugin(plugin Plugin, confFile, creator string, validate, usePipeline bool) (err error)

CreatePlugin starts plugin creation

func Merge added in v0.32.1

func Merge(cmd Commander, cfg MergeConfig, options ...MergeOptionFunc) error

func SplitDirective added in v0.28.0

func SplitDirective(target string, suffix string, count int, delete bool) (err error)

SplitDirective Split single directive json file into multiple json files

Types

type Commander added in v0.32.1

type Commander interface {
	PromptBool(string, bool) bool
	Log(string)
}

type FieldMapping

type FieldMapping struct {
	Title           string `json:"title,omitempty"`
	Timestamp       string `json:"timestamp"`
	TimestampFormat string `json:"timestamp_format"`
	Sensor          string `json:"sensor"`
	PluginID        string `json:"plugin_id,omitempty"`
	PluginSID       string `json:"plugin_sid,omitempty"`
	Product         string `json:"product,omitempty"`
	Category        string `json:"category,omitempty"`
	SubCategory     string `json:"subcategory,omitempty"`
	SrcIP           string `json:"src_ip"`
	SrcPort         string `json:"src_port"`
	DstIP           string `json:"dst_ip"`
	DstPort         string `json:"dst_port"`
	Protocol        string `json:"protocol,omitempty"`
	CustomData1     string `json:"custom_data1,omitempty"`
	CustomLabel1    string `json:"custom_label1,omitempty"`
	CustomData2     string `json:"custom_data2,omitempty"`
	CustomLabel2    string `json:"custom_label2,omitempty"`
	CustomData3     string `json:"custom_data3,omitempty"`
	CustomLabel3    string `json:"custom_label3,omitempty"`
}

FieldMapping defines field mapping

type FileReader added in v0.32.1

type FileReader interface {
	Read(string) ([]byte, error)
}

type MergeConfig added in v0.32.1

type MergeConfig struct {
	Host       string
	SourceJSON string
	TargetJSON string
}

type MergeOptionFunc added in v0.32.1

type MergeOptionFunc func(*mergeOption)

func WithCustomFileReader added in v0.32.1

func WithCustomFileReader(fr FileReader) MergeOptionFunc

func WithCustomTransport added in v0.32.1

func WithCustomTransport(tr http.RoundTripper) MergeOptionFunc

type Plugin

type Plugin struct {
	Name                         string       `json:"name"`
	Type                         string       `json:"type"` // SID || Taxonomy
	Output                       string       `json:"output_file"`
	Index                        string       `json:"index_pattern"`
	ES                           string       `json:"elasticsearch_address"`
	IdentifierField              string       `json:"identifier_field"`
	IdentifierValue              string       `json:"identifier_value"`
	IdentifierFilter             string       `json:"identifier_filter"`
	IdentifierBlockSource        string       `json:"identifier_block_source"`
	IdentifierBlockSourceContent string       `json:"-"`
	ESCollectionFilter           string       `json:"es_collect_filter"`
	Fields                       FieldMapping `json:"field_mapping"`
}

Plugin defines field mapping

func Parse

func Parse(confFile string) (plugin Plugin, err error)

Parse read dpluger config from confFile and returns a Plugin

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL