sig

package
v0.0.0-...-1763559 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 29, 2024 License: MIT Imports: 8 Imported by: 0

README

sig

-- import "github.com/dockerian/go-coding/pkg/sig"

Package sig :: ddosRule.go - DDoS rule implementation

Package sig :: sig.go - signature interface

Usage

func CreateSources
func CreateSources(rules []IDDosRule, ruleName string) []*zip.Source

CreateSources prepares zip sources from all rules output

func GetDDosIBRule
func GetDDosIBRule(domain, sigPattern string) string

GetDDosIBRule returns DDoS rule IB output

func GetDDosIBRuleFormatters
func GetDDosIBRuleFormatters() (header, footer, part1, part2 string)

GetDDosIBRuleFormatters returns Infoblox (IB) rule formatters Here are placeholders in order

- header formatter: domain
- part-1 formatter: domain
- part-2 formatter: pattern, rule type, sid, sig rev
- footer formatter: sid

Formatter string to generate full IB rule output

- "%s\n%s %s\n%s"
func GetDDosRule
func GetDDosRule(domain, sigPattern string, firstSeen, lastSeen time.Time) string

GetDDosRule returns DDoS rule output

func GetDDosRuleFormatter
func GetDDosRuleFormatter() string

GetDDosRuleFormatter returns DDoS rule formatter, with placeholders: domain name, sig pattern, rule type, sid, sig rev, first seen, last seen

func GetGUID
func GetGUID(name string) uuid.UUID

GetGUID generates uuid v3 from a specific name See http://antoniomo.com/blog/2017/05/21/unique-ids-in-golang-part-1/

func GetPattern
func GetPattern(domain string) string

GetPattern returns a signature pattern by domain name

func GetRuleGUID
func GetRuleGUID(domain string) string

GetRuleGUID returns a rule GUID with prefix "RUL-",

type DDosRule
type DDosRule struct {
	// Domain name
	Domain string
	// Domain rule GUID
	GUID string
	// DDoS rule signature pattern
	Pattern string
	// Domain rule type
	RuleType string
	// Domain rule signature revision
	SigRev int
	// Domain rule SID
	SID int32
}

DDosRule struct defines a rule for DDoS domain

func NewDDosRule
func NewDDosRule(domain string) *DDosRule

NewDDosRule constucts a DomainRule by domain name

func (*DDosRule) OutputDDosRule
func (ddosRule *DDosRule) OutputDDosRule(firstSeen, lastSeen time.Time) string

OutputDDosRule returns a ddos rule ouptput

func (*DDosRule) OutputIB
func (ddosRule *DDosRule) OutputIB() string

OutputIB implements IBRule interface to produce DDoS rule output for Infoblox NIO

type IBRule
type IBRule interface {
	// OutputIB Infoblox rule to formatted string
	OutputIB() string
}

IBRule interface represents Infoblox rule

type IDDosRule
type IDDosRule interface {
	IBRule
	Rule
}

IDDosRule interface represents rule and signature

type Rule
type Rule interface {
	// Output rule to formatted string
	Output() string
}

Rule interface represents a generic rule

Documentation

Overview

Package sig :: ddosRule.go - DDoS rule implementation

Package sig :: sig.go - signature interface

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CreateSources 

func CreateSources(rules []IDDosRule, ruleName string) []*zip.Source

CreateSources prepares zip sources from all rules output

func GetDDosIBRule 

func GetDDosIBRule(domain, sigPattern string) string

GetDDosIBRule returns DDoS rule IB output

func GetDDosIBRuleFormatters 

func GetDDosIBRuleFormatters() (header, footer, part1, part2 string)

GetDDosIBRuleFormatters returns Infoblox (IB) rule formatters Here are placeholders in order

  • header formatter: domain
  • part-1 formatter: domain
  • part-2 formatter: pattern, rule type, sid, sig rev
  • footer formatter: sid

Formatter string to generate full IB rule output

  • "%s\n%s %s\n%s"

func GetDDosRule 

func GetDDosRule(domain, sigPattern string, firstSeen, lastSeen time.Time) string

GetDDosRule returns DDoS rule output

func GetDDosRuleFormatter 

func GetDDosRuleFormatter() string

GetDDosRuleFormatter returns DDoS rule formatter, with placeholders: domain name, sig pattern, rule type, sid, sig rev, first seen, last seen

func GetGUID 

func GetGUID(name string) uuid.UUID

GetGUID generates uuid v3 from a specific name See http://antoniomo.com/blog/2017/05/21/unique-ids-in-golang-part-1/

func GetPattern 

func GetPattern(domain string) string

GetPattern returns a signature pattern by domain name

func GetRuleGUID 

func GetRuleGUID(domain string) string

GetRuleGUID returns a rule GUID with prefix "RUL-",

Types

type DDosRule 

type DDosRule struct {
	// Domain name
	Domain string
	// Domain rule GUID
	GUID string
	// DDoS rule signature pattern
	Pattern string
	// Domain rule type
	RuleType string
	// Domain rule signature revision
	SigRev int
	// Domain rule SID
	SID int32
}

DDosRule struct defines a rule for DDoS domain

func NewDDosRule 

func NewDDosRule(domain string) *DDosRule

NewDDosRule constucts a DomainRule by domain name

func (*DDosRule) OutputDDosRule 

func (ddosRule *DDosRule) OutputDDosRule(firstSeen, lastSeen time.Time) string

OutputDDosRule returns a ddos rule ouptput

func (*DDosRule) OutputIB 

func (ddosRule *DDosRule) OutputIB() string

OutputIB implements IBRule interface to produce DDoS rule output for Infoblox NIO

type IBRule 

type IBRule interface {
	// OutputIB Infoblox rule to formatted string
	OutputIB() string
}

IBRule interface represents Infoblox rule

type IDDosRule 

type IDDosRule interface {
	IBRule
	Rule
}

IDDosRule interface represents rule and signature

type Rule 

type Rule interface {
	// Output rule to formatted string
	Output() string
}

Rule interface represents a generic rule

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.