crowdsec

package
v1.16.9 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 27, 2024 License: MIT Imports: 1 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var CustomFunctions = []struct {
	Name string
	Func []any
}{
	{
		Name: "Distance",
		Func: []any{
			new(func(string, string, string, string) (float64, error)),
		},
	},
	{
		Name: "GetFromStash",
		Func: []any{
			new(func(string, string) (string, error)),
		},
	},
	{
		Name: "Atof",
		Func: []any{
			new(func(string) float64),
		},
	},
	{
		Name: "JsonExtract",
		Func: []any{
			new(func(string, string) string),
		},
	},
	{
		Name: "JsonExtractUnescape",
		Func: []any{
			new(func(string, ...string) string),
		},
	},
	{
		Name: "JsonExtractLib",
		Func: []any{
			new(func(string, ...string) string),
		},
	},
	{
		Name: "JsonExtractSlice",
		Func: []any{
			new(func(string, string) []any),
		},
	},
	{
		Name: "JsonExtractObject",
		Func: []any{
			new(func(string, string) map[string]any),
		},
	},
	{
		Name: "ToJsonString",
		Func: []any{
			new(func(any) string),
		},
	},
	{
		Name: "File",
		Func: []any{
			new(func(string) []string),
		},
	},
	{
		Name: "RegexpInFile",
		Func: []any{
			new(func(string, string) bool),
		},
	},
	{
		Name: "Upper",
		Func: []any{
			new(func(string) string),
		},
	},
	{
		Name: "Lower",
		Func: []any{
			new(func(string) string),
		},
	},
	{
		Name: "IpInRange",
		Func: []any{
			new(func(string, string) bool),
		},
	},
	{
		Name: "TimeNow",
		Func: []any{
			new(func() string),
		},
	},
	{
		Name: "ParseUri",
		Func: []any{
			new(func(string) map[string][]string),
		},
	},
	{
		Name: "PathUnescape",
		Func: []any{
			new(func(string) string),
		},
	},
	{
		Name: "QueryUnescape",
		Func: []any{
			new(func(string) string),
		},
	},
	{
		Name: "PathEscape",
		Func: []any{
			new(func(string) string),
		},
	},
	{
		Name: "QueryEscape",
		Func: []any{
			new(func(string) string),
		},
	},
	{
		Name: "XMLGetAttributeValue",
		Func: []any{
			new(func(string, string, string) string),
		},
	},
	{
		Name: "XMLGetNodeValue",
		Func: []any{
			new(func(string, string) string),
		},
	},
	{
		Name: "IpToRange",
		Func: []any{
			new(func(string, string) string),
		},
	},
	{
		Name: "IsIPV6",
		Func: []any{
			new(func(string) bool),
		},
	},
	{
		Name: "IsIPV4",
		Func: []any{
			new(func(string) bool),
		},
	},
	{
		Name: "IsIP",
		Func: []any{
			new(func(string) bool),
		},
	},
	{
		Name: "LookupHost",
		Func: []any{
			new(func(string) []string),
		},
	},
	{
		Name: "GetDecisionsCount",
		Func: []any{
			new(func(string) int),
		},
	},
	{
		Name: "GetDecisionsSinceCount",
		Func: []any{
			new(func(string, string) int),
		},
	},
	{
		Name: "Sprintf",
		Func: []any{
			new(func(string, ...any) string),
		},
	},
	{
		Name: "ParseUnix",
		Func: []any{
			new(func(string) string),
		},
	},
	{
		Name: "SetInStash",
		Func: []any{
			new(func(string, string, string, *time.Duration) error),
		},
	},
	{
		Name: "Fields",
		Func: []any{
			new(func(string) []string),
		},
	},
	{
		Name: "Index",
		Func: []any{
			new(func(string, string) int),
		},
	},
	{
		Name: "IndexAny",
		Func: []any{
			new(func(string, string) int),
		},
	},
	{
		Name: "Join",
		Func: []any{
			new(func([]string, string) string),
		},
	},
	{
		Name: "Split",
		Func: []any{
			new(func(string, string) []string),
		},
	},
	{
		Name: "SplitAfter",
		Func: []any{
			new(func(string, string) []string),
		},
	},
	{
		Name: "SplitAfterN",
		Func: []any{
			new(func(string, string, int) []string),
		},
	},
	{
		Name: "SplitN",
		Func: []any{
			new(func(string, string, int) []string),
		},
	},
	{
		Name: "Replace",
		Func: []any{
			new(func(string, string, string, int) string),
		},
	},
	{
		Name: "ReplaceAll",
		Func: []any{
			new(func(string, string, string) string),
		},
	},
	{
		Name: "Trim",
		Func: []any{
			new(func(string, string) string),
		},
	},
	{
		Name: "TrimLeft",
		Func: []any{
			new(func(string, string) string),
		},
	},
	{
		Name: "TrimRight",
		Func: []any{
			new(func(string, string) string),
		},
	},
	{
		Name: "TrimSpace",
		Func: []any{
			new(func(string) string),
		},
	},
	{
		Name: "TrimPrefix",
		Func: []any{
			new(func(string, string) string),
		},
	},
	{
		Name: "TrimSuffix",
		Func: []any{
			new(func(string, string) string),
		},
	},
	{
		Name: "Get",
		Func: []any{
			new(func([]string, int) string),
		},
	},
	{
		Name: "ToString",
		Func: []any{
			new(func(any) string),
		},
	},
	{
		Name: "Match",
		Func: []any{
			new(func(string, string) bool),
		},
	},
	{
		Name: "KeyExists",
		Func: []any{
			new(func(string, map[string]any) bool),
		},
	},
	{
		Name: "LogInfo",
		Func: []any{
			new(func(string, ...any) bool),
		},
	},
	{
		Name: "B64Decode",
		Func: []any{
			new(func(string) string),
		},
	},
	{
		Name: "UnmarshalJSON",
		Func: []any{
			new(func(string, map[string]any, string) error),
		},
	},
	{
		Name: "ParseKV",
		Func: []any{
			new(func(string, map[string]any, string) error),
		},
	},
	{
		Name: "Hostname",
		Func: []any{
			new(func() (string, error)),
		},
	},
}

Functions

This section is empty.

Types

type Alert

type Alert struct {
	Capacity        *int32      `json:"capacity"`
	CreatedAt       string      `json:"created_at,omitempty"`
	Decisions       []*Decision `json:"decisions"`
	Events          []*Event    `json:"events"`
	EventsCount     *int32      `json:"events_count"`
	ID              int64       `json:"id,omitempty"`
	Labels          []string    `json:"labels"`
	Leakspeed       *string     `json:"leakspeed"`
	MachineID       string      `json:"machine_id,omitempty"`
	Message         *string     `json:"message"`
	Meta            Meta        `json:"meta,omitempty"`
	Remediation     bool        `json:"remediation,omitempty"`
	Scenario        *string     `json:"scenario"`
	ScenarioHash    *string     `json:"scenario_hash"`
	ScenarioVersion *string     `json:"scenario_version"`
	Simulated       *bool       `json:"simulated"`
	Source          *Source     `json:"source"`
	StartAt         *string     `json:"start_at"`
	StopAt          *string     `json:"stop_at"`
	UUID            string      `json:"uuid,omitempty"`
	Edges           AlertEdges  `json:"edges"`
}

func (*Alert) GetEventsCount

func (a *Alert) GetEventsCount() int32

func (*Alert) GetMeta

func (a *Alert) GetMeta(_ string) string

func (*Alert) GetScenario

func (a *Alert) GetScenario() string

func (*Alert) GetScope

func (a *Alert) GetScope() string

func (*Alert) GetValue

func (a *Alert) GetValue() string

func (*Alert) HasRemediation

func (a *Alert) HasRemediation() bool

type AlertEdges

type AlertEdges struct {
	Owner     *Machine    `json:"owner,omitempty"`
	Decisions []*Decision `json:"decisions,omitempty"`
	Events    []*Event    `json:"events,omitempty"`
	Metas     []*Meta     `json:"metas,omitempty"`
}

func (AlertEdges) DecisionsOrErr

func (e AlertEdges) DecisionsOrErr() ([]*Decision, error)

func (AlertEdges) EventsOrErr

func (e AlertEdges) EventsOrErr() ([]*Event, error)

func (AlertEdges) MetasOrErr

func (e AlertEdges) MetasOrErr() ([]*Meta, error)

func (AlertEdges) OwnerOrErr

func (e AlertEdges) OwnerOrErr() (*Machine, error)

type Decision

type Decision struct {
	Duration  *string `json:"duration"`
	ID        int64   `json:"id,omitempty"`
	Origin    *string `json:"origin"`
	Scenario  *string `json:"scenario"`
	Scope     *string `json:"scope"`
	Simulated *bool   `json:"simulated,omitempty"`
	Type      *string `json:"type"`
	Until     string  `json:"until,omitempty"`
	UUID      string  `json:"uuid,omitempty"`
	Value     *string `json:"value"`
}

type Event

type Event struct {
	Type            int               `yaml:"Type,omitempty" json:"Type,omitempty"`
	ExpectMode      int               `yaml:"ExpectMode,omitempty" json:"ExpectMode,omitempty"`
	Whitelisted     bool              `yaml:"Whitelisted,omitempty" json:"Whitelisted,omitempty"`
	WhitelistReason string            `yaml:"WhitelistReason,omitempty" json:"whitelist_reason,omitempty"`
	Stage           string            `yaml:"Stage,omitempty" json:"Stage,omitempty"`
	Line            Line              `yaml:"Line,omitempty" json:"Line,omitempty"`
	Parsed          map[string]string `yaml:"Parsed,omitempty" json:"Parsed,omitempty"`
	Enriched        map[string]string `yaml:"Enriched,omitempty" json:"Enriched,omitempty"`
	Unmarshaled     map[string]any    `yaml:"Unmarshaled,omitempty" json:"Unmarshaled,omitempty"`
	Overflow        RuntimeAlert      `yaml:"Overflow,omitempty" json:"Alert,omitempty"`
	Time            time.Time         `yaml:"Time,omitempty" json:"Time,omitempty"`
	StrTime         string            `yaml:"StrTime,omitempty" json:"StrTime,omitempty"`
	StrTimeFormat   string            `yaml:"StrTimeFormat,omitempty" json:"StrTimeFormat,omitempty"`
	MarshaledTime   string            `yaml:"MarshaledTime,omitempty" json:"MarshaledTime,omitempty"`
	Process         bool              `yaml:"Process,omitempty" json:"Process,omitempty"`
	Meta            map[string]string `yaml:"Meta,omitempty" json:"Meta,omitempty"`
}

func (*Event) GetMeta

func (e *Event) GetMeta(key string) string

func (*Event) GetType

func (e *Event) GetType() string

type Line

type Line struct {
	Raw     string `yaml:"Raw,omitempty"`
	Src     string `yaml:"Src,omitempty"`
	Time    time.Time
	Labels  map[string]string `yaml:"Labels,omitempty"`
	Process bool
	Module  string `yaml:"Module,omitempty"`
}

type Machine

type Machine struct {
	ID            int          `json:"id,omitempty"`
	CreatedAt     *time.Time   `json:"created_at,omitempty"`
	UpdatedAt     *time.Time   `json:"updated_at,omitempty"`
	LastPush      *time.Time   `json:"last_push,omitempty"`
	LastHeartbeat *time.Time   `json:"last_heartbeat,omitempty"`
	MachineId     string       `json:"machineId,omitempty"`
	Password      string       `json:"-"`
	IpAddress     string       `json:"ipAddress,omitempty"`
	Scenarios     string       `json:"scenarios,omitempty"`
	Version       string       `json:"version,omitempty"`
	IsValidated   bool         `json:"isValidated,omitempty"`
	Status        string       `json:"status,omitempty"`
	AuthType      string       `json:"auth_type"`
	Edges         MachineEdges `json:"edges"`
}

type MachineEdges

type MachineEdges struct {
	Alerts []*Alert `json:"alerts,omitempty"`
}

type Meta

type Meta []*MetaItems0

type MetaItems0

type MetaItems0 struct {
	Key   string `json:"key,omitempty"`
	Value string `json:"value,omitempty"`
}

type RuntimeAlert

type RuntimeAlert struct {
	Mapkey      string            `yaml:"MapKey,omitempty" json:"MapKey,omitempty"`
	BucketId    string            `yaml:"BucketId,omitempty" json:"BucketId,omitempty"`
	Whitelisted bool              `yaml:"Whitelisted,omitempty" json:"Whitelisted,omitempty"`
	Reprocess   bool              `yaml:"Reprocess,omitempty" json:"Reprocess,omitempty"`
	Sources     map[string]Source `yaml:"Sources,omitempty" json:"Sources,omitempty"`
	Alert       *Alert            `yaml:"Alert,omitempty" json:"Alert,omitempty"`
	APIAlerts   []Alert           `yaml:"APIAlerts,omitempty" json:"APIAlerts,omitempty"`
}

func (RuntimeAlert) GetSources

func (r RuntimeAlert) GetSources() []string

type ScopeType

type ScopeType struct {
	Scope  string `yaml:"type"`
	Filter string `yaml:"expression"`
}

type Source

type Source struct {
	AsName    string  `json:"as_name,omitempty"`
	AsNumber  string  `json:"as_number,omitempty"`
	Cn        string  `json:"cn,omitempty"`
	IP        string  `json:"ip,omitempty"`
	Latitude  float32 `json:"latitude,omitempty"`
	Longitude float32 `json:"longitude,omitempty"`
	Range     string  `json:"range,omitempty"`
	Scope     *string `json:"scope"`
	Value     *string `json:"value"`
}

func (Source) GetAsNumberName

func (s Source) GetAsNumberName() string

func (Source) GetScope

func (s Source) GetScope() string

func (Source) GetValue

func (s Source) GetValue() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL