tracee

package

v0.1.0 Latest Latest Go to latest Published: Jul 17, 2022 License: MIT Imports: 0 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/fjogeleit/tracee-polr-adapter

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type Arg
type Context
type Event
type Filter
- func NewFilter(minumumSeverity int, excludeRules []string) *Filter
- func (f *Filter) Check(event Event) bool
type SignatureMetadata

Constants ¶

View Source

const (
	SeverityKey = "Severity"
	CategoryKey = "MITRE ATT&CK"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Arg ¶

type Arg struct {
	Name  string      `json:"name"`
	Value interface{} `json:"value"`
}

type Context ¶

type Context struct {
	Timestamp       int    `json:"timestamp"`
	UserID          int    `json:"userId"`
	ProcessName     string `json:"processName"`
	ProcessID       int    `json:"processId"`
	ParentProcessID int    `json:"parentProcessId"`
	CgroupID        int    `json:"cgroupId"`
	MountNamespace  int    `json:"mountNamespace"`
	PidNamespace    int    `json:"pidNamespace"`
	HostName        string `json:"hostName"`
	ContainerID     string `json:"containerId"`
	ContainerImage  string `json:"containerImage"`
	ContainerName   string `json:"containerName"`
	PodName         string `json:"podName"`
	PodNamespace    string `json:"podNamespace"`
	PodUID          string `json:"podUID"`
	EventID         int    `json:"eventId,string"`
	EventName       string `json:"eventName"`
	ReturnValue     int    `json:"returnValue"`
	Args            []Arg  `json:"args"`
}

type Event ¶

type Event struct {
	Data        map[string]interface{}
	Context     Context
	SigMetadata SignatureMetadata
}

type Filter ¶

type Filter struct {
	// contains filtered or unexported fields
}

func NewFilter ¶

func NewFilter(minumumSeverity int, excludeRules []string) *Filter

func (*Filter) Check ¶

func (f *Filter) Check(event Event) bool

type SignatureMetadata ¶

type SignatureMetadata struct {
	ID          string
	Version     string
	Name        string
	Description string
	Severity    int
	Tags        []string
	Properties  map[string]interface{}
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL