siem

package

v2.3.0 Latest Latest Go to latest Published: Oct 21, 2024 License: MIT Imports: 1 Imported by: 1

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/indece-official/go-gousu

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
type Event
- func (s *Event) Level() EventLevel
type EventLevel
type EventType

Constants ¶

View Source

const (
	EventFieldType           = "siem_type"
	EventFieldLevel          = "siem_level"
	EventFieldUserIdentifier = "siem_user_identifier"
	EventFieldSourceIP       = "siem_source_ip"
	EventFieldSourceRealIP   = "siem_source_real_ip"
)

Fields used in logs for siem events

Variables ¶

View Source

var EventLevels = map[EventType]EventLevel{
	EventTypeLoginSuccess:               EventLevelInfo,
	EventTypeLoginFailed:                EventLevelWarn,
	EventTypeLoginFailedAttact:          EventLevelCritical,
	EventTypeLogoutSuccess:              EventLevelInfo,
	EventTypeLogoutFailed:               EventLevelWarn,
	EventTypeUserCreated:                EventLevelInfo,
	EventTypeUserDeleted:                EventLevelInfo,
	EventTypeUserLocked:                 EventLevelInfo,
	EventTypeUserUnlocked:               EventLevelInfo,
	EventTypeAuthenticationSuccess:      EventLevelInfo,
	EventTypeAuthenticationFailed:       EventLevelWarn,
	EventTypeAuthenticationFailedAttact: EventLevelCritical,
}

EventLevels is a map of the matching level for each siem event type

Functions ¶

This section is empty.

Types ¶

type Event ¶

type Event struct {
	Type           EventType
	UserIdentifier null.String
	SourceIP       null.String
	SourceRealIP   null.String
}

Event is the basic struct for siem events

func (*Event) Level ¶

func (s *Event) Level() EventLevel

Level retuns the level to the siem event type (defaults to "critical")

type EventLevel ¶

type EventLevel string

EventLevel specifies the level of the siem event

const (
	EventLevelInfo     EventLevel = "info"
	EventLevelWarn     EventLevel = "warn"
	EventLevelCritical EventLevel = "critical"
)

All levels of our siem events

type EventType ¶

type EventType = string

EventType specifies the type of the siem event

const (
	EventTypeLoginSuccess               EventType = "login_success"
	EventTypeLoginFailed                EventType = "login_failed"
	EventTypeLoginFailedAttact          EventType = "login_failed_attact"
	EventTypeLogoutSuccess              EventType = "logout_success"
	EventTypeLogoutFailed               EventType = "logout_failed"
	EventTypeUserCreated                EventType = "user_created"
	EventTypeUserDeleted                EventType = "user_deleted"
	EventTypeUserLocked                 EventType = "user_locked"
	EventTypeUserUnlocked               EventType = "user_unlocked"
	EventTypeAuthenticationSuccess      EventType = "authentication_success"
	EventTypeAuthenticationFailed       EventType = "authentication_failed"
	EventTypeAuthenticationFailedAttact EventType = "authentication_failed_attact"
)

All types of our siem events

Source Files ¶

View all Source files

siem.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL