Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuditEvent ¶
type AuditEvent struct {
RequestURL interface{} `json:"requestUrl"`
EventTime int64 `json:"eventTime"`
EventID string `json:"eventId"`
LoginName string `json:"loginName"`
OrgName string `json:"orgName"`
Flagged bool `json:"flagged"`
ClientIP string `json:"clientIp"`
Verbose bool `json:"verbose"`
Description string `json:"description"`
}
AuditEvent is the structure of one Audit Log Event from the Carbonblack API
type AuditEvents ¶
type AuditEvents struct {
AuditEvents []AuditEvent `json:"notifications"`
Success bool `json:"success"`
Message string `json:"message"`
}
AuditEvents is the array of audit log events sent from the Carbonblack API
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client defines the carbonclient
func (*Client) FetchAPIEvents ¶
func (c *Client) FetchAPIEvents(endpoint string) (AuditEvents, error)
FetchAPIEvents returns a batch of API events, such as audits
func (*Client) FetchSIEMEvents ¶
func (c *Client) FetchSIEMEvents(endpoint string) (Notifications, error)
FetchSIEMEvents returns a batch of events from the specified endpoint
type Notification ¶
type Notification struct {
PolicyAction struct {
Sha256Hash string `json:"sha256Hash"`
Action string `json:"action"`
Reputation string `json:"reputation"`
ApplicationName string `json:"applicationName"`
} `json:"policyAction,omitempty"`
ThreatInfo struct {
IncidentID string `json:"incidentId"`
Score int `json:"score"`
Summary string `json:"summary"`
Time int64 `json:"time"`
Indicators []struct {
ApplicationName string `json:"applicationName"`
Sha256Hash string `json:"sha256Hash"`
IndicatorName string `json:"indicatorName"`
} `json:"indicators"`
ThreatCause struct {
OriginSourceType string `json:"originSourceType"`
Reputation string `json:"reputation"`
Actor string `json:"actor"`
ActorName string `json:"actorName"`
Reason string `json:"reason"`
ActorType string `json:"actorType"`
ThreatCategory string `json:"threatCategory"`
ActorProcessPPid string `json:"actorProcessPPid"`
CauseEventID string `json:"causeEventId"`
} `json:"threatCause"`
} `json:"threatInfo,omitempty"`
URL string `json:"url"`
EventTime int64 `json:"eventTime"`
EventDescription string `json:"eventDescription"`
DeviceInfo struct {
ExternalIPAddress string `json:"externalIpAddress"`
DeviceName string `json:"deviceName"`
DeviceHostName string `json:"deviceHostName"`
DeviceVersion string `json:"deviceVersion"`
DeviceID int `json:"deviceId"`
Email string `json:"email"`
GroupName string `json:"groupName"`
InternalIPAddress string `json:"internalIpAddress"`
DeviceType string `json:"deviceType"`
TargetPriorityType string `json:"targetPriorityType"`
TargetPriorityCode int `json:"targetPriorityCode"`
} `json:"deviceInfo"`
RuleName string `json:"ruleName"`
Type string `json:"type"`
}
Notification is the structure of one notification event from CB
type Notifications ¶
type Notifications struct {
Notifications []Notification `json:"notifications"`
Success bool `json:"success"`
Message string `json:"message"`
}
Notifications is the array of Notification sent back from CB
Source Files
Click to show internal directories.
Click to hide internal directories.