Versions in this module Expand all Collapse all v1 v1.0.0 Mar 1, 2024 Changes in this version + func FuzzConditionParser(data []byte) int + func FuzzConfigParser(data []byte) int + func FuzzRuleParser(data []byte) int + type AggregationExpr interface + type AggregationFunc interface + type AllOfIdentifier struct + Ident SearchIdentifier + type AllOfPattern struct + Pattern string + type AllOfThem struct + type And []SearchExpr + type Average struct + Field string + GroupedBy string + type Comparison struct + Func AggregationFunc + Op ComparisonOp + Threshold float64 + type ComparisonOp string + var Equal ComparisonOp = "=" + var GreaterThan ComparisonOp = ">" + var GreaterThanEqual ComparisonOp = ">=" + var LessThan ComparisonOp = "<" + var LessThanEqual ComparisonOp = "<=" + var NotEqual ComparisonOp = "!=" + type Condition struct + Aggregation AggregationExpr + Search SearchExpr + func ParseCondition(input string) (Condition, error) + func (c Condition) MarshalYAML() (interface{}, error) + func (c Condition) Position() (int, int) + type Conditions []Condition + func (c *Conditions) UnmarshalYAML(node *yaml.Node) error + func (c Conditions) MarshalYAML() (interface{}, error) + type Config struct + Backends []string + DefaultIndex string + FieldMappings map[string]FieldMapping + Logsources map[string]LogsourceMapping + Order int + Placeholders map[string][]interface{} + Title string + func ParseConfig(contents []byte) (Config, error) + type Count struct + Field string + GroupedBy string + type Detection struct + Conditions Conditions + Searches map[string]Search + Timeframe time.Duration + func (d *Detection) UnmarshalYAML(node *yaml.Node) error + type EventMatcher []FieldMatcher + func (f *EventMatcher) UnmarshalYAML(node *yaml.Node) error + func (f EventMatcher) MarshalYAML() (interface{}, error) + type FieldMapping struct + TargetNames []string + func (f *FieldMapping) UnmarshalYAML(value *yaml.Node) error + type FieldMatcher struct + Field string + Modifiers []string + Values []interface{} + func (f FieldMatcher) Position() (int, int) + type FileType string + const ConfigFile + const InvalidFile + const RuleFile + const UnknownFile + func InferFileType(contents []byte) FileType + func (f *FileType) UnmarshalYAML(node *yaml.Node) error + type Logsource struct + AdditionalFields map[string]interface{} + Category string + Definition string + Product string + Service string + type LogsourceIndexes []string + func (i *LogsourceIndexes) UnmarshalYAML(value *yaml.Node) error + type LogsourceMapping struct + Conditions Search + Index LogsourceIndexes + Rewrite Logsource + type Max struct + Field string + GroupedBy string + type Min struct + Field string + GroupedBy string + type Near struct + Condition SearchExpr + type Not struct + Expr SearchExpr + type OneOfIdentifier struct + Ident SearchIdentifier + type OneOfPattern struct + Pattern string + type OneOfThem struct + type Or []SearchExpr + type RelatedRule struct + ID string + Type string + type Rule struct + AdditionalFields map[string]interface{} + Author string + Description string + Detection Detection + ID string + Level string + Logsource Logsource + References []string + Related []RelatedRule + Status string + Tags []string + Title string + func ParseRule(input []byte) (Rule, error) + type Search struct + EventMatchers []EventMatcher + Keywords []string + func (s *Search) UnmarshalYAML(node *yaml.Node) error + func (s Search) MarshalYAML() (interface{}, error) + func (s Search) Position() (int, int) + type SearchExpr interface + type SearchIdentifier struct + Name string + type Sum struct + Field string + GroupedBy string