processor

package
v2.24.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 22, 2023 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewMetadata 

func NewMetadata(timestamp *types.Timestamp, correlationID string) (*pb.Metadata, error)

NewMetadata provides the event metadata for a given timestamp and correlationID.

Types

type BADMSG 

type BADMSG struct {
	XMLName        xml.Name `xml:"BAD_MSG"`
	Text           string   `xml:",chardata"`
	ViolationMasks struct {
		Text    string `xml:",chardata"`
		Block   string `xml:"block"`
		Alarm   string `xml:"alarm"`
		Learn   string `xml:"learn"`
		Staging string `xml:"staging"`
	} `xml:"violation_masks"`
	RequestViolations struct {
		Text      string `xml:",chardata"`
		Violation []struct {
			Text      string `xml:",chardata"`
			ViolIndex string `xml:"viol_index"`
			ViolName  string `xml:"viol_name"`
			Context   string `xml:"context"`
			// ParameterData and ParamData are both received when context == "parameter" | ""
			// We receive either ParameterData or ParamData separately and not in the same XML message
			// ParameterData and ParamData semantically represent the same thing (with ParameterData having more fields).
			ParameterData ParameterData `xml:"parameter_data"`
			ParamData     ParamData     `xml:"param_data"`
			Header        Header        `xml:"header"`
			Cookie        Cookie        `xml:"cookie"`
			Staging       string        `xml:"staging"`
			SigData       []struct {
				Text         string `xml:",chardata"`
				SigID        string `xml:"sig_id"`
				BlockingMask string `xml:"blocking_mask"`
				KwData       struct {
					Text   string `xml:",chardata"`
					Buffer string `xml:"buffer"`
					Offset string `xml:"offset"`
					Length string `xml:"length"`
				} `xml:"kw_data"`
			} `xml:"sig_data"`
			HTTPSanityChecksStatus string   `xml:"http_sanity_checks_status"`
			HTTPSubViolationStatus string   `xml:"http_sub_violation_status"`
			HTTPSubViolation       string   `xml:"http_sub_violation"`
			WildcardEntity         string   `xml:"wildcard_entity"`
			LanguageType           string   `xml:"language_type"`
			MetacharIndex          []string `xml:"metachar_index"`
		} `xml:"violation"`
	} `xml:"request-violations"`
}

type Client 

type Client struct {
	// contains filtered or unexported fields
}

Client for Processor with capability of logging.

func GetClient 

func GetClient(cfg *Config) (*Client, error)

GetClient gives you a Client for processing.

func (*Client) Process 

func (c *Client) Process(ctx context.Context, wg *sync.WaitGroup, collected <-chan *monitoring.RawLog, processed chan<- *pb.Event)

Process processes the raw log entries from collected chan into Security Events on processed chan.

type Config 

type Config struct {
	Logger     *logrus.Entry
	Workers    int
	CommonDims *metrics.CommonDim
}

Config holds the config for Processor. 

type Cookie struct {
	Text  string `xml:",chardata"`
	Name  string `xml:"cookie_name"`
	Value string `xml:"cookie_value"`
}

type Eventer 

type Eventer interface {
	// GetEvent will generate a protobuf Security Event
	GetEvent(hostPattern *regexp.Regexp, logger *logrus.Entry) (*pb.Event, error)
}

Eventer is the interface implemented to generate an Event from a log entry. 

type Header struct {
	Text  string `xml:",chardata"`
	Name  string `xml:"header_name"`
	Value string `xml:"header_value"`
}

type NAPConfig 

type NAPConfig struct {
	DateTime                 string
	BlockingExceptionReason  string
	HTTPServerPort           string
	HTTPRemoteAddr           string
	IsTruncated              string
	HTTPRequestMethod        string
	PolicyName               string
	Protocol                 string
	RequestStatus            string
	HTTPResponseCode         string
	Severity                 string
	SignatureCVEs            string
	SigSetNames              string
	HTTPRemotePort           string
	SubViolations            string
	SupportID                string
	ThreatCampaignNames      string
	UnitHostname             string
	HTTPURI                  string
	ViolationRating          string
	HTTPHostname             string
	XForwardedForHeaderVal   string
	RequestOutcome           string
	RequestOutcomeReason     string
	Violations               string
	ViolationDetailsXML      *BADMSG
	BotSignatureName         string
	BotCategory              string
	BotAnomalies             string
	EnforcedBotAnomalies     string
	ClientClass              string
	ClientApplication        string
	ClientApplicationVersion string
	Request                  string
	TransportProtocol        string
	ViolationContext         string
}

func (*NAPConfig) GetEvent 

func (f *NAPConfig) GetEvent(hostPattern *regexp.Regexp, logger *logrus.Entry) (*models.Event, error)

GetEvent will generate a protobuf Security Event.

type ParamData 

type ParamData struct {
	Text  string `xml:",chardata"`
	Name  string `xml:"param_name"`
	Value string `xml:"param_value"`
}

type ParameterData 

type ParameterData struct {
	Text  string `xml:",chardata"`
	Name  string `xml:"name"`
	Value string `xml:"value"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.