processor

package
v2.30.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 9, 2023 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewMetadata

func NewMetadata(timestamp *types.Timestamp, correlationID string) (*pb.Metadata, error)

NewMetadata provides the event metadata for a given timestamp and correlationID.

Types

type BADMSG

type BADMSG struct {
	XMLName        xml.Name `xml:"BAD_MSG"`
	Text           string   `xml:",chardata"`
	ViolationMasks struct {
		Text    string `xml:",chardata"`
		Block   string `xml:"block"`
		Alarm   string `xml:"alarm"`
		Learn   string `xml:"learn"`
		Staging string `xml:"staging"`
	} `xml:"violation_masks"`
	RequestViolations struct {
		Text       string `xml:",chardata"`
		Violations []struct {
			Text      string `xml:",chardata"`
			ViolIndex string `xml:"viol_index"`
			ViolName  string `xml:"viol_name"`
			Context   string `xml:"context"`
			// ParameterData and ParamData are both received when context == "parameter" | ""
			// We receive either ParameterData or ParamData separately and not in the same XML message
			// ParameterData and ParamData semantically represent the same thing (with ParameterData having more fields).
			ParameterData     ParameterData `xml:"parameter_data"`
			ParamData         ParamData     `xml:"param_data"`
			ParamName         string        `xml:"param_name"`
			IsBase64Decoded   bool          `xml:"is_base64_decoded"`
			Header            Header        `xml:"header"`
			HeaderData        Header        `xml:"header_data"`
			HeaderName        string        `xml:"header_name"`
			HeaderLength      string        `xml:"header_len"`
			HeaderLengthLimit string        `xml:"header_len_limit"`
			Cookie            Cookie        `xml:"cookie"`
			CookieName        string        `xml:"cookie_name"`
			CookieLength      string        `xml:"cookie_len"`
			CookieLengthLimit string        `xml:"cookie_len_limit"`
			Buffer            string        `xml:"buffer"`
			SpecificDesc      string        `xml:"specific_desc"`
			Uri               string        `xml:"uri"`
			UriObjectData     UriObjectData `xml:"object_data"`
			UriLength         string        `xml:"uri_len"`
			UriLengthLimit    string        `xml:"uri_len_limit"`
			DefinedLength     string        `xml:"defined_length"`
			DetectedLength    string        `xml:"detected_length"`
			TotalLen          string        `xml:"total_len"`
			TotalLenLimit     string        `xml:"total_len_limit"`
			Staging           string        `xml:"staging"`
			SigData           []struct {
				Text         string `xml:",chardata"`
				SigID        string `xml:"sig_id"`
				BlockingMask string `xml:"blocking_mask"`
				KwData       struct {
					Text   string `xml:",chardata"`
					Buffer string `xml:"buffer"`
					Offset string `xml:"offset"`
					Length string `xml:"length"`
				} `xml:"kw_data"`
			} `xml:"sig_data"`
			HTTPSanityChecksStatus string   `xml:"http_sanity_checks_status"`
			HTTPSubViolationStatus string   `xml:"http_sub_violation_status"`
			HTTPSubViolation       string   `xml:"http_sub_violation"`
			WildcardEntity         string   `xml:"wildcard_entity"`
			LanguageType           string   `xml:"language_type"`
			MetacharIndex          []string `xml:"metachar_index"`
		} `xml:"violation"`
	} `xml:"request-violations"`
}

type Client

type Client struct {
	// contains filtered or unexported fields
}

Client for Processor with capability of logging.

func GetClient

func GetClient(cfg *Config) (*Client, error)

GetClient gives you a Client for processing.

func (*Client) Process

func (c *Client) Process(ctx context.Context, wg *sync.WaitGroup, collected <-chan *monitoring.RawLog, processed chan<- *pb.Event)

Process processes the raw log entries from collected chan into Security Events on processed chan.

type Config

type Config struct {
	Logger     *logrus.Entry
	Workers    int
	CommonDims *metrics.CommonDim
}

Config holds the config for Processor.

type Cookie struct {
	Text            string `xml:",chardata"`
	Name            string `xml:"cookie_name"`
	Value           string `xml:"cookie_value"`
	IsBase64Decoded bool   `xml:"is_base64_decoded"`
}

type Eventer

type Eventer interface {
	// GetEvent will generate a protobuf Security Event
	GetEvent(hostPattern *regexp.Regexp, logger *logrus.Entry) (*pb.Event, error)
}

Eventer is the interface implemented to generate an Event from a log entry.

type Header struct {
	Text            string `xml:",chardata"`
	Name            string `xml:"header_name"`
	Value           string `xml:"header_value"`
	ActualValue     string `xml:"header_actual_value"`
	MatchedValue    string `xml:"header_matched_value"`
	IsBase64Decoded bool   `xml:"is_base64_decoded"`
}

type NAPConfig

type NAPConfig struct {
	DateTime                 string
	BlockingExceptionReason  string
	HTTPServerPort           string
	HTTPRemoteAddr           string
	IsTruncated              string
	HTTPRequestMethod        string
	PolicyName               string
	Protocol                 string
	RequestStatus            string
	HTTPResponseCode         string
	Severity                 string
	SignatureCVEs            string
	SigSetNames              string
	HTTPRemotePort           string
	SubViolations            string
	SupportID                string
	ThreatCampaignNames      string
	UnitHostname             string
	HTTPURI                  string
	ViolationRating          string
	HTTPHostname             string
	XForwardedForHeaderVal   string
	RequestOutcome           string
	RequestOutcomeReason     string
	Violations               string
	ViolationDetailsXML      *BADMSG
	BotSignatureName         string
	BotCategory              string
	BotAnomalies             string
	EnforcedBotAnomalies     string
	ClientClass              string
	ClientApplication        string
	ClientApplicationVersion string
	Request                  string
	TransportProtocol        string
	ViolationContext         string
}

func (*NAPConfig) GetEvent

func (f *NAPConfig) GetEvent(hostPattern *regexp.Regexp, logger *logrus.Entry) (*models.Event, error)

GetEvent will generate a protobuf Security Event.

type ParamData

type ParamData struct {
	Text            string `xml:",chardata"`
	Name            string `xml:"param_name"`
	Value           string `xml:"param_value"`
	IsBase64Decoded bool   `xml:"is_base64_decoded"`
}

type ParameterData

type ParameterData struct {
	Text            string `xml:",chardata"`
	Name            string `xml:"name"`
	Value           string `xml:"value"`
	IsBase64Decoded bool   `xml:"is_base64_decoded"`
}

type UriObjectData added in v2.25.0

type UriObjectData struct {
	Text   string `xml:",chardata"`
	Object string `xml:"object"`
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL