Documentation
¶
Index ¶
- Constants
- func SliceUniqMap(s []string) []string
- type AttributeFilter
- type AttributeValue
- type AttributeValueList
- type ElasticSearch
- func (es ElasticSearch) GetAttributes(filter *AttributeFilter, tenantID string) ([]string, error)
- func (es ElasticSearch) GetEvent(eventID string, tenantID string) (*cadf.Event, error)
- func (es ElasticSearch) GetEvents(filter *EventFilter, tenantID string) ([]*cadf.Event, int, error)
- func (es ElasticSearch) MaxLimit() uint
- type ErrorType
- type EventFilter
- type FieldOrder
- type Mock
- type Response
- type Status
- type Storage
Constants ¶
const ( // ErrorNone means no error ErrorNone ErrorType = "" // ErrorTimeout means that a timeout occurred while processing the request ErrorTimeout = "timeout" // ErrorCanceled means that the query was cancelled (to protect the service from malicious requests) ErrorCanceled = "canceled" // ErrorExec means unspecified error happened during query execution ErrorExec = "execution" // ErrorBadData means the API parameters where invalid ErrorBadData = "bad_data" // ErrorInternal means some unspecified internal error happened ErrorInternal = "internal" )
Variables ¶
This section is empty.
Functions ¶
func SliceUniqMap ¶
SliceUniqMap Removes duplicates from slice
Types ¶
type AttributeFilter ¶
AttributeFilter contains parameters for filtering by attributes
type AttributeValue ¶
type AttributeValue struct {
Value string `json:"value"`
Count int64 `json:"-"` // Json to not include it in JSON return
}
AttributeValue contains the return values for an attribute call.
type AttributeValueList ¶
type AttributeValueList []AttributeValue
AttributeValueList is used for holding unique attributes
type ElasticSearch ¶
type ElasticSearch struct {
// contains filtered or unexported fields
}
ElasticSearch contains an elastic.Client we pass around after init.
func (ElasticSearch) GetAttributes ¶
func (es ElasticSearch) GetAttributes(filter *AttributeFilter, tenantID string) ([]string, error)
GetAttributes Return all unique attributes available for filtering Possible queries, event_type, dns, identity, etc..
func (ElasticSearch) GetEvents ¶
func (es ElasticSearch) GetEvents(filter *EventFilter, tenantID string) ([]*cadf.Event, int, error)
GetEvents grabs events for a given tenantID with filtering.
func (ElasticSearch) MaxLimit ¶
func (es ElasticSearch) MaxLimit() uint
MaxLimit grabs the configured maxlimit for results
type EventFilter ¶
type EventFilter struct {
ObserverType string
TargetType string
TargetID string
InitiatorID string
InitiatorType string
InitiatorName string
Action string
Outcome string
Time map[string]string
Offset uint
Limit uint
Sort []FieldOrder
}
EventFilter is similar to netflow-api.EventFilter, but using IDs instead of names
type FieldOrder ¶
FieldOrder maps the sort Fieldname and Order
type Mock ¶
type Mock struct{}
Mock elasticsearch driver with static data
func (Mock) GetAttributes ¶
func (m Mock) GetAttributes(filter *AttributeFilter, tenantID string) ([]string, error)
GetAttributes Mock
type Response ¶
type Response struct {
Status Status `json:"status"`
Data []interface{} `json:"data,omitempty"`
ErrorType ErrorType `json:"errorType,omitempty"`
Error string `json:"error,omitempty"`
}
Response encapsulates a generic response of a Prometheus API
type Status ¶
type Status string
Status contains Prometheus status strings TODO: Determine if we want a similar setup for Elasticsearch.
const ( // StatusSuccess means success StatusSuccess Status = "success" // StatusError means error StatusError = "error" )
type Storage ¶
type Storage interface {
/********** requests to ElasticSearch **********/
GetEvents(filter *EventFilter, tenantID string) ([]*cadf.Event, int, error)
GetEvent(eventID string, tenantID string) (*cadf.Event, error)
GetAttributes(filter *AttributeFilter, tenantID string) ([]string, error)
MaxLimit() uint
}
Storage is an interface that wraps the underlying event storage mechanism. Because it is an interface, the real implementation can be mocked away in unit tests.
Source Files