Documentation
¶
Index ¶
- func FormatWithRandomSeconds(t time.Time) (string, time.Time)
- func SendHECEvent(hecURL, hecToken string, event SplunkEvent) (err error)
- type SplunkEvent
- func GenerateExecveEventFromCommand(eventTime time.Time, commandLine string, targetIp string, ...) SplunkEvent
- func GenerateLoginEvent(domain, subnet string, eventTime time.Time, targetAcc string) (SplunkEvent, string, string)
- func GenerateLoginFailedEvent(domain, subnet string, eventTime time.Time, targetAcc string) (SplunkEvent, string, string)
- func GenerateProcessCreationEvent(domain, targetIp string, targetHostname string, eventTime time.Time, ...) SplunkEvent
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func SendHECEvent ¶
func SendHECEvent(hecURL, hecToken string, event SplunkEvent) (err error)
SendLoginEvent sends a generated login event to the Splunk HEC endpoint.
Types ¶
type SplunkEvent ¶
type SplunkEvent struct {
Event string `json:"event"`
Sourcetype string `json:"sourcetype"`
Source string `json:"source"`
Index string `json:"index"`
Host string `json:"host"`
Time int64 `json:"time"` // Unix timestamp field
Fields map[string]interface{} `json:"fields"`
}
LoginEvent represents the structure of a login event sent to Splunk.
func GenerateLoginEvent ¶
Source Files
Click to show internal directories.
Click to hide internal directories.