Documentation
¶
Index ¶
- func FormatWithRandomSeconds(t time.Time) (string, time.Time)
- func SendHECEvent(hecURL, hecToken string, event SplunkEvent) (err error)
- type SplunkEvent
- func GenerateExecveEventFromCommand(eventTime time.Time, commandLine string, targetIp string, ...) SplunkEvent
- func GenerateLoginEvent(domain, subnet string, eventTime time.Time, targetAcc string) (SplunkEvent, string, string)
- func GenerateLoginFailedEvent(domain, subnet string, eventTime time.Time, targetAcc string) (SplunkEvent, string, string)
- func GenerateProcessCreationEvent(domain, targetIp string, targetHostname string, eventTime time.Time, ...) SplunkEvent
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func SendHECEvent ¶
func SendHECEvent(hecURL, hecToken string, event SplunkEvent) (err error)
SendLoginEvent sends a generated login event to the Splunk HEC endpoint.
Types ¶
type SplunkEvent ¶
type SplunkEvent struct { Event string `json:"event"` Sourcetype string `json:"sourcetype"` Source string `json:"source"` Index string `json:"index"` Host string `json:"host"` Time int64 `json:"time"` // Unix timestamp field Fields map[string]interface{} `json:"fields"` }
LoginEvent represents the structure of a login event sent to Splunk.
func GenerateLoginEvent ¶
Click to show internal directories.
Click to hide internal directories.