Documentation
¶
Index ¶
Constants ¶
View Source
const ( TypeDNS = "Suricata.DNS" TypeAnomaly = "Suricata.Anomaly" )
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Anomaly ¶
type Anomaly struct {
Anomaly *AnomalyDetails `json:"anomaly" validate:"required,dive" description:"Suricata Anomaly Anomaly"`
AppProto *string `json:"app_proto,omitempty" description:"Suricata Anomaly AppProto"`
CommunityID *string `json:"community_id,omitempty" description:"Suricata Anomaly CommunityID"`
DestIP *string `json:"dest_ip,omitempty" description:"Suricata Anomaly DestIP"`
DestPort *uint16 `json:"dest_port,omitempty" description:"Suricata Anomaly DestPort"`
EventType *string `json:"event_type" validate:"required,eq=anomaly" description:"Suricata Anomaly EventType"`
FlowID *int `json:"flow_id,omitempty" description:"Suricata Anomaly FlowID"`
IcmpCode *int `json:"icmp_code,omitempty" description:"Suricata Anomaly IcmpCode"`
IcmpType *int `json:"icmp_type,omitempty" description:"Suricata Anomaly IcmpType"`
Metadata *AnomalyMetadata `json:"metadata,omitempty" validate:"omitempty,dive" description:"Suricata Anomaly Metadata"`
Packet *string `json:"packet,omitempty" description:"Suricata Anomaly Packet"`
PacketInfo *AnomalyPacketInfo `json:"packet_info,omitempty" validate:"omitempty,dive" description:"Suricata Anomaly PacketInfo"`
PcapCnt *int `json:"pcap_cnt,omitempty" description:"Suricata Anomaly PcapCnt"`
PcapFilename *string `json:"pcap_filename,omitempty" description:"Suricata Anomaly PcapFilename"`
Proto *numerics.Integer `json:"proto,omitempty" description:"Suricata Anomaly Proto"`
SrcIP *string `json:"src_ip,omitempty" description:"Suricata Anomaly SrcIP"`
SrcPort *uint16 `json:"src_port,omitempty" description:"Suricata Anomaly SrcPort"`
Timestamp *timestamp.SuricataTimestamp `json:"timestamp" validate:"required" description:"Suricata Anomaly Timestamp"`
TxID *int `json:"tx_id,omitempty" description:"Suricata Anomaly TxID"`
Vlan []int `json:"vlan,omitempty" description:"Suricata Anomaly Vlan"`
parsers.PantherLog
}
type AnomalyDetails ¶
type AnomalyDetails struct {
Code *int `json:"code,omitempty" description:"Suricata AnomalyDetails Code"`
Event *string `json:"event,omitempty" description:"Suricata AnomalyDetails Event"`
Layer *string `json:"layer,omitempty" description:"Suricata AnomalyDetails Layer"`
Type *string `json:"type,omitempty" description:"Suricata AnomalyDetails Type"`
}
type AnomalyMetadata ¶
type AnomalyMetadata struct {
Flowbits []string `json:"flowbits,omitempty" description:"Suricata AnomalyMetadata Flowbits"`
Flowints *AnomalyMetadataFlowints `json:"flowints,omitempty" validate:"omitempty,dive" description:"Suricata AnomalyMetadata Flowints"`
}
type AnomalyMetadataFlowints ¶
type AnomalyMetadataFlowints struct {
ApplayerAnomalyCount *int `json:"applayer.anomaly.count,omitempty" description:"Suricata AnomalyMetadataFlowints ApplayerAnomalyCount"`
HTTPAnomalyCount *int `json:"http.anomaly.count,omitempty" description:"Suricata AnomalyMetadataFlowints HTTPAnomalyCount"`
TCPRetransmissionCount *int `json:"tcp.retransmission.count,omitempty" description:"Suricata AnomalyMetadataFlowints TCPRetransmissionCount"`
TLSAnomalyCount *int `json:"tls.anomaly.count,omitempty" description:"Suricata AnomalyMetadataFlowints TLSAnomalyCount"`
}
type AnomalyPacketInfo ¶
type AnomalyPacketInfo struct {
Linktype *int `json:"linktype,omitempty" description:"Suricata AnomalyPacketInfo Linktype"`
}
type AnomalyParser ¶
type AnomalyParser struct{}
AnomalyParser parses Suricata Anomaly alerts in the JSON format
func (*AnomalyParser) LogType ¶
func (p *AnomalyParser) LogType() string
LogType returns the log type supported by this parser
func (*AnomalyParser) New ¶
func (p *AnomalyParser) New() parsers.LogParser
func (*AnomalyParser) Parse ¶
func (p *AnomalyParser) Parse(log string) ([]*parsers.PantherLog, error)
Parse returns the parsed events or nil if parsing failed
type DNS ¶
type DNS struct {
CommunityID *string `json:"community_id,omitempty" description:"Suricata DNS CommunityID"`
DNS *DNSDetails `json:"dns" validate:"required,dive" description:"Suricata DNS DNS"`
DestIP *string `json:"dest_ip" validate:"required" description:"Suricata DNS DestIP"`
DestPort *uint16 `json:"dest_port,omitempty" description:"Suricata DNS DestPort"`
EventType *string `json:"event_type" validate:"required,eq=dns" description:"Suricata DNS EventType"`
FlowID *int `json:"flow_id,omitempty" description:"Suricata DNS FlowID"`
PcapCnt *int `json:"pcap_cnt,omitempty" description:"Suricata DNS PcapCnt"`
PcapFilename *string `json:"pcap_filename,omitempty" description:"Suricata DNS PcapFilename"`
Proto *numerics.Integer `json:"proto" validate:"required" description:"Suricata DNS Proto"`
SrcIP *string `json:"src_ip" validate:"required" description:"Suricata DNS SrcIP"`
SrcPort *uint16 `json:"src_port,omitempty" description:"Suricata DNS SrcPort"`
Timestamp *timestamp.SuricataTimestamp `json:"timestamp" validate:"required" description:"Suricata DNS Timestamp"`
Vlan []int `json:"vlan,omitempty" description:"Suricata DNS Vlan"`
parsers.PantherLog
}
type DNSDetails ¶
type DNSDetails struct {
Aa *bool `json:"aa,omitempty" description:"Suricata DNSDetails Aa"`
Answers []DNSDetailsAnswers `json:"answers,omitempty" validate:"omitempty,dive" description:"Suricata DNSDetails Answers"`
Authorities []DNSDetailsAuthorities `json:"authorities,omitempty" validate:"omitempty,dive" description:"Suricata DNSDetails Authorities"`
Flags *string `json:"flags,omitempty" description:"Suricata DNSDetails Flags"`
Grouped *DNSDetailsGrouped `json:"grouped,omitempty" validate:"omitempty,dive" description:"Suricata DNSDetails Grouped"`
ID *int `json:"id,omitempty" description:"Suricata DNSDetails ID"`
Qr *bool `json:"qr,omitempty" description:"Suricata DNSDetails Qr"`
Ra *bool `json:"ra,omitempty" description:"Suricata DNSDetails Ra"`
Rcode *string `json:"rcode,omitempty" description:"Suricata DNSDetails Rcode"`
Rd *bool `json:"rd,omitempty" description:"Suricata DNSDetails Rd"`
Rrname *string `json:"rrname,omitempty" description:"Suricata DNSDetails Rrname"`
RData *string `json:"rdata,omitempty" description:"Suricata DNSDetails RData"`
Rrtype *string `json:"rrtype,omitempty" description:"Suricata DNSDetails Rrtype"`
TTL *int `json:"ttl,omitempty" description:"Suricata DNSDetails TTL"`
TxID *int `json:"tx_id,omitempty" description:"Suricata DNSDetails TxID"`
Type *string `json:"type,omitempty" description:"Suricata DNSDetails Type"`
Version *int `json:"version,omitempty" description:"Suricata DNSDetails Version"`
}
type DNSDetailsAnswers ¶
type DNSDetailsAnswers struct {
Rdata *string `json:"rdata,omitempty" description:"Suricata DNSDetailsAnswers Rdata"`
Rrname *string `json:"rrname,omitempty" description:"Suricata DNSDetailsAnswers Rrname"`
Rrtype *string `json:"rrtype,omitempty" description:"Suricata DNSDetailsAnswers Rrtype"`
TTL *int `json:"ttl,omitempty" description:"Suricata DNSDetailsAnswers TTL"`
}
type DNSDetailsAuthorities ¶
type DNSDetailsAuthorities struct {
Rrname *string `json:"rrname,omitempty" description:"Suricata DNSDetailsAuthorities Rrname"`
Rrtype *string `json:"rrtype,omitempty" description:"Suricata DNSDetailsAuthorities Rrtype"`
TTL *int `json:"ttl,omitempty" description:"Suricata DNSDetailsAuthorities TTL"`
}
type DNSDetailsGrouped ¶
type DNSDetailsGrouped struct {
A []string `json:"A,omitempty" description:"Suricata DNSDetailsGrouped A"`
Aaaa []string `json:"AAAA,omitempty" description:"Suricata DNSDetailsGrouped Aaaa"`
Cname []string `json:"CNAME,omitempty" description:"Suricata DNSDetailsGrouped Cname"`
Mx []string `json:"MX,omitempty" description:"Suricata DNSDetailsGrouped Mx"`
Ptr []string `json:"PTR,omitempty" description:"Suricata DNSDetailsGrouped Ptr"`
Txt []string `json:"TXT,omitempty" description:"Suricata DNSDetailsGrouped Txt"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.