Documentation
¶
Index ¶
- Variables
- func Connections(wg *sync.WaitGroup, file string, alerts []*SuricataAlert, ...) *pb.ProgressBar
- func Flows(wg *sync.WaitGroup, file string, alerts []*SuricataAlert, ...) *pb.ProgressBar
- func HTTP(wg *sync.WaitGroup, file string, alerts []*SuricataAlert, ...) *pb.ProgressBar
- func IPv4(wg *sync.WaitGroup, file string, alerts []*SuricataAlert, ...) *pb.ProgressBar
- func IPv6(wg *sync.WaitGroup, file string, alerts []*SuricataAlert, ...) *pb.ProgressBar
- func Layer(wg *sync.WaitGroup, file string, typ string, ...) *pb.ProgressBar
- func LinkFlow(wg *sync.WaitGroup, file string, alerts []*SuricataAlert, ...) *pb.ProgressBar
- func NetworkFlow(wg *sync.WaitGroup, file string, alerts []*SuricataAlert, ...) *pb.ProgressBar
- func SetExcluded(arg string)
- func Suricata(inputPcap string, outputPath string, useDescription bool, ...)
- func TCP(wg *sync.WaitGroup, file string, alerts []*SuricataAlert, ...) *pb.ProgressBar
- func TLS(wg *sync.WaitGroup, file string, alerts []*SuricataAlert, ...) *pb.ProgressBar
- func TransportFlow(wg *sync.WaitGroup, file string, alerts []*SuricataAlert, ...) *pb.ProgressBar
- func UDP(wg *sync.WaitGroup, file string, alerts []*SuricataAlert, ...) *pb.ProgressBar
- type SuricataAlert
Constants ¶
This section is empty.
Variables ¶
View Source
var ( // in case more than one label for the same timestamp exists // stop execution and print info // this affects layers being labeled, because they use the labelMap // other record types use the label array, which is not affected. // handling this needs to be improved in the future StopOnDuplicateLabels = false DisableLayerMapping = false )
regular expressions to match data from suricata fast.log
View Source
var ( UseProgressBars = false ClassificationMap = make(map[string]int) )
View Source
var CollectLabels bool
Functions ¶
func Connections ¶
func Connections(wg *sync.WaitGroup, file string, alerts []*SuricataAlert, outDir, separator, selection string) *pb.ProgressBar
Connections labels type NC_Connection
func Flows ¶
func Flows(wg *sync.WaitGroup, file string, alerts []*SuricataAlert, outDir, separator, selection string) *pb.ProgressBar
Flows labels type NC_Flow
func HTTP ¶
func HTTP(wg *sync.WaitGroup, file string, alerts []*SuricataAlert, outDir, separator, selection string) *pb.ProgressBar
func IPv4 ¶
func IPv4(wg *sync.WaitGroup, file string, alerts []*SuricataAlert, outDir, separator, selection string) *pb.ProgressBar
IPv4 labels type NC_IPv4
func IPv6 ¶
func IPv6(wg *sync.WaitGroup, file string, alerts []*SuricataAlert, outDir, separator, selection string) *pb.ProgressBar
IPv6 labels type NC_IPv6
func Layer ¶
func Layer(wg *sync.WaitGroup, file string, typ string, labelMap map[string]*SuricataAlert, labels []*SuricataAlert, outDir, separator, selection string) *pb.ProgressBar
Layer labels packets of a given gopacket.LayerType string
func LinkFlow ¶
func LinkFlow(wg *sync.WaitGroup, file string, alerts []*SuricataAlert, outDir, separator, selection string) *pb.ProgressBar
func NetworkFlow ¶
func NetworkFlow(wg *sync.WaitGroup, file string, alerts []*SuricataAlert, outDir, separator, selection string) *pb.ProgressBar
func SetExcluded ¶
func SetExcluded(arg string)
SetExcluded takes a comma separated list of strings to exclude from labeling
func Suricata ¶
func Suricata(inputPcap string, outputPath string, useDescription bool, separator, selection string)
Suricata creates labeled CSV files for audit records derived from the provided input file alerts are generated by using suricata to scan the input pcap file a directory named after the input file is created, all suricata logs go there if no output directory is specified, netcap audit records are expected in the current directory. otherwise audit records are expected in the output directory
func TCP ¶
func TCP(wg *sync.WaitGroup, file string, alerts []*SuricataAlert, outDir, separator, selection string) *pb.ProgressBar
TCP labels type NC_TCP
func TLS ¶
func TLS(wg *sync.WaitGroup, file string, alerts []*SuricataAlert, outDir, separator, selection string) *pb.ProgressBar
TLS labels type NC_TLSClientHello
func TransportFlow ¶
func TransportFlow(wg *sync.WaitGroup, file string, alerts []*SuricataAlert, outDir, separator, selection string) *pb.ProgressBar
func UDP ¶
func UDP(wg *sync.WaitGroup, file string, alerts []*SuricataAlert, outDir, separator, selection string) *pb.ProgressBar
UDP labels type NC_UDP
Types ¶
type SuricataAlert ¶
type SuricataAlert struct {
Timestamp string
Proto string
SrcIP string
SrcPort int
DstIP string
DstPort int
Classification string
Description string
}
SuricataAlert is a summary structure of an alerts contents
func ParseSuricataFastLog ¶
func ParseSuricataFastLog(contents []byte, useDescription bool) (labelMap map[string]*SuricataAlert, arr []*SuricataAlert)
ParseSuricataFastLog returns labels for a given suricata fast.log contents
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.