sigma

package

v1.1.0 Latest Latest Go to latest Published: May 6, 2022 License: EUPL-1.2 Imports: 3 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/0xThiebaut/sigmai

Links

Open Source Insights

Documentation ¶

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Action ¶

type Action string

const (
	ActionGlobal Action = "global"
	ActionRepeat Action = "repeat"
	ActionReset  Action = "reset"
)

type Category ¶

type Category string

const (
	CategoryProcessCreation Category = "process_creation"
	CategoryProxy           Category = "proxy"
	CategoryFirewall        Category = "firewall"
	CategoryDNS             Category = "dns"
	CategoryWebServer       Category = "webserver"
)

type Detection ¶

type Detection struct {
	Searches  map[string][]search.Searches `yaml:",inline,omitempty"`
	TimeFrame string                       `yaml:",omitempty"`
	Condition condition.Condition          `yaml:",omitempty"`
}

type Level ¶

type Level string

const (
	LevelLow      Level = "low"
	LevelMedium   Level = "medium"
	LevelHigh     Level = "high"
	LevelCritical Level = "critical"
)

type LogSource ¶

type LogSource struct {
	Category   Category `yaml:",omitempty"`
	Product    Product  `yaml:",omitempty"`
	Service    Service  `yaml:",omitempty"`
	Definition string   `yaml:",omitempty"`
}

type Product ¶

type Product string

const (
	ProductWindows Product = "windows"
	ProductLinux   Product = "linux"
	ProductApache  Product = "apache"
)

type Relation ¶

type Relation string

const (
	RelationDerived   Relation = "derived"
	RelationObsoletes Relation = "obsoletes"
	RelationMerged    Relation = "merged"
	RelationRenamed   Relation = "renamed"
)

type Relationship ¶

type Relationship struct {
	Id   string
	Type Relation
}

type Rule ¶

type Rule struct {
	Action         Action         `yaml:",omitempty"`
	Title          string         `yaml:",omitempty"`
	Id             string         `yaml:",omitempty"`
	Related        []Relationship `yaml:",omitempty"`
	Status         Status         `yaml:",omitempty"`
	Description    string         `yaml:",omitempty"`
	Author         string         `yaml:",omitempty"`
	References     []string       `yaml:",omitempty"`
	LogSource      LogSource      `yaml:",omitempty"`
	Detection      Detection      `yaml:",omitempty"`
	Fields         []field.Field  `yaml:",omitempty"`
	FalsePositives []string       `yaml:",omitempty"`
	Level          Level          `yaml:",omitempty"`
	Tags           []string       `yaml:",omitempty"`
}

type Service ¶

type Service string

const (
	ServiceSecurity          Service = "security"
	ServiceSystem            Service = "system"
	ServiceSysmon            Service = "sysmon"
	ServiceTaskScheduler     Service = "taskscheduler"
	ServiceWMI               Service = "wmi"
	ServiceApplication       Service = "application"
	ServiceDNSServer         Service = "dns-server"
	ServiceDriverFramework   Service = "driver-framework"
	ServicePowerShell        Service = "powershell"
	ServicePowerShellClassic Service = "powershell-classic"
	ServiceAuth              Service = "auth"
	ServiceAuditd            Service = "auditd"
	ServiceClamAV            Service = "clamav"
	ServiceAccess            Service = "access"
	ServiceError             Service = "error"
)

type Status ¶

type Status string

const (
	StatusExperimental Status = "experimental"
	StatusTesting      Status = "testing"
	StatusStable       Status = "stable"
)

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
condition
field
search

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL