Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Event ¶
type Event struct { Date time.Time `json:"date"` Process string `json:"process"` Protocol string `json:"protocol"` Host string `json:"host"` Port int `json:"port"` PortName string `json:"port_name"` Whois whois.Whois `json:"whois"` Count int `json:"count"` }
Event of Sysmon
type EventsSortDate ¶
type EventsSortDate []Event
EventsSortDate are Sysmon events sorted by Date
func (EventsSortDate) Len ¶
func (slice EventsSortDate) Len() int
func (EventsSortDate) Less ¶
func (slice EventsSortDate) Less(i, j int) bool
func (EventsSortDate) Swap ¶
func (slice EventsSortDate) Swap(i, j int)
type EventsSortHost ¶
type EventsSortHost []Event
EventsSortHost are Sysmon events sorted by Host
func (EventsSortHost) Len ¶
func (slice EventsSortHost) Len() int
func (EventsSortHost) Less ¶
func (slice EventsSortHost) Less(i, j int) bool
func (EventsSortHost) Swap ¶
func (slice EventsSortHost) Swap(i, j int)
type EvtxData ¶
type EvtxData struct { DestinationHostname string `json:"DestinationHostname"` DestinationIp string `json:"DestinationIp"` DestinationIsIpv6 string `json:"DestinationIsIpv6"` DestinationPort string `json:"DestinationPort"` DestinationPortName string `json:"DestinationPortName"` Image string `json:"Image"` Initiated string `json:"Initiated"` ProcessGuid string `json:"ProcessGuid"` ProcessId string `json:"ProcessId"` Protocol string `json:"Protocol"` SourceHostname string `json:"SourceHostname"` SourceIp string `json:"SourceIp"` SourceIsIpv6 string `json:"SourceIsIpv6"` SourcePort string `json:"SourcePort"` SourcePortName string `json:"SourcePortName"` User string `json:"User"` UtcTime string `json:"UtcTime"` }
Click to show internal directories.
Click to hide internal directories.