ecs

package
v0.31.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 19, 2025 License: MIT Imports: 11 Imported by: 0

Documentation

Overview

ECS event mapping functions.

ECS history mapping functions.

ECS jumplist mapping functions.

ECS shellbag mapping functions.

ECS specification.

Index

Constants

View Source 
const (
	Version = "8.11"
)

Variables

This section is empty.

Functions

func Hash 

func Hash(s string) string

Types

type Agent 

type Agent struct {
	Type    string `json:"type"`
	Version string `json:"version"`
}

type Base 

type Base struct {
	Timestamp time.Time              `json:"@timestamp"`
	Message   string                 `json:"message"`
	Tags      string                 `json:"tags,omitempty"`
	Labels    map[string]interface{} `json:"labels,omitempty"`
}

type Ecs 

type Ecs struct {
	Version string `json:"version"`
}

type Evt 

type Evt struct {
	Kind     string    `json:"kind,omitempty"`
	Module   string    `json:"module,omitempty"`
	Dataset  string    `json:"dataset,omitempty"`
	Severity int64     `json:"severity,omitempty"`
	ID       string    `json:"id,omitempty"`
	Code     string    `json:"code,omitempty"`
	Provider string    `json:"provider,omitempty"`
	Ingested time.Time `json:"ingested,omitempty"`
	Original string    `json:"original,omitempty"`
	Hash     string    `json:"hash,omitempty"`
}

type File 

type File struct {
	Type        string `json:"type,omitempty"`
	Name        string `json:"name,omitempty"`
	Extension   string `json:"extension,omitempty"`
	Directory   string `json:"directory,omitempty"`
	DriveLetter string `json:"drive_letter,omitempty"`
	Path        string `json:"path,omitempty"`
}

type Host 

type Host struct {
	Hostname string `json:"hostname,omitempty"`
	MAC      string `json:"mac,omitempty"`
}

type Log 

type Log struct {
	Base

	Ecs      *Ecs      `json:"ecs"`
	Agent    *Agent    `json:"agent"`
	Event    *Evt      `json:"event"`
	File     *File     `json:"file"`
	Url      *Url      `json:"url,omitempty"`
	Host     *Host     `json:"host,omitempty"`
	User     *User     `json:"user,omitempty"`
	Process  *Process  `json:"process,omitempty"`
	Registry *Registry `json:"registry,omitempty"`
}

func MapEvent 

func MapEvent(s, src string) (log *Log, err error)

func MapHistory 

func MapHistory(fu *flog.Url, src string) (log *Log, err error)

func MapJumpList 

func MapJumpList(s, src string) (log *Log, err error)

func MapShellBag 

func MapShellBag(s, src string) (log *Log, err error)

func NewLog 

func NewLog(s, src string, base *Base) *Log

type Process 

type Process struct {
	PID              int64    `json:"pid,omitempty"`
	Thread           *Thread  `json:"thread,omitempty"`
	EntityID         string   `json:"entity_id,omitempty"`
	Name             string   `json:"name,omitempty"`
	Title            string   `json:"title,omitempty"`
	Args             []string `json:"args,omitempty"`
	ArgsCount        int64    `json:"args_count,omitempty"`
	Executable       string   `json:"executable,omitempty"`
	CommandLine      string   `json:"command_line,omitempty"`
	WorkingDirectory string   `json:"working_directory,omitempty"`
}

type Registry 

type Registry struct {
	Path  string `json:"path,omitempty"`
	Hive  string `json:"hive,omitempty"`
	Key   string `json:"key,omitempty"`
	Value string `json:"value,omitempty"`
}

type Thread 

type Thread struct {
	ID int64 `json:"id,omitempty"`
}

type Url 

type Url struct {
	Original string `json:"original,omitempty"`
	Full     string `json:"full,omitempty"`
	Scheme   string `json:"scheme,omitempty"`
	Domain   string `json:"domain,omitempty"`
	Port     int64  `json:"port,omitempty"`
	Path     string `json:"path,omitempty"`
	Query    string `json:"query,omitempty"`
	Fragment string `json:"fragment,omitempty"`
	Username string `json:"username,omitempty"`
	Password string `json:"password,omitempty"`
}

type User 

type User struct {
	ID string `json:"id,omitempty"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.