dpluger

package
v0.34.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 30, 2023 License: GPL-3.0 Imports: 28 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	FieldTypeText    = "text"
	FieldTypeKeyword = "keyword"
)
View Source 
const (
	TSVFileSuffix = "_plugin-sids.tsv"
)

Variables

View Source 
var ErrFieldMappingNotExist = errors.New("field mapping does not exist")
View Source 
var (
	ErrIntValueExceedBoundary = errors.New("integer value exceeds maximum value boundary")
)
View Source 
var ErrNonSIDCollect = errors.New("only SID-type plugin support collect: keyword")

Functions

func CreateConfig 

func CreateConfig(confFile, address, index, name, typ string) error

CreateConfig generates dpluger config file

func CreateDirective added in v0.15.0 

func CreateDirective(tsvFile, outFile, kingdom, titleTemplate string, priority, reliability, dirNumber int) error

CreateDirective starts directive creation

func CreatePlugin 

func CreatePlugin(cfg CreatePluginConfig) error

CreatePlugin starts plugin creation

func FieldMappingToLogstashField added in v0.33.0 

func FieldMappingToLogstashField(fields *FieldMapping)

func LogstashFieldNotation added in v0.33.0 

func LogstashFieldNotation(src string) (res string)

func Merge added in v0.32.1 

func Merge(cmd Commander, cfg MergeConfig, options ...MergeOptionFunc) error

func SplitDirective added in v0.28.0 

func SplitDirective(target string, suffix string, count int, delete bool) (err error)

SplitDirective Split single directive json file into multiple json files

Types

type ByFirstPluginSID added in v0.33.0 

type ByFirstPluginSID []PluginSIDWithCustomDataGroup

func (ByFirstPluginSID) Len added in v0.33.0 

func (g ByFirstPluginSID) Len() int

func (ByFirstPluginSID) Less added in v0.33.0 

func (g ByFirstPluginSID) Less(i, j int) bool

func (ByFirstPluginSID) Swap added in v0.33.0 

func (g ByFirstPluginSID) Swap(i, j int)

type Commander added in v0.32.1 

type Commander interface {
	PromptBool(string, bool) bool
	Log(string)
}

type CreatePluginConfig added in v0.33.0 

type CreatePluginConfig struct {
	Plugin      Plugin
	ConfigFile  string
	Creator     string
	Validate    bool
	UsePipeline bool
	SIDListFile string
}

type CustomDataSet added in v0.33.0 

type CustomDataSet struct {
	CustomLabel1 string `json:"custom_label1,omitempty" tsv:"custom_label1" csv:"custom_label1"`
	CustomData1  string `json:"custom_data1,omitempty" tsv:"custom_data1" csv:"custom_data1"`
	CustomLabel2 string `json:"custom_label2,omitempty" tsv:"custom_label2" csv:"custom_label2"`
	CustomData2  string `json:"custom_data2,omitempty" tsv:"custom_data2" csv:"custom_data2"`
	CustomLabel3 string `json:"custom_label3,omitempty" tsv:"custom_label3" csv:"custom_label3"`
	CustomData3  string `json:"custom_data3,omitempty" tsv:"custom_data3" csv:"custom_data3"`
}

func (CustomDataSet) IsEmpty added in v0.33.0 

func (c CustomDataSet) IsEmpty() bool

type ElasticsearchInfo added in v0.33.5 

type ElasticsearchInfo struct {
	Name        string `json:"name"`
	ClusterName string `json:"cluster_name"`
	Version     struct {
		Distribution   string `json:"distribution,omitempty"`
		Number         string `json:"number"`
		BuildHash      string `json:"build_hash"`
		BuildTimestamp string `json:"build_timestamp"`
		BuildSnapshot  bool   `json:"build_snapshot"`
		LuceneVersion  string `json:"lucene_version"`
		CompatVersion  string `json:"minimum_wire_compatibility_version"`
	} `json:"version"`
	TagLine string `json:"tagline"`
}

type FieldMapping 

type FieldMapping struct {
	Title           string `json:"title,omitempty"`
	Timestamp       string `json:"timestamp"`
	TimestampFormat string `json:"timestamp_format"`
	Sensor          string `json:"sensor"`
	PluginID        string `json:"plugin_id,omitempty"`
	PluginSID       string `json:"plugin_sid,omitempty"`
	Product         string `json:"product,omitempty"`
	Category        string `json:"category,omitempty"`
	SubCategory     string `json:"subcategory,omitempty"`
	SrcIP           string `json:"src_ip"`
	SrcPort         string `json:"src_port"`
	DstIP           string `json:"dst_ip"`
	DstPort         string `json:"dst_port"`
	Protocol        string `json:"protocol,omitempty"`
	CustomData1     string `json:"custom_data1,omitempty"`
	CustomLabel1    string `json:"custom_label1,omitempty"`
	CustomData2     string `json:"custom_data2,omitempty"`
	CustomLabel2    string `json:"custom_label2,omitempty"`
	CustomData3     string `json:"custom_data3,omitempty"`
	CustomLabel3    string `json:"custom_label3,omitempty"`
}

FieldMapping defines field mapping

type FileReader added in v0.32.1 

type FileReader interface {
	Read(string) ([]byte, error)
}

type MergeConfig added in v0.32.1 

type MergeConfig struct {
	Host       string
	SourceJSON string
	TargetJSON string
}

type MergeOptionFunc added in v0.32.1 

type MergeOptionFunc func(*mergeOption)

func WithCustomFileReader added in v0.32.1 

func WithCustomFileReader(fr FileReader) MergeOptionFunc

func WithCustomTransport added in v0.32.1 

func WithCustomTransport(tr http.RoundTripper) MergeOptionFunc

type Plugin 

type Plugin struct {
	Name                         string       `json:"name"`
	Type                         string       `json:"type"` // SID || Taxonomy
	Output                       string       `json:"output_file"`
	Index                        string       `json:"index_pattern"`
	ES                           string       `json:"elasticsearch_address"`
	IdentifierField              string       `json:"identifier_field"`
	IdentifierValue              string       `json:"identifier_value"`
	IdentifierFilter             string       `json:"identifier_filter"`
	IdentifierBlockSource        string       `json:"identifier_block_source"`
	IdentifierBlockSourceContent string       `json:"-"`
	ESCollectionFilter           string       `json:"es_collect_filter"`
	Fields                       FieldMapping `json:"field_mapping"`
}

Plugin defines field mapping

func Parse 

func Parse(confFile string) (plugin Plugin, err error)

Parse read dpluger config from confFile and returns a Plugin

type PluginSID added in v0.33.0 

type PluginSID struct {
	Name     string `tsv:"plugin"`
	ID       int    `tsv:"id"`
	SID      int    `tsv:"sid"`
	SIDTitle string `tsv:"title"`
	Category string `tsv:"category"`
	Kingdom  string `tsv:"kingdom"`

	CustomDataSet
	// contains filtered or unexported fields
}

func (*PluginSID) Defaults added in v0.33.0 

func (p *PluginSID) Defaults(in interface{})

Defaults is implementation of tsv.Castable

func (PluginSID) IsEmpty added in v0.33.0 

func (p PluginSID) IsEmpty() bool

func (*PluginSID) Next added in v0.33.0 

func (p *PluginSID) Next(b tsv.Castable) bool

Next is implementation of tsv.Castable

type PluginSIDSet added in v0.33.0 

type PluginSIDSet []PluginSID

func (PluginSIDSet) FirstSID added in v0.33.0 

func (p PluginSIDSet) FirstSID() int

func (PluginSIDSet) SID added in v0.33.0 

func (p PluginSIDSet) SID() []int

type PluginSIDWithCustomDataGroup added in v0.33.0 

type PluginSIDWithCustomDataGroup struct {
	CustomData CustomDataSet
	Plugins    PluginSIDSet
}

PluginSIDWithCustomDataGroup is mapping of a CustomDataSet to set of Plugin SID, used to map unique custom data set to list of plugin-sid along with its custom-data.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.