manager

package

v0.6.11 Latest Latest Go to latest Published: Jan 30, 2022 License: BSD-3-Clause, GPL-3.0 Imports: 17 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/dreadl0ck/netcap

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func Render(out string)
func ResetStats()
func Stats(target io.Writer)
type AttackInfo
type LabelManager
- func NewLabelManager(progress bool, debug bool, removeFilesWithoutMatches bool, scatterplot bool, ...) *LabelManager
- func (m *LabelManager) Init(pathMappingInfo string)
- func (m *LabelManager) Label(record types.AuditRecord) string

Constants ¶

This section is empty.

Variables ¶

View Source

var Location = time.Local

Location is the location to use for timestamp parsing and comparison.

Functions ¶

func Render ¶

func Render(out string)

Render will render the current label manager

func ResetStats ¶

func ResetStats()

func Stats ¶

func Stats(target io.Writer)

Types ¶

type AttackInfo ¶

type AttackInfo struct {

	// Attack instance number
	Num int `csv:"num" yaml:"num"`

	// Attack Name
	Name string `csv:"name" yaml:"name"`

	// Attack timeframe
	Start string `csv:"start" yaml:"start"`
	End   string `csv:"end" yaml:"end"`

	// any traffic going from and towards the specified IPs in the given timeframe
	// the field value from parsed CSV is going to be split by ";"
	IPs []string `csv:"ips" yaml:"ips"`

	// Underlying Protocol(s)
	Proto string `csv:"proto" yaml:"proto"`

	// Additional notes
	Notes string `csv:"notes" yaml:"notes"`

	// Associated category
	Category string `csv:"category" yaml:"category"`

	// MITRE Tactic or Technique Name
	MITRE string `csv:"mitre" yaml:"mitre"`

	// Day of Attack
	Date string `yaml:"date" yaml:"date"`

	// Separate victims and attacks, flag any traffic BETWEEN the specified IPs.
	Victims   []string `csv:"victims" yaml:"victims"`
	Attackers []string `csv:"attackers" yaml:"attackers"`

	// FlagVictimTraffic will also label traffic from and towards the victim for the current attack timeframe,
	// and can be used when specifying victim and attacker IPs separately.
	// This is useful for example during infiltration scenarios,
	// where malicious activity is conducted by an infected host.
	FlagVictimTraffic bool `yaml:"flagVictimTraffic"`
}

AttackInfo models an attack and contains meta information. Timestamps are provided as strings to support custom time formats.

type LabelManager ¶

type LabelManager struct {

	// debug mode
	Debug bool

	sync.Mutex
	// contains filtered or unexported fields
}

LabelManager keeps track of attack information that shall be mapped onto the audit records.

func NewLabelManager ¶

func NewLabelManager(progress bool, debug bool, removeFilesWithoutMatches bool, scatterplot bool, scatterDuration time.Duration) *LabelManager

NewLabelManager returns a new label manager instance.

func (*LabelManager) Init ¶

func (m *LabelManager) Init(pathMappingInfo string)

Init will load the attack information from disk.

func (*LabelManager) Label ¶

func (m *LabelManager) Label(record types.AuditRecord) string

Label returns the label for the current audit record according to the loaded label mapping.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL