rule

package

v0.6.11 Latest Latest Go to latest Published: Jan 30, 2022 License: BSD-3-Clause, GPL-3.0 Imports: 4 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/dreadl0ck/netcap

Links

Open Source Insights

Documentation ¶

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Rule ¶

type Rule struct {

	// Audit record type for which the rule shall be applied
	Typ types.Type

	// or apply to all audit records
	ApplyToAllTypes bool

	// todo: make timezone configurable!
	// fire if record has a timestamp in a given interval
	StartAt time.Time
	EndAt   time.Time

	// Description text for the event
	Description string

	// Logic to execute
	Action Action

	// Comparison Operations
	// ==, <, >, >=, <= etc
	Operation Operation

	// Port number
	Port int

	// IP address
	IP net.IP

	// MAC address
	MAC string

	// Regular expression to match against packet contents or stream banners
	Regex regexp.Regexp
	// contains filtered or unexported fields
}

Rule models a generic detection rule, that will be executed based on the provided information. Simple rules could be created as a YAML configuration, while more complex ones should be written in Go in order to implement a custom Action.

Source Files ¶

View all Source files

rule.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL

rule

Documentation ¶

Index ¶

Constants ¶

Variables ¶

Functions ¶

Types ¶

type Action ¶

type Config ¶

type Operation ¶

type Rule ¶

Source Files ¶