Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Rule ¶
type Rule struct { // Audit record type for which the rule shall be applied Typ types.Type // or apply to all audit records ApplyToAllTypes bool // todo: make timezone configurable! // fire if record has a timestamp in a given interval StartAt time.Time EndAt time.Time // Description text for the event Description string // Logic to execute Action Action // Comparison Operations // ==, <, >, >=, <= etc Operation Operation // Port number Port int // IP address IP net.IP // MAC address MAC string // Regular expression to match against packet contents or stream banners Regex regexp.Regexp // contains filtered or unexported fields }
Rule models a generic detection rule, that will be executed based on the provided information. Simple rules could be created as a YAML configuration, while more complex ones should be written in Go in order to implement a custom Action.
Click to show internal directories.
Click to hide internal directories.