Documentation
¶
Index ¶
- Variables
- type BitDefenderDetection
- type CarbonBlackDetection
- type CheckPointDetection
- type CrowdstrikeDetection
- type CybereasonDetection
- type CylanceDetection
- type CynetDetection
- type DeepInstictDetection
- type ESETEDRDetection
- type ElasticAgentDetection
- type FireEyeDetection
- type FortinetDetection
- type HarfangLabDetection
- type KaskperskyDetection
- type LimacharlieDetection
- type MalwareBytesDetection
- type McafeeDetection
- type QualysDetection
- type SentinelOneDetection
- type SophosDetection
- type SymantecDetection
- type TrendMicroDetection
- type WinDefenderDetection
Constants ¶
This section is empty.
Variables ¶
View Source
var BitDefenderHeuristic = []string{
"BitDefender",
"bdagent.exe",
"AntiphishingAgent.dll",
"bdcloud.dll",
"bdmltusrsrv.dll",
"bdnc.dll",
"bdfndisf6.sys",
"bdfwcore.dll",
"bdfwfpf.sys",
"bdpredir.dll",
"bdquar.dll",
"avc3.sys",
"avckf.sys",
"alertvs10u.http.dll",
"amvs10u.http.dll",
"aphvs10u.http.dll",
"bdch.dll",
"bdchsubmit.dll",
"BdFirewallSDK.dll",
"bdreinit.exe",
"bdpredir_ssl.dl",
"pdscan.exe",
"pdiface.exe",
"pdiface.exe",
"bdnc.dll",
"BDSubmit.dll",
"BDSubWiz.exe",
"bdch.dll",
"bdec.dll",
"bdreinit.exe",
}
View Source
var CarbonBlackHeuristic = []string{
"CarbonBlack\\",
"CbDefense\\",
"CarbonBlackClientSetup.exe",
}
View Source
var CheckPointHeuristic = []string{
"Checkpoint",
"tracsrvwrapper.exe",
"TrGUI.exe",
"TracCAPI.exe",
"dtplat.dll",
"epcgina.dll",
"epcgina_user64.dll",
"LogonISReg.dll",
"OsMonitor.dll",
"ProcessMonitor.dll",
"proxystub.dll",
"ScriptRun.dll",
"SCVMonitor.dll",
"scvprod_lang_pack.dll",
"SCUIAPI.dll",
"cpmsi_tool.exe",
"DataStruct.dll",
"FileHash_DYN.dll",
"TrAPI.dll",
"vna_coinstall.dll - vna",
"vna_install64.exe",
"vna_utils.exe",
"TracSrvWrapper.exe",
"TrGUI.exe",
"TracSrvWrapper.exe",
"TrueVector",
"p95tray.exe",
}
View Source
var CrowdstrikeHeuristic = []string{
"CrowdStrike",
"%SYSTEMROOT%\\system32\\drivers\\crowdstrike\\CsDeviceControl.inf",
"%SYSTEMROOT%\\system32\\drivers\\crowdstrike\\CsFirmwareAnalysis.inf",
"windowssensor.x64.exe",
"C:\\Windows\\System32\\drivers\\crowdstrike",
"csagent.sys",
"csim.sys",
"csimn.sys",
"csimu.sys",
}
View Source
var CybereasonHeuristic = []string{
"CybereasonRansomFreeServiceHost.exe",
"Cybereason",
"Cybereason ActiveProbe\\",
"CrAmTray.exe",
"Cybereason",
"crsdll.dll",
"CoreMinion.dll",
"CoreMinion",
"minionhost.exe",
"Cybereason Sensor",
"CybereasonSensor.exe",
}
View Source
var CylanceHeuristic = []string{
"Cylance",
"CylanceProtectSetup.exe",
"cylancesvc.exe",
"CylanceUI.exe",
"CylanceProtect",
"CylanceProtectSetup.exe",
"cylance.updatemgr.interfaces.dll",
"cylancesvc.exe",
"cylance.host.updater.dll",
"cylance.host.versions.dll",
"cylance.host.analysis.dll",
"cylance.host.ccui.interfaces.dll",
"cylance.host.commandcontrolui.dll",
"cylance.host.controller.dll",
"cylance.host.cylancevenue.dll",
"cylance.host.infinitymodel.dll",
"cylance.host.windowseventlogwriter.dll",
"cylance.interfaces.dll",
"cymemdef.dll",
"cyprotectdrv64.sys",
"cyupdate.exe",
"cyhelper64.dl",
"cylanceui.exe",
"cymemdef64.dll",
"cylance.host.cylancevenuemodule.dll",
"cylance.host.memdefps_gac.dll",
"cylance.host.systeminformation.dll",
"cymemdefps.dll",
"cymemdefps64.dll",
"cylance.host.wmiprovider_gac.dll",
"cylance.host.infinitymodelole.dll",
"cylance.host.infinitymodelpdf.dll",
}
View Source
var CynetHeuristic = []string{
"Cynet",
"Cyops",
"Cynet EPS",
}
View Source
var DeepInstinctHeuristic = []string{
"DeepInstinct",
"Deep Instinct Agent",
"Deep Instinct Prevention Platform",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Deep Instinct",
}
View Source
var ESETHeuristic = []string{
"egui.exe",
"ekrn.exe",
"minodlogin.exe",
"minodlogin",
"emu-rep.exe",
"emu_install.exe",
"emu-cci.exe",
"emu-gui.exe",
"emu-uninstall.exe",
"emu-gui.exe",
"ESET MSP Utilities",
"C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\ecmd.exe",
"eguiAmon.dll",
"eguiDevmon.dll",
"eguiDmon.dll",
"eguiEmon.dll",
"eguiEpfw.dll",
"eguiHips.dll",
"eguiMailPlugins.dll",
"eguiParental.dll",
"eguiProduct.dll",
"eguiProductRcd.dll",
"eguiScan.dll",
"eguiSmon.dll",
"eguiUpdate.dll",
"EHttpSrv.exe",
"eplgHooks.dll",
"eplgOE.dll",
"eclsLang.dll",
"eguiAmonLang.dll",
"eguiEpfwLang.dll",
"eguiHipsLang.dll",
"eguiLang.dll",
"eguiOnlineHelp.dll",
"eguiOnlineHelpLang.dll",
"eguiScanLang.dll",
"eguiSmonLang.dll",
"eguiUpdateLang.dll",
"eguiWebControl.dll",
"ekrnDevmonLang.dll",
"ekrnEpfwLang.dll",
"ekrnHipsLang.dll",
}
View Source
var ElasticAgentHeuristic = []string{
"elastic-agent.exe",
"elastic-endpoint.exe",
"elastic-endpoint-driver",
"ElasticEndpoint",
}
View Source
var FireEyeHeuristic = []string{
"FireEye",
"C:\\Program Files\\FireEye\\xagt\\",
"xagt.exe",
}
View Source
var FortinetHeuristic = []string{
"Fortinet",
"dcagent_amd64.dll",
"FSAEConfig.exe",
"fortilspheuristics.dll",
"fccomintdll.dll",
"fcoeam.dll",
"fccomint.exe",
"fclanguageselector.exe",
"fortifw.exe",
"fortitray.exe",
"libcfg.dll",
"fcappdb.exe",
"fcoehook.dll",
"fcwizard.exe",
"fcresc.dll",
"fortiwf.exe",
"forticlish.dll",
"fortiece.dll",
"libavr.dll",
"fortiwadbd.exe",
"fcdblog.exe",
"fortiwad.exe",
"fortiproxy.exe",
"fortiskin.dll",
"fortiscand.exe",
"fortivpnst.dll",
"fortivpnst.exe",
"fortivpnst64.dll",
"fasle.dll",
"fcwscd7.exe",
"forticlient.exe",
"forticlish.dll",
"FortiClient Service Scheduler",
"FortiClient.exe",
"fortiwad.exe",
"fortiproxy.exe",
"FortiLSPHeuristics.dll",
"npccpluginex.dll",
"nptcplugin.dll",
"npccplugin.dll",
"FCCOMIntDLL.dll",
"FCOEAM.dll",
"FSSOMA.exe",
"LaunchCacheClean.dll",
"launchcacheclean64.dll",
"FCCOMInt.exe",
"FCVbltScan.exe",
"sslvpnhostcheck.dll",
"sslvpnhostcheck64.dll",
"FortiESNAC.exe",
"FortiTray.exe",
"FCConfig.exe",
"FCOEHook.dll",
"FCResc.dll",
"forticachecleaner.dll",
"FortiCacheCleaner64.dll",
"forticredentialprovider.dll",
"FortiCredentialProvider2x64.dll",
"forticredentialprovider64.dll",
"FortiTrayResc.dll",
"FortiWF.exe",
"EPCUserAvatar.exe",
"FortiAvatar.exe",
"FortiCliSh.dll",
"FortiCliSh64.dll",
"fortifws.exe",
"FortiWadbd.exe",
"FortiClient_Diagnostic_Tool.exe",
"forticontrol.dll",
"FortiSSLVPNdaemon.exe",
"FortiCliSh.dll",
"FortiCliSh64.dll",
"npccpluginex.dll",
"nptcplugin.dll",
"npccplugin.dll",
"FortiClient Service Scheduler",
"FortiESNAC.exe",
"FortiWad.exe",
"FortiProxy.exe",
}
View Source
var HarfangLabHeuristic = []string{
"HarfangLab\\",
"C:\\Program Files\\HarfangLab",
"C:\\Program Files\\HarfangLab\\drivers",
"hurukai",
"hurukai-av-update.dll",
"hldevicecontrol.sys",
"hurukai-av",
"hurukai-ui",
"hurukai-av.exe",
"hurukai-ui.exe",
"hurukai-av.dll",
"hlelam.sys",
"hlprotect.sys",
}
View Source
var KasperskyHeuristic = []string{
"kaspersky",
"avpui.exe",
"avpservice.dll",
"avzkrnl.dll",
"cf_anti_malware_facade.dll",
"cf_facade.dll",
"cf_mgmt_facade.dll",
"cf_response_provider.dll",
"ckahcomm.dll",
"ckahrule.dll",
"ckahum.dll",
"eka_meta.dll",
"kasperskylab.kis.ui.dll",
"am_facade.dll",
"am_meta.dll",
"attestation_task.dll",
"avs_eka.dll",
"kasperskylab.ksde.ui.dll",
"kasperskylab.ui.core.dll",
"kasperskylab.ui.core.visuals.dll",
"ksdeuimain.dll",
"avpsus.exe",
"klnagent.exe",
"klnsacwsrv.exe",
"klnagent.exe",
"kl_platf.exe",
"klnagwds.exe",
}
View Source
var LimacharlieHeuristic = []string{
"rphcp.exe",
"lc_sensor.exe",
"refractionPOINT HCP",
"LimaCharlie",
}
View Source
var MalwareBytesHeuristic = []string{
"MalwareBytes",
"mbae.exe",
"mbae64.dll",
"mbae64.exe",
"mbae-api.dll",
"mbae-svc.exe",
"mbae-uninstaller.exe",
"mbae.sys",
"mbae64.sys",
"mbae-svc.exe",
"Malwarebytes Anti-Exploit Service",
"C:\\Program Files\\Malwarebytes Anti-Exploit\\mbae.exe",
"mbae-loader.exe ",
"mbaeLoader32.exe",
"mbaeloader64.exe",
"mbamcore.dll",
"mbam-dor.exe",
"mbamext.dll",
"mbamgui.exe",
"mbamnet.dll",
"mbamservice.exe",
"mbamtrayctrl.exe",
"mbampt.exe",
"mbamscheduler.exe",
"C:\\Program Files\\Malwarebytes Anti-Rootkit",
"mbar-1.08.2.1001.exe ",
"mbeadomain.dll",
"mbae-setup.exe",
"MBAMHelper.exe",
}
View Source
var McafeeHeuristic = []string{
"Mcafee\\",
"mcupdate.exe",
"McAfeeAgent\\",
"APPolicyName",
"EPPolicyName",
"OASPolicyName",
"ESConfigTool.exe",
"FWInstCheck.exe",
"FwWindowsFirewallHandler.exe",
"mfeesp.exe",
"mfefw.exe",
"mfeProvisionModeUtility.exe",
"mfetp.exe",
"WscAVExe.exe",
"mcshield.exe",
"McChHost.exe",
"mfewc.exe",
"mfewch.exe",
"mfewcui.exe",
"mfecanary.exe",
"mfefire.exe",
"mfehidin.exe",
"mfemms.exe",
"mfevtps.exe",
"MarSetup.exe",
"masvc.exe",
"macmnsvc.exe",
"MfeServiceMgr.exe ",
"McAPExe.exe",
"McPvTray.exe",
"mcuicnt.exe",
"mcuihost.exe",
"Mcshield.exe",
"McpService.exe",
"epefprtrainer.exe",
"mfeffcoreservice.exe",
"MfeEpeSvc.exe",
}
View Source
var QualysHeuristic = []string{
"Qualys",
"qualysagent.exe",
"QualysProxy.exe",
"QualysAgentUI.exe",
}
View Source
var ( Scanners = []resources.EDRDetection{ &CarbonBlackDetection{}, &CrowdstrikeDetection{}, &CylanceDetection{}, &FireEyeDetection{}, &HarfangLabDetection{}, &KaskperskyDetection{}, &McafeeDetection{}, &SymantecDetection{}, &SentinelOneDetection{}, &WinDefenderDetection{}, &ElasticAgentDetection{}, &ESETEDRDetection{}, &QualysDetection{}, &TrendMicroDetection{}, &CybereasonDetection{}, &BitDefenderDetection{}, &CheckPointDetection{}, &CynetDetection{}, &DeepInstictDetection{}, &SophosDetection{}, &FortinetDetection{}, &MalwareBytesDetection{}, &LimacharlieDetection{}, } )
View Source
var SentinelOneHeuristic = []string{
"SentinelOne\\",
"C:\\Program Files\\SentinelOne",
"SentinelAgent",
"SentinelMonitor",
}
View Source
var SophosHeuristic = []string{
"Sophos",
"SVRTgui.exe",
"SVRTcli.exe",
"Sophos Virus Removal Tool install.exe",
"SVRTcli.exe",
"SVRTgui.exe",
"SCTCleanupService.exe",
"SVRTservice.exe",
"osdp.dll",
"SAVI.dll",
"veex.dll",
"rkdisk.dll",
"SCTBootTasks.exe",
"SUMService.exe",
"SVRTservice.exe",
"SCFService.exe",
"SCFManager.exe",
"SpaRmsAdapter.dll",
"sargui.exe",
"Sophos Computer Security Scan.exe",
"sntpservice.exe",
"SophosLinkIconHandler32.dll",
"McsHeartbeat.exe",
"SAVAdminService.exe",
"conan.dll",
"DCManagement.dll",
"DesktopMessaging.dll",
"DetectionFeedback.dll",
"DeviceControlPlugin.dll",
"DriveProcessor.dll",
"EEConsumer.dll",
"ForceUpdateAlongSideSGN.exe",
"FSDecomposer.dll",
"ICAdapter.dll",
"ICManagement.dll",
"ICProcessors.dll",
"osdp.dll",
"SavAdapter.dll",
"SAVAdminService.exe",
"SAVCleanupService.exe",
"SAVControl.dll",
"SAVI.dll",
"SavMain.exe",
"savmscm.dll",
"SavNeutralRes.dll",
"SavPlugin.dll",
"SavProgress.exe",
"SavProxy.exe",
"SavRes.dll",
"SavResChs.dll",
"SavResCht.dll",
"SavResDeu.dll",
"SavResEng.dll",
"SavResEsp.dll",
"SavSecurity.dll",
"SavService.exe",
"SavShellExt.dll",
"SavShellExtX64.dll",
"bpaif.dll",
"swc_service.exe",
"swcadapter.dll",
"swi_callout.sys",
"swi_service.exe",
"swc_service.exe",
"swi_filter.exe",
"SophosUpdate.exe",
"ALMsg.dll",
"ALUpdate.exe",
"AUAdapter.dll",
"ChannelUpdater.dll",
"cidsync.dll",
"config.dll",
"crypto.dll",
"EECustomActions.dll",
"InstlMgr.dll",
"ispsheet.dll",
"SAUConfigDLL.dll",
"SingleGUIPlugin.dll",
"SophosAlert.exe",
"swlocale.dll",
"SavShellExt.dll",
"SavShellExtX64.dll",
"SavMain.exe",
"SAVAdminService.exe",
"SAVCleanupService.exe",
"SavService.exe",
}
View Source
var SymantecHeuristic = []string{
"symantec",
"symcorpu",
"symefasi",
"Symantec",
"Norton 360",
"AVSubmit.dll",
"AVSvcPlg.dll",
"NTPAlert.dll",
"NTPFW.dll",
"N360Downloader.exe",
"bushell.dll",
"InstWrap.exe",
"symcorpui.exe",
"isPwdSvc.exe",
"ccsvchst.exe",
"Symantec Endpoint Protection\\",
}
View Source
var TrendMicroHeuristic = []string{
"Trend Micro",
"pccntmon.exe",
"AosUImanager.exe",
"NTRTScan.exe",
"tmaseng.dll",
"TMAS_OL.exe",
"TMAS_OLA.dll",
"TMAS_OLImp.exe",
"TMAS_OLShare.dll",
"EMapiWpr.dll",
"TMAS_OLSentry.exe",
"ufnavi.exe",
"Clnrbin.exe",
"vizorhtmldialog.exe",
"pwmConsole.exe",
"PwmSvc.exe",
"coreServiceShell.exe",
"ds_agent.exe",
"ufnavi.exe",
"SfCtlCom.exe",
}
View Source
var WinDefenderDriverHeuristic = []string{
"defender",
}
View Source
var WinDefenderProcessHeuristic = []string{
"defender",
"msmpeng",
}
View Source
var WinDefenderRegistryHeuristic = []string{
"Windows Defender",
}
View Source
var WinDefenderServicesHeuristic = []string{
"defender",
"msmpeng",
}
Functions ¶
This section is empty.
Types ¶
type BitDefenderDetection ¶
type BitDefenderDetection struct{}
func (*BitDefenderDetection) Detect ¶
func (w *BitDefenderDetection) Detect(data resources.SystemData) (resources.EDRType, bool)
func (*BitDefenderDetection) Name ¶
func (w *BitDefenderDetection) Name() string
func (*BitDefenderDetection) Type ¶
func (w *BitDefenderDetection) Type() resources.EDRType
type CarbonBlackDetection ¶
type CarbonBlackDetection struct{}
func (*CarbonBlackDetection) Detect ¶
func (w *CarbonBlackDetection) Detect(data resources.SystemData) (resources.EDRType, bool)
func (*CarbonBlackDetection) Name ¶
func (w *CarbonBlackDetection) Name() string
func (*CarbonBlackDetection) Type ¶
func (w *CarbonBlackDetection) Type() resources.EDRType
type CheckPointDetection ¶
type CheckPointDetection struct{}
func (*CheckPointDetection) Detect ¶
func (w *CheckPointDetection) Detect(data resources.SystemData) (resources.EDRType, bool)
func (*CheckPointDetection) Name ¶
func (w *CheckPointDetection) Name() string
func (*CheckPointDetection) Type ¶
func (w *CheckPointDetection) Type() resources.EDRType
type CrowdstrikeDetection ¶
type CrowdstrikeDetection struct{}
func (*CrowdstrikeDetection) Detect ¶
func (w *CrowdstrikeDetection) Detect(data resources.SystemData) (resources.EDRType, bool)
func (*CrowdstrikeDetection) Name ¶
func (w *CrowdstrikeDetection) Name() string
func (*CrowdstrikeDetection) Type ¶
func (w *CrowdstrikeDetection) Type() resources.EDRType
type CybereasonDetection ¶
type CybereasonDetection struct{}
func (*CybereasonDetection) Detect ¶
func (w *CybereasonDetection) Detect(data resources.SystemData) (resources.EDRType, bool)
func (*CybereasonDetection) Name ¶
func (w *CybereasonDetection) Name() string
func (*CybereasonDetection) Type ¶
func (w *CybereasonDetection) Type() resources.EDRType
type CylanceDetection ¶
type CylanceDetection struct{}
func (*CylanceDetection) Detect ¶
func (w *CylanceDetection) Detect(data resources.SystemData) (resources.EDRType, bool)
func (*CylanceDetection) Name ¶
func (w *CylanceDetection) Name() string
func (*CylanceDetection) Type ¶
func (w *CylanceDetection) Type() resources.EDRType
type CynetDetection ¶
type CynetDetection struct{}
func (*CynetDetection) Detect ¶
func (w *CynetDetection) Detect(data resources.SystemData) (resources.EDRType, bool)
func (*CynetDetection) Name ¶
func (w *CynetDetection) Name() string
func (*CynetDetection) Type ¶
func (w *CynetDetection) Type() resources.EDRType
type DeepInstictDetection ¶
type DeepInstictDetection struct{}
func (*DeepInstictDetection) Detect ¶
func (w *DeepInstictDetection) Detect(data resources.SystemData) (resources.EDRType, bool)
func (*DeepInstictDetection) Name ¶
func (w *DeepInstictDetection) Name() string
func (*DeepInstictDetection) Type ¶
func (w *DeepInstictDetection) Type() resources.EDRType
type ESETEDRDetection ¶
type ESETEDRDetection struct{}
func (*ESETEDRDetection) Detect ¶
func (w *ESETEDRDetection) Detect(data resources.SystemData) (resources.EDRType, bool)
func (*ESETEDRDetection) Name ¶
func (w *ESETEDRDetection) Name() string
func (*ESETEDRDetection) Type ¶
func (w *ESETEDRDetection) Type() resources.EDRType
type ElasticAgentDetection ¶
type ElasticAgentDetection struct{}
func (*ElasticAgentDetection) Detect ¶
func (w *ElasticAgentDetection) Detect(data resources.SystemData) (resources.EDRType, bool)
func (*ElasticAgentDetection) Name ¶
func (w *ElasticAgentDetection) Name() string
func (*ElasticAgentDetection) Type ¶
func (w *ElasticAgentDetection) Type() resources.EDRType
type FireEyeDetection ¶
type FireEyeDetection struct{}
func (*FireEyeDetection) Detect ¶
func (w *FireEyeDetection) Detect(data resources.SystemData) (resources.EDRType, bool)
func (*FireEyeDetection) Name ¶
func (w *FireEyeDetection) Name() string
func (*FireEyeDetection) Type ¶
func (w *FireEyeDetection) Type() resources.EDRType
type FortinetDetection ¶
type FortinetDetection struct{}
func (*FortinetDetection) Detect ¶
func (w *FortinetDetection) Detect(data resources.SystemData) (resources.EDRType, bool)
func (*FortinetDetection) Name ¶
func (w *FortinetDetection) Name() string
func (*FortinetDetection) Type ¶
func (w *FortinetDetection) Type() resources.EDRType
type HarfangLabDetection ¶ added in v1.5.0
type HarfangLabDetection struct{}
func (*HarfangLabDetection) Detect ¶ added in v1.5.0
func (w *HarfangLabDetection) Detect(data resources.SystemData) (resources.EDRType, bool)
func (*HarfangLabDetection) Name ¶ added in v1.5.0
func (w *HarfangLabDetection) Name() string
func (*HarfangLabDetection) Type ¶ added in v1.5.0
func (w *HarfangLabDetection) Type() resources.EDRType
type KaskperskyDetection ¶
type KaskperskyDetection struct{}
func (*KaskperskyDetection) Detect ¶
func (w *KaskperskyDetection) Detect(data resources.SystemData) (resources.EDRType, bool)
func (*KaskperskyDetection) Name ¶
func (w *KaskperskyDetection) Name() string
func (*KaskperskyDetection) Type ¶
func (w *KaskperskyDetection) Type() resources.EDRType
type LimacharlieDetection ¶
type LimacharlieDetection struct{}
func (*LimacharlieDetection) Detect ¶
func (w *LimacharlieDetection) Detect(data resources.SystemData) (resources.EDRType, bool)
func (*LimacharlieDetection) Name ¶
func (w *LimacharlieDetection) Name() string
func (*LimacharlieDetection) Type ¶
func (w *LimacharlieDetection) Type() resources.EDRType
type MalwareBytesDetection ¶
type MalwareBytesDetection struct{}
func (*MalwareBytesDetection) Detect ¶
func (w *MalwareBytesDetection) Detect(data resources.SystemData) (resources.EDRType, bool)
func (*MalwareBytesDetection) Name ¶
func (w *MalwareBytesDetection) Name() string
func (*MalwareBytesDetection) Type ¶
func (w *MalwareBytesDetection) Type() resources.EDRType
type McafeeDetection ¶
type McafeeDetection struct{}
func (*McafeeDetection) Detect ¶
func (w *McafeeDetection) Detect(data resources.SystemData) (resources.EDRType, bool)
func (*McafeeDetection) Name ¶
func (w *McafeeDetection) Name() string
func (*McafeeDetection) Type ¶
func (w *McafeeDetection) Type() resources.EDRType
type QualysDetection ¶
type QualysDetection struct{}
func (*QualysDetection) Detect ¶
func (w *QualysDetection) Detect(data resources.SystemData) (resources.EDRType, bool)
func (*QualysDetection) Name ¶
func (w *QualysDetection) Name() string
func (*QualysDetection) Type ¶
func (w *QualysDetection) Type() resources.EDRType
type SentinelOneDetection ¶
type SentinelOneDetection struct{}
func (*SentinelOneDetection) Detect ¶
func (w *SentinelOneDetection) Detect(data resources.SystemData) (resources.EDRType, bool)
func (*SentinelOneDetection) Name ¶
func (w *SentinelOneDetection) Name() string
func (*SentinelOneDetection) Type ¶
func (w *SentinelOneDetection) Type() resources.EDRType
type SophosDetection ¶
type SophosDetection struct{}
func (*SophosDetection) Detect ¶
func (w *SophosDetection) Detect(data resources.SystemData) (resources.EDRType, bool)
func (*SophosDetection) Name ¶
func (w *SophosDetection) Name() string
func (*SophosDetection) Type ¶
func (w *SophosDetection) Type() resources.EDRType
type SymantecDetection ¶
type SymantecDetection struct{}
func (*SymantecDetection) Detect ¶
func (w *SymantecDetection) Detect(data resources.SystemData) (resources.EDRType, bool)
func (*SymantecDetection) Name ¶
func (w *SymantecDetection) Name() string
func (*SymantecDetection) Type ¶
func (w *SymantecDetection) Type() resources.EDRType
type TrendMicroDetection ¶
type TrendMicroDetection struct{}
func (*TrendMicroDetection) Detect ¶
func (w *TrendMicroDetection) Detect(data resources.SystemData) (resources.EDRType, bool)
func (*TrendMicroDetection) Name ¶
func (w *TrendMicroDetection) Name() string
func (*TrendMicroDetection) Type ¶
func (w *TrendMicroDetection) Type() resources.EDRType
type WinDefenderDetection ¶
type WinDefenderDetection struct{}
func (*WinDefenderDetection) Detect ¶
func (w *WinDefenderDetection) Detect(data resources.SystemData) (resources.EDRType, bool)
Detect returnns EDRType `defender` If
- processes list contains WinDefenderProcessHeuristic keywords
- services list contains WinDefenderServicesHeuristic keywords
- registry list contains WinDefenderRegistryHeuristic keywords
- driver list contains WinDefenderDriverHeuristic keywords
func (*WinDefenderDetection) Name ¶
func (w *WinDefenderDetection) Name() string
func (*WinDefenderDetection) Type ¶
func (w *WinDefenderDetection) Type() resources.EDRType
Source Files
¶
- scan_bitdefender.go
- scan_carbonblack.go
- scan_checkpoint.go
- scan_crowdstrike.go
- scan_cybereason.go
- scan_cylance.go
- scan_cynet.go
- scan_deepinstinct.go
- scan_elastic.go
- scan_eset.go
- scan_fireeye.go
- scan_fortinet.go
- scan_harfanglab.go
- scan_kaspersky.go
- scan_limacharlie.go
- scan_malwarebytes.go
- scan_mcafee.go
- scan_qualys.go
- scan_sentinelone.go
- scan_sophos.go
- scan_symantec.go
- scan_trendmicro.go
- scan_win_defender.go
- scanner.go
Click to show internal directories.
Click to hide internal directories.