Documentation
¶
Index ¶
- func ReadFile(filename string) (*idmef.Message, error)
- type Action
- type AdditionalData
- type Address
- type Alert
- type AlertIdent
- type Analyzer
- type Assessment
- type Classification
- type Confidence
- type CorrelationAlert
- type File
- type FileAccess
- type Heartbeat
- type Impact
- type Linkage
- type Message
- type Node
- type Permission
- type Process
- type Reference
- type Service
- type Source
- type Target
- type Time
- type User
- type UserID
- type WebService
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Action ¶ added in v0.2.0
type AdditionalData ¶ added in v0.2.0
type AdditionalData struct {
Type string `xml:"type,attr,omitempty"`
Meaning string `xml:"meaning,attr,omitempty"`
DateTime time.Time `xml:"http://iana.org/idmef date-time,omitempty"`
Real *float64 `xml:"http://iana.org/idmef real,omitempty"`
}
func (AdditionalData) Common ¶ added in v0.2.0
func (a AdditionalData) Common() idmef.AdditionalData
type Address ¶
type Alert ¶
type Alert struct {
MessageID string `xml:"messageid,attr,omitempty"`
Analyzer Analyzer `xml:"http://iana.org/idmef Analyzer"`
CreateTime Time `xml:"http://iana.org/idmef CreateTime"`
DetectTime *Time `xml:"http://iana.org/idmef DetectTime"`
AnalyzerTime *Time `xml:"http://iana.org/idmef AnalyzerTime"`
Source []Source `xml:"http://iana.org/idmef Source"`
Target []Target `xml:"http://iana.org/idmef Target"`
Classification Classification `xml:"http://iana.org/idmef Classification"`
Assessment *Assessment `xml:"http://iana.org/idmef Assessment"`
CorrelationAlert *CorrelationAlert `xml:"http://iana.org/idmef CorrelationAlert"`
AdditionalData []AdditionalData `xml:"http://iana.org/idmef AdditionalData"`
}
type AlertIdent ¶ added in v0.3.0
type AlertIdent struct {
AlertIdent string `xml:",chardata"`
AnalyzerID string `xml:"analyzerid,attr,omitempty"`
}
func (*AlertIdent) Common ¶ added in v0.3.0
func (a *AlertIdent) Common() idmef.AlertIdent
type Analyzer ¶
type Analyzer struct {
AnalyzerID string `xml:"analyzerid,attr,omitempty"`
Name string `xml:"name,attr,omitempty"`
Manufacturer string `xml:"manufacturer,attr,omitempty"`
Model string `xml:"model,attr,omitempty"`
Version string `xml:"version,attr,omitempty"`
Class string `xml:"class,attr,omitempty"`
OSType string `xml:"ostype,attr,omitempty"`
OSVersion string `xml:"osversion,attr,omitempty"`
Node *Node `xml:"http://iana.org/idmef Node,omitempty"`
Process *Process `xml:"http://iana.org/idmef Process,omitempty"`
}
Analyzer class identifies the analyzer from which the Alert or Heartbeat message originates. Only one analyzer may be encoded for each alert or heartbeat, and that MUST be the analyzer at which the alert or heartbeat originated. Although the IDMEF data model does not prevent the use of hierarchical intrusion detection systems (where alerts get relayed up the tree), it does not provide any way to record the identity of the "relay" analyzers along the path from the originating analyzer to the manager that ultimately receives the alert. (from RFC 4765)
type Assessment ¶ added in v0.2.0
type Assessment struct {
Impact *Impact `xml:"http://iana.org/idmef Impact,omitempty"`
Action []Action `xml:"http://iana.org/idmef Action,omitempty"`
Confidence *Confidence `xml:"http://iana.org/idmef Confidence,omitempty"`
}
func (Assessment) Common ¶ added in v0.2.0
func (a Assessment) Common() *idmef.Assessment
type Classification ¶
type Classification struct {
Ident string `xml:"ident,attr,omitempty"`
Text string `xml:"text,attr"`
Reference []Reference `xml:"http://iana.org/idmef Reference"`
}
func (*Classification) Common ¶
func (cl *Classification) Common() idmef.Classification
type Confidence ¶ added in v0.2.0
type Confidence struct {
Rating string `xml:"rating,attr,omitempty"`
}
func (Confidence) Common ¶ added in v0.2.0
func (c Confidence) Common() *idmef.Confidence
type CorrelationAlert ¶ added in v0.3.0
type CorrelationAlert struct {
Name string `xml:"http://iana.org/idmef name,omitempty"`
AlertIdent []AlertIdent `xml:"http://iana.org/idmef alertident,omitempty"`
}
func (CorrelationAlert) Common ¶ added in v0.3.0
func (c CorrelationAlert) Common() *idmef.CorrelationAlert
type File ¶ added in v0.2.0
type File struct {
Category string `xml:"category,attr,omitempty"`
FSType string `xml:"fstype,attr,omitempty"`
Name string `xml:"http://iana.org/idmef name,omitempty"`
Path string `xml:"http://iana.org/idmef path,omitempty"`
FileAccess []FileAccess `xml:"http://iana.org/idmef FileAccess,omitempty"`
Linkage *Linkage `xml:"http://iana.org/idmef Linkage,omitempty"`
}
type FileAccess ¶ added in v0.2.0
type FileAccess struct {
UserID *UserID `xml:"http://iana.org/idmef UserId,omitempty"`
Permission []Permission `xml:"http://iana.org/idmef permission,omitempty"`
}
func (FileAccess) Common ¶ added in v0.2.0
func (f FileAccess) Common() idmef.FileAccess
type Heartbeat ¶ added in v0.3.0
type Heartbeat struct {
MessageID string `xml:"messageid,attr,omitempty"`
Analyzer Analyzer `xml:"http://iana.org/idmef Analyzer"`
CreateTime Time `xml:"http://iana.org/idmef CreateTime"`
AdditionalData []AdditionalData `xml:"http://iana.org/idmef AdditionalData"`
}
type Impact ¶ added in v0.2.0
type Linkage ¶ added in v0.2.0
type Message ¶
type Node ¶
type Permission ¶ added in v0.2.0
type Permission struct {
Perms string `xml:"perms,attr,omitempty"`
}
func (Permission) Common ¶ added in v0.2.0
func (p Permission) Common() idmef.Permission
type Process ¶ added in v0.2.0
type Reference ¶
type Service ¶ added in v0.2.0
type Service struct {
Ident string `xml:"ident,attr,omitempty"`
Name string `xml:"http://iana.org/idmef name,omitempty"`
Port int `xml:"http://iana.org/idmef port,omitempty"`
Portlist string `xml:"http://iana.org/idmef portlist,omitempty"`
WebService *WebService `xml:"http://iana.org/idmef WebService"`
}
type Source ¶
type Source struct {
Ident string `xml:"ident,attr"`
Spoofed string `xml:"spoofed,attr,omitempty"` // Source
Node *Node `xml:"http://iana.org/idmef Node"`
User *User `xml:"http://iana.org/idmef User"`
Process *Process `xml:"http://iana.org/idmef Process"`
Service *Service `xml:"http://iana.org/idmef Service"`
}
type Target ¶ added in v0.2.0
type Target struct {
Ident string `xml:"ident,attr"`
Decoy string `xml:"decoy,attr,omitempty"` // Target
Node *Node `xml:"http://iana.org/idmef Node"`
User *User `xml:"http://iana.org/idmef User"`
Process *Process `xml:"http://iana.org/idmef Process"`
Service *Service `xml:"http://iana.org/idmef Service"`
File *File `xml:"http://iana.org/idmef File,omitempty"`
}
type User ¶ added in v0.2.0
type UserID ¶ added in v0.4.0
type WebService ¶ added in v0.3.0
type WebService struct {
URL string `xml:"http://iana.org/idmef url,omitempty"`
CGI string `xml:"http://iana.org/idmef cgi,omitempty"`
HTTPMethod string `xml:"http://iana.org/idmef http-method,omitempty"`
}
func (WebService) Common ¶ added in v0.3.0
func (w WebService) Common() *idmef.WebService
Source Files
Click to show internal directories.
Click to hide internal directories.