Documentation ¶
Index ¶
- Constants
- Variables
- func ContextEnrichmentStep(payload events.Event, token string, reqContext *events.RequestContext, ...)
- func HTTPContextEnrichmentStep(c *gin.Context, event events.Event)
- func InitDefault(srcIP, dstIP, srcUA, dstUA string)
- type ConditionFunc
- type IPLookupRule
- type LookupEnrichmentStep
- type Rule
- type RuleConfig
- type UserAgentParseRule
Constants ¶
View Source
const ( ApiTokenKey = "api_key" IPKey = "source_ip" )
View Source
const IPLookup = "ip_lookup"
View Source
const UserAgentParse = "user_agent_parse"
Variables ¶
View Source
var ( DefaultSrcIP jsonutils.JSONPath DefaultDstIP jsonutils.JSONPath DefaultUaRule = &UserAgentParseRule{} )
Functions ¶
func ContextEnrichmentStep ¶
func ContextEnrichmentStep(payload events.Event, token string, reqContext *events.RequestContext, preprocessor events.Processor, uniqueIDField *identifiers.UniqueID)
ContextEnrichmentStep enriches payload with ip, user-agent, token, unique ID field (event_id) and _timestamp
func InitDefault ¶
func InitDefault(srcIP, dstIP, srcUA, dstUA string)
InitDefault initializes default lookup enrichment rules
Types ¶
type ConditionFunc ¶
type IPLookupRule ¶
type IPLookupRule struct {
// contains filtered or unexported fields
}
func CreateDefaultJsIPRule ¶
func CreateDefaultJsIPRule(geoService *geo.Service, geoDataResolverID string) *IPLookupRule
func NewIPLookupRule ¶
func (*IPLookupRule) Execute ¶
func (ir *IPLookupRule) Execute(event map[string]interface{})
func (*IPLookupRule) Name ¶
func (ir *IPLookupRule) Name() string
type LookupEnrichmentStep ¶
type LookupEnrichmentStep struct {
// contains filtered or unexported fields
}
func NewLookupEnrichmentStep ¶
func NewLookupEnrichmentStep(enrichmentRules []Rule) *LookupEnrichmentStep
func (*LookupEnrichmentStep) Execute ¶
func (les *LookupEnrichmentStep) Execute(object map[string]interface{})
type RuleConfig ¶
type RuleConfig struct { Name string `mapstructure:"name" json:"name,omitempty" yaml:"name,omitempty"` From string `mapstructure:"from" json:"from,omitempty" yaml:"from,omitempty"` To string `mapstructure:"to" json:"to,omitempty" yaml:"to,omitempty"` }
RuleConfig configuration for rules
func (*RuleConfig) String ¶
func (r *RuleConfig) String() string
func (*RuleConfig) Validate ¶
func (r *RuleConfig) Validate() error
type UserAgentParseRule ¶
type UserAgentParseRule struct {
// contains filtered or unexported fields
}
UserAgentParseRule is a user-agent parse rule with cache
func NewUserAgentParseRule ¶
func NewUserAgentParseRule(source, destination jsonutils.JSONPath) (*UserAgentParseRule, error)
func (*UserAgentParseRule) DstPath ¶
func (uap *UserAgentParseRule) DstPath() jsonutils.JSONPath
func (*UserAgentParseRule) Execute ¶
func (uap *UserAgentParseRule) Execute(event map[string]interface{})
Execute sets parsed ua from cache or resolves with useragent.Resolver. Also returns set value to destination path
func (*UserAgentParseRule) Name ¶
func (uap *UserAgentParseRule) Name() string
Click to show internal directories.
Click to hide internal directories.