engine

package

v0.19.0 Latest Latest Go to latest Published: Dec 1, 2023 License: Apache-2.0 Imports: 7 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/khulnasoft-lab/tracker

Documentation ¶

Index ¶

Constants
type Config
type Engine
- func NewEngine(config Config, sources EventSources, output chan detect.Finding) (*Engine, error)
type EventSources

Constants ¶

View Source

const ALL_EVENT_ORIGINS = "*"

View Source

const ALL_EVENT_TYPES = "*"

View Source

const EVENT_CONTAINER_ORIGIN = "container"

View Source

const EVENT_HOST_ORIGIN = "host"

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Config ¶

type Config struct {
	// Enables the signatures engine to run in the events pipeline
	Enabled             bool
	SignatureBufferSize uint
	Signatures          []detect.Signature
	DataSources         []detect.DataSource
}

Config defines the engine's configurable values

type Engine ¶

type Engine struct {
	// contains filtered or unexported fields
}

Engine is a signatures-engine that can process events coming from a set of input sources against a set of loaded signatures, and report the signatures' findings

func NewEngine ¶

func NewEngine(config Config, sources EventSources, output chan detect.Finding) (*Engine, error)

NewEngine creates a new signatures-engine with the given arguments inputs and outputs are given as channels created by the consumer Signatures are not loaded at this point, Init must be called to perform config side effects.

func (*Engine) GetDataSource ¶

func (engine *Engine) GetDataSource(namespace string, id string) (detect.DataSource, bool)

func (*Engine) GetSelectedEvents ¶

func (engine *Engine) GetSelectedEvents() []detect.SignatureEventSelector

GetSelectedEvents returns the event selectors that are relevant to the currently loaded signatures

func (*Engine) Init ¶

func (engine *Engine) Init() error

Init loads and initializes signatures and data sources passed in NewEngine. The split allows the loading of additional signatures and data sources between NewEngine and Start if needed.

func (*Engine) LoadSignature ¶

func (engine *Engine) LoadSignature(signature detect.Signature) (string, error)

TODO: This method seems not to be used, let's confirm inside the team and remove it if not needed LoadSignature will call the internal signature loading logic and activate its handling business logics. It will return the signature ID as well as error.

func (*Engine) RegisterDataSource ¶

func (engine *Engine) RegisterDataSource(dataSource detect.DataSource) error

func (*Engine) Start ¶

func (engine *Engine) Start(ctx context.Context)

Start starts processing events and detecting signatures it runs continuously until stopped by the done channel once done, it cleans all internal resources, which means the engine is not reusable note that the input and output channels are created by the consumer and therefore are not closed

func (*Engine) Stats ¶

func (engine *Engine) Stats() *metrics.Stats

func (*Engine) UnloadSignature ¶

func (engine *Engine) UnloadSignature(signatureId string) error

UnloadSignature will remove from Engine data structures the given signature and stop its handling goroutine

type EventSources ¶

type EventSources struct {
	Tracker chan protocol.Event
}

EventSources is a bundle of input sources used to configure the Engine

Source Files ¶

View all Source files

engine.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL