Documentation ¶
Overview ¶
Package detect includes the "API" of the rule-engine and includes public facing types that consumers of the rule engine should work with
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ErrDataNotFound = errors.New("requested data was not found")
View Source
var ErrKeyNotSupported = errors.New("queried key is not supported")
Functions ¶
This section is empty.
Types ¶
type DataSource ¶
type DataSource interface { // Get a value from the data source. Make sure the key matches one of the keys allowed in Keys. // The following errors should be returned for the appropriate cases: // // - ErrDataNotFound - When the key does not match to any existing data // - ErrKeyNotSupported - When the key used does not match to a support key // - Otherwise errors may vary. Get(interface{}) (map[string]interface{}, error) // Version of the data fetched. Whenever the schema has a breaking change the version should be incremented. // Consumers of the data source should verify they are running against a support version before using it. Version() uint // The types of keys the data source supports. Keys() []string // JSON Schema of the data source's result. All Get results should conform to the schema described. Schema() string // Namespace of the data source (to avoid ID collisions) Namespace() string // ID of the data source, any unique name works. ID() string }
type Finding ¶
type Finding struct { Data map[string]interface{} Event protocol.Event // Event is the causal event of the Finding SigMetadata SignatureMetadata }
Finding is the main output of a signature. It represents a match result for the signature business logic
type Logger ¶
type Logger interface { Debugw(format string, v ...interface{}) Infow(format string, v ...interface{}) Warnw(format string, v ...interface{}) Errorw(format string, v ...interface{}) }
Logger interface to inject in signatures
type SignalSourceComplete ¶
type SignalSourceComplete string
SignalSourceComplete signals that an input source the signature was subscribed to had ended
type Signature ¶
type Signature interface { // GetMetadata allows the signature to declare information about itself GetMetadata() (SignatureMetadata, error) // GetSelectedEvents allows the signature to declare which events it subscribes to GetSelectedEvents() ([]SignatureEventSelector, error) // Init allows the signature to initialize its internal state Init(ctx SignatureContext) error // Close cleans the signature after Init operation Close() // OnEvent allows the signature to process events passed by the Engine. this is the business logic of the signature OnEvent(event protocol.Event) error // OnSignal allows the signature to handle lifecycle events of the signature OnSignal(signal Signal) error }
Signature is the basic unit of business logic for the rule-engine
type SignatureContext ¶
type SignatureContext struct { Callback SignatureHandler Logger Logger GetDataSource func(namespace string, id string) (DataSource, bool) }
type SignatureEventSelector ¶
SignatureEventSelector represents events the signature is subscribed to
type SignatureHandler ¶
type SignatureHandler func(found Finding)
SignatureHandler is a callback function that reports a finding
Click to show internal directories.
Click to hide internal directories.