The highest tagged major version is
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type BADMSG ¶
type BADMSG struct {
XMLName xml.Name `xml:"BAD_MSG"`
Text string `xml:",chardata"`
ViolationMasks struct {
Text string `xml:",chardata"`
Block string `xml:"block"`
Alarm string `xml:"alarm"`
Learn string `xml:"learn"`
Staging string `xml:"staging"`
} `xml:"violation_masks"`
RequestViolations struct {
Text string `xml:",chardata"`
Violations []struct {
Text string `xml:",chardata"`
ViolIndex string `xml:"viol_index"`
ViolName string `xml:"viol_name"`
Context string `xml:"context"`
// ParameterData and ParamData are both received when context == "parameter" | ""
// We receive either ParameterData or ParamData separately and not in the same XML message
// ParameterData and ParamData semantically represent the same thing (with ParameterData having more fields).
ParameterData ParameterData `xml:"parameter_data"`
ParamData ParamData `xml:"param_data"`
ParamName string `xml:"param_name"`
IsBase64Decoded bool `xml:"is_base64_decoded"`
Header Header `xml:"header"`
HeaderData Header `xml:"header_data"`
Cookie Cookie `xml:"cookie"`
CookieName string `xml:"cookie_name"`
Buffer string `xml:"buffer"`
SpecificDesc string `xml:"specific_desc"`
Uri string `xml:"uri"`
UriObjectData UriObjectData `xml:"object_data"`
UriLength string `xml:"uri_len"`
UriLengthLimit string `xml:"uri_len_limit"`
DefinedLength string `xml:"defined_length"`
DetectedLength string `xml:"detected_length"`
TotalLen string `xml:"total_len"`
TotalLenLimit string `xml:"total_len_limit"`
Staging string `xml:"staging"`
SigData []struct {
Text string `xml:",chardata"`
SigID string `xml:"sig_id"`
BlockingMask string `xml:"blocking_mask"`
KwData struct {
Text string `xml:",chardata"`
Buffer string `xml:"buffer"`
Offset string `xml:"offset"`
Length string `xml:"length"`
} `xml:"kw_data"`
} `xml:"sig_data"`
HTTPSanityChecksStatus string `xml:"http_sanity_checks_status"`
HTTPSubViolationStatus string `xml:"http_sub_violation_status"`
HTTPSubViolation string `xml:"http_sub_violation"`
WildcardEntity string `xml:"wildcard_entity"`
LanguageType string `xml:"language_type"`
MetacharIndex []string `xml:"metachar_index"`
} `xml:"violation"`
} `xml:"request-violations"`
}
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client for Processor with capability of logging.
type Eventer ¶
type Eventer interface {
// GetEvent will generate a protobuf Security Event
GetEvent(hostPattern *regexp.Regexp, logger *logrus.Entry) (*pb.Event, error)
}
Eventer is the interface implemented to generate an Event from a log entry.
type NAPConfig ¶
type NAPConfig struct {
DateTime string
BlockingExceptionReason string
HTTPServerPort string
HTTPRemoteAddr string
IsTruncated string
HTTPRequestMethod string
PolicyName string
Protocol string
RequestStatus string
HTTPResponseCode string
Severity string
SignatureCVEs string
SigSetNames string
HTTPRemotePort string
SubViolations string
SupportID string
ThreatCampaignNames string
UnitHostname string
HTTPURI string
ViolationRating string
HTTPHostname string
XForwardedForHeaderVal string
RequestOutcome string
RequestOutcomeReason string
Violations string
ViolationDetailsXML *BADMSG
BotSignatureName string
BotCategory string
BotAnomalies string
EnforcedBotAnomalies string
ClientClass string
ClientApplication string
ClientApplicationVersion string
Request string
TransportProtocol string
ViolationContext string
}
type ParameterData ¶
type UriObjectData ¶ added in v2.25.0
Source Files
Click to show internal directories.
Click to hide internal directories.