Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Entity ¶
type Entity struct {
Type string `json:"type"` // The type of the entity i.e. container-id or IPv4
Value string `json:"value"` // The value of the entity
}
Entity represents an Attacker of Victim
type Event ¶ added in v1.0.10
type Event interface {
EventType() string
}
Event is the interface for the different event types
type EventFlow ¶
type EventFlow struct {
// contains filtered or unexported fields
}
EventFlow is the main object for the EventFlow / Generic Event API Please use the NewEventFlow function to create a new object
func NewEventFlow ¶
NewZeroTrust creates a new ZeroTrust object to work with the API returns ZeroTrust object (pointer)
func (*EventFlow) AddEvent ¶
AddEvent will post the event to eventflow, the event needs to given in base64. DEPRECATED: Use StoreEventsInBase64 instead Multiple events can be added at once, by passing them in base64 seperated by a new-line (`\n`).
func (*EventFlow) PostEventQueue ¶ added in v1.0.10
func (e *EventFlow) PostEventQueue(q *EventQueue) error
PostEventQueue will post the events in the queue to the EventFlow API and empty the queue
func (*EventFlow) SetTimeout ¶
SetTimeout, when large calls are created to add events, it might be usefull to extend the timeout.
func (*EventFlow) StoreEventsInBase64 ¶ added in v1.0.10
StoreEvents will post the events to eventflow. The events needs to be given in base64, multiple events at once, can be seperated by a new-line (`\n`). When switching from the AddEvent method a new API token is required.
type EventQueue ¶ added in v1.0.10
type EventQueue struct {
// contains filtered or unexported fields
}
EventQueue is a queue of events
func (*EventQueue) AddEventToQueue ¶ added in v1.0.10
func (q *EventQueue) AddEventToQueue(e Event)
AddEventToQueue will add an event to the queue By using a queue, multiple events can be added at once, with the PostEventQueue function
func (*EventQueue) ClearEventQueue ¶ added in v1.0.10
func (q *EventQueue) ClearEventQueue()
ClearEventQueue will empty the queue
func (*EventQueue) GetEventQueue ¶ added in v1.0.10
func (q *EventQueue) GetEventQueue() []Event
GetEventQueue will return the queue of events
type Other ¶
type Other struct {
Type string `json:"type"` // The type of the event
DetectionTimestamp int64 `json:"detection_timestamp"` // The timestamp of the detection in Unix time
Message string `json:"message"` // The (short) message of the event
Vendor string `json:"vendor"` // The vendor of the event
VendorEventID string `json:"vendor_event_id"` // The vendor event (unique) ID
Raw interface{} `json:"raw"` // The raw event
}
Other represents the "other-event-type"
type ThreatNetwork ¶
type ThreatNetwork struct {
Type string `json:"type"` // The type of the event
DetectionTimestamp int64 `json:"detection_timestamp"` // The timestamp of the detection in Unix time
Severity int `json:"severity"` // The severity of the event
Blocked bool `json:"blocked"` // The event is blocked or not
Message string `json:"message"` // The (short) message of the event
Vendor string `json:"vendor"` // The vendor of the event
VendorEventID string `json:"vendor_event_id"` // The vendor event (unique) ID
Attacker Entity `json:"attacker"` // The attacker
Victim Entity `json:"victim"` // The victim
Raw string `json:"raw"` // The raw event
}
ThreatNetwork represents the "threat_network-event-type"
func (ThreatNetwork) EventType ¶ added in v1.0.10
func (t ThreatNetwork) EventType() string
EventType returns the type of the event
Source Files