Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type APIConfig ¶
type APIConfig struct { // Transport specifies the underlying transport protocol for the API HTTP server. Transport string `json:"api.transport" yaml:"api.transport"` // Timeout determines the timeout for the API server responses Timeout time.Duration `json:"api.timeout" yaml:"api.timeout"` }
APIConfig contains API specific config options.
type Config ¶
type Config struct { // Kstream stores different configuration options for fine tuning kstream consumer/controller settings. Kstream KstreamConfig `json:"kstream" yaml:"kstream"` // Filament contains filament settings Filament FilamentConfig `json:"filament" yaml:"filament"` // PE contains the settings that influences the behaviour of the PE (Portable Executable) reader. PE pe.Config `json:"pe" yaml:"pe"` // Output stores the currently active output config Output outputs.Config // InitHandleSnapshot indicates whether initial handle snapshot is built InitHandleSnapshot bool `json:"init-handle-snapshot" yaml:"init-handle-snapshot"` DebugPrivilege bool `json:"debug-privilege" yaml:"debug-privilege"` KcapFile string // API stores global HTTP API preferences API APIConfig `json:"api" yaml:"api"` // Yara contains configuration that influences the behaviour of the Yara engine Yara yara.Config `json:"yara" yaml:"yara"` // Aggregator stores event aggregator configuration Aggregator aggregator.Config `json:"aggregator" yaml:"aggregator"` // Log contains log-specific configuration options Log log.Config `json:"logging" yaml:"logging"` // Transformers stores transformer configurations Transformers []transformers.Config // Alertsenders stores alert sender configurations Alertsenders []alertsender.Config // contains filtered or unexported fields }
Config stores configuration options for fine tuning the behaviour of Fibratus.
func NewWithOpts ¶
NewWithOpts builds a new configuration store from a variety of sources such as configuration files, environment variables or command line flags.
func (Config) GetConfigFile ¶
GetConfigFile gets the path of the configuration file from Viper value.
func (*Config) MustViperize ¶
MustViperize adds the flag set to the Cobra command and binds them within the Viper flags.
func (*Config) TryLoadFile ¶
TryLoadFile attempts to load the configuration file from specified path on the file system.
type FilamentConfig ¶
FilamentConfig stores config parameters for tweaking the behaviour of the filament engine.
type KstreamConfig ¶
type KstreamConfig struct { // EnableThreadKevents indicates if thread kernel events are collected by the ETW provider. EnableThreadKevents bool `json:"enable-thread" yaml:"enable-thread"` // EnableRegistryKevents indicates if registry kernel events are collected by the ETW provider. EnableRegistryKevents bool `json:"enable-registry" yaml:"enable-registry"` // EnableNetKevents determines whether network (TCP/UDP) events are collected by the ETW provider. EnableNetKevents bool `json:"enable-net" yaml:"enable-net"` // EnableFileIOKevents indicates if file I/O kernel events are collected by the ETW provider. EnableFileIOKevents bool `json:"enable-fileio" yaml:"enable-fileio"` // EnableImageKevents indicates if image kernel events are collected by the ETW provider. EnableImageKevents bool `json:"enable-image" yaml:"enable-image"` // EnableHandleKevents indicates whether handle creation/disposal events are enabled. EnableHandleKevents bool `json:"enable-handle" yaml:"enable-handle"` // BufferSize represents the amount of memory allocated for each event tracing session buffer, in kilobytes. // The buffer size affects the rate at which buffers fill and must be flushed (small buffer size requires // less memory but it increases the rate at which buffers must be flushed). BufferSize uint32 `json:"buffer-size" yaml:"buffer-size"` // MinBuffers determines the minimum number of buffers allocated for the event tracing session's buffer pool. MinBuffers uint32 `json:"min-buffers" yaml:"min-buffers"` // MaxBuffers is the maximum number of buffers allocated for the event tracing session's buffer pool. MaxBuffers uint32 `json:"max-buffers" yaml:"max-buffers"` // FlushTimer specifies how often the trace buffers are forcibly flushed. FlushTimer time.Duration `json:"flush-interval" yaml:"flush-interval"` // BlacklistKevents are kernel event names that will be dropped from the kernel event stream. BlacklistKevents []string `json:"blacklist.events" yaml:"blacklist.events"` // BlacklistImages are process image names that will be rejected if they generate a kernel event. BlacklistImages []string `json:"blacklist.images" yaml:"blacklist.images"` }
KstreamConfig stores different configuration options for fine tuning kstream consumer/controller settings.