alert

package
v0.0.0-...-97ba3e4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 4, 2026 License: MIT Imports: 10 Imported by: 0

Documentation

Overview

Code generated by github.com/reflective-technology/cybereyes-cef/alert/codegen, DO NOT EDIT.

Code generated by github.com/reflective-technology/cybereyes-cef/alert/codegen, DO NOT EDIT.

Code generated by github.com/reflective-technology/cybereyes-cef/alert/codegen, DO NOT EDIT.

Code generated by github.com/reflective-technology/cybereyes-cef/alert/codegen, DO NOT EDIT.

Code generated by github.com/reflective-technology/cybereyes-cef/alert/codegen, DO NOT EDIT.

Code generated by github.com/reflective-technology/cybereyes-cef/alert/codegen, DO NOT EDIT.

Code generated by github.com/reflective-technology/cybereyes-cef/alert/codegen, DO NOT EDIT.

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrExtensionIsNil = errors.New("extension is nil")
)

Functions

func DefaultSeverityPoint 

func DefaultSeverityPoint(severity string) (int, error)

this function take the intersection of cef standard severity point and general fields severity point as the default severity point cef standard severity point: 0-3=Low, 4-6=Medium, 7-8=High, and 9-10=Very-High. general fields severity point: 1=info, 2=low, 3,4,5,6,7=medium, 8,9=high, 10=critical

func MapGeneralFieldsToCefStandardFields 

func MapGeneralFieldsToCefStandardFields(field string) (string, bool)

func ResolveCEFSeverity 

func ResolveCEFSeverity(meta AlertMetaField) (string, error)

ResolveSeverity converts the alert severity to CEF severity header field

According to cef-implementation-standard.pdf (https://www.microfocus.com/documentation/arcsight/arcsight-smartconnectors-8.4/pdfdoc/cef-implementation-standard/cef-implementation-standard.pdf_ agentSeverity is a string or integer and it reflects the importance of the event. - The valid string values are: Unknown, Low, Medium, High, and Very-High. - The valid integer values are: 0-3=Low, 4-6=Medium, 7-8=High, and 9-10=Very-High.

func ResolveCef 

func ResolveCef(alertMeta AlertMetaField, vendorConfig VendorConfig, pipelines ...ExtensionsPipeline) (string, error)

func SyslogRFC3164WithCef 

func SyslogRFC3164WithCef(alert Alert, param ToSyslogRFC3164WithCefParam) (string, error)

func UserDefinedFieldName 

func UserDefinedFieldName(name string, vendorAbbreviation string) (string, error)

Convert the field name to camel case and prefix with vendor abbreviation

func VendorBasedExtensionsKeySortFunc 

func VendorBasedExtensionsKeySortFunc(vendorConfig VendorConfig) func(keys []string)

func VendorBasedPriority 

func VendorBasedPriority(field string, vendorAbbreviation string) int

Define priority levels for different field types

Types

type Alert 

type Alert interface {
	ToSyslogRFC3164WithCef(param ToSyslogRFC3164WithCefParam) (string, error)
	ToCef(param ToCefParam) (string, error)
}

type AlertMetaField 

type AlertMetaField struct {
	// alert_id
	ID string

	// rule_id
	RuleID string

	// name
	Name string

	// alert_subject
	AlertSubject string

	// alert_desc
	Description string

	// severity
	Severity AlertSeverity

	// severity_num
	SeverityNum *int

	// @timestamp
	Timestamp time.Time
}

type AlertSeverity 

type AlertSeverity string
const (
	AlertSeverityInfo     AlertSeverity = "info"
	AlertSeverityLow      AlertSeverity = "low"
	AlertSeverityMedium   AlertSeverity = "medium"
	AlertSeverityHigh     AlertSeverity = "high"
	AlertSeverityCritical AlertSeverity = "critical"
)

type AuditdLinuxAlert 

type AuditdLinuxAlert struct {
	AlertMetaField
	AuditdLinuxFields types.AuditdLinux
}

func (*AuditdLinuxAlert) ToCef 

func (alert *AuditdLinuxAlert) ToCef(param ToCefParam) (string, error)

func (*AuditdLinuxAlert) ToSyslogRFC3164WithCef 

func (alert *AuditdLinuxAlert) ToSyslogRFC3164WithCef(param ToSyslogRFC3164WithCefParam) (string, error)

type ExtensionsPipeline 

type ExtensionsPipeline func(extensions map[string]string) error

func EnhanceExtensionsFromAuditdLinuxFields 

func EnhanceExtensionsFromAuditdLinuxFields(fields types.AuditdLinux, vendorAbbreviation string) ExtensionsPipeline

func EnhanceExtensionsFromFirewallFields 

func EnhanceExtensionsFromFirewallFields(fields types.Firewall, vendorAbbreviation string) ExtensionsPipeline

func EnhanceExtensionsFromGeneralFields 

func EnhanceExtensionsFromGeneralFields(generalFields map[string]string, vendorAbbreviation string) ExtensionsPipeline

func EnhanceExtensionsFromIpsFields 

func EnhanceExtensionsFromIpsFields(fields types.Ips, vendorAbbreviation string) ExtensionsPipeline

func EnhanceExtensionsFromWebApplicationFirewallFields 

func EnhanceExtensionsFromWebApplicationFirewallFields(fields types.WebApplicationFirewall, vendorAbbreviation string) ExtensionsPipeline

func EnhanceExtensionsFromWebFields 

func EnhanceExtensionsFromWebFields(fields types.Web, vendorAbbreviation string) ExtensionsPipeline

func EnhanceExtensionsFromWindowsEventsApplicationFields 

func EnhanceExtensionsFromWindowsEventsApplicationFields(fields types.WindowsEventsApplication, vendorAbbreviation string) ExtensionsPipeline

func EnhanceExtensionsFromWindowsEventsSecurityFields 

func EnhanceExtensionsFromWindowsEventsSecurityFields(fields types.WindowsEventsSecurity, vendorAbbreviation string) ExtensionsPipeline

func EnhanceExtensionsWithAlertMeta 

func EnhanceExtensionsWithAlertMeta(meta AlertMetaField) ExtensionsPipeline

func EnhanceExtensionsWithHostname 

func EnhanceExtensionsWithHostname(hostname string) ExtensionsPipeline

type FirewallAlert 

type FirewallAlert struct {
	AlertMetaField
	FirewallFields types.Firewall
}

func (*FirewallAlert) ToCef 

func (alert *FirewallAlert) ToCef(param ToCefParam) (string, error)

func (*FirewallAlert) ToSyslogRFC3164WithCef 

func (alert *FirewallAlert) ToSyslogRFC3164WithCef(param ToSyslogRFC3164WithCefParam) (string, error)

type IpsAlert 

type IpsAlert struct {
	AlertMetaField
	IpsFields types.Ips
}

func (*IpsAlert) ToCef 

func (alert *IpsAlert) ToCef(param ToCefParam) (string, error)

func (*IpsAlert) ToSyslogRFC3164WithCef 

func (alert *IpsAlert) ToSyslogRFC3164WithCef(param ToSyslogRFC3164WithCefParam) (string, error)

type RawAlert 

type RawAlert struct {
	Meta AlertMetaField
	// contains filtered or unexported fields
}

func NewRawAlert 

func NewRawAlert(param RawAlertParam) *RawAlert

func (*RawAlert) ToCef 

func (alert *RawAlert) ToCef(param ToCefParam) (string, error)

ToCEF converts the alert to CEF format there are three segments in the CEF format 1. cef standard fields 2. custom labels and values 3. user defined fields

func (*RawAlert) ToSyslogRFC3164WithCef 

func (alert *RawAlert) ToSyslogRFC3164WithCef(param ToSyslogRFC3164WithCefParam) (string, error)

type RawAlertParam 

type RawAlertParam struct {
	Meta          AlertMetaField
	GeneralFields map[string]string
}

type ToCefParam 

type ToCefParam struct {
	VendorConfig VendorConfig
	Hostname     string
}

type ToSyslogRFC3164WithCefParam 

type ToSyslogRFC3164WithCefParam struct {
	VendorConfig VendorConfig
	Hostname     string
	Timestamp    time.Time
	Priority     uint8
}

type VendorConfig 

type VendorConfig struct {
	VendorName     string
	ProductName    string
	ProductVersion string
	Abbreviation   string
}
var (
	VendorReflective VendorConfig = VendorConfig{
		VendorName:     "Reflective",
		ProductName:    "CyberEyes",
		ProductVersion: "3",
		Abbreviation:   "CE",
	}
)

type WebAlert 

type WebAlert struct {
	AlertMetaField
	WebFields types.Web
}

func (*WebAlert) ToCef 

func (alert *WebAlert) ToCef(param ToCefParam) (string, error)

func (*WebAlert) ToSyslogRFC3164WithCef 

func (alert *WebAlert) ToSyslogRFC3164WithCef(param ToSyslogRFC3164WithCefParam) (string, error)

type WebApplicationFirewallAlert 

type WebApplicationFirewallAlert struct {
	AlertMetaField
	WebApplicationFirewallFields types.WebApplicationFirewall
}

func (*WebApplicationFirewallAlert) ToCef 

func (alert *WebApplicationFirewallAlert) ToCef(param ToCefParam) (string, error)

func (*WebApplicationFirewallAlert) ToSyslogRFC3164WithCef 

func (alert *WebApplicationFirewallAlert) ToSyslogRFC3164WithCef(param ToSyslogRFC3164WithCefParam) (string, error)

type WindowsEventsApplicationAlert 

type WindowsEventsApplicationAlert struct {
	AlertMetaField
	WindowsEventsApplicationFields types.WindowsEventsApplication
}

func (*WindowsEventsApplicationAlert) ToCef 

func (alert *WindowsEventsApplicationAlert) ToCef(param ToCefParam) (string, error)

func (*WindowsEventsApplicationAlert) ToSyslogRFC3164WithCef 

func (alert *WindowsEventsApplicationAlert) ToSyslogRFC3164WithCef(param ToSyslogRFC3164WithCefParam) (string, error)

type WindowsEventsSecurityAlert 

type WindowsEventsSecurityAlert struct {
	AlertMetaField
	WindowsEventsSecurityFields types.WindowsEventsSecurity
}

func (*WindowsEventsSecurityAlert) ToCef 

func (alert *WindowsEventsSecurityAlert) ToCef(param ToCefParam) (string, error)

func (*WindowsEventsSecurityAlert) ToSyslogRFC3164WithCef 

func (alert *WindowsEventsSecurityAlert) ToSyslogRFC3164WithCef(param ToSyslogRFC3164WithCefParam) (string, error)

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.