common

package

v0.0.0-...-f0a5ce6 Latest Latest Go to latest Published: May 6, 2023 License: MIT Imports: 22 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/yarox24/EvtxHussar

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func AppendNumberToPath(path_ string, nr int) string
func ConvertSocketUint8ToText(socket_bytes []uint8) (string, error)
func DecodeASIPv4(socket_bytes []uint8) (string, error)
func DecodeASIPv6(socket_bytes []uint8) (string, error)
func Determine_Maps_Path(MapsDirectoryConfig string) (string, error)
func EncryptDecrypt(input string, key []byte) []byte
func EnsureDirectoryStructureIsCreated(full_path string) error
func GrabUniversalLogger() *zerolog.Logger
func Handle_output_directory(p string)
func HeadersAndRowListToOrderedDict(keys []string, values []string) *ordereddict.Dict
func Hussar_art(VERSION string, URL string)
func IPPortFormatter(version int, IP net.IP, Port uint16, ScopeId uint32) string
func Inspect_single_evtx(wg *sync.WaitGroup, efi *EvtxFileInfo, inspector_channel chan struct{})
func KeyExistsInOrderedDict(od *ordereddict.Dict, key string) bool
func LogCriticalError(msg string)
func LogCriticalErrorWithError(msg string, e error)
func LogDebug(msg string)
func LogDebugString(key string, val interface{})
func LogDebugStructure(msg string, s interface{}, s_name string)
func LogError(msg string)
func LogErrorWithError(msg string, e error)
func LogImprove(msg string)
func LogInfo(msg string)
func LogInfoStructure(msg string, s interface{}, s_name string)
func LogWarn(msg string)
func Logging_init(Debug bool)
func Min(a int, b int) int
func NewChunk(fd io.ReadSeeker, offset int64) (*evtx.Chunk, error)
func OrderedDictToKeysOrderedStringList(ord_map *ordereddict.Dict) []string
func OrderedDictToOrderedStringListValues(od *ordereddict.Dict) []string
func ProperOrderedMapKeyCase(od *ordereddict.Dict, key string) string
func StringSliceContainsCaseInsensitive(sl []string, val string) bool
func SysTimeToString(t time.Time, highprecisioneventtime bool) string
func ToTime(f float64) time.Time
func UniqueElementsOfSliceInMemory(slice []string) []string
type CommaSeparated
- func (c *CommaSeparated) UnmarshalText(b []byte) error
type EVTXHeaderAlternative
type EvtxFileInfo
- func Generate_list_of_files_to_process(Input_evtx_paths []string, Recursive bool) []EvtxFileInfo
- func Inspect_evtx_paths(EfiList []EvtxFileInfo) []EvtxFileInfo
- func NewEvtxFileInfo(p string) EvtxFileInfo
- func ReturnCopyOfSupportedEfiFileInfoElements(efi []EvtxFileInfo) []EvtxFileInfo
- func (efi *EvtxFileInfo) DetermineParameters()
- func (efi *EvtxFileInfo) EnableForProcessing()
- func (efi *EvtxFileInfo) GetAlternativeHeader() *EVTXHeaderAlternative
- func (efi *EvtxFileInfo) GetChannel() string
- func (efi *EvtxFileInfo) GetFilenameWithoutExtension() string
- func (efi *EvtxFileInfo) GetLatestComputer() string
- func (efi *EvtxFileInfo) GetNumberOfRecords() int64
- func (efi *EvtxFileInfo) GetPath() string
- func (efi *EvtxFileInfo) IsEmpty() bool
- func (efi *EvtxFileInfo) IsValid() bool
- func (efi *EvtxFileInfo) SetNumberOfRecords(record_counter int64)
- func (efi *EvtxFileInfo) Validate() error
- func (efi *EvtxFileInfo) WillBeProcessed() bool
type ExtractedFunction
- func FunctionExtractor(function string) ExtractedFunction
type ExtractedLogic
- func LogicExtractor(logic string) ExtractedLogic
type Layer2FieldExtraTransformations
type Params
type Params2Info
type PowerShellScriptBlockInfo
type SingleField

Constants ¶

View Source

const (
	NOT_EXISTS = iota
	IS_FILE
	IS_DIR
)

View Source

const ScriptBlocksXorKey string = "Y" // 0x59

Variables ¶

This section is empty.

Functions ¶

func AppendNumberToPath ¶

func AppendNumberToPath(path_ string, nr int) string

func ConvertSocketUint8ToText ¶

func ConvertSocketUint8ToText(socket_bytes []uint8) (string, error)

func DecodeASIPv4 ¶

func DecodeASIPv4(socket_bytes []uint8) (string, error)

func DecodeASIPv6 ¶

func DecodeASIPv6(socket_bytes []uint8) (string, error)

func Determine_Maps_Path ¶

func Determine_Maps_Path(MapsDirectoryConfig string) (string, error)

func EncryptDecrypt ¶

func EncryptDecrypt(input string, key []byte) []byte

func EnsureDirectoryStructureIsCreated ¶

func EnsureDirectoryStructureIsCreated(full_path string) error

func GrabUniversalLogger ¶

func GrabUniversalLogger() *zerolog.Logger

func Handle_output_directory ¶

func Handle_output_directory(p string)

func HeadersAndRowListToOrderedDict ¶

func HeadersAndRowListToOrderedDict(keys []string, values []string) *ordereddict.Dict

func Hussar_art ¶

func Hussar_art(VERSION string, URL string)

func IPPortFormatter ¶

func IPPortFormatter(version int, IP net.IP, Port uint16, ScopeId uint32) string

func Inspect_single_evtx ¶

func Inspect_single_evtx(wg *sync.WaitGroup, efi *EvtxFileInfo, inspector_channel chan struct{})

func KeyExistsInOrderedDict ¶

func KeyExistsInOrderedDict(od *ordereddict.Dict, key string) bool

func LogCriticalError ¶

func LogCriticalError(msg string)

func LogCriticalErrorWithError ¶

func LogCriticalErrorWithError(msg string, e error)

func LogDebug ¶

func LogDebug(msg string)

func LogDebugString ¶

func LogDebugString(key string, val interface{})

func LogDebugStructure ¶

func LogDebugStructure(msg string, s interface{}, s_name string)

func LogError ¶

func LogError(msg string)

func LogErrorWithError ¶

func LogErrorWithError(msg string, e error)

func LogImprove ¶

func LogImprove(msg string)

func LogInfo ¶

func LogInfo(msg string)

func LogInfoStructure ¶

func LogInfoStructure(msg string, s interface{}, s_name string)

func LogWarn ¶

func LogWarn(msg string)

func Logging_init ¶

func Logging_init(Debug bool)

func Min ¶

func Min(a int, b int) int

func NewChunk ¶

func NewChunk(fd io.ReadSeeker, offset int64) (*evtx.Chunk, error)

func OrderedDictToKeysOrderedStringList ¶

func OrderedDictToKeysOrderedStringList(ord_map *ordereddict.Dict) []string

func OrderedDictToOrderedStringListValues ¶

func OrderedDictToOrderedStringListValues(od *ordereddict.Dict) []string

func ProperOrderedMapKeyCase ¶

func ProperOrderedMapKeyCase(od *ordereddict.Dict, key string) string

func StringSliceContainsCaseInsensitive ¶

func StringSliceContainsCaseInsensitive(sl []string, val string) bool

func SysTimeToString ¶

func SysTimeToString(t time.Time, highprecisioneventtime bool) string

func ToTime ¶

func ToTime(f float64) time.Time

func UniqueElementsOfSliceInMemory ¶

func UniqueElementsOfSliceInMemory(slice []string) []string

Types ¶

type CommaSeparated ¶

type CommaSeparated struct {
	Entries []string
}

func (*CommaSeparated) UnmarshalText ¶

func (c *CommaSeparated) UnmarshalText(b []byte) error

type EVTXHeaderAlternative ¶

type EVTXHeaderAlternative struct {
	Magic           [8]byte
	OldestChunk     uint64
	CurrentChunkNum uint64
	NextRecordNum   uint64
	HeaderPart1Len  uint32
	MinorVersion    uint16
	MajorVersion    uint16
	HeaderSize      uint16
	ChunkCount      uint16

	FileFlags uint32
	CheckSum  uint32
	// contains filtered or unexported fields
}

type EvtxFileInfo ¶

type EvtxFileInfo struct {
	// contains filtered or unexported fields
}

func Generate_list_of_files_to_process ¶

func Generate_list_of_files_to_process(Input_evtx_paths []string, Recursive bool) []EvtxFileInfo

func Inspect_evtx_paths ¶

func Inspect_evtx_paths(EfiList []EvtxFileInfo) []EvtxFileInfo

func NewEvtxFileInfo ¶

func NewEvtxFileInfo(p string) EvtxFileInfo

func ReturnCopyOfSupportedEfiFileInfoElements ¶

func ReturnCopyOfSupportedEfiFileInfoElements(efi []EvtxFileInfo) []EvtxFileInfo

func (*EvtxFileInfo) DetermineParameters ¶

func (efi *EvtxFileInfo) DetermineParameters()

func (*EvtxFileInfo) EnableForProcessing ¶

func (efi *EvtxFileInfo) EnableForProcessing()

func (*EvtxFileInfo) GetAlternativeHeader ¶

func (efi *EvtxFileInfo) GetAlternativeHeader() *EVTXHeaderAlternative

func (*EvtxFileInfo) GetChannel ¶

func (efi *EvtxFileInfo) GetChannel() string

func (*EvtxFileInfo) GetFilenameWithoutExtension ¶

func (efi *EvtxFileInfo) GetFilenameWithoutExtension() string

func (*EvtxFileInfo) GetLatestComputer ¶

func (efi *EvtxFileInfo) GetLatestComputer() string

func (*EvtxFileInfo) GetNumberOfRecords ¶

func (efi *EvtxFileInfo) GetNumberOfRecords() int64

func (*EvtxFileInfo) GetPath ¶

func (efi *EvtxFileInfo) GetPath() string

func (*EvtxFileInfo) IsEmpty ¶

func (efi *EvtxFileInfo) IsEmpty() bool

func (*EvtxFileInfo) IsValid ¶

func (efi *EvtxFileInfo) IsValid() bool

func (*EvtxFileInfo) SetNumberOfRecords ¶

func (efi *EvtxFileInfo) SetNumberOfRecords(record_counter int64)

func (*EvtxFileInfo) Validate ¶

func (efi *EvtxFileInfo) Validate() error

func (*EvtxFileInfo) WillBeProcessed ¶

func (efi *EvtxFileInfo) WillBeProcessed() bool

type ExtractedFunction ¶

type ExtractedFunction struct {
	Name    string
	Options map[string]string
}

func FunctionExtractor ¶

func FunctionExtractor(function string) ExtractedFunction

type ExtractedLogic ¶

type ExtractedLogic struct {
	Method  string
	Options map[string]string
}

func LogicExtractor ¶

func LogicExtractor(logic string) ExtractedLogic

type Layer2FieldExtraTransformations ¶

type Layer2FieldExtraTransformations struct {
	Input_field       string
	Output_field      string
	Special_transform string
	Options           map[string]string
}

type Params ¶

type Params struct {
	Info          Params2Info
	Params        map[string]string
	Params_number map[int]string
}

type Params2Info ¶

type Params2Info struct {
	Typ              string
	Channel          string
	Name             string
	Display_original string
}

type PowerShellScriptBlockInfo ¶

type PowerShellScriptBlockInfo struct {
	Total    int
	Segments map[int]string
	Path     string
}

type SingleField ¶

type SingleField struct {
	NiceName string
	Options  map[string]string
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL