Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Event ¶
type Event struct {
// Process identifier responsible for generating the event.
ProcessID string `json:"proc_id"`
// Type of the system event.
Type string `json:"type"`
// Path of the system event. For instance, when the event is of type:
// `registry`, the path represents the registry key being used. For a
// `network` event type, the path is the IP or domain used.
Path string `json:"path"`
// Th operation requested over the above `Path` field. This field means
// different things according to the type of the system event.
// - For file system events: can be either: create, read, write, delete, rename, ..
// - For registry events: can be either: create, rename, set, delete.
// - For network events: this represents the protocol of the communication, can
// be either HTTP, HTTPS, FTP, FTP
Operation string `json:"operation"`
}
Event represents a system event: a registry, network or file event.
type MatchRule ¶
type MatchRule struct {
// Description describes the purpose of the rule.
Description string `json:"description"`
// ID uniquely identify the rule.
ID string `json:"id"`
// Category indicates the category of the behavior rules.
// examples include: anti-analysis, ransomware, ..
Category string `json:"category"`
// Severity indicates how confident the rule is to classify
// the threat as malicious.
Severity string `json:"severity"`
// Process identifier responsible for matching the rule.
// This field is not always available as some behavior rules matches over
// multiple processes.
ProcessID string `json:"proc_id"`
}
MatchRule describes a matched behavior rule.
type ScanResult ¶
ScanResult represents the behavior rules scan results.
Source Files
Click to show internal directories.
Click to hide internal directories.