baseline

package

v0.1.2 Latest Latest Go to latest Published: Dec 3, 2025 License: Apache-2.0 Imports: 8 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/0x4d31/santamon

Links

Open Source Insights

Documentation ¶

Index ¶

type BaselineMatch
type Processor
- func NewProcessor(db *state.DB) *Processor
- func (p *Processor) Process(msg *santapb.SantaMessage, baselines []*rules.CompiledBaseline, ...) ([]*BaselineMatch, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type BaselineMatch ¶

type BaselineMatch struct {
	RuleID      string
	Title       string
	Severity    string
	Tags        []string
	Description string
	Pattern     string // The unique pattern that was seen
	Message     *santapb.SantaMessage
	Timestamp   time.Time
	InLearning  bool // Whether this occurred during learning period
}

BaselineMatch represents a baseline rule match (first occurrence)

type Processor ¶

type Processor struct {
	// contains filtered or unexported fields
}

Processor evaluates baseline rules and tracks first-seen patterns

func NewProcessor ¶

func NewProcessor(db *state.DB) *Processor

NewProcessor creates a new baseline processor

func (*Processor) Process ¶

func (p *Processor) Process(
	msg *santapb.SantaMessage,
	baselines []*rules.CompiledBaseline,
	engine *rules.Engine,
) ([]*BaselineMatch, error)

Process evaluates an event against baseline rules.

Source Files ¶

View all Source files

processor.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL