pkg/processor/community_id/community_id.go

// Licensed to Elasticsearch B.V. under one or more contributor
// license agreements. See the NOTICE file distributed with
// this work for additional information regarding copyright
// ownership. Elasticsearch B.V. licenses this file to you under
// the Apache License, Version 2.0 (the "License"); you may
// not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied.  See the License for the
// specific language governing permissions and limitations
// under the License.

// Code generated by processor/generate.go - DO NOT EDIT.
package community_id

import (
	"github.com/andrewkroh/go-sawmill/pkg/processor"
	"github.com/andrewkroh/go-sawmill/pkg/processor/registry"
)

func init() {
	registry.MustRegister(processorName, New)
}

const (
	processorName = "community_id"
)

// Config contains the configuration options for the community_id processor.
type Config struct {
	// Field containing the destination IP address.
	DestinationIP string `config:"destination_ip"`

	// Field containing the destination port.
	DestinationPort string `config:"destination_port"`

	// Field containing the IANA number.
	IANANumber string `config:"iana_number"`

	// Field containing the ICMP code.
	ICMPCode string `config:"icmp_code"`

	// Field containing the ICMP type.
	ICMPType string `config:"icmp_type"`

	// Ignore failures for the processor.
	IgnoreFailure bool `config:"ignore_failure"`

	// Seed for the community ID hash. Must be between 0 and 65535
	// (inclusive). The seed can prevent hash collisions between network
	// domains, such as a staging and production network that use the same
	// addressing scheme.
	Seed int16 `config:"seed"`

	// Field containing the source IP address.
	SourceIP string `config:"source_ip"`

	// Field containing the source port.
	SourcePort string `config:"source_port"`

	// The field to assign the output value to, by default field is updated
	// in-place.
	TargetField string `config:"target_field"`

	// Field containing the transport protocol. Used only when the iana_number
	// field is not present.
	Transport string `config:"transport"`
}

// InitDefaults initializes the configuration options to their default values.
func (c *Config) InitDefaults() {
	c.DestinationIP = "destination.ip"
	c.DestinationPort = "destination.port"
	c.IANANumber = "network.iana_number"
	c.ICMPCode = "icmp.code"
	c.ICMPType = "icmp.type"
	c.IgnoreFailure = false
	c.Seed = 0
	c.SourceIP = "source.ip"
	c.SourcePort = "source.port"
	c.TargetField = "network.community_id"
	c.Transport = "network.transport"
}

// Computes the Community ID for network flow data as defined in the
// [Community ID
// Specification](https://github.com/corelight/community-id-spec).
// You can use a community ID to correlate network events related to a single
// flow.
//
// The community ID processor reads network flow data from related
// Elastic Common Schema (ECS) fields by default. If you use the ECS, no
// configuration is required.
type CommunityID struct {
	config Config
}

// New returns a new CommunityID processor.
func New(config Config) (*CommunityID, error) {
	return &CommunityID{config: config}, nil
}

// Config returns the CommunityID processor config.
func (p *CommunityID) Config() Config {
	return p.config
}

func (p *CommunityID) String() string {
	return processor.ConfigString(processorName, p.config)
}

func (p *CommunityID) Process(event processor.Event) error {
	// TODO: Implement this in process.go.
	return nil
}