-
Notifications
You must be signed in to change notification settings - Fork 40
/
constants.go
113 lines (101 loc) · 4.23 KB
/
constants.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
package bookmarks
import "strings"
// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT License. See NOTICE.txt in the project root for license information.
type AttackTactic string
const (
AttackTacticCollection AttackTactic = "Collection"
AttackTacticCommandAndControl AttackTactic = "CommandAndControl"
AttackTacticCredentialAccess AttackTactic = "CredentialAccess"
AttackTacticDefenseEvasion AttackTactic = "DefenseEvasion"
AttackTacticDiscovery AttackTactic = "Discovery"
AttackTacticExecution AttackTactic = "Execution"
AttackTacticExfiltration AttackTactic = "Exfiltration"
AttackTacticImpact AttackTactic = "Impact"
AttackTacticImpairProcessControl AttackTactic = "ImpairProcessControl"
AttackTacticInhibitResponseFunction AttackTactic = "InhibitResponseFunction"
AttackTacticInitialAccess AttackTactic = "InitialAccess"
AttackTacticLateralMovement AttackTactic = "LateralMovement"
AttackTacticPersistence AttackTactic = "Persistence"
AttackTacticPreAttack AttackTactic = "PreAttack"
AttackTacticPrivilegeEscalation AttackTactic = "PrivilegeEscalation"
AttackTacticReconnaissance AttackTactic = "Reconnaissance"
AttackTacticResourceDevelopment AttackTactic = "ResourceDevelopment"
)
func PossibleValuesForAttackTactic() []string {
return []string{
string(AttackTacticCollection),
string(AttackTacticCommandAndControl),
string(AttackTacticCredentialAccess),
string(AttackTacticDefenseEvasion),
string(AttackTacticDiscovery),
string(AttackTacticExecution),
string(AttackTacticExfiltration),
string(AttackTacticImpact),
string(AttackTacticImpairProcessControl),
string(AttackTacticInhibitResponseFunction),
string(AttackTacticInitialAccess),
string(AttackTacticLateralMovement),
string(AttackTacticPersistence),
string(AttackTacticPreAttack),
string(AttackTacticPrivilegeEscalation),
string(AttackTacticReconnaissance),
string(AttackTacticResourceDevelopment),
}
}
func parseAttackTactic(input string) (*AttackTactic, error) {
vals := map[string]AttackTactic{
"collection": AttackTacticCollection,
"commandandcontrol": AttackTacticCommandAndControl,
"credentialaccess": AttackTacticCredentialAccess,
"defenseevasion": AttackTacticDefenseEvasion,
"discovery": AttackTacticDiscovery,
"execution": AttackTacticExecution,
"exfiltration": AttackTacticExfiltration,
"impact": AttackTacticImpact,
"impairprocesscontrol": AttackTacticImpairProcessControl,
"inhibitresponsefunction": AttackTacticInhibitResponseFunction,
"initialaccess": AttackTacticInitialAccess,
"lateralmovement": AttackTacticLateralMovement,
"persistence": AttackTacticPersistence,
"preattack": AttackTacticPreAttack,
"privilegeescalation": AttackTacticPrivilegeEscalation,
"reconnaissance": AttackTacticReconnaissance,
"resourcedevelopment": AttackTacticResourceDevelopment,
}
if v, ok := vals[strings.ToLower(input)]; ok {
return &v, nil
}
// otherwise presume it's an undefined value and best-effort it
out := AttackTactic(input)
return &out, nil
}
type IncidentSeverity string
const (
IncidentSeverityHigh IncidentSeverity = "High"
IncidentSeverityInformational IncidentSeverity = "Informational"
IncidentSeverityLow IncidentSeverity = "Low"
IncidentSeverityMedium IncidentSeverity = "Medium"
)
func PossibleValuesForIncidentSeverity() []string {
return []string{
string(IncidentSeverityHigh),
string(IncidentSeverityInformational),
string(IncidentSeverityLow),
string(IncidentSeverityMedium),
}
}
func parseIncidentSeverity(input string) (*IncidentSeverity, error) {
vals := map[string]IncidentSeverity{
"high": IncidentSeverityHigh,
"informational": IncidentSeverityInformational,
"low": IncidentSeverityLow,
"medium": IncidentSeverityMedium,
}
if v, ok := vals[strings.ToLower(input)]; ok {
return &v, nil
}
// otherwise presume it's an undefined value and best-effort it
out := IncidentSeverity(input)
return &out, nil
}