-- Hoogle documentation, generated by Haddock
-- See Hoogle, http://www.haskell.org/hoogle/
-- | CEF log format
--
@package cef
@version 0.1.1
-- | CEF Log Format
--
-- This library implements ArcSight CEF Revision 20 released on
-- 06052013
--
-- See:
-- https://protect724.hp.com/servlet/JiveServlet/downloadBody/1072-102-6-4697/CommonEventFormat.pdf
module System.Log.CEF
data CEFEvent
CEFEvent :: Text -> Text -> Text -> Text -> Text -> Int -> Extensions -> CEFEvent
deviceVendor :: CEFEvent -> Text
deviceProduct :: CEFEvent -> Text
deviceVersion :: CEFEvent -> Text
-- | Is a unique identifier per event-type.
signatureId :: CEFEvent -> Text
-- | Is a string representing a human-readable and understandable
-- description of the event.
name :: CEFEvent -> Text
-- | Reflects the importance of the event. Must be in range
-- [0..10].
severity :: CEFEvent -> Int
extensions :: CEFEvent -> Extensions
-- |
-- >>> :set -XOverloadedStrings
--
-- >>> let exampleEvent = CEFEvent "Acme Corp" "Acmetorazor" "2.1" "cool" "MyNameIsCool" 10 (applicationProtocol "PUT")
--
-- >>> toLazyByteString $ log exampleEvent
-- "CEF:0|Acme Corp|Acmetorazor|2.1|MyNameIsCool|10|app=PUT\n"
--
log :: CEFEvent -> Builder
data Extensions
emptyExtensions :: Extensions
-- |
-- >>> :set -XOverloadedStrings
--
-- >>> toLazyByteString $ extensionsBuilder (applicationProtocol "PUT" <> deviceCustomIPv6Address1 "localnet" "::1")
-- "app=PUT c6a1Label=localnet c6a1=::1"
--
extensionsBuilder :: Extensions -> Builder
-- | See Chapter 4: User-Defined Extensions from the reference
customExtension :: Text -> Text -> Extensions
type IPv6Address = Text
type IPv4Address = Text
type MACAddress = Text
type TimeStamp = UTCTime
deviceAction :: Text -> Extensions
deviceCustomIPv6Address1 :: Text -> IPv6Address -> Extensions
deviceCustomIPv6Address2 :: Text -> IPv6Address -> Extensions
deviceCustomIPv6Address3 :: Text -> IPv6Address -> Extensions
deviceCustomIPv6Address4 :: Text -> IPv6Address -> Extensions
applicationProtocol :: Text -> Extensions
deviceEventCategory :: Text -> Extensions
deviceCustomFloatingPoint1 :: Text -> Double -> Extensions
deviceCustomFloatingPoint2 :: Text -> Double -> Extensions
deviceCustomFloatingPoint3 :: Text -> Double -> Extensions
deviceCustomFloatingPoint4 :: Text -> Double -> Extensions
deviceCustomNumber1 :: Text -> Int -> Extensions
deviceCustomNumber2 :: Text -> Int -> Extensions
deviceCustomNumber3 :: Text -> Int -> Extensions
deviceCustomNumber4 :: Text -> Int -> Extensions
baseEventCount :: Int -> Extensions
deviceCustomString1 :: Text -> Text -> Extensions
deviceCustomString2 :: Text -> Text -> Extensions
deviceCustomString3 :: Text -> Text -> Extensions
deviceCustomString4 :: Text -> Text -> Extensions
deviceCustomString5 :: Text -> Text -> Extensions
deviceCustomString6 :: Text -> Text -> Extensions
destinationDnsDomain :: Text -> Extensions
destinationServiceName :: Text -> Extensions
destinationTranslatedAddress :: IPv4Address -> Extensions
destinationTranslatedPort :: Int -> Extensions
deviceCustomDate1 :: Text -> TimeStamp -> Extensions
deviceCustomDate2 :: Text -> TimeStamp -> Extensions
deviceDirectionInbound :: Extensions
deviceDirectionOutbound :: Extensions
deviceDnsDomain :: Text -> Extensions
deviceExternalId :: Text -> Extensions
deviceFacility :: Text -> Extensions
deviceInboundInterface :: Text -> Extensions
deviceMacAddress :: MACAddress -> Extensions
deviceNtDomain :: Text -> Extensions
deviceOutboundInterface :: Text -> Extensions
deviceProcessName :: Text -> Extensions
deviceTranslatedAddress :: IPv4Address -> Extensions
destinationHostName :: Text -> Extensions
destinationMacAddress :: MACAddress -> Extensions
destinationNtDomain :: Text -> Extensions
destinationProcessId :: Text -> Extensions
destinationUserPrivileges :: Text -> Extensions
destinationProcessName :: Text -> Extensions
destinationPort :: Int -> Extensions
destinationAddress :: IPv4Address -> Extensions
destinationUserId :: Text -> Extensions
destinationUserName :: Text -> Extensions
deviceAddress :: IPv4Address -> Extensions
deviceHostName :: Text -> Extensions
deviceProcessId :: Text -> Extensions
endTime :: TimeStamp -> Extensions
externalId :: Text -> Extensions
fileCreateTime :: TimeStamp -> Extensions
fileHash :: Text -> Extensions
fileId :: Text -> Extensions
fileModificationTime :: TimeStamp -> Extensions
filePath :: Text -> Extensions
filePermission :: Text -> Extensions
fileType :: Text -> Extensions
fileName :: Text -> Extensions
fileSize :: Int -> Extensions
bytesIn :: Int -> Extensions
message :: Text -> Extensions
oldFileCreateTime :: TimeStamp -> Extensions
oldFileHash :: Text -> Extensions
oldFileId :: Text -> Extensions
oldFileModificationTime :: TimeStamp -> Extensions
oldFileName :: Text -> Extensions
oldFilePath :: Text -> Extensions
oldFilePermission :: Text -> Extensions
oldFileSize :: Int -> Extensions
oldFileType :: Text -> Extensions
bytesOut :: Int -> Extensions
eventOutcome :: Text -> Extensions
transportProtocol :: Text -> Extensions
reason :: Text -> Extensions
requestURL :: Text -> Extensions
requestClientApplication :: Text -> Extensions
requestCookies :: Text -> Extensions
requestMethod :: Text -> Extensions
receiptTime :: TimeStamp -> Extensions
sourceHostName :: Text -> Extensions
sourceMacAddress :: MACAddress -> Extensions
sourceNtDomain :: Text -> Extensions
sourceDnsDomain :: Text -> Extensions
sourceServiceName :: Text -> Extensions
sourceTranslatedAddress :: IPv4Address -> Extensions
sourceTranslatedPort :: Int -> Extensions
sourceProcessId :: Int -> Extensions
sourceUserPrivileges :: Text -> Extensions
sourceProcessName :: Text -> Extensions
sourcePort :: Int -> Extensions
sourceAddress :: IPv4Address -> Extensions
startTime :: TimeStamp -> Extensions
sourceUserId :: Text -> Extensions
sourceUserName :: Text -> Extensions