changed Event API Channel -> Source

Signed-off-by: Quentin JEROME <[email protected]>
0xrawsec · Nov 6, 2023 · dfda88e · dfda88e
1 parent 8beea81
commit dfda88e
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 8 deletions.
diff --git a/engine/event.go b/engine/event.go
@@ -12,7 +12,7 @@ type Event interface {
 	SetDetection(d *Detection)
 	Get(*XPath) (interface{}, bool)
 	GetDetection() *Detection
-	Channel() string
+	Source() string
 	Computer() string
 	EventID() int64
 	Timestamp() time.Time
@@ -83,8 +83,8 @@ func (g GenericEvent) GetDetection() *Detection {
 	return nil
 }
 
-func (g GenericEvent) Channel() string {
-	p := g.Type().Channel
+func (g GenericEvent) Source() string {
+	p := g.Type().Source
 	if ch, ok := EventGetString(g, p); ok {
 		return ch
 	}

diff --git a/engine/event_test.go b/engine/event_test.go
@@ -15,7 +15,7 @@ func TestEvent(t *testing.T) {
 
 	tt.CheckErr(json.Unmarshal([]byte(eventStr), &evt))
 
-	tt.Assert(evt.Channel() == "Microsoft-Windows-Sysmon/Operational")
+	tt.Assert(evt.Source() == "Microsoft-Windows-Sysmon/Operational")
 	t.Log(evt.Computer())
 	tt.Assert(evt.Computer() == "DESKTOP-5SUA567")
 	ts, err := time.Parse(time.RFC3339Nano, "2017-01-19T16:09:30Z")

diff --git a/engine/filters.go b/engine/filters.go
@@ -38,5 +38,5 @@ func (f EventFilter) IsEmpty() bool {
 }
 
 func (f EventFilter) Match(e Event) bool {
-	return f.match(e.Channel(), e.EventID())
+	return f.match(e.Source(), e.EventID())
 }
diff --git a/engine/log_types.go b/engine/log_types.go
@@ -23,7 +23,7 @@ type NameConv int
 type LogType struct {
 	FieldNameConv NameConv
 	Data          *XPath
-	Channel       *XPath
+	Source        *XPath
 	EventID       *XPath
 	Hostname      *XPath
 	GeneInfo      *XPath
@@ -37,7 +37,7 @@ var (
 	TypeWinevt = LogType{
 		FieldNameConv: CamelCase,
 		Data:          eventDataPath,
-		Channel:       systemPath.Append("Channel"),
+		Source:        systemPath.Append("Channel"),
 		EventID:       systemPath.Append("EventID"),
 		Hostname:      systemPath.Append("Computer"),
 		GeneInfo:      Path("/Event/GeneInfo"),
@@ -50,7 +50,7 @@ var (
 	TypeKunai = LogType{
 		FieldNameConv: SnakeCase,
 		Data:          Path("/data"),
-		Channel:       Path("/info/event/source"),
+		Source:        Path("/info/event/source"),
 		EventID:       Path("/info/event/id"),
 		Hostname:      Path("/info/host/hostname"),
 		GeneInfo:      Path("/gene_info"),