Add JSON output format support
This commit is contained in:
Adir Shitrit
@@ -5,16 +5,17 @@ use crate::{
|
||||
};
|
||||
#[cfg(target_os = "linux")]
|
||||
use crate::EbpfDetector;
|
||||
use serde::{Deserialize, Serialize};
|
||||
use std::collections::HashMap;
|
||||
|
||||
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
|
||||
#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
|
||||
pub enum ThreatLevel {
|
||||
Clean,
|
||||
Suspicious,
|
||||
Malicious,
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone)]
|
||||
#[derive(Debug, Clone, Serialize, Deserialize)]
|
||||
pub struct DetectionResult {
|
||||
pub process: ProcessInfo,
|
||||
pub threat_level: ThreatLevel,
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
use std::collections::HashMap;
|
||||
use std::time::{SystemTime, Duration};
|
||||
use serde::{Deserialize, Serialize};
|
||||
use crate::{ProcessInfo, MemoryRegion, ThreadInfo, MemoryProtection};
|
||||
|
||||
/// Advanced Evasion Detection Module
|
||||
@@ -11,7 +12,7 @@ pub struct EvasionDetector {
|
||||
obfuscation_detector: ObfuscationDetector,
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone)]
|
||||
#[derive(Debug, Clone, Serialize, Deserialize)]
|
||||
pub struct EvasionResult {
|
||||
pub evasion_techniques: Vec<EvasionTechnique>,
|
||||
pub confidence: f32,
|
||||
@@ -19,7 +20,7 @@ pub struct EvasionResult {
|
||||
pub anti_analysis_indicators: Vec<String>,
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone)]
|
||||
#[derive(Debug, Clone, Serialize, Deserialize)]
|
||||
pub struct EvasionTechnique {
|
||||
pub technique_name: String,
|
||||
pub mitre_id: String,
|
||||
@@ -29,7 +30,7 @@ pub struct EvasionTechnique {
|
||||
pub severity: EvasionSeverity,
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone, PartialEq)]
|
||||
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
|
||||
pub enum EvasionSeverity {
|
||||
Low, // Basic evasion attempts
|
||||
Medium, // Moderate sophistication
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
use serde::{Deserialize, Serialize};
|
||||
use std::fmt;
|
||||
|
||||
#[derive(Debug, Clone)]
|
||||
#[derive(Debug, Clone, Serialize, Deserialize)]
|
||||
pub struct ProcessInfo {
|
||||
pub pid: u32,
|
||||
pub ppid: u32,
|
||||
|
||||
@@ -38,7 +38,7 @@ pub enum IocType {
|
||||
Mutex,
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone)]
|
||||
#[derive(Debug, Clone, Serialize, Deserialize)]
|
||||
pub struct ThreatContext {
|
||||
pub matched_iocs: Vec<IndicatorOfCompromise>,
|
||||
pub threat_actor: Option<ThreatActor>,
|
||||
|
||||
Reference in New Issue
Block a user