func keyAlert(metadata ssh.ConnMetadata, key ssh.PublicKey) string { meta := baseAlertMap(metadata) meta["authtype"] = "publickey" meta["key"] = string(ssh.MarshalAuthorizedKey(key)) return alert.NewSplunkAlertMessage(meta) }
func passwdAlert(metadata ssh.ConnMetadata, passwd []byte) string { meta := baseAlertMap(metadata) meta["authtype"] = "password" meta["password"] = string(passwd) return alert.NewSplunkAlertMessage(meta) }
func makeAlert(r *http.Request) string { meta := make(map[string]string) meta["service"] = "web" meta["remote"] = r.RemoteAddr meta["local"] = r.Host meta["url"] = r.URL.String() meta["user-agent"] = r.Header.Get("User-Agent") meta["cookie"] = r.Header.Get("Cookie") meta["referer"] = r.Header.Get("Referer") meta["method"] = r.Method err := r.ParseForm() if err == nil { meta["username"] = r.Form.Get("username") meta["password"] = r.Form.Get("password") } return alert.NewSplunkAlertMessage(meta) }