Source code for beagle.constants

[docs]class Protocols: HTTP = "HTTP" TCP = "TCP" UDP = "UDP" ICMP = "ICMP"
[docs]class HashAlgos: SHA256 = "sha256" MD5 = "md5" SHA1 = "sha1"
[docs]class HTTPMethods: GET = "GET" HEAD = "HEAD" POST = "POST" PUT = "PUT" DELETE = "DELETE" CONNECT = "CONNECT" OPTIONS = "OPTIONS" TRACE = "TRACE"
[docs]class EventTypes: PROCESS_LAUNCHED = "process_launched" FILE_DELETED = "file_deleted" FILE_OPENED = "file_opened" FILE_WRITTEN = "file_written" FILE_COPIED = "file_copied" REG_KEY_OPENED = "reg_key_opened" REG_KEY_DELETED = "reg_key_deleted" REG_KEY_SET = "reg_key_set" LOADED_MODULE = "loaded_module" HTTP_REQUEST = "http_request" CONNECTION = "connection" DNS_LOOKUP = "dns_lookup"
[docs]class FieldNames: # General FieldNames TIMESTAMP = "timestamp" EVENT_TYPE = "event_type" # Process FieldNames PROCESS_IMAGE = "process_image" PROCESS_IMAGE_PATH = "process_image_path" PROCESS_ID = "process_id" COMMAND_LINE = "command_line" # Parent Process FieldNames PARENT_PROCESS_IMAGE = "parent_process_image" PARENT_PROCESS_IMAGE_PATH = "parent_process_image_path" PARENT_PROCESS_ID = "parent_process_id" PARENT_COMMAND_LINE = "parent_command_line" # File FieldNames FILE_NAME = "file_name" FILE_PATH = "file_path" HASHES = "hashes" # Copied/Moved/Renamed File Events SRC_FILE = "src_file" DEST_FILE = "dst_file" # HTTP Fields HTTP_METHOD = "http_method" HTTP_HOST = "http_host" URI = "uri" # IP Address fields IP_ADDRESS = "ip_address" PORT = "port" PROTOCOL = "protocol" # Registry HIVE = "hive" REG_KEY = "reg_key" REG_KEY_VALUE = "reg_key_value" REG_KEY_PATH = "reg_path" # Alerts ALERTED_ON = "alerted_on" ALERT_NAME = "alert_name" ALERT_DATA = "alert_data"