Struct Observer 

pub struct Observer { /* private fields */ }

An observer is defined as a special network, security, or application device used to detect, observe, or create network, security, or application-related events and metrics.

This could be a custom hardware appliance or a server that has been configured to run special network, security, or application software. Examples include firewalls, web proxies, intrusion detection/prevention systems, network monitoring sensors, web application firewalls, data loss prevention systems, and APM servers. The observer.* fields shall be populated with details of the system, if any, that detects, observes and/or creates a network, security, or application event or metric. Message queues and ETL components used in processing events or metrics are not considered observers in ECS.

Implementations

impl Observer

pub fn get_mac(&self) -> &Vec<String>

MAC addresses of the observer.

The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen.

pub fn add_mac(&mut self, mac_arg: String)

MAC addresses of the observer.

The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen.

Example

["00-00-5E-00-53-23", "00-00-5E-00-53-24"]

pub fn get_ip(&self) -> &Vec<String>

IP addresses of the observer.

pub fn add_ip(&mut self, ip_arg: String)

IP addresses of the observer.

pub fn get_hostname(&self) -> Option<&String>

Hostname of the observer.

pub fn set_hostname(&mut self, hostname_arg: String)

Hostname of the observer.

pub fn get_name(&self) -> Option<&String>

Custom name of the observer.

This is a name that can be given to an observer. This can be helpful for example if multiple firewalls of the same model are used in an organization.

If no custom name is needed, the field can be left empty.

pub fn set_name(&mut self, name_arg: String)

Custom name of the observer.

This is a name that can be given to an observer. This can be helpful for example if multiple firewalls of the same model are used in an organization.

If no custom name is needed, the field can be left empty.

Example

1_proxySG

pub fn get_product(&self) -> Option<&String>

The product name of the observer.

pub fn set_product(&mut self, product_arg: String)

The product name of the observer.

Example

s200

pub fn get_vendor(&self) -> Option<&String>

Vendor name of the observer.

pub fn set_vendor(&mut self, vendor_arg: String)

Vendor name of the observer.

Example

Symantec

pub fn get_version(&self) -> Option<&String>

Observer version.

pub fn set_version(&mut self, version_arg: String)

Observer version.

pub fn get_serial_number(&self) -> Option<&String>

Observer serial number.

pub fn set_serial_number(&mut self, serial_number_arg: String)

Observer serial number.

pub fn get_type(&self) -> Option<&String>

The type of the observer the data is coming from.

There is no predefined list of observer types. Some examples are forwarder, firewall, ids, ips, proxy, poller, sensor, APM server.

pub fn set_type(&mut self, type_arg: String)

The type of the observer the data is coming from.

There is no predefined list of observer types. Some examples are forwarder, firewall, ids, ips, proxy, poller, sensor, APM server.

Example

firewall

pub fn get_ingress(&self) -> Option<&Value>

Observer.ingress holds information like interface number and name, vlan, and zone information to classify ingress traffic. Single armed monitoring such as a network sensor on a span port should only use observer.ingress to categorize traffic.

pub fn set_ingress(&mut self, ingress_arg: Value)

Observer.ingress holds information like interface number and name, vlan, and zone information to classify ingress traffic. Single armed monitoring such as a network sensor on a span port should only use observer.ingress to categorize traffic.

pub fn get_ingress_zone(&self) -> Option<&String>

Network zone of incoming traffic as reported by the observer to categorize the source area of ingress traffic. e.g. internal, External, DMZ, HR, Legal, etc.

pub fn set_ingress_zone(&mut self, ingress_zone_arg: String)

Network zone of incoming traffic as reported by the observer to categorize the source area of ingress traffic. e.g. internal, External, DMZ, HR, Legal, etc.

Example

DMZ

pub fn get_egress(&self) -> Option<&Value>

Observer.egress holds information like interface number and name, vlan, and zone information to classify egress traffic. Single armed monitoring such as a network sensor on a span port should only use observer.ingress to categorize traffic.

pub fn set_egress(&mut self, egress_arg: Value)

Observer.egress holds information like interface number and name, vlan, and zone information to classify egress traffic. Single armed monitoring such as a network sensor on a span port should only use observer.ingress to categorize traffic.

pub fn get_egress_zone(&self) -> Option<&String>

Network zone of outbound traffic as reported by the observer to categorize the destination area of egress traffic, e.g. Internal, External, DMZ, HR, Legal, etc.

pub fn set_egress_zone(&mut self, egress_zone_arg: String)

Network zone of outbound traffic as reported by the observer to categorize the destination area of egress traffic, e.g. Internal, External, DMZ, HR, Legal, etc.

Example

Public_Internet

Trait Implementations

impl Clone for Observer

fn clone(&self) -> Observer

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Default for Observer

fn default() -> Observer

Returns the “default value” for a type.

impl Serialize for Observer

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.