Merge pull request #55 from NextronSystems/fix/rename-finding

feat: rename finding

Author: secDre4mer

thorlog/common/event.go

@@ -28,7 +28,7 @@ type LogEventMetadata struct {
 	Mod  string    `json:"module" textlog:"module"`
 	// The ID of the scan where this event was created.
 	ScanID string `json:"scan_id" textlog:"scanid,omitempty"`
-	// A unique ID for this finding.
+	// A unique ID for this event.
 	// The ID is transient and the same element may have different IDs across multiple scans.
 	GenID string `json:"event_id,omitempty" textlog:"uid,omitempty"`
 	// The hostname of the machine where this event was generated.

thorlog/jsonschema/generateschema.go

@@ -97,7 +97,7 @@ func main() {
 		Title:       "ThorEvent",
 		OneOf: []*jsonschema.Schema{
 			{
-				Ref: "#/$defs/Finding",
+				Ref: "#/$defs/Assessment",
 			},
 			{
 				Ref: "#/$defs/Message",

thorlog/parser/parser_test.go

@@ -129,11 +129,11 @@ func TestParseEvent(t *testing.T) {
 			},
 		},
 		{
-			"JsonV3Finding",
-			`{"type":"THOR finding","meta":{"time":"2024-09-24T14:18:46.190394329+02:00","level":"Alert","module":"Test","scan_id":"abdc","event_id":"abdas","hostname":"aserarsd"},"message":"This is a test finding","subject":{"type":"file","path":"path/to/file"},"score":70,"reasons":[{"type":"reason","summary":"Reason 1","signature":{"score":70,"ref":null,"origin":"internal","kind":""},"matched":null}],"reason_count":0,"context":[{"object":{"type":"at job"},"relation":"","unique":false}],"log_version":"v3"}`,
-			&thorlog.Finding{
+			"JsonV3Assessment",
+			`{"type":"THOR assessment","meta":{"time":"2024-09-24T14:18:46.190394329+02:00","level":"Alert","module":"Test","scan_id":"abdc","event_id":"abdas","hostname":"aserarsd"},"message":"This is a test assessment","subject":{"type":"file","path":"path/to/file"},"score":70,"reasons":[{"type":"reason","summary":"Reason 1","signature":{"score":70,"ref":null,"origin":"internal","kind":""},"matched":null}],"reason_count":0,"context":[{"object":{"type":"at job"},"relation":"","unique":false}],"log_version":"v3"}`,
+			&thorlog.Assessment{
 				ObjectHeader: jsonlog.ObjectHeader{
-					Type: "THOR finding",
+					Type: "THOR assessment",
 				},
 				Meta: thorlog.LogEventMetadata{
 					Time:   mustTime("2024-09-24T14:18:46.190394329+02:00"),
@@ -143,7 +143,7 @@ func TestParseEvent(t *testing.T) {
 					GenID:  "abdas",
 					Source: "aserarsd",
 				},
-				Text: "This is a test finding",
+				Text: "This is a test assessment",
 				Subject: &thorlog.File{
 					ObjectHeader: jsonlog.ObjectHeader{
 						Type: "file",

thorlog/v3/amcache.go

@@ -31,4 +31,4 @@ func NewAmcacheEntry() *AmcacheEntry {
 	}
 }
 
-func (AmcacheEntry) reportable() {}
+func (AmcacheEntry) observed() {}

thorlog/v3/antivirus.go

@@ -13,7 +13,7 @@ type AntiVirusProduct struct {
 	Path            string `json:"path" textlog:"path"`
 }
 
-func (AntiVirusProduct) reportable() {}
+func (AntiVirusProduct) observed() {}
 
 const typeAntiVirusProduct = "antivirus product"
 
@@ -35,7 +35,7 @@ type AntiVirusExclude struct {
 	Exclusion string `json:"exclusion" textlog:"exclusion"`
 }
 
-func (AntiVirusExclude) reportable() {}
+func (AntiVirusExclude) observed() {}
 
 const typeAntiVirusExclude = "antivirus exclusion"
 

thorlog/v3/atjob.go

@@ -22,4 +22,4 @@ func NewAtJob() *AtJob {
 	}
 }
 
-func (AtJob) reportable() {}
+func (AtJob) observed() {}

thorlog/v3/auditlog.go

@@ -22,4 +22,4 @@ func NewAuditLogEntry() *AuditLogEntry {
 	}
 }
 
-func (AuditLogEntry) reportable() {}
+func (AuditLogEntry) observed() {}

thorlog/v3/authorizedkeys.go

@@ -25,4 +25,4 @@ func NewAuthorizedKeysEntry() *AuthorizedKeysEntry {
 	}
 }
 
-func (AuthorizedKeysEntry) reportable() {}
+func (AuthorizedKeysEntry) observed() {}

thorlog/v3/autorun.go

@@ -17,7 +17,7 @@ type AutorunEntry struct {
 	OldMd5 string `json:"old_md5,omitempty" textlog:"md5_before,omitempty"`
 }
 
-func (AutorunEntry) reportable() {}
+func (AutorunEntry) observed() {}
 
 const typeAutorunEntry = "autorun entry"
 

thorlog/v3/beaconwatcher.go

@@ -20,7 +20,7 @@ type NetworkConnectingThread struct {
 	Connections      NetworkConnections `json:"connections" textlog:"connections"`
 }
 
-func (NetworkConnectingThread) reportable() {}
+func (NetworkConnectingThread) observed() {}
 
 func NewNetworkConnectingThread(threadId uint32, process *Process) *NetworkConnectingThread {
 	return &NetworkConnectingThread{