ok github.com/0xrawsec/whids/agent 92.954s coverage: 71.4% of statements ok github.com/0xrawsec/whids/agent/config 19.609s coverage: 78.2% of statements ok github.com/0xrawsec/whids/agent/sysinfo 2.545s coverage: 83.3% of statements ok github.com/0xrawsec/whids/api/server 213.854s coverage: 64.5% of statements ok github.com/0xrawsec/whids/event 77.385s coverage: 74.2% of statements ok github.com/0xrawsec/whids/ioc 66.969s coverage: 73.3% of statements ok github.com/0xrawsec/whids/logger 59.347s coverage: 76.7% of statements ok github.com/0xrawsec/whids/sysmon 12.337s coverage: 82.7% of statements ok github.com/0xrawsec/whids/utils 26.657s coverage: 80.1% of statements ok github.com/0xrawsec/whids/utils/command 0.565s coverage: 100.0% of statements github.com/0xrawsec/whids/agent/actions.go:72: NewActionHandler 100.0% github.com/0xrawsec/whids/agent/actions.go:81: dumpname 100.0% github.com/0xrawsec/whids/agent/actions.go:86: prepare 100.0% github.com/0xrawsec/whids/agent/actions.go:94: shouldDump 100.0% github.com/0xrawsec/whids/agent/actions.go:99: writeReader 100.0% github.com/0xrawsec/whids/agent/actions.go:104: dumpAsJson 66.7% github.com/0xrawsec/whids/agent/actions.go:117: dumpBinFile 100.0% github.com/0xrawsec/whids/agent/actions.go:121: dumpFile 77.8% github.com/0xrawsec/whids/agent/actions.go:156: listFilesFromCommandLine 81.8% github.com/0xrawsec/whids/agent/actions.go:179: filedumpSet 44.4% github.com/0xrawsec/whids/agent/actions.go:232: filedump 80.0% github.com/0xrawsec/whids/agent/actions.go:242: memdump 0.0% github.com/0xrawsec/whids/agent/actions.go:277: regDump 0.0% github.com/0xrawsec/whids/agent/actions.go:287: regdump 30.8% github.com/0xrawsec/whids/agent/actions.go:318: suspend_process 0.0% github.com/0xrawsec/whids/agent/actions.go:328: kill_process 0.0% github.com/0xrawsec/whids/agent/actions.go:341: Queue 100.0% github.com/0xrawsec/whids/agent/actions.go:351: HandleActions 58.1% github.com/0xrawsec/whids/agent/actions.go:424: queueCompression 100.0% github.com/0xrawsec/whids/agent/actions.go:430: compressionLoop 80.0% github.com/0xrawsec/whids/agent/actions.go:449: handleActionsLoop 100.0% github.com/0xrawsec/whids/agent/agent.go:108: newActionnableEngine 100.0% github.com/0xrawsec/whids/agent/agent.go:127: NewAgent 100.0% github.com/0xrawsec/whids/agent/agent.go:137: Initialize 100.0% github.com/0xrawsec/whids/agent/agent.go:160: Prepare 73.9% github.com/0xrawsec/whids/agent/agent.go:219: initEnvVariables 100.0% github.com/0xrawsec/whids/agent/agent.go:223: initDB 66.7% github.com/0xrawsec/whids/agent/agent.go:232: initEventProvider 87.5% github.com/0xrawsec/whids/agent/agent.go:254: initHooks 100.0% github.com/0xrawsec/whids/agent/agent.go:281: configureAuditPolicies 84.6% github.com/0xrawsec/whids/agent/agent.go:307: update 52.1% github.com/0xrawsec/whids/agent/agent.go:401: needsRulesUpdate 75.0% github.com/0xrawsec/whids/agent/agent.go:427: needsIoCsUpdate 90.0% github.com/0xrawsec/whids/agent/agent.go:450: fetchRulesFromManager 69.2% github.com/0xrawsec/whids/agent/agent.go:478: containerPaths 100.0% github.com/0xrawsec/whids/agent/agent.go:484: fetchIoCsFromManager 69.2% github.com/0xrawsec/whids/agent/agent.go:537: loadContainers 66.7% github.com/0xrawsec/whids/agent/agent.go:569: updateSystemInfo 77.8% github.com/0xrawsec/whids/agent/agent.go:597: updateSysmonBin 30.0% github.com/0xrawsec/whids/agent/agent.go:643: updateSysmonConfig 48.1% github.com/0xrawsec/whids/agent/agent.go:703: updateAgentConfig 36.0% github.com/0xrawsec/whids/agent/agent.go:753: cleanup 33.3% github.com/0xrawsec/whids/agent/agent.go:769: IsHIDSEvent 100.0% github.com/0xrawsec/whids/agent/agent.go:803: Report 100.0% github.com/0xrawsec/whids/agent/agent.go:829: eventScanRoutine 66.7% github.com/0xrawsec/whids/agent/agent.go:942: Run 75.0% github.com/0xrawsec/whids/agent/agent.go:980: LogStats 100.0% github.com/0xrawsec/whids/agent/agent.go:989: Stop 68.8% github.com/0xrawsec/whids/agent/agent.go:1025: Wait 100.0% github.com/0xrawsec/whids/agent/agent.go:1030: WaitWithTimeout 92.3% github.com/0xrawsec/whids/agent/commands.go:32: Path 100.0% github.com/0xrawsec/whids/agent/commands.go:36: Hash 90.9% github.com/0xrawsec/whids/agent/commands.go:70: FromFSFileInfo 100.0% github.com/0xrawsec/whids/agent/commands.go:90: FromWalkerWalkItem 90.0% github.com/0xrawsec/whids/agent/commands.go:108: cmdHash 70.0% github.com/0xrawsec/whids/agent/commands.go:126: cmdDir 81.8% github.com/0xrawsec/whids/agent/commands.go:147: cmdWalk 100.0% github.com/0xrawsec/whids/agent/commands.go:159: cmdFind 92.9% github.com/0xrawsec/whids/agent/commands.go:187: cmdStat 83.3% github.com/0xrawsec/whids/agent/config/canary_windows.go:22: expandDir 100.0% github.com/0xrawsec/whids/agent/config/canary_windows.go:27: create 69.0% github.com/0xrawsec/whids/agent/config/canary_windows.go:79: clean 70.6% github.com/0xrawsec/whids/agent/config/canary_windows.go:117: paths 100.0% github.com/0xrawsec/whids/agent/config/canary_windows.go:127: canaryRegexp 80.0% github.com/0xrawsec/whids/agent/config/canary_windows.go:147: whitelistRegexp 75.0% github.com/0xrawsec/whids/agent/config/canary_windows.go:156: Configure 70.0% github.com/0xrawsec/whids/agent/config/canary_windows.go:180: RestoreACLs 71.4% github.com/0xrawsec/whids/agent/config/canary_windows.go:197: GenRuleFSAudit 100.0% github.com/0xrawsec/whids/agent/config/canary_windows.go:215: GenRuleSysmon 100.0% github.com/0xrawsec/whids/agent/config/canary_windows.go:231: GenRuleKernelFile 100.0% github.com/0xrawsec/whids/agent/config/canary_windows.go:247: Clean 80.0% github.com/0xrawsec/whids/agent/config/config.go:53: RulesPaths 100.0% github.com/0xrawsec/whids/agent/config/config.go:91: LoadAgentConfig 87.5% github.com/0xrawsec/whids/agent/config/config.go:103: Sha256 100.0% github.com/0xrawsec/whids/agent/config/config.go:108: IsForwardingEnabled 100.0% github.com/0xrawsec/whids/agent/config/config.go:113: Prepare 62.5% github.com/0xrawsec/whids/agent/config/config.go:148: Verify 60.0% github.com/0xrawsec/whids/agent/config/config.go:158: Path 100.0% github.com/0xrawsec/whids/agent/config/config.go:163: Save 75.0% github.com/0xrawsec/whids/agent/config/etw.go:15: FileTraceEnabled 100.0% github.com/0xrawsec/whids/agent/config/etw_windows.go:38: optimizedKernelFileProvider 100.0% github.com/0xrawsec/whids/agent/config/etw_windows.go:51: ConfigureAutologger 62.5% github.com/0xrawsec/whids/agent/config/etw_windows.go:70: UnifiedProviders 75.0% github.com/0xrawsec/whids/agent/config/etw_windows.go:88: UnifiedTraces 100.0% github.com/0xrawsec/whids/agent/config/reports.go:28: Run 57.9% github.com/0xrawsec/whids/agent/config/reports.go:74: PrepareCommands 100.0% github.com/0xrawsec/whids/agent/config/reports.go:98: PrepareCommands 100.0% github.com/0xrawsec/whids/agent/cron.go:25: containCmd 0.0% github.com/0xrawsec/whids/agent/cron.go:39: uncontainCmd 0.0% github.com/0xrawsec/whids/agent/cron.go:48: handleManagerCommand 0.0% github.com/0xrawsec/whids/agent/cron.go:307: taskCommandRunner 55.0% github.com/0xrawsec/whids/agent/cron.go:342: scheduleCleanArchivedTask 42.1% github.com/0xrawsec/whids/agent/cron.go:382: taskUploadDumps 66.7% github.com/0xrawsec/whids/agent/cron.go:436: updateTools 51.6% github.com/0xrawsec/whids/agent/cron.go:506: scheduleTasks 84.0% github.com/0xrawsec/whids/agent/defaults.go:12: BuildDefaultConfig 100.0% github.com/0xrawsec/whids/agent/etw.go:13: eventRecordCallback 100.0% github.com/0xrawsec/whids/agent/etw.go:18: microsoftKernelFileProcessing 84.4% github.com/0xrawsec/whids/agent/etw.go:93: preparedCallback 100.0% github.com/0xrawsec/whids/agent/filters.go:73: NewFilter 100.0% github.com/0xrawsec/whids/agent/filters.go:81: Match 100.0% github.com/0xrawsec/whids/agent/hookdefs.go:37: hookSetImageSize 82.4% github.com/0xrawsec/whids/agent/hookdefs.go:69: hookImageLoad 95.0% github.com/0xrawsec/whids/agent/hookdefs.go:106: trackSysmonProcessCreate 76.1% github.com/0xrawsec/whids/agent/hookdefs.go:227: hookTrack 50.0% github.com/0xrawsec/whids/agent/hookdefs.go:240: hookStats 94.5% github.com/0xrawsec/whids/agent/hookdefs.go:351: hookUpdateGeneScore 100.0% github.com/0xrawsec/whids/agent/hookdefs.go:368: hookTerminator 53.8% github.com/0xrawsec/whids/agent/hookdefs.go:396: hookProcTerm 87.5% github.com/0xrawsec/whids/agent/hookdefs.go:412: hookSelfGUID 56.2% github.com/0xrawsec/whids/agent/hookdefs.go:446: hookFileSystemAudit 94.4% github.com/0xrawsec/whids/agent/hookdefs.go:476: hookProcessIntegrityProcTamp 0.0% github.com/0xrawsec/whids/agent/hookdefs.go:552: hookEnrichServices 77.8% github.com/0xrawsec/whids/agent/hookdefs.go:630: hookEnrichAnySysmon 100.0% github.com/0xrawsec/whids/agent/hookdefs.go:752: hookClipboardEvents 0.0% github.com/0xrawsec/whids/agent/hookdefs.go:779: hookKernelFiles 100.0% github.com/0xrawsec/whids/agent/hooks.go:21: newHookCache 100.0% github.com/0xrawsec/whids/agent/hooks.go:27: get 100.0% github.com/0xrawsec/whids/agent/hooks.go:38: cache 100.0% github.com/0xrawsec/whids/agent/hooks.go:65: NewHookMan 100.0% github.com/0xrawsec/whids/agent/hooks.go:73: Hook 100.0% github.com/0xrawsec/whids/agent/hooks.go:82: RunHooksOn 93.8% github.com/0xrawsec/whids/agent/hookutils.go:13: toString 100.0% github.com/0xrawsec/whids/agent/hookutils.go:17: toHex 66.7% github.com/0xrawsec/whids/agent/hookutils.go:25: terminate 100.0% github.com/0xrawsec/whids/agent/hookutils.go:41: isSysmonProcessTerminate 100.0% github.com/0xrawsec/whids/agent/iocs.go:17: ruleHashIoC 100.0% github.com/0xrawsec/whids/agent/iocs.go:32: ruleDomainIoC 100.0% github.com/0xrawsec/whids/agent/paths.go:11: EventDataPath 100.0% github.com/0xrawsec/whids/agent/ptrack.go:40: NewProcStats 100.0% github.com/0xrawsec/whids/agent/ptrack.go:51: UpdateNetResolve 100.0% github.com/0xrawsec/whids/agent/ptrack.go:60: UpdateCon 100.0% github.com/0xrawsec/whids/agent/ptrack.go:70: ConStat 100.0% github.com/0xrawsec/whids/agent/ptrack.go:82: NewGeneScore 100.0% github.com/0xrawsec/whids/agent/ptrack.go:86: Update 100.0% github.com/0xrawsec/whids/agent/ptrack.go:95: sysmonHashesToMap 100.0% github.com/0xrawsec/whids/agent/ptrack.go:178: emptyProcessTrack 100.0% github.com/0xrawsec/whids/agent/ptrack.go:184: NewProcessTrack 100.0% github.com/0xrawsec/whids/agent/ptrack.go:202: IsZero 100.0% github.com/0xrawsec/whids/agent/ptrack.go:206: SetHashes 100.0% github.com/0xrawsec/whids/agent/ptrack.go:211: TerminateProcess 100.0% github.com/0xrawsec/whids/agent/ptrack.go:236: ModuleInfoFromEvent 100.0% github.com/0xrawsec/whids/agent/ptrack.go:258: Id 100.0% github.com/0xrawsec/whids/agent/ptrack.go:262: UpdateStatistics 100.0% github.com/0xrawsec/whids/agent/ptrack.go:279: DriverInfoFromEvent 0.0% github.com/0xrawsec/whids/agent/ptrack.go:304: sourceGUIDFromEvent 77.8% github.com/0xrawsec/whids/agent/ptrack.go:325: targetGUIDFromEvent 70.0% github.com/0xrawsec/whids/agent/ptrack.go:368: NewActivityTracker 100.0% github.com/0xrawsec/whids/agent/ptrack.go:385: delete 100.0% github.com/0xrawsec/whids/agent/ptrack.go:398: freeRtn 100.0% github.com/0xrawsec/whids/agent/ptrack.go:433: TrackKernel 91.7% github.com/0xrawsec/whids/agent/ptrack.go:476: CheckDumpCountOrInc 100.0% github.com/0xrawsec/whids/agent/ptrack.go:490: add 100.0% github.com/0xrawsec/whids/agent/ptrack.go:498: Add 100.0% github.com/0xrawsec/whids/agent/ptrack.go:504: PS 100.0% github.com/0xrawsec/whids/agent/ptrack.go:515: Blacklist 0.0% github.com/0xrawsec/whids/agent/ptrack.go:519: IsBlacklisted 100.0% github.com/0xrawsec/whids/agent/ptrack.go:523: SourceTrackFromEvent 83.3% github.com/0xrawsec/whids/agent/ptrack.go:535: TargetTrackFromEvent 83.3% github.com/0xrawsec/whids/agent/ptrack.go:547: GetParentByGuid 80.0% github.com/0xrawsec/whids/agent/ptrack.go:556: getByGuid 100.0% github.com/0xrawsec/whids/agent/ptrack.go:565: GetByGuid 100.0% github.com/0xrawsec/whids/agent/ptrack.go:574: GetByPID 100.0% github.com/0xrawsec/whids/agent/ptrack.go:591: ContainsGuid 100.0% github.com/0xrawsec/whids/agent/ptrack.go:598: ContainsPID 0.0% github.com/0xrawsec/whids/agent/ptrack.go:605: Modules 100.0% github.com/0xrawsec/whids/agent/ptrack.go:613: AddKernelFile 100.0% github.com/0xrawsec/whids/agent/ptrack.go:619: GetKernelFile 100.0% github.com/0xrawsec/whids/agent/ptrack.go:626: DelKernelFile 100.0% github.com/0xrawsec/whids/agent/ptrack.go:634: GetModuleOrUpdate 100.0% github.com/0xrawsec/whids/agent/ptrack.go:645: IsTerminated 80.0% github.com/0xrawsec/whids/agent/ptrack.go:654: Terminate 90.9% github.com/0xrawsec/whids/agent/stats.go:29: NewEventStats 100.0% github.com/0xrawsec/whids/agent/stats.go:39: SinceStart 100.0% github.com/0xrawsec/whids/agent/stats.go:43: Start 100.0% github.com/0xrawsec/whids/agent/stats.go:48: Threshold 0.0% github.com/0xrawsec/whids/agent/stats.go:52: Duration 0.0% github.com/0xrawsec/whids/agent/stats.go:56: Update 100.0% github.com/0xrawsec/whids/agent/stats.go:64: Events 100.0% github.com/0xrawsec/whids/agent/stats.go:68: Detections 100.0% github.com/0xrawsec/whids/agent/stats.go:72: EPS 75.0% github.com/0xrawsec/whids/agent/stats.go:80: CriticalEPS 0.0% github.com/0xrawsec/whids/agent/stats.go:84: DynEPS 75.0% github.com/0xrawsec/whids/agent/stats.go:92: HasPerfIssue 61.5% github.com/0xrawsec/whids/agent/stats.go:112: HasCriticalPerfIssue 0.0% github.com/0xrawsec/whids/agent/sysinfo/sysinfo.go:19: RegisterEdrInfo 100.0% github.com/0xrawsec/whids/agent/sysinfo/sysinfo.go:68: Err 0.0% github.com/0xrawsec/whids/agent/sysinfo/windows_sysinfo.go:31: NewSystemInfo 95.0% github.com/0xrawsec/whids/api/server/command.go:18: ToCommand 77.8% github.com/0xrawsec/whids/api/server/log_streamer.go:18: Queue 75.0% github.com/0xrawsec/whids/api/server/log_streamer.go:26: Stream 100.0% github.com/0xrawsec/whids/api/server/log_streamer.go:40: Close 0.0% github.com/0xrawsec/whids/api/server/log_streamer.go:49: NewEventStreamer 100.0% github.com/0xrawsec/whids/api/server/log_streamer.go:55: NewStream 100.0% github.com/0xrawsec/whids/api/server/log_streamer.go:63: newId 100.0% github.com/0xrawsec/whids/api/server/log_streamer.go:73: Queue 83.3% github.com/0xrawsec/whids/api/server/manager.go:51: init 75.0% github.com/0xrawsec/whids/api/server/manager.go:64: IPFromRequest 0.0% github.com/0xrawsec/whids/api/server/manager.go:77: gunzipMiddleware 62.5% github.com/0xrawsec/whids/api/server/manager.go:100: Empty 100.0% github.com/0xrawsec/whids/api/server/manager.go:105: Verify 50.0% github.com/0xrawsec/whids/api/server/manager.go:145: LoadManagerConfig 0.0% github.com/0xrawsec/whids/api/server/manager.go:157: SetPath 100.0% github.com/0xrawsec/whids/api/server/manager.go:162: EndpointAPIUrl 0.0% github.com/0xrawsec/whids/api/server/manager.go:172: AdminAPIUrl 75.0% github.com/0xrawsec/whids/api/server/manager.go:182: Save 0.0% github.com/0xrawsec/whids/api/server/manager.go:221: NewManager 75.0% github.com/0xrawsec/whids/api/server/manager.go:280: createTableOrRepair 28.6% github.com/0xrawsec/whids/api/server/manager.go:299: initializeDB 70.8% github.com/0xrawsec/whids/api/server/manager.go:352: initializeGeneFromDB 84.6% github.com/0xrawsec/whids/api/server/manager.go:378: updateRulesCache 100.0% github.com/0xrawsec/whids/api/server/manager.go:391: AddCommand 75.0% github.com/0xrawsec/whids/api/server/manager.go:400: GetCommand 66.7% github.com/0xrawsec/whids/api/server/manager.go:414: Endpoint 66.7% github.com/0xrawsec/whids/api/server/manager.go:427: Endpoints 85.7% github.com/0xrawsec/whids/api/server/manager.go:443: ImportRules 0.0% github.com/0xrawsec/whids/api/server/manager.go:468: CreateNewAdminAPIUser 50.0% github.com/0xrawsec/whids/api/server/manager.go:481: AddEndpoint 100.0% github.com/0xrawsec/whids/api/server/manager.go:485: AddIoCs 81.8% github.com/0xrawsec/whids/api/server/manager.go:516: UpdateReducer 100.0% github.com/0xrawsec/whids/api/server/manager.go:531: logAPIErrorf 100.0% github.com/0xrawsec/whids/api/server/manager.go:544: Wait 100.0% github.com/0xrawsec/whids/api/server/manager.go:549: IsDone 0.0% github.com/0xrawsec/whids/api/server/manager.go:554: Shutdown 82.4% github.com/0xrawsec/whids/api/server/manager.go:583: Run 100.0% github.com/0xrawsec/whids/api/server/manager_admin_api.go:41: admApiParseDuration 71.4% github.com/0xrawsec/whids/api/server/manager_admin_api.go:54: admApiParseTime 66.7% github.com/0xrawsec/whids/api/server/manager_admin_api.go:78: NewAdminAPIResponse 100.0% github.com/0xrawsec/whids/api/server/manager_admin_api.go:83: NewAdminAPIRespError 0.0% github.com/0xrawsec/whids/api/server/manager_admin_api.go:88: NewAdminAPIRespErrorString 0.0% github.com/0xrawsec/whids/api/server/manager_admin_api.go:93: UnmarshalData 75.0% github.com/0xrawsec/whids/api/server/manager_admin_api.go:102: ToJSON 50.0% github.com/0xrawsec/whids/api/server/manager_admin_api.go:113: Err 66.7% github.com/0xrawsec/whids/api/server/manager_admin_api.go:120: admErr 0.0% github.com/0xrawsec/whids/api/server/manager_admin_api.go:124: admErrorf 0.0% github.com/0xrawsec/whids/api/server/manager_admin_api.go:128: admJSONResp 100.0% github.com/0xrawsec/whids/api/server/manager_admin_api.go:138: adminAuthorizationMiddleware 66.7% github.com/0xrawsec/whids/api/server/manager_admin_api.go:154: admLogHTTPMiddleware 100.0% github.com/0xrawsec/whids/api/server/manager_admin_api.go:163: adminRespHeaderMiddleware 100.0% github.com/0xrawsec/whids/api/server/manager_admin_api.go:173: admAPIUsers 48.7% github.com/0xrawsec/whids/api/server/manager_admin_api.go:254: admAPIUser 55.9% github.com/0xrawsec/whids/api/server/manager_admin_api.go:318: admAPIEndpoints 73.5% github.com/0xrawsec/whids/api/server/manager_admin_api.go:382: admAPIEndpoint 66.7% github.com/0xrawsec/whids/api/server/manager_admin_api.go:466: admAPIEndpointConfig 68.6% github.com/0xrawsec/whids/api/server/manager_admin_api.go:535: admAPIEndpointCommand 66.7% github.com/0xrawsec/whids/api/server/manager_admin_api.go:594: admAPIEndpointCommandField 52.9% github.com/0xrawsec/whids/api/server/manager_admin_api.go:631: admAPIEndpointLogs 70.7% github.com/0xrawsec/whids/api/server/manager_admin_api.go:771: admAPIEndpointReport 78.9% github.com/0xrawsec/whids/api/server/manager_admin_api.go:811: admAPIEndpointReportArchive 67.4% github.com/0xrawsec/whids/api/server/manager_admin_api.go:886: admAPIEndpointsReports 83.3% github.com/0xrawsec/whids/api/server/manager_admin_api.go:913: listEndpointDumps 80.6% github.com/0xrawsec/whids/api/server/manager_admin_api.go:980: admAPIArtifacts 61.1% github.com/0xrawsec/whids/api/server/manager_admin_api.go:1011: admAPIEndpointArtifacts 61.1% github.com/0xrawsec/whids/api/server/manager_admin_api.go:1042: admAPIEndpointArtifact 62.9% github.com/0xrawsec/whids/api/server/manager_admin_api.go:1108: admAPIEndpointSysmonConfig 65.7% github.com/0xrawsec/whids/api/server/manager_admin_api.go:1181: admAPIEndpointToolMgmt 66.7% github.com/0xrawsec/whids/api/server/manager_admin_api.go:1268: admAPIEndpointSysmonBinary 100.0% github.com/0xrawsec/whids/api/server/manager_admin_api.go:1272: admAPIEndpointOSQueryiBinary 100.0% github.com/0xrawsec/whids/api/server/manager_admin_api.go:1281: admAPIStats 75.0% github.com/0xrawsec/whids/api/server/manager_admin_api.go:1293: admAPIIocs 58.0% github.com/0xrawsec/whids/api/server/manager_admin_api.go:1396: admAPIRules 58.8% github.com/0xrawsec/whids/api/server/manager_admin_api.go:1502: wsHandleControlMessage 100.0% github.com/0xrawsec/whids/api/server/manager_admin_api.go:1512: admAPIStreamEvents 71.4% github.com/0xrawsec/whids/api/server/manager_admin_api.go:1535: admAPIStreamDetections 0.0% github.com/0xrawsec/whids/api/server/manager_admin_api.go:1560: runAdminAPI 87.8% github.com/0xrawsec/whids/api/server/manager_endpoint_api.go:32: eptAPIMutEndpointFromRequest 75.0% github.com/0xrawsec/whids/api/server/manager_endpoint_api.go:42: endpointAuthorizationMiddleware 65.2% github.com/0xrawsec/whids/api/server/manager_endpoint_api.go:85: isVerboseURL 100.0% github.com/0xrawsec/whids/api/server/manager_endpoint_api.go:94: endptLogHTTPMiddleware 0.0% github.com/0xrawsec/whids/api/server/manager_endpoint_api.go:103: endptQuietLogHTTPMiddleware 100.0% github.com/0xrawsec/whids/api/server/manager_endpoint_api.go:114: runEndpointAPI 81.8% github.com/0xrawsec/whids/api/server/manager_endpoint_api.go:185: eptAPIServerKey 100.0% github.com/0xrawsec/whids/api/server/manager_endpoint_api.go:190: eptAPIRules 100.0% github.com/0xrawsec/whids/api/server/manager_endpoint_api.go:197: eptAPIConfigSha256 0.0% github.com/0xrawsec/whids/api/server/manager_endpoint_api.go:221: eptAPIConfig 0.0% github.com/0xrawsec/whids/api/server/manager_endpoint_api.go:275: eptAPIRulesSha256 100.0% github.com/0xrawsec/whids/api/server/manager_endpoint_api.go:281: eptAPIIoCs 50.0% github.com/0xrawsec/whids/api/server/manager_endpoint_api.go:290: eptAPIIoCsSha256 100.0% github.com/0xrawsec/whids/api/server/manager_endpoint_api.go:295: eptAPIUploadDump 44.4% github.com/0xrawsec/whids/api/server/manager_endpoint_api.go:328: eptAPICollect 85.4% github.com/0xrawsec/whids/api/server/manager_endpoint_api.go:410: eptAPICommand 79.3% github.com/0xrawsec/whids/api/server/manager_endpoint_api.go:466: eptAPISystemInfo 70.0% github.com/0xrawsec/whids/api/server/manager_endpoint_api.go:485: eptAPISysmonConfig 87.5% github.com/0xrawsec/whids/api/server/manager_endpoint_api.go:502: eptAPISysmonConfigSha256 100.0% github.com/0xrawsec/whids/api/server/manager_endpoint_api.go:515: eptAPITools 0.0% github.com/0xrawsec/whids/api/server/manager_test_func.go:10: TestAddTool 0.0% github.com/0xrawsec/whids/api/server/utils.go:14: muxGetVar 75.0% github.com/0xrawsec/whids/api/server/utils.go:22: format 100.0% github.com/0xrawsec/whids/api/server/utils.go:27: readPostAsJSON 80.0% github.com/0xrawsec/whids/api/server/utils.go:36: readPostAsTOML 80.0% github.com/0xrawsec/whids/api/server/utils.go:45: readPostAsXML 80.0% github.com/0xrawsec/whids/event/event.go:46: NewEdrEvent 100.0% github.com/0xrawsec/whids/event/event.go:50: InitEdrData 100.0% github.com/0xrawsec/whids/event/event.go:54: Commit 0.0% github.com/0xrawsec/whids/event/event.go:60: Hash 88.9% github.com/0xrawsec/whids/event/event.go:78: GetStringOr 100.0% github.com/0xrawsec/whids/event/event.go:85: GetString 100.0% github.com/0xrawsec/whids/event/event.go:96: GetInt 100.0% github.com/0xrawsec/whids/event/event.go:108: GetIntOr 100.0% github.com/0xrawsec/whids/event/event.go:115: GetUint 100.0% github.com/0xrawsec/whids/event/event.go:127: GetUintOr 100.0% github.com/0xrawsec/whids/event/event.go:134: GetBool 0.0% github.com/0xrawsec/whids/event/event.go:148: SetIf 66.7% github.com/0xrawsec/whids/event/event.go:156: SetIfOr 100.0% github.com/0xrawsec/whids/event/event.go:163: SetIfMissing 100.0% github.com/0xrawsec/whids/event/event.go:172: Set 50.0% github.com/0xrawsec/whids/event/event.go:184: SetDetection 33.3% github.com/0xrawsec/whids/event/event.go:207: Get 50.0% github.com/0xrawsec/whids/event/event.go:219: IsDetection 100.0% github.com/0xrawsec/whids/event/event.go:228: Skip 100.0% github.com/0xrawsec/whids/event/event.go:234: IsSkipped 100.0% github.com/0xrawsec/whids/event/event.go:238: GetDetection 100.0% github.com/0xrawsec/whids/event/event.go:242: Channel 100.0% github.com/0xrawsec/whids/event/event.go:246: Computer 100.0% github.com/0xrawsec/whids/event/event.go:250: EventID 100.0% github.com/0xrawsec/whids/event/event.go:254: Timestamp 100.0% github.com/0xrawsec/whids/event/event.go:258: Copy 100.0% github.com/0xrawsec/whids/ioc/ioc.go:24: FromObjects 0.0% github.com/0xrawsec/whids/ioc/ioc.go:53: HasValidType 66.7% github.com/0xrawsec/whids/ioc/ioc.go:67: Transform 75.0% github.com/0xrawsec/whids/ioc/ioc.go:77: Validate 50.0% github.com/0xrawsec/whids/ioc/ioc.go:118: NewIocs 100.0% github.com/0xrawsec/whids/ioc/ioc.go:125: reHash 100.0% github.com/0xrawsec/whids/ioc/ioc.go:133: FromDB 83.3% github.com/0xrawsec/whids/ioc/ioc.go:145: StringSlice 100.0% github.com/0xrawsec/whids/ioc/ioc.go:155: Add 100.0% github.com/0xrawsec/whids/ioc/ioc.go:169: Del 100.0% github.com/0xrawsec/whids/ioc/ioc.go:178: Hash 100.0% github.com/0xrawsec/whids/logger/events.go:19: NewRawEvent 100.0% github.com/0xrawsec/whids/logger/events.go:26: DecodeRawEvent 90.9% github.com/0xrawsec/whids/logger/events.go:43: Less 100.0% github.com/0xrawsec/whids/logger/events.go:47: Encode 100.0% github.com/0xrawsec/whids/logger/events.go:55: Event 0.0% github.com/0xrawsec/whids/logger/index.go:23: OpenIndexFile 80.0% github.com/0xrawsec/whids/logger/index.go:34: LogfilePath 100.0% github.com/0xrawsec/whids/logger/index.go:40: Next 81.8% github.com/0xrawsec/whids/logger/index.go:60: Close 100.0% github.com/0xrawsec/whids/logger/index.go:75: IndexEntryFromCSV 63.6% github.com/0xrawsec/whids/logger/index.go:100: UpdateTime 87.5% github.com/0xrawsec/whids/logger/index.go:117: Less 100.0% github.com/0xrawsec/whids/logger/index.go:122: In 0.0% github.com/0xrawsec/whids/logger/index.go:127: Overlaps 100.0% github.com/0xrawsec/whids/logger/index.go:132: Contains 0.0% github.com/0xrawsec/whids/logger/index.go:137: Before 0.0% github.com/0xrawsec/whids/logger/index.go:142: ToCSV 100.0% github.com/0xrawsec/whids/logger/logfile.go:19: RenameIndexedLogfile 60.0% github.com/0xrawsec/whids/logger/logfile.go:30: RemoveIndexedLogfile 0.0% github.com/0xrawsec/whids/logger/logfile.go:41: ArchiveFilename 100.0% github.com/0xrawsec/whids/logger/logfile.go:59: OpenIndexedLogfile 85.7% github.com/0xrawsec/whids/logger/logfile.go:74: IndexFileFromPath 100.0% github.com/0xrawsec/whids/logger/logfile.go:78: resetIndexEntry 75.0% github.com/0xrawsec/whids/logger/logfile.go:87: IndexFile 100.0% github.com/0xrawsec/whids/logger/logfile.go:91: size 62.5% github.com/0xrawsec/whids/logger/logfile.go:113: Size 0.0% github.com/0xrawsec/whids/logger/logfile.go:121: ReadRawEvents 73.9% github.com/0xrawsec/whids/logger/logfile.go:165: WriteRawEventWithTimestamp 90.9% github.com/0xrawsec/whids/logger/logfile.go:191: WriteRawEvent 100.0% github.com/0xrawsec/whids/logger/logfile.go:195: flush 73.3% github.com/0xrawsec/whids/logger/logfile.go:225: Flush 0.0% github.com/0xrawsec/whids/logger/logfile.go:233: Close 75.0% github.com/0xrawsec/whids/logger/loggers.go:33: stdTime 100.0% github.com/0xrawsec/whids/logger/loggers.go:37: timestampToDir 100.0% github.com/0xrawsec/whids/logger/loggers.go:42: fmtTime 100.0% github.com/0xrawsec/whids/logger/loggers.go:46: parseTime 100.0% github.com/0xrawsec/whids/logger/loggers.go:64: NewEventLogger 100.0% github.com/0xrawsec/whids/logger/loggers.go:74: openLogfile 77.3% github.com/0xrawsec/whids/logger/loggers.go:117: InitTransaction 100.0% github.com/0xrawsec/whids/logger/loggers.go:129: WriteEvent 77.8% github.com/0xrawsec/whids/logger/loggers.go:149: CountFiles 100.0% github.com/0xrawsec/whids/logger/loggers.go:153: endTransaction 100.0% github.com/0xrawsec/whids/logger/loggers.go:160: CommitTransaction 100.0% github.com/0xrawsec/whids/logger/loggers.go:166: close 80.0% github.com/0xrawsec/whids/logger/loggers.go:177: Close 100.0% github.com/0xrawsec/whids/logger/search.go:21: reverseIndex 100.0% github.com/0xrawsec/whids/logger/search.go:34: newChunk 100.0% github.com/0xrawsec/whids/logger/search.go:38: add 80.0% github.com/0xrawsec/whids/logger/search.go:48: overlaps 100.0% github.com/0xrawsec/whids/logger/search.go:53: contains 100.0% github.com/0xrawsec/whids/logger/search.go:66: NewEventSearcher 100.0% github.com/0xrawsec/whids/logger/search.go:73: keys 0.0% github.com/0xrawsec/whids/logger/search.go:87: buildIndex 84.4% github.com/0xrawsec/whids/logger/search.go:146: getFile 64.3% github.com/0xrawsec/whids/logger/search.go:170: readRawEvents 75.0% github.com/0xrawsec/whids/logger/search.go:187: Events 89.7% github.com/0xrawsec/whids/logger/search.go:254: Err 100.0% github.com/0xrawsec/whids/logger/search.go:258: close 80.0% github.com/0xrawsec/whids/logger/search.go:269: Close 100.0% github.com/0xrawsec/whids/sysmon/config.go:48: validate 100.0% github.com/0xrawsec/whids/sysmon/config.go:61: Validate 100.0% github.com/0xrawsec/whids/sysmon/config.go:74: Validate 100.0% github.com/0xrawsec/whids/sysmon/config.go:83: Validate 100.0% github.com/0xrawsec/whids/sysmon/config.go:120: Validate 100.0% github.com/0xrawsec/whids/sysmon/config.go:156: MarshalJSON 66.7% github.com/0xrawsec/whids/sysmon/config.go:163: Validate 100.0% github.com/0xrawsec/whids/sysmon/config.go:191: XML 100.0% github.com/0xrawsec/whids/sysmon/config.go:195: Sha256 80.0% github.com/0xrawsec/whids/sysmon/config.go:210: MarshalXML 100.0% github.com/0xrawsec/whids/sysmon/config.go:214: UnmarshalXML 80.0% github.com/0xrawsec/whids/sysmon/default.go:63: SetAgnosticConfig 0.0% github.com/0xrawsec/whids/sysmon/default.go:67: AgnosticConfig 0.0% github.com/0xrawsec/whids/sysmon/sysmon_windows.go:39: stdCmdOutput 75.0% github.com/0xrawsec/whids/sysmon/sysmon_windows.go:49: Versions 88.2% github.com/0xrawsec/whids/sysmon/sysmon_windows.go:86: InstallOrUpdate 66.7% github.com/0xrawsec/whids/sysmon/sysmon_windows.go:106: Configure 72.2% github.com/0xrawsec/whids/sysmon/sysmon_windows.go:141: Uninstall 78.6% github.com/0xrawsec/whids/sysmon/sysmon_windows.go:173: findMatchingSysmonServiceKeys 90.0% github.com/0xrawsec/whids/sysmon/sysmon_windows.go:192: NewSysmonInfo 89.5% github.com/0xrawsec/whids/sysmon/sysmon_windows.go:230: ServiceRegistry 0.0% github.com/0xrawsec/whids/sysmon/sysmon_windows.go:234: ServiceParametersRegistry 100.0% github.com/0xrawsec/whids/sysmon/sysmon_windows.go:238: DriverName 100.0% github.com/0xrawsec/whids/sysmon/sysmon_windows.go:245: DriverRegistry 100.0% github.com/0xrawsec/whids/sysmon/sysmon_windows.go:249: DriverParametersRegistry 100.0% github.com/0xrawsec/whids/sysmon/sysmon_windows.go:253: ConfigHash 83.3% github.com/0xrawsec/whids/sysmon/sysmon_windows.go:264: parseSchema 100.0% github.com/0xrawsec/whids/utils/audit.go:79: resolveSubcategory 83.3% github.com/0xrawsec/whids/utils/audit.go:91: SetAuditPolicy 90.9% github.com/0xrawsec/whids/utils/audit.go:119: EnableAuditPolicy 100.0% github.com/0xrawsec/whids/utils/audit.go:123: DisableAuditPolicy 100.0% github.com/0xrawsec/whids/utils/audit.go:171: SetEDRAuditACL 77.8% github.com/0xrawsec/whids/utils/audit.go:190: RemoveEDRAuditACL 77.8% github.com/0xrawsec/whids/utils/command/command.go:15: Command 100.0% github.com/0xrawsec/whids/utils/command/command.go:22: CommandTimeout 100.0% github.com/0xrawsec/whids/utils/command/command.go:29: Terminate 100.0% github.com/0xrawsec/whids/utils/crypto.go:22: publicKey 50.0% github.com/0xrawsec/whids/utils/crypto.go:33: pemBlockForKey 25.0% github.com/0xrawsec/whids/utils/crypto.go:49: GenerateCert 66.7% github.com/0xrawsec/whids/utils/crypto.go:122: CertFileSha256 83.3% github.com/0xrawsec/whids/utils/crypto.go:134: CertSha256 75.0% github.com/0xrawsec/whids/utils/encoding.go:11: PrettyJsonOrPanic 75.0% github.com/0xrawsec/whids/utils/encoding.go:19: JsonOrPanic 75.0% github.com/0xrawsec/whids/utils/encoding.go:28: JsonStringOrPanic 100.0% github.com/0xrawsec/whids/utils/encoding.go:32: Json 100.0% github.com/0xrawsec/whids/utils/encoding.go:36: JsonString 80.0% github.com/0xrawsec/whids/utils/encoding.go:45: Toml 83.3% github.com/0xrawsec/whids/utils/encoding.go:57: TomlString 100.0% github.com/0xrawsec/whids/utils/files.go:24: CountFiles 100.0% github.com/0xrawsec/whids/utils/files.go:32: GzipFileBestSpeed 77.3% github.com/0xrawsec/whids/utils/files.go:77: HidsMkdirAll 100.0% github.com/0xrawsec/whids/utils/files.go:81: HidsMkTmpDir 71.4% github.com/0xrawsec/whids/utils/files.go:98: HidsCreateFile 100.0% github.com/0xrawsec/whids/utils/files.go:104: HidsWriteData 100.0% github.com/0xrawsec/whids/utils/files.go:110: HidsWriteReader 80.0% github.com/0xrawsec/whids/utils/files.go:140: IsPipePath 100.0% github.com/0xrawsec/whids/utils/files.go:145: ReadFileAsString 100.0% github.com/0xrawsec/whids/utils/files.go:150: ReadGzipFile 70.0% github.com/0xrawsec/whids/utils/files.go:170: ReadGzipFileAsString 100.0% github.com/0xrawsec/whids/utils/files.go:176: StdDir 100.0% github.com/0xrawsec/whids/utils/files.go:182: StdDirs 100.0% github.com/0xrawsec/whids/utils/files.go:191: BinRelativePath 100.0% github.com/0xrawsec/whids/utils/files.go:195: IsDirEmpty 75.0% github.com/0xrawsec/whids/utils/net.go:6: NextIP 100.0% github.com/0xrawsec/whids/utils/net.go:19: PrevIP 100.0% github.com/0xrawsec/whids/utils/rand.go:10: randByte 75.0% github.com/0xrawsec/whids/utils/rand.go:19: UnsafeUUID 100.0% github.com/0xrawsec/whids/utils/rand.go:27: UUIDOrPanic 75.0% github.com/0xrawsec/whids/utils/rand.go:38: NewUUIDString 80.0% github.com/0xrawsec/whids/utils/rand.go:48: NewUUID 100.0% github.com/0xrawsec/whids/utils/rand.go:52: NewKeyOrPanic 75.0% github.com/0xrawsec/whids/utils/rand.go:63: NewKey 90.9% github.com/0xrawsec/whids/utils/rand.go:87: UUIDKeyPair 71.4% github.com/0xrawsec/whids/utils/utils.go:23: IsValidUUID 100.0% github.com/0xrawsec/whids/utils/utils.go:29: ExpandEnvs 100.0% github.com/0xrawsec/whids/utils/utils.go:37: gobBytes 100.0% github.com/0xrawsec/whids/utils/utils.go:48: Sha256StringSlice 100.0% github.com/0xrawsec/whids/utils/utils.go:56: Sha256Interface 75.0% github.com/0xrawsec/whids/utils/utils.go:66: DedupStringSlice 100.0% github.com/0xrawsec/whids/utils/utils.go:78: Round 100.0% github.com/0xrawsec/whids/utils/utils.go:90: Utf16ToUtf8 82.4% github.com/0xrawsec/whids/utils/windows.go:22: ArgvFromCommandLine 81.8% github.com/0xrawsec/whids/utils/windows.go:39: GetFileAttributes 75.0% github.com/0xrawsec/whids/utils/windows.go:49: HideFile 71.4% github.com/0xrawsec/whids/utils/windows.go:61: ResolveCDrive 75.0% github.com/0xrawsec/whids/utils/windows.go:84: RegValue 71.4% github.com/0xrawsec/whids/utils/windows.go:99: RegJoin 100.0% github.com/0xrawsec/whids/utils/windows.go:106: RegValueToString 66.7% total: (statements) 71.5%