NAME

ThreatDetector::Dispatcher - Routes classified threats to their appropriate handler modules

SYNOPSIS

use ThreatDetector::Dispatcher;

ThreatDetector::Dispatcher::dispatch($entry, @threats);

DESCRIPTION

This module dispatches structured Apache log entries (parsed and classified) to the appropriate threat handler based on their threat types. Each handler is responsible for processing or logging the alert in its own way (typically as JSON output).

The dispatch system uses a mapping of known threat types to handler subroutine references. If a threat type has no matching handler, a warning is printed.

FUNCTIONS

dispatch($entry, @threats)

Given a parsed log entry (as a hashref) and a list of threat types (as strings), this function invokes the appropriate handler subroutine for each threat.

Parameters:
  $entry   - A hashref representing the parsed log line.
  @threats - A list of strings representing classified threat types.

Example:

  my $entry = ThreatDetector::Parser::parse_log_line($line);
  my @threats = ThreatDetector::Classifier::classify($entry);
  ThreatDetector::Dispatcher::dispatch($entry, @threats);

SUPPORTED THREAT TYPES

• sql_injection

• client_error

• command_injection

• directory_traversal

• xss_attempt

• encoded_payload

• scanner_fingerprint

• http_method_abuse

AUTHOR

Jason Hall <jason.kei.hall@gmail.com>

LICENSE

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.