feat: remove summary

object.go

@@ -1,9 +1,8 @@
 package jsonlog
 
 // Object is the interface that all log objects must implement.
-// Each log object has a `type` and `summary` field in its JSON representation.
-// The type field is used to identify the object type, and the summary field is
-// a human-readable summary of the object's contents.
+// Each log object has a `type` field in its JSON representation
+// that is used to identify the object type.
 type Object interface {
 	// EmbeddedHeader returns the header of the log object.
 	EmbeddedHeader() ObjectHeader
@@ -13,8 +12,6 @@ type Object interface {
 
 // ObjectHeader is the header of a log object. It must be embedded in all log objects.
 type ObjectHeader struct {
-	// Summary is a human-readable summary of the object's contents.
-	Summary string `json:"summary"`
 	// Type is the type of the object. It should be unique across all log objects
 	// and can be used to identify the object type that has embedded this header.
 	Type string `json:"type"`

textlog_test.go

@@ -30,8 +30,7 @@ type SimpleSubstruct struct {
 func TestToDetails(t *testing.T) {
 	var test = TestObject{
 		ObjectHeader: ObjectHeader{
-			Summary: "TestObject",
-			Type:    "testobject",
+			Type: "testobject",
 		},
 		Element1:   "element1",
 		Element2:   "element2",

thorlog/jsonschema/generateschema.go

@@ -67,7 +67,6 @@ func makeObjectSchema() (mainEntry string, defs map[string]*jsonschema.Schema) {
 	var logObjectSchema = &jsonschema.Schema{
 		Properties: orderedmap.New[string, *jsonschema.Schema](),
 	}
-	logObjectSchema.Properties.Set("summary", &jsonschema.Schema{Type: "string"})
 	logObjectSchema.Properties.Set("type", &jsonschema.Schema{
 		Type: "string",
 		Enum: logObjectTypes,

thorlog/v3/antivirus.go

@@ -22,8 +22,7 @@ func init() { AddLogObjectType(typeAntiVirusProduct, &AntiVirusProduct{}) }
 func NewAntiVirusProduct(name string) *AntiVirusProduct {
 	return &AntiVirusProduct{
 		LogObjectHeader: jsonlog.ObjectHeader{
-			Type:    typeAntiVirusProduct,
-			Summary: name,
+			Type: typeAntiVirusProduct,
 		},
 		Name: name,
 	}
@@ -45,8 +44,7 @@ func init() { AddLogObjectType(typeAntiVirusExclude, &AntiVirusExclude{}) }
 func NewAntiVirusExclude(exclusionType string, exclusion string) *AntiVirusExclude {
 	return &AntiVirusExclude{
 		LogObjectHeader: jsonlog.ObjectHeader{
-			Type:    typeAntiVirusExclude,
-			Summary: exclusionType + " " + exclusion,
+			Type: typeAntiVirusExclude,
 		},
 		Type:      exclusionType,
 		Exclusion: exclusion,

thorlog/v3/beaconwatcher.go

@@ -1,7 +1,6 @@
 package thorlog
 
 import (
-	"fmt"
 	"time"
 
 	"github.com/NextronSystems/jsonlog"
@@ -26,8 +25,7 @@ func (NetworkConnectingThread) reportable() {}
 func NewNetworkConnectingThread(threadId uint32, process *Process) *NetworkConnectingThread {
 	return &NetworkConnectingThread{
 		ObjectHeader: jsonlog.ObjectHeader{
-			Summary: fmt.Sprintf("Thread %d connected to remote servers regularly", threadId),
-			Type:    typeNetworkConnectingThread,
+			Type: typeNetworkConnectingThread,
 		},
 		ThreadId: threadId,
 		Process:  process,

thorlog/v3/dnscache.go

@@ -15,8 +15,7 @@ func init() { AddLogObjectType(typeDnsCacheEntry, &DnsCacheEntry{}) }
 func NewDnsCacheEntry(host string, ip string) *DnsCacheEntry {
 	return &DnsCacheEntry{
 		LogObjectHeader: LogObjectHeader{
-			Type:    typeDnsCacheEntry,
-			Summary: host,
+			Type: typeDnsCacheEntry,
 		},
 		Host: host,
 		IP:   ip,

thorlog/v3/doublepulsar.go

@@ -1,9 +1,5 @@
 package thorlog
 
-import (
-	"fmt"
-)
-
 type DoublePulsarHandshake struct {
 	LogObjectHeader
 
@@ -20,8 +16,7 @@ func init() { AddLogObjectType(typeDoublePulsarHandshake, &DoublePulsarHandshake
 func NewDoublePulsarHandshake(handshakeType string, key uint64) *DoublePulsarHandshake {
 	return &DoublePulsarHandshake{
 		LogObjectHeader: LogObjectHeader{
-			Type:    typeDoublePulsarHandshake,
-			Summary: fmt.Sprintf("DoublePulsar Handshake via %s succeeded", handshakeType),
+			Type: typeDoublePulsarHandshake,
 		},
 		Key:  HexNumber(key),
 		Type: handshakeType,

thorlog/v3/envvar.go

@@ -19,8 +19,7 @@ func init() { AddLogObjectType(typeEnvironmentVariable, &EnvironmentVariable{})
 func NewEnvironmentVariable(variable string, value string) *EnvironmentVariable {
 	return &EnvironmentVariable{
 		LogObjectHeader: LogObjectHeader{
-			Type:    typeEnvironmentVariable,
-			Summary: variable + "=" + value,
+			Type: typeEnvironmentVariable,
 		},
 		Variable: variable,
 		Value:    value,

thorlog/v3/event.go

@@ -16,6 +16,7 @@ import (
 type Finding struct {
 	jsonlog.ObjectHeader
 	Meta         LogEventMetadata `json:"meta" textlog:",expand"`
+	Text         string           `json:"message" textlog:"-"`
 	Subject      ReportableObject `json:"subject" textlog:",expand"`
 	Score        int64            `json:"score" textlog:"score"`
 	Reasons      []Reason         `json:"reasons" textlog:",expand"`
@@ -31,7 +32,7 @@ type ReportableObject interface {
 }
 
 func (f *Finding) Message() string {
-	return f.Summary
+	return f.Text
 }
 
 func (f *Finding) Version() common.Version {
@@ -43,29 +44,20 @@ func (f *Finding) Metadata() *LogEventMetadata {
 }
 
 func (f *Finding) UnmarshalJSON(data []byte) error {
+	type plainFinding Finding
 	var rawFinding struct {
-		jsonlog.ObjectHeader
-		Meta         LogEventMetadata `json:"meta"`
-		Subject      EmbeddedObject   `json:"subject"`
-		Score        int64            `json:"score"`
-		Reasons      []Reason         `json:"reasons"`
-		EventContext Context          `json:"context"`
-		LogVersion   common.Version   `json:"log_version"`
+		plainFinding                // Embed without unmarshal method to avoid infinite recursion
+		Subject      EmbeddedObject `json:"subject"` // EmbeddedObject is used to allow unmarshalling of the subject as a ReportableObject
 	}
 	if err := json.Unmarshal(data, &rawFinding); err != nil {
 		return err
 	}
-	f.ObjectHeader = rawFinding.ObjectHeader
-	f.Meta = rawFinding.Meta
 	subject, ok := rawFinding.Subject.Object.(ReportableObject)
 	if !ok {
 		return fmt.Errorf("subject must implement the reportable interface")
 	}
+	*f = Finding(rawFinding.plainFinding) // Copy the fields from rawFinding to f
 	f.Subject = subject
-	f.Score = rawFinding.Score
-	f.Reasons = rawFinding.Reasons
-	f.EventContext = rawFinding.EventContext
-	f.LogVersion = rawFinding.LogVersion
 
 	// Resolve all references
 	// When the event is unmarshalled, the references are not resolved yet and only contain the JSON pointers.
@@ -163,9 +155,9 @@ func init() { AddLogObjectType(typeFinding, &Finding{}) }
 func NewFinding(subject ReportableObject, message string) *Finding {
 	return &Finding{
 		ObjectHeader: LogObjectHeader{
-			Type:    typeFinding,
-			Summary: message,
+			Type: typeFinding,
 		},
+		Text:       message,
 		Subject:    subject,
 		LogVersion: currentVersion,
 	}
@@ -174,12 +166,13 @@ func NewFinding(subject ReportableObject, message string) *Finding {
 type Message struct {
 	jsonlog.ObjectHeader
 	Meta       LogEventMetadata `json:"meta" textlog:",expand"`
+	Text       string           `json:"message" textlog:"-"`
 	Fields     MessageFields    `json:"fields" textlog:",expand" jsonschema:"nullable"`
 	LogVersion common.Version   `json:"log_version"`
 }
 
 func (m *Message) Message() string {
-	return m.Summary
+	return m.Text
 }
 
 func (m *Message) Version() common.Version {
@@ -199,9 +192,9 @@ func init() { AddLogObjectType(typeMessage, &Message{}) }
 func NewMessage(meta LogEventMetadata, message string, kvs ...any) *Message {
 	msg := &Message{
 		ObjectHeader: LogObjectHeader{
-			Type:    typeMessage,
-			Summary: message,
+			Type: typeMessage,
 		},
+		Text:       message,
 		Meta:       meta,
 		LogVersion: currentVersion,
 	}

thorlog/v3/event_test.go

@@ -92,14 +92,15 @@ func concatEntry(entry jsonlog.TextlogEntry) string {
 func TestFinding_UnmarshalJSON(t *testing.T) {
 	for i, finding := range []*Finding{
 		{
-			ObjectHeader: LogObjectHeader{Type: typeFinding, Summary: "message"},
+			ObjectHeader: LogObjectHeader{Type: typeFinding},
 			Meta: LogEventMetadata{
 				Lvl:    common.Alert,
 				Mod:    "Test",
 				ScanID: "abdc",
 				GenID:  "abdas",
 				Source: "aserarsd",
 			},
+			Text:    "This is a test finding",
 			Subject: NewFile("path/to/file"),
 			EventContext: Context{
 				{

thorlog/v3/eventlog.go

@@ -1,7 +1,6 @@
 package thorlog
 
 import (
-	"strconv"
 	"time"
 
 	"github.com/NextronSystems/jsonlog"
@@ -51,8 +50,7 @@ func init() { AddLogObjectType(TypeProcessStart, &EventlogProcessStart{}) }
 func NewEventlogProcessStart(process string, startTimes []time.Time) *EventlogProcessStart {
 	return &EventlogProcessStart{
 		ObjectHeader: jsonlog.ObjectHeader{
-			Type:    TypeProcessStart,
-			Summary: process + " started " + strconv.Itoa(len(startTimes)) + " times",
+			Type: TypeProcessStart,
 		},
 		Process:    process,
 		StartTimes: startTimes,

thorlog/v3/file.go

@@ -179,8 +179,7 @@ func init() { AddLogObjectType(typeFile, &File{}) }
 func NewFile(path string) *File {
 	return &File{
 		ObjectHeader: jsonlog.ObjectHeader{
-			Type:    typeFile,
-			Summary: path,
+			Type: typeFile,
 		},
 		Path: path,
 	}

thorlog/v3/firewall.go

@@ -48,8 +48,7 @@ func init() { AddLogObjectType(typeRawFirewallRule, &RawFirewallRule{}) }
 func NewRawFirewallRule(rule string) *RawFirewallRule {
 	return &RawFirewallRule{
 		ObjectHeader: jsonlog.ObjectHeader{
-			Type:    typeRawFirewallRule,
-			Summary: rule,
+			Type: typeRawFirewallRule,
 		},
 		Rule: rule,
 	}

thorlog/v3/groupsxml.go

@@ -20,8 +20,7 @@ func init() { AddLogObjectType(typeGroupsXmlPassword, &GroupsXmlUser{}) }
 func NewGroupsXmlPassword(file, user, password string) *GroupsXmlUser {
 	return &GroupsXmlUser{
 		ObjectHeader: jsonlog.ObjectHeader{
-			Type:    typeGroupsXmlPassword,
-			Summary: user,
+			Type: typeGroupsXmlPassword,
 		},
 		File:     file,
 		User:     user,

thorlog/v3/hostinfo.go

@@ -31,8 +31,7 @@ func init() { AddLogObjectType(typeHostInfo, &HostInfo{}) }
 func NewHostInfo() *HostInfo {
 	return &HostInfo{
 		ObjectHeader: jsonlog.ObjectHeader{
-			Type:    typeHostInfo,
-			Summary: "System Information",
+			Type: typeHostInfo,
 		},
 	}
 }
@@ -115,8 +114,7 @@ func init() { AddLogObjectType(typePlatformInfoMacos, &PlatformInfoMacos{}) }
 func NewMacOSPlatformInfo() *PlatformInfoMacos {
 	return &PlatformInfoMacos{
 		ObjectHeader: jsonlog.ObjectHeader{
-			Type:    typePlatformInfoMacos,
-			Summary: "MacOS specific Information",
+			Type: typePlatformInfoMacos,
 		},
 	}
 }
@@ -140,8 +138,7 @@ func init() { AddLogObjectType(typePlatformInfoLinux, &PlatformInfoLinux{}) }
 func NewLinuxPlatformInfo() *PlatformInfoLinux {
 	return &PlatformInfoLinux{
 		ObjectHeader: jsonlog.ObjectHeader{
-			Type:    typePlatformInfoLinux,
-			Summary: "Linux specific Information",
+			Type: typePlatformInfoLinux,
 		},
 	}
 }
@@ -167,8 +164,7 @@ func init() { AddLogObjectType(typePlatformInfoWindows, &PlatformInfoWindows{})
 func NewWindowsPlatformInfo() *PlatformInfoWindows {
 	return &PlatformInfoWindows{
 		ObjectHeader: jsonlog.ObjectHeader{
-			Type:    typePlatformInfoWindows,
-			Summary: "Windows specific Information",
+			Type: typePlatformInfoWindows,
 		},
 	}
 }

thorlog/v3/hostsfile.go

@@ -15,8 +15,7 @@ func init() { AddLogObjectType(typeHostsFileEntry, &HostsFileEntry{}) }
 func NewHostsFileEntry(host string, ip string) *HostsFileEntry {
 	return &HostsFileEntry{
 		LogObjectHeader: LogObjectHeader{
-			Type:    typeHostsFileEntry,
-			Summary: host,
+			Type: typeHostsFileEntry,
 		},
 		Host: host,
 		IP:   ip,

thorlog/v3/jumplist.go

@@ -31,8 +31,7 @@ func init() { AddLogObjectType(typeJumplistEntry, &JumplistEntry{}) }
 func NewJumplistEntry(path string) *JumplistEntry {
 	return &JumplistEntry{
 		ObjectHeader: jsonlog.ObjectHeader{
-			Type:    typeJumplistEntry,
-			Summary: path,
+			Type: typeJumplistEntry,
 		},
 		Path: path,
 	}

thorlog/v3/kernelmodule.go

@@ -26,8 +26,7 @@ const typeLinuxKernelModule = "Linux Kernel Module"
 func NewLinuxKernelModule(name string) *LinuxKernelModule {
 	return &LinuxKernelModule{
 		LogObjectHeader: LogObjectHeader{
-			Type:    typeLinuxKernelModule,
-			Summary: name,
+			Type: typeLinuxKernelModule,
 		},
 		Name: name,
 	}

thorlog/v3/mplog.go

@@ -1,7 +1,6 @@
 package thorlog
 
 import (
-	"fmt"
 	"time"
 
 	"github.com/NextronSystems/jsonlog"
@@ -25,8 +24,7 @@ func init() { AddLogObjectType(typeDetectionAdd, &DetectionAddEntry{}) }
 func NewDetectionAddEntry(t time.Time, threat string, detected KeyValueList) *DetectionAddEntry {
 	return &DetectionAddEntry{
 		ObjectHeader: jsonlog.ObjectHeader{
-			Type:    "DETECTION_ADD MPLog entry",
-			Summary: fmt.Sprintf("Detected threat %q", threat),
+			Type: "DETECTION_ADD MPLog entry",
 		},
 		Time:       t,
 		ThreatName: threat,
@@ -53,8 +51,7 @@ func init() { AddLogObjectType(typeEstimatedImpact, &EstimatedImpactEntry{}) }
 func NewEstimatedImpactEntry(t time.Time, image string, pid int, file string) *EstimatedImpactEntry {
 	return &EstimatedImpactEntry{
 		ObjectHeader: jsonlog.ObjectHeader{
-			Type:    typeEstimatedImpact,
-			Summary: fmt.Sprintf("Process %q accessed file %q", image, file),
+			Type: typeEstimatedImpact,
 		},
 		Time:             t,
 		ProcessImageName: image,
@@ -82,8 +79,7 @@ func init() { AddLogObjectType(typeSdnQuery, &SdnQueryEntry{}) }
 func NewSdnQueryEntry(t time.Time, file string, sha1 string, sha256 string) *SdnQueryEntry {
 	return &SdnQueryEntry{
 		ObjectHeader: jsonlog.ObjectHeader{
-			Type:    typeSdnQuery,
-			Summary: fmt.Sprintf("SDN query for file %q", file),
+			Type: typeSdnQuery,
 		},
 		Time:     t,
 		Filepath: file,
@@ -110,8 +106,7 @@ func init() { AddLogObjectType(typeEmsDetection, &EmsDetectionEntry{}) }
 func NewEmsDetection(timestamp time.Time, threatName string, pid int) *EmsDetectionEntry {
 	return &EmsDetectionEntry{
 		ObjectHeader: jsonlog.ObjectHeader{
-			Type:    "EMS detection MPLog entry",
-			Summary: fmt.Sprintf("Detected threat %q in process %d", threatName, pid),
+			Type: "EMS detection MPLog entry",
 		},
 		Time:       timestamp,
 		ThreatName: threatName,

thorlog/v3/networkshares.go

@@ -20,8 +20,7 @@ func init() { AddLogObjectType(typeNetworkShare, &NetworkShare{}) }
 func NewNetworkShare(name, path string) *NetworkShare {
 	return &NetworkShare{
 		ObjectHeader: jsonlog.ObjectHeader{
-			Type:    typeNetworkShare,
-			Summary: name,
+			Type: typeNetworkShare,
 		},
 		Name: name,
 		Path: path,