correlation

package
v0.0.0-...-d1533f9 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 28, 2025 License: MIT Imports: 18 Imported by: 0

Documentation

Overview

correlation/cache.go

pkg/correlation/classifier.go

correlation/clients.go

pkg/correlation/correlator_enhanced.go

correlation/default_clients.go

pkg/correlation/engine.go

pkg/correlation/engine_helpers.go

pkg/correlation/exploit_chainer.go

pkg/correlation/helpers.go

pkg/correlation/identifier_resolver.go

pkg/correlation/merge_logic.go

pkg/correlation/organization.go

pkg/correlation/organization_enhanced.go

pkg/correlation/pattern_matcher.go

pkg/correlation/risk_calculator.go

pkg/correlation/timeline_analyzer.go

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type ASNClient 

type ASNClient interface {
	LookupIP(ctx context.Context, ip string) (*ASNData, error)
	LookupDomain(ctx context.Context, domain string) (*ASNData, error)
	GetASNDetails(ctx context.Context, asn int) (*ASNData, error)
}

ASNClient interface for ASN lookups

func NewDefaultASNClient 

func NewDefaultASNClient(logger *logger.Logger) ASNClient

type ASNData 

type ASNData struct {
	Number       int
	Organization string
	Description  string
	IPRanges     []string
	Country      string
}

ASNData represents ASN information

type ASNInfo 

type ASNInfo struct {
	ASN          string
	Organization string
	Country      string
	IPRanges     []string
}

type AccessLevel 

type AccessLevel string
const (
	AccessLevelPublic  AccessLevel = "public"
	AccessLevelUser    AccessLevel = "user"
	AccessLevelAdmin   AccessLevel = "admin"
	AccessLevelSystem  AccessLevel = "system"
	AccessLevelUnknown AccessLevel = "unknown"
)

type AttackEdge 

type AttackEdge struct {
	Source     string
	Target     string
	Type       string
	Weight     float64
	Confidence float64
}

type AttackGraph 

type AttackGraph struct {
	Nodes map[string]AttackNode
	Edges []AttackEdge
}

type AttackNode 

type AttackNode struct {
	ID         string
	Type       AttackType
	Finding    types.Finding
	Severity   types.Severity
	Capability []string
	Access     AccessLevel
	Targets    []string
}

type AttackPath 

type AttackPath struct {
	Goal       string
	Steps      []AttackStep
	Confidence float64
	Impact     string
	Difficulty string
}

AttackPath represents a complete attack chain

type AttackStep 

type AttackStep struct {
	Order       int
	Description string
	Tool        string
	Confidence  float64
	Evidence    []Evidence
}

AttackStep represents a single step in an attack

type AttackType 

type AttackType string
const (
	AttackTypeReconnaissance      AttackType = "reconnaissance"
	AttackTypeInitialAccess       AttackType = "initial_access"
	AttackTypePersistence         AttackType = "persistence"
	AttackTypePrivilegeEscalation AttackType = "privilege_escalation"
	AttackTypeDefenseEvasion      AttackType = "defense_evasion"
	AttackTypeCredentialAccess    AttackType = "credential_access"
	AttackTypeDiscovery           AttackType = "discovery"
	AttackTypeLateralMovement     AttackType = "lateral_movement"
	AttackTypeCollection          AttackType = "collection"
	AttackTypeExfiltration        AttackType = "exfiltration"
	AttackTypeImpact              AttackType = "impact"
	AttackTypeUnknown             AttackType = "unknown"
)

type BusinessImpact 

type BusinessImpact struct {
	FinancialImpact    float64
	OperationalImpact  float64
	ReputationalImpact float64
	ComplianceImpact   float64
	OverallScore       float64
}

type Certificate 

type Certificate struct {
	Fingerprint string    `json:"fingerprint"`
	Subject     string    `json:"subject"`
	Issuer      string    `json:"issuer"`
	SANs        []string  `json:"sans"`
	NotBefore   time.Time `json:"not_before"`
	NotAfter    time.Time `json:"not_after"`
	IsWildcard  bool      `json:"is_wildcard"`
}

Certificate represents SSL certificate information

type CertificateClient 

type CertificateClient interface {
	GetCertificates(ctx context.Context, domain string) ([]CertificateInfo, error)
	SearchByOrganization(ctx context.Context, org string) ([]CertificateInfo, error)
}

CertificateClient interface for certificate lookups

func NewDefaultCertificateClient 

func NewDefaultCertificateClient(logger *logger.Logger) CertificateClient

type CertificateInfo 

type CertificateInfo struct {
	Subject      string    `json:"subject"`
	Issuer       string    `json:"issuer"`
	SANs         []string  `json:"sans"`
	Fingerprint  string    `json:"fingerprint"`
	NotBefore    time.Time `json:"not_before"`
	NotAfter     time.Time `json:"not_after"`
	Organization string    `json:"organization"`
}

CertificateInfo contains certificate details for correlation

type ClassifiedIdentifier 

type ClassifiedIdentifier struct {
	Raw        string                 `json:"raw"`
	Type       IdentifierType         `json:"type"`
	Value      string                 `json:"value"`      // Normalized value
	Confidence float64                `json:"confidence"` // How sure we are about the classification
	Metadata   map[string]interface{} `json:"metadata"`
	Hints      []string               `json:"hints"` // Additional context that might help
}

ClassifiedIdentifier represents a classified input with metadata

type CloudAccount 

type CloudAccount struct {
	Provider  string   `json:"provider"`
	AccountID string   `json:"account_id"`
	Regions   []string `json:"regions"`
	Services  []string `json:"services"`
}

CloudAccount represents a cloud provider account

type CloudAssetClient 

type CloudAssetClient interface {
	DiscoverAWS(ctx context.Context, profile *OrganizationProfile) ([]string, error)
	DiscoverAzure(ctx context.Context, profile *OrganizationProfile) ([]string, error)
	DiscoverGCP(ctx context.Context, profile *OrganizationProfile) ([]string, error)
}

CloudAssetClient interface for cloud asset discovery

func NewDefaultCloudAssetClient 

func NewDefaultCloudAssetClient(logger *logger.Logger) CloudAssetClient

type CloudClient 

type CloudClient interface {
	FindAWSAccounts(org string) ([]CloudAccount, error)
	FindGCPProjects(org string) ([]CloudAccount, error)
	FindAzureSubscriptions(org string) ([]CloudAccount, error)
}

func NewDefaultCloudClient 

func NewDefaultCloudClient(logger *logger.Logger) CloudClient

type CorrelatedInsight 

type CorrelatedInsight struct {
	ID           string
	Type         InsightType
	Title        string
	Description  string
	Severity     types.Severity
	Confidence   float64
	Evidence     []Evidence
	Timeline     []TimelineEvent
	AttackPath   *AttackPath
	Remediation  []RemediationStep
	RelatedNodes []string
}

CorrelatedInsight represents an insight derived from correlation

type CorrelatorConfig 

type CorrelatorConfig struct {
	EnableWhois     bool
	EnableCerts     bool
	EnableASN       bool
	EnableTrademark bool
	EnableLinkedIn  bool
	EnableGitHub    bool
	EnableCloud     bool
	CacheTTL        time.Duration
	MaxWorkers      int
}

CorrelatorConfig contains configuration for the correlator

type DefaultASNClient 

type DefaultASNClient struct {
	// contains filtered or unexported fields
}

DefaultASNClient implements basic ASN lookups

func (*DefaultASNClient) GetASNDetails 

func (c *DefaultASNClient) GetASNDetails(ctx context.Context, asn int) (*ASNData, error)

func (*DefaultASNClient) LookupDomain 

func (c *DefaultASNClient) LookupDomain(ctx context.Context, domain string) (*ASNData, error)

func (*DefaultASNClient) LookupIP 

func (c *DefaultASNClient) LookupIP(ctx context.Context, ip string) (*ASNData, error)

type DefaultCertificateClient 

type DefaultCertificateClient struct {
	// contains filtered or unexported fields
}

DefaultCertificateClient uses the existing certificate intelligence

func (*DefaultCertificateClient) GetCertificates 

func (c *DefaultCertificateClient) GetCertificates(ctx context.Context, domain string) ([]CertificateInfo, error)

func (*DefaultCertificateClient) SearchByOrganization 

func (c *DefaultCertificateClient) SearchByOrganization(ctx context.Context, org string) ([]CertificateInfo, error)

type DefaultCloudAssetClient 

type DefaultCloudAssetClient struct {
	// contains filtered or unexported fields
}

func (*DefaultCloudAssetClient) DiscoverAWS 

func (c *DefaultCloudAssetClient) DiscoverAWS(ctx context.Context, profile *OrganizationProfile) ([]string, error)

func (*DefaultCloudAssetClient) DiscoverAzure 

func (c *DefaultCloudAssetClient) DiscoverAzure(ctx context.Context, profile *OrganizationProfile) ([]string, error)

func (*DefaultCloudAssetClient) DiscoverGCP 

func (c *DefaultCloudAssetClient) DiscoverGCP(ctx context.Context, profile *OrganizationProfile) ([]string, error)

type DefaultCloudClient 

type DefaultCloudClient struct {
	// contains filtered or unexported fields
}

DefaultCloudClient implements CloudClient interface

func (*DefaultCloudClient) FindAWSAccounts 

func (c *DefaultCloudClient) FindAWSAccounts(org string) ([]CloudAccount, error)

func (*DefaultCloudClient) FindAzureSubscriptions 

func (c *DefaultCloudClient) FindAzureSubscriptions(org string) ([]CloudAccount, error)

func (*DefaultCloudClient) FindGCPProjects 

func (c *DefaultCloudClient) FindGCPProjects(org string) ([]CloudAccount, error)

type DefaultGitHubClient 

type DefaultGitHubClient struct {
	// contains filtered or unexported fields
}

func (*DefaultGitHubClient) GetOrganizationMembers 

func (c *DefaultGitHubClient) GetOrganizationMembers(ctx context.Context, org string) ([]GitHubMember, error)

func (*DefaultGitHubClient) SearchOrganization 

func (c *DefaultGitHubClient) SearchOrganization(ctx context.Context, name string) (*GitHubData, error)

type DefaultLinkedInClient 

type DefaultLinkedInClient struct {
	// contains filtered or unexported fields
}

func (*DefaultLinkedInClient) SearchCompany 

func (c *DefaultLinkedInClient) SearchCompany(ctx context.Context, name string) (*LinkedInData, error)

func (*DefaultLinkedInClient) SearchEmployees 

func (c *DefaultLinkedInClient) SearchEmployees(ctx context.Context, company, domain string) ([]EmployeeInfo, error)

type DefaultTrademarkClient 

type DefaultTrademarkClient struct {
	// contains filtered or unexported fields
}

Stub implementations for other clients

func (*DefaultTrademarkClient) Search 

func (c *DefaultTrademarkClient) Search(ctx context.Context, query string) (*TrademarkData, error)

type DefaultWhoisClient 

type DefaultWhoisClient struct {
	// contains filtered or unexported fields
}

DefaultWhoisClient implements WhoisClient using public WHOIS

func (*DefaultWhoisClient) Lookup 

func (c *DefaultWhoisClient) Lookup(ctx context.Context, domain string) (*WhoisData, error)

type DomainPattern 

type DomainPattern struct {
	Pattern    string
	Regex      *regexp.Regexp
	Type       string
	Examples   []string
	Confidence float64
}

DomainPattern represents a pattern found in domain names

type Edge 

type Edge struct {
	ID         string
	Source     string
	Target     string
	Type       EdgeType
	Properties map[string]interface{}
	Weight     float64
	Timestamp  time.Time
}

Edge represents a relationship between nodes

type EdgeType 

type EdgeType string

EdgeType represents the type of relationship 

const (
	EdgeTypeResolves    EdgeType = "resolves_to"
	EdgeTypeOwns        EdgeType = "owns"
	EdgeTypeUses        EdgeType = "uses"
	EdgeTypeExposes     EdgeType = "exposes"
	EdgeTypeConnectsTo  EdgeType = "connects_to"
	EdgeTypeRelatedTo   EdgeType = "related_to"
	EdgeTypeWasReplaced EdgeType = "was_replaced_by"
)

type Employee 

type Employee struct {
	Name     string `json:"name"`
	Email    string `json:"email"`
	Title    string `json:"title"`
	LinkedIn string `json:"linkedin"`
	GitHub   string `json:"github"`
}

Employee represents an employee of the organization

type EmployeeInfo 

type EmployeeInfo struct {
	Email          string  `json:"email"`
	Name           string  `json:"name"`
	Title          string  `json:"title"`
	Department     string  `json:"department"`
	LinkedInURL    string  `json:"linkedin_url,omitempty"`
	GitHubUsername string  `json:"github_username,omitempty"`
	Confidence     float64 `json:"confidence"`
}

EmployeeInfo represents employee information for correlation

type EndpointPattern 

type EndpointPattern struct {
	Pattern    string
	Regex      *regexp.Regexp
	Type       string
	Examples   []string
	Confidence float64
}

EndpointPattern represents a pattern found in endpoints

type Engine 

type Engine struct {
	// contains filtered or unexported fields
}

Engine is the correlation engine that connects findings across sources

func NewEngine 

func NewEngine(logger *logger.Logger, graphDB GraphDatabase) *Engine

NewEngine creates a new correlation engine

func (*Engine) CloudFlareArchiveCorrelation 

func (e *Engine) CloudFlareArchiveCorrelation(domain string) []CorrelatedInsight

CloudFlareArchiveCorrelation correlates CloudFlare with archive data

func (*Engine) Correlate 

func (e *Engine) Correlate(findings []types.Finding) []CorrelatedInsight

Correlate performs correlation analysis on findings

type EnhancedCache 

type EnhancedCache struct {
	// contains filtered or unexported fields
}

EnhancedCache provides caching with multiple lookup methods

func NewEnhancedCache 

func NewEnhancedCache(ttl time.Duration) *EnhancedCache

NewEnhancedCache creates a new enhanced cache

func (*EnhancedCache) GetByEmail 

func (c *EnhancedCache) GetByEmail(email string) *Organization

GetByEmail retrieves an organization by email

func (*EnhancedCache) Store 

func (c *EnhancedCache) Store(org *Organization)

Store stores an organization in the cache

type EnhancedOrganizationCorrelator 

type EnhancedOrganizationCorrelator struct {
	*OrganizationCorrelator
	// contains filtered or unexported fields
}

EnhancedOrganizationCorrelator wraps the existing correlator with enhanced functionality

func NewEnhancedOrganizationCorrelator 

func NewEnhancedOrganizationCorrelator(config CorrelatorConfig, logger *logger.Logger) *EnhancedOrganizationCorrelator

NewEnhancedOrganizationCorrelator creates a new enhanced correlator

func (*EnhancedOrganizationCorrelator) DiscoverFromASN 

func (ec *EnhancedOrganizationCorrelator) DiscoverFromASN(ctx context.Context, asn string) (*Organization, error)

DiscoverFromASN discovers organization from ASN

func (*EnhancedOrganizationCorrelator) DiscoverFromCompanyName 

func (ec *EnhancedOrganizationCorrelator) DiscoverFromCompanyName(ctx context.Context, companyName string) (*Organization, error)

DiscoverFromCompanyName discovers organization from company name

func (*EnhancedOrganizationCorrelator) DiscoverFromDomain 

func (ec *EnhancedOrganizationCorrelator) DiscoverFromDomain(ctx context.Context, domain string) (*Organization, error)

DiscoverFromDomain discovers organization from domain

func (*EnhancedOrganizationCorrelator) DiscoverFromEmail 

func (ec *EnhancedOrganizationCorrelator) DiscoverFromEmail(ctx context.Context, email string) (*Organization, error)

DiscoverFromEmail discovers organization from email with enhanced logic

func (*EnhancedOrganizationCorrelator) DiscoverFromGitHub 

func (ec *EnhancedOrganizationCorrelator) DiscoverFromGitHub(ctx context.Context, githubURL string) (*Organization, error)

DiscoverFromGitHub discovers organization from GitHub URL

func (*EnhancedOrganizationCorrelator) DiscoverFromIP 

func (ec *EnhancedOrganizationCorrelator) DiscoverFromIP(ctx context.Context, ip string) (*Organization, error)

DiscoverFromIP discovers organization from IP

func (*EnhancedOrganizationCorrelator) DiscoverFromIPRange 

func (ec *EnhancedOrganizationCorrelator) DiscoverFromIPRange(ctx context.Context, ipRange string) (*Organization, error)

DiscoverFromIPRange discovers organization from IP range

func (*EnhancedOrganizationCorrelator) DiscoverFromLinkedIn 

func (ec *EnhancedOrganizationCorrelator) DiscoverFromLinkedIn(ctx context.Context, linkedinURL string) (*Organization, error)

DiscoverFromLinkedIn discovers organization from LinkedIn URL

func (*EnhancedOrganizationCorrelator) ResolveIdentifier 

func (ec *EnhancedOrganizationCorrelator) ResolveIdentifier(ctx context.Context, identifier string) (*Organization, error)

ResolveIdentifier resolves any identifier to an organization

type Evidence 

type Evidence struct {
	Type        string
	Description string
	Source      string
	Timestamp   time.Time
	Data        map[string]interface{}
}

Evidence represents evidence for an insight

type ExploitChainer 

type ExploitChainer struct {
	// contains filtered or unexported fields
}

ExploitChainer identifies and chains vulnerabilities to create attack paths

func NewExploitChainer 

func NewExploitChainer() *ExploitChainer

NewExploitChainer creates a new exploit chainer

func (*ExploitChainer) BuildAttackGraph 

func (ec *ExploitChainer) BuildAttackGraph(findings []types.Finding) AttackGraph

BuildAttackGraph creates a graph of potential attack paths

func (*ExploitChainer) FindAttackPaths 

func (ec *ExploitChainer) FindAttackPaths(graph AttackGraph) []AttackPath

FindAttackPaths discovers viable attack paths in the graph

type ExploitabilityAssessment 

type ExploitabilityAssessment struct {
	SkillRequired       float64 // 1-10, lower means easier
	ToolsRequired       float64 // 1-10, lower means common tools
	TimeRequired        float64 // 1-10, lower means faster
	AccessRequired      float64 // 1-10, lower means less access needed
	DetectionLikelihood float64 // 1-10, lower means harder to detect
	OverallScore        float64 // Composite score
}

type GitHubClient 

type GitHubClient interface {
	SearchOrganization(ctx context.Context, name string) (*GitHubData, error)
	GetOrganizationMembers(ctx context.Context, org string) ([]GitHubMember, error)
}

GitHubClient interface for GitHub searches

func NewDefaultGitHubClient 

func NewDefaultGitHubClient(logger *logger.Logger) GitHubClient

type GitHubData 

type GitHubData struct {
	OrganizationName string
	OrganizationURL  string
	RepositoryCount  int
	Members          []GitHubMember
	Technologies     []string
	Domains          []string // Found in CNAME files, etc.
}

GitHubData represents GitHub organization information

type GitHubMember 

type GitHubMember struct {
	Username string
	Name     string
	Email    string
}

type GitHubOrg 

type GitHubOrg struct {
	Name         string
	DisplayName  string
	Email        string
	Blog         string
	Location     string
	Repositories int
}

type GraphDatabase 

type GraphDatabase interface {
	AddNode(node Node) error
	AddEdge(edge Edge) error
	FindPaths(start, end string, maxDepth int) []Path
	GetNeighbors(nodeID string) []Node
	RunQuery(query string) ([]Result, error)
}

GraphDatabase represents the graph database for relationship mapping

type IdentifierClassifier 

type IdentifierClassifier struct {
	// contains filtered or unexported fields
}

IdentifierClassifier classifies user input into specific types

func NewIdentifierClassifier 

func NewIdentifierClassifier(logger *logger.Logger) *IdentifierClassifier

NewIdentifierClassifier creates a new classifier instance

func (*IdentifierClassifier) Classify 

func (c *IdentifierClassifier) Classify(ctx context.Context, input string) (*ClassifiedIdentifier, error)

Classify determines the type of identifier and returns detailed classification

type IdentifierInfo 

type IdentifierInfo struct {
	Type     IdentifierType
	Value    string
	Domain   string // Extracted domain if applicable
	Company  string // Extracted company name if known
	Metadata map[string]string
}

IdentifierInfo contains parsed identifier information

type IdentifierResolver 

type IdentifierResolver struct {
	// contains filtered or unexported fields
}

IdentifierResolver resolves various identifiers to organization information

func NewIdentifierResolver 

func NewIdentifierResolver(logger *logger.Logger) *IdentifierResolver

NewIdentifierResolver creates a new identifier resolver

func (*IdentifierResolver) ParseIdentifier 

func (ir *IdentifierResolver) ParseIdentifier(identifier string) (*IdentifierInfo, error)

ParseIdentifier determines the type and extracts information from an identifier

func (*IdentifierResolver) ResolveToOrganization 

func (ir *IdentifierResolver) ResolveToOrganization(ctx context.Context, info *IdentifierInfo, ec *EnhancedOrganizationCorrelator) (*Organization, error)

ResolveToOrganization resolves an identifier to organization details using enhanced correlator

type IdentifierType 

type IdentifierType string

IdentifierType represents the type of identifier provided 

const (
	TypeEmail       IdentifierType = "email"
	TypeDomain      IdentifierType = "domain"
	TypeIP          IdentifierType = "ip"
	TypeIPRange     IdentifierType = "ip_range"
	TypeCertHash    IdentifierType = "cert_hash"
	TypeCompanyName IdentifierType = "company"
	TypeURL         IdentifierType = "url"
	TypeUnknown     IdentifierType = "unknown"
)

type InfrastructureNode 

type InfrastructureNode struct {
	ID         string
	Type       string
	Value      string
	Findings   []types.Finding
	Properties map[string]interface{}
}

type InsightType 

type InsightType string

InsightType represents the type of correlated insight 

const (
	InsightTypeOriginServerExposed   InsightType = "origin_server_exposed"
	InsightTypeSubdomainTakeover     InsightType = "subdomain_takeover"
	InsightTypeAPIVersionVulnerable  InsightType = "api_version_vulnerable"
	InsightTypeSecurityDegradation   InsightType = "security_degradation"
	InsightTypeInfrastructureLeakage InsightType = "infrastructure_leakage"
	InsightTypeCredentialExposure    InsightType = "credential_exposure"
	InsightTypeAttackChainIdentified InsightType = "attack_chain_identified"
)

type LinkedInClient 

type LinkedInClient interface {
	SearchCompany(ctx context.Context, name string) (*LinkedInData, error)
	SearchEmployees(ctx context.Context, company, domain string) ([]EmployeeInfo, error)
}

LinkedInClient interface for LinkedIn searches

func NewDefaultLinkedInClient 

func NewDefaultLinkedInClient(logger *logger.Logger) LinkedInClient

type LinkedInCompany 

type LinkedInCompany struct {
	Name         string
	Industry     string
	Size         string
	Headquarters string
	Website      string
}

type LinkedInData 

type LinkedInData struct {
	CompanyName   string
	CompanyURL    string
	Industry      string
	EmployeeCount int
	Employees     []LinkedInEmployee
	Technologies  []string
}

LinkedInData represents LinkedIn company information

type LinkedInEmployee 

type LinkedInEmployee struct {
	Name       string
	Email      string
	Title      string
	Department string
	ProfileURL string
}

type Node 

type Node struct {
	ID         string
	Type       NodeType
	Properties map[string]interface{}
	Timestamp  time.Time
}

Node represents an entity in the graph

type NodeType 

type NodeType string

NodeType represents the type of node 

const (
	NodeTypeDomain       NodeType = "domain"
	NodeTypeIP           NodeType = "ip"
	NodeTypeEmail        NodeType = "email"
	NodeTypePerson       NodeType = "person"
	NodeTypeOrganization NodeType = "organization"
	NodeTypeService      NodeType = "service"
	NodeTypeEndpoint     NodeType = "endpoint"
	NodeTypeSecret       NodeType = "secret"
	NodeTypeTechnology   NodeType = "technology"
)

type Organization 

type Organization struct {
	Name          string                 `json:"name"`
	Aliases       []string               `json:"aliases"`
	Domains       []string               `json:"domains"`
	IPRanges      []string               `json:"ip_ranges"`
	ASNs          []string               `json:"asns"`
	Certificates  []Certificate          `json:"certificates"`
	Employees     []Employee             `json:"employees"`
	Technologies  []Technology           `json:"technologies"`
	Subsidiaries  []string               `json:"subsidiaries"`
	GitHubOrgs    []string               `json:"github_orgs"`
	CloudAccounts []CloudAccount         `json:"cloud_accounts"`
	Metadata      map[string]interface{} `json:"metadata"`
	Confidence    float64                `json:"confidence"`
	Sources       []string               `json:"sources"`
	LastUpdated   time.Time              `json:"last_updated"`
}

Organization represents a correlated organization with all its assets

func ProfileToOrganization 

func ProfileToOrganization(profile *OrganizationProfile) *Organization

Convert from OrganizationProfile to existing Organization

func (*Organization) ToProfile 

func (o *Organization) ToProfile() *OrganizationProfile

Convert from existing Organization to OrganizationProfile

type OrganizationCache 

type OrganizationCache struct {
	// contains filtered or unexported fields
}

OrganizationCache caches organization profiles

func NewOrganizationCache 

func NewOrganizationCache(ttl time.Duration) *OrganizationCache

NewOrganizationCache creates a new cache

func (*OrganizationCache) GetByDomain 

func (oc *OrganizationCache) GetByDomain(domain string) *OrganizationProfile

GetByDomain retrieves profile by domain

func (*OrganizationCache) GetByEmail 

func (oc *OrganizationCache) GetByEmail(email string) *OrganizationProfile

GetByEmail retrieves profile by email

func (*OrganizationCache) GetByIP 

func (oc *OrganizationCache) GetByIP(ip string) *OrganizationProfile

GetByIP retrieves profile by IP

func (*OrganizationCache) GetByName 

func (oc *OrganizationCache) GetByName(name string) *OrganizationProfile

GetByName retrieves profile by company name

func (*OrganizationCache) Store 

func (oc *OrganizationCache) Store(profile *OrganizationProfile)

Store stores an organization profile in cache

type OrganizationCorrelator 

type OrganizationCorrelator struct {
	// contains filtered or unexported fields
}

OrganizationCorrelator correlates various data sources to build organization profiles

func NewOrganizationCorrelator 

func NewOrganizationCorrelator(correlatorConfig CorrelatorConfig, log *logger.Logger) *OrganizationCorrelator

NewOrganizationCorrelator creates a new organization correlator

func (*OrganizationCorrelator) DiscoverFromASN 

func (oc *OrganizationCorrelator) DiscoverFromASN(ctx context.Context, asn string) (*Organization, error)

DiscoverFromASN discovers organization from ASN

func (*OrganizationCorrelator) DiscoverFromGitHub 

func (oc *OrganizationCorrelator) DiscoverFromGitHub(ctx context.Context, githubURL string) (*Organization, error)

DiscoverFromGitHub discovers organization from GitHub URL

func (*OrganizationCorrelator) DiscoverFromIPRange 

func (oc *OrganizationCorrelator) DiscoverFromIPRange(ctx context.Context, ipRange string) (*Organization, error)

DiscoverFromIPRange discovers organization from IP range

func (*OrganizationCorrelator) DiscoverFromLinkedIn 

func (oc *OrganizationCorrelator) DiscoverFromLinkedIn(ctx context.Context, linkedinURL string) (*Organization, error)

DiscoverFromLinkedIn discovers organization from LinkedIn URL

func (*OrganizationCorrelator) FindOrganizationAssets 

func (oc *OrganizationCorrelator) FindOrganizationAssets(ctx context.Context, seedData interface{}) (*Organization, error)

FindOrganizationAssets correlates data from seed information

func (*OrganizationCorrelator) SetClients 

func (oc *OrganizationCorrelator) SetClients(
	whois WhoisClient,
	cert CertificateClient,
	asn ASNClient,
	trademark TrademarkClient,
	linkedin LinkedInClient,
	github GitHubClient,
	cloud CloudClient,
)

SetClients sets the various clients (for dependency injection)

type OrganizationProfile 

type OrganizationProfile struct {
	ID            string                 `json:"id"`
	Name          string                 `json:"name"`
	LegalName     string                 `json:"legal_name,omitempty"`
	Aliases       []string               `json:"aliases,omitempty"`
	Domains       []string               `json:"domains"`
	IPRanges      []string               `json:"ip_ranges"`
	ASNumbers     []int                  `json:"as_numbers"`
	Subsidiaries  []string               `json:"subsidiaries"`
	EmailPatterns []string               `json:"email_patterns"`
	Technologies  []string               `json:"technologies"`
	CloudAccounts map[string][]string    `json:"cloud_accounts"` // provider -> account IDs
	Certificates  []CertificateInfo      `json:"certificates"`
	Employees     []EmployeeInfo         `json:"employees"`
	Metadata      map[string]interface{} `json:"metadata"`
	Confidence    float64                `json:"confidence"`
	LastUpdated   time.Time              `json:"last_updated"`
}

OrganizationProfile represents a complete organization profile (enhanced version)

type ParameterPattern 

type ParameterPattern struct {
	Pattern    string
	Type       string
	Examples   []string
	Confidence float64
}

ParameterPattern represents a pattern found in parameters

type Path 

type Path struct {
	Nodes []Node
	Edges []Edge
	Score float64
}

Path represents a path in the graph

type PatternMatcher 

type PatternMatcher struct {
	// contains filtered or unexported fields
}

PatternMatcher extracts and matches patterns across findings

func NewPatternMatcher 

func NewPatternMatcher() *PatternMatcher

NewPatternMatcher creates a new pattern matcher

func (*PatternMatcher) ExtractDomainPatterns 

func (pm *PatternMatcher) ExtractDomainPatterns(findings []types.Finding) []DomainPattern

ExtractDomainPatterns extracts domain patterns from findings

func (*PatternMatcher) ExtractEndpointPatterns 

func (pm *PatternMatcher) ExtractEndpointPatterns(findings []types.Finding) []EndpointPattern

ExtractEndpointPatterns extracts endpoint patterns from findings

func (*PatternMatcher) ExtractParameterPatterns 

func (pm *PatternMatcher) ExtractParameterPatterns(findings []types.Finding) []ParameterPattern

ExtractParameterPatterns extracts parameter patterns from findings

type Prediction 

type Prediction struct {
	Type       string
	Value      string
	Confidence float64
	Evidence   []Evidence
}

Prediction represents a predicted finding

type RemediationStep 

type RemediationStep struct {
	Priority    int
	Action      string
	Description string
	Impact      string
	Difficulty  string
}

RemediationStep represents a remediation action

type Result 

type Result struct {
	Data map[string]interface{}
}

Result represents a graph query result

type RiskCalculator 

type RiskCalculator struct {
	// contains filtered or unexported fields
}

RiskCalculator calculates risk scores for correlated insights

func NewRiskCalculator 

func NewRiskCalculator() *RiskCalculator

NewRiskCalculator creates a new risk calculator

func (*RiskCalculator) CalculateBusinessImpact 

func (rc *RiskCalculator) CalculateBusinessImpact(findings []types.Finding) BusinessImpact

CalculateBusinessImpact assesses potential business impact

func (*RiskCalculator) CalculateExploitability 

func (rc *RiskCalculator) CalculateExploitability(findings []types.Finding) ExploitabilityAssessment

CalculateExploitability assesses how easily findings can be exploited

func (*RiskCalculator) CalculateRiskScore 

func (rc *RiskCalculator) CalculateRiskScore(findings []types.Finding) float64

CalculateRiskScore calculates overall risk score for a set of findings

type SecurityDegradation 

type SecurityDegradation struct {
	Description string
	Confidence  float64
	Evidence    []Evidence
	Timeline    []TimelineEvent
}

SecurityDegradation represents security posture degradation

type SecurityHeaderEvent 

type SecurityHeaderEvent struct {
	Timestamp time.Time
	Header    string
	Action    string
	Value     string
}

type SharedInfrastructure 

type SharedInfrastructure struct {
	Type        string
	Value       string
	Nodes       []InfrastructureNode
	Domains     []string
	Confidence  float64
	Description string
	Properties  map[string]interface{}
}

type Technology 

type Technology struct {
	Name       string   `json:"name"`
	Version    string   `json:"version"`
	Category   string   `json:"category"`
	Domains    []string `json:"domains"`
	Confidence float64  `json:"confidence"`
}

Technology represents a technology used by the organization

type TechnologyGraph 

type TechnologyGraph struct {
	Technologies  map[string]TechnologyNode
	Relationships []TechnologyRelationship
}

type TechnologyMigration 

type TechnologyMigration struct {
	OldTech   string
	NewTech   string
	Timestamp time.Time
	Endpoints []string
}

TechnologyMigration represents a technology stack change

type TechnologyNode 

type TechnologyNode struct {
	Name     string
	Version  string
	Findings []types.Finding
}

type TechnologyRelationship 

type TechnologyRelationship struct {
	Source string
	Target string
	Type   string
}

type TemporalPattern 

type TemporalPattern struct {
	Type        string
	StartTime   time.Time
	EndTime     time.Time
	EventCount  int
	Confidence  float64
	Description string
	Events      []TimelineEvent
	Interval    time.Duration // For periodic patterns
}

TemporalPattern represents a pattern found in the timeline

type TimelineAnalyzer 

type TimelineAnalyzer struct {
	// contains filtered or unexported fields
}

TimelineAnalyzer analyzes temporal patterns in findings

func NewTimelineAnalyzer 

func NewTimelineAnalyzer() *TimelineAnalyzer

NewTimelineAnalyzer creates a new timeline analyzer

func (*TimelineAnalyzer) BuildTimeline 

func (ta *TimelineAnalyzer) BuildTimeline(findings []types.Finding) []TimelineEvent

BuildTimeline creates a timeline from findings

func (*TimelineAnalyzer) DetectTemporalPatterns 

func (ta *TimelineAnalyzer) DetectTemporalPatterns(timeline []TimelineEvent) []TemporalPattern

DetectTemporalPatterns identifies patterns across time

type TimelineEvent 

type TimelineEvent struct {
	Timestamp   time.Time
	Type        string
	Description string
	Severity    types.Severity
	Source      string
}

TimelineEvent represents an event in the timeline

type Trademark 

type Trademark struct {
	Name         string
	Owner        string
	OwnerAddress string
	Number       string
	Status       string
	FilingDate   time.Time
}

type TrademarkClient 

type TrademarkClient interface {
	Search(ctx context.Context, query string) (*TrademarkData, error)
}

TrademarkClient interface for trademark searches

func NewDefaultTrademarkClient 

func NewDefaultTrademarkClient(logger *logger.Logger) TrademarkClient

type TrademarkData 

type TrademarkData struct {
	Trademarks []Trademark
}

TrademarkData represents trademark information

type TrademarkInfo 

type TrademarkInfo struct {
	Name         string
	Owner        string
	Registration string
	FilingDate   time.Time
}

type WhoisClient 

type WhoisClient interface {
	Lookup(ctx context.Context, domain string) (*WhoisData, error)
}

WhoisClient interface for WHOIS lookups

func NewDefaultWhoisClient 

func NewDefaultWhoisClient(logger *logger.Logger) WhoisClient

type WhoisData 

type WhoisData struct {
	Domain          string
	Organization    string
	RegistrantName  string
	RegistrantEmail string
	NameServers     []string
	CreatedDate     time.Time
	UpdatedDate     time.Time
	ExpiryDate      time.Time
}

WhoisData represents WHOIS information

type WhoisInfo 

type WhoisInfo struct {
	Registrant   string
	Organization string
	Email        string
	CreatedDate  time.Time
	UpdatedDate  time.Time
	ExpiryDate   time.Time
}

Data structures for client responses

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.