gotie

package
v0.1.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 3, 2018 License: BSD-3-Clause Imports: 15 Imported by: 0

Documentation

Overview

Package gotie provides high-level bindings and a simple command line client for the DCSO Threat Intelligence Engine (TIE) API.

Index

Constants

View Source 
const (
	MAX_RETRIES                = 3
	WAIT_FAIL_DURATION_SECONDS = 5
	WAIT_DURATION_MILLISECONDS = 100
)

Variables

View Source 
var (
	// Debug turns on verbose output
	Debug bool
	// IOCLimit defines the maximum number of IOCs to query per request
	IOCLimit = 1000
	// AuthToken can be generated in the TIE webinterface and is used for authentication
	AuthToken string
)

Functions

func Do added in v0.1.4 

func Do(r Request, t MimeType, w io.Writer) (err error)

Do request and write result into w.

func DoCh added in v0.1.4 

func DoCh(r Request, t MimeType, ch chan<- IOCResult)

func GetIOCChan 

func GetIOCChan(query string, dataType string, extraArgs string) <-chan IOCResult

func GetIOCJSONInChan added in v0.1.1 

func GetIOCJSONInChan(reader io.Reader) (<-chan IOCResult, error)

func GetIOCPeriodFeedChan 

func GetIOCPeriodFeedChan(feedPeriod string, dataType string, extraArgs string) <-chan IOCResult

func PingBackCall 

func PingBackCall(dataType string, value string, token string) error

PingBackCall allows to tell the TIE about observed hits for IOCs

func PrintIOCs 

func PrintIOCs(query, dataType, extraArgs, outputFormat string) error

PrintIOCs allows queries for TIE IOC objects with "query" being a case insensitive string to search for. The results are printed to stdout.

func PrintPeriodFeeds 

func PrintPeriodFeeds(feedPeriod string, dataType string, extraArgs string, outputFormat string) error

PrintPeriodFeeds gets file based feeds for the given period and IOC data type. Valid outputFormats are: "csv" (default), "json" and "stix". Results are printed to stdout.

func WriteIOCs added in v0.1.1 

func WriteIOCs(query, dataType, extraArgs, outputFormat string, dest io.Writer) (err error)

func WritePeriodFeeds added in v0.1.1 

func WritePeriodFeeds(feedPeriod string, dataType string, extraArgs string, outputFormat string, dest io.Writer) error

Types

type BloomPageAggregator added in v0.1.4 

type BloomPageAggregator struct {
	// contains filtered or unexported fields
}

func (*BloomPageAggregator) AddPage added in v0.1.4 

func (ba *BloomPageAggregator) AddPage(reader io.Reader) (err error)

func (*BloomPageAggregator) Finish added in v0.1.4 

func (ba *BloomPageAggregator) Finish(writer io.Writer) error

func (*BloomPageAggregator) Reset added in v0.1.4 

func (ba *BloomPageAggregator) Reset()

type FeedRequest added in v0.1.4 

type FeedRequest struct {
	Request

	FeedPeriod string
	DataType   string
	ExtraArgs  string
	MimeType
}

func (*FeedRequest) Url added in v0.1.4 

func (r *FeedRequest) Url() string

type IOC 

type IOC struct {
	ID                    string     `json:"id"`
	Value                 string     `json:"value"`
	DataType              string     `json:"data_type"`
	EntityIDs             []string   `json:"entity_ids"`
	EventIDs              []string   `json:"event_ids"`
	EventAttributes       []string   `json:"event_attributes"`
	Categories            []string   `json:"categories"`
	SourcePseudonyms      []string   `json:"source_pseudonyms"`
	SourceNames           []string   `json:"source_names"`
	NOccurrences          int        `json:"n_occurrences"`
	MinSeverity           int        `json:"min_severity"`
	MaxSeverity           int        `json:"max_severity"`
	FirstSeen             *time.Time `json:"first_seen"`
	LastSeen              *time.Time `json:"last_seen"`
	MinConfidence         int        `json:"min_confidence"`
	MaxConfidence         int        `json:"max_confidence"`
	Enrich                bool       `json:"enrich"`
	EnrichmentRequestedAt *time.Time `json:"enrichment_requested_at,omitempty"`
	EnrichedAt            *time.Time `json:"enriched_at,omitempty"`
	UpdatedAt             *time.Time `json:"updated_at"`
	CreatedAt             *time.Time `json:"created_at"`
	ObservationAttributes []string   `json:"observation_attributes"`
}

IOC defines the basic data structure of IOCs in TIE

type IOCParams 

type IOCParams struct {
	NoDefaults       bool       `json:"no_defaults"`
	Direction        string     `json:"direction"`
	OrderBy          string     `json:"order_by"`
	Severity         string     `json:"severity"`
	Confidence       string     `json:"confidence"`
	Ivalue           string     `json:"ivalue"`
	GroupBy          []string   `json:"group_by"`
	Limit            int        `json:"limit"`
	Offset           int        `json:"offset"`
	WithCompositions bool       `json:"with_compositions"`
	FirstSeenSince   *time.Time `json:"first_seen_since,omitempty"`
	LastSeenSince    *time.Time `json:"last_seen_since,omitempty"`
	DateField        string     `json:"date_field"`
	Enriched         bool       `json:"enriched"`
	DateFormat       string     `json:"date_format"`
}

IOCParams contains all necessary query parameters

type IOCQueryStruct 

type IOCQueryStruct struct {
	HasMore bool      `json:"has_more"`
	Iocs    []IOC     `json:"iocs"`
	Params  IOCParams `json:"params"`
}

IOCQueryStruct defines the returned data of a TIE API IOC query

func GetIOCPeriodFeeds 

func GetIOCPeriodFeeds(feedPeriod string, dataType string, extraArgs string) (*IOCQueryStruct, error)

GetIOCPeriodFeeds gets file based feeds for the given period and IOC data type. Feed types are, for example, 'hourly', 'daily', 'weekly' or 'monthly'.

func GetIOCs 

func GetIOCs(query string, dataType string, extraArgs string) (*IOCQueryStruct, error)

GetIOCs allows queries for TIE IOC objects with "query" being a case insensitive string to search for.

func IOCChanCollect 

func IOCChanCollect(inchan <-chan IOCResult) (*IOCQueryStruct, error)

type IOCRequest added in v0.1.4 

type IOCRequest struct {
	Request

	Query     string
	DataType  string
	ExtraArgs string
	MimeType
}

func (*IOCRequest) Url added in v0.1.4 

func (r *IOCRequest) Url() string

type IOCResult 

type IOCResult struct {
	IOC   *IOC
	Error error
}

type JSONPageAggregator added in v0.1.1 

type JSONPageAggregator struct {
	IOCs   []IOC     `json:"iocs"`
	Params IOCParams `json:"params"`
}

func (*JSONPageAggregator) AddPage added in v0.1.1 

func (pa *JSONPageAggregator) AddPage(reader io.Reader) error

func (*JSONPageAggregator) Finish added in v0.1.1 

func (pa *JSONPageAggregator) Finish(writer io.Writer) error

func (*JSONPageAggregator) Reset added in v0.1.1 

func (pa *JSONPageAggregator) Reset()

type JSONTopLevelResponse added in v0.1.1 

type JSONTopLevelResponse struct {
	Params IOCParams `json:"params"`
	IOCs   []IOC     `json:"iocs"`
	// contains filtered or unexported fields
}

type MimeType added in v0.1.4 

type MimeType string
const (
	JSON    MimeType = "application/json"
	CSV     MimeType = "text/csv"
	BLOOMv1 MimeType = "application/bloom"
	BLOOMv2 MimeType = "application/bloom-v2"
	STIX    MimeType = "text/xml"
)

func NewMimeType added in v0.1.4 

func NewMimeType(outputFormat string) (t MimeType, err error)

func (MimeType) Aggregator added in v0.1.4 

func (t MimeType) Aggregator() PageContentAggregator

func (MimeType) String added in v0.1.4 

func (t MimeType) String() string

type PageContentAggregator added in v0.1.1 

type PageContentAggregator interface {
	AddPage(io.Reader) error
	Finish(io.Writer) error
	Reset()
}

type PaginatedRawPageAggregator added in v0.1.1 

type PaginatedRawPageAggregator struct {
	// contains filtered or unexported fields
}

func (*PaginatedRawPageAggregator) AddPage added in v0.1.1 

func (pa *PaginatedRawPageAggregator) AddPage(reader io.Reader) error

func (*PaginatedRawPageAggregator) Finish added in v0.1.1 

func (pa *PaginatedRawPageAggregator) Finish(writer io.Writer) error

func (*PaginatedRawPageAggregator) Reset added in v0.1.1 

func (pa *PaginatedRawPageAggregator) Reset()

type Request added in v0.1.4 

type Request interface {
	Url() string
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.