README
¶
goxforce
Golang library to implement the IBM X-Force Exchange restful protocol - currently implemented API 1.0.0 build 9296.
Documentation
¶
Overview ¶
Package goxforce is a library implementing the IBM X-Force Exchange API.
Written by Slavik Markovich at Demisto
Index ¶
- Constants
- Variables
- func SetErrorLog(logger *log.Logger) func(*Client) error
- func SetTraceLog(logger *log.Logger) func(*Client) error
- type APIKeyResp
- type AppBaseDetails
- type AppDetails
- type AppProfile
- type AppResp
- type AppsFullTextResp
- type Client
- func (c *Client) APIKey() (*APIKeyResp, error)
- func (c *Client) IPR(ip string) (*IPReputation, error)
- func (c *Client) IPRHistory(ip string) (*IPHistory, error)
- func (c *Client) IPRMalware(ip string) (*IPMalwareResp, error)
- func (c *Client) InternetAppByName(name string) (*AppProfile, error)
- func (c *Client) InternetAppProfiles() (*AppResp, error)
- func (c *Client) InternetAppsSearch(q string) (*AppsFullTextResp, error)
- func (c *Client) MalwareDetails(md5 string) (*MalwareResp, error)
- func (c *Client) MalwareFamilyDetails(name string) (*MalwareFamilyResp, error)
- func (c *Client) MalwareFamilyExtDetails(name string) (*MalwareFamilyResp, error)
- func (c *Client) Resolve(q string) (*ResolveResp, error)
- func (c *Client) Signatures(pamID string) (*SignaturesResp, error)
- func (c *Client) SignaturesSearch(q string) (*SignaturesSearchResp, error)
- func (c *Client) SignaturesXPU(xpu string) (*SignaturesSearchResp, error)
- func (c *Client) URL(q string) (*URLResp, error)
- func (c *Client) URLMalware(q string) (*URLMalwareResp, error)
- func (c *Client) UserProfile() (*UserProfileResp, error)
- func (c *Client) Version() (*VersionResp, error)
- func (c *Client) Vulnerabilities(limit int) ([]Vulnerability, error)
- func (c *Client) VulnerabilitiesFullText(q, bookmark string) (*VulnerabilitySearchResp, error)
- func (c *Client) VulnerabilityByCVE(cve string) ([]Vulnerability, error)
- func (c *Client) VulnerabilityByXFID(xfid int) (*Vulnerability, error)
- type Count
- type Details
- type DetailsCount
- type Error
- type IPDetails
- type IPHistory
- type IPMalware
- type IPMalwareResp
- type IPReputation
- type MX
- type Malware
- type MalwareBase
- type MalwareFamilyResp
- type MalwareResp
- type OptionFunc
- type Origins
- type PassiveRecord
- type PassiveResp
- type Product
- type Protects
- type Reference
- type ResolveResp
- type Signature
- type SignaturesResp
- type SignaturesSearchResp
- type URL
- type URLMalwareResp
- type URLResp
- type UserProfileResp
- type ValueDesc
- type VersionResp
- type Vulnerability
- type VulnerabilitySearchResp
Constants ¶
const ( // DefaultURL is the URL for the API endpoint DefaultURL = "https://api.xforce.ibmcloud.com/" // DefaultLang is the default language for the returned data DefaultLang = "en" )
Variables ¶
var ( // ErrMissingCredentials is returned when either key or password is not provided ErrMissingCredentials = &Error{"missing_credentials", "You must provide both key and password to use the API"} )
Functions ¶
func SetErrorLog ¶
SetErrorLog sets the logger for critical messages. It is nil by default.
Types ¶
type APIKeyResp ¶
type APIKeyResp struct {
APIKey string `json:"apiKey"`
}
APIKeyResp holds the response to the apiKey request
type AppBaseDetails ¶
type AppBaseDetails struct {
CanonicalName string `json:"canonicalName"`
Name string `json:"name"`
Description string `json:"description"`
Score float32 `json:"score"`
}
AppBaseDetails holds details about a known application
type AppDetails ¶
type AppDetails struct {
CanonicalName string `json:"canonicalName"`
Name string `json:"name"`
Description string `json:"description"`
Categories map[string]bool `json:"categories"`
Actions map[string]bool `json:"actions"`
Rlfs map[string]ValueDesc `json:"rlfs"`
Score float32 `json:"score"`
BaseURL string `json:"baseurl"`
URLs []string `json:"urls"`
}
AppDetails holds the full application details
type AppProfile ¶
type AppProfile struct {
Application AppDetails `json:"application"`
}
AppProfile is the response to the InternetAppByName request
type AppResp ¶
type AppResp struct {
CanonicalNames []string `json:"canonicalNames"`
}
AppResp holds the response for the InternetAppProfiles request
type AppsFullTextResp ¶
type AppsFullTextResp struct {
Applications []AppBaseDetails `json:"applications"`
}
AppsFullTextResp is the response for InternetAppsSearch request
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client interacts with the services provided by X-Force.
func New ¶
func New(options ...OptionFunc) (*Client, error)
New creates a new X-Force client.
The caller can configure the new client by passing configuration options to the func.
Example:
client, err := goxforce.New(
goxforce.SetCredentials("some key", "some password"),
goxforce.SetUrl("https://some.url.com:port/"),
goxforce.SetErrorLog(log.New(os.Stderr, "X-Force: ", log.Lshortfile))
If no URL is configured, Client uses DefaultURL by default.
If no HttpClient is configured, then http.DefaultClient is used. You can use your own http.Client with some http.Transport for advanced scenarios.
An error is also returned when some configuration option is invalid.
func (*Client) APIKey ¶
func (c *Client) APIKey() (*APIKeyResp, error)
APIKey retuns the API key used for the request - used only to check everything is working https://xforce-api.mybluemix.net/doc/#!/Authentication/get_auth_api_key
func (*Client) IPR ¶
func (c *Client) IPR(ip string) (*IPReputation, error)
IPR IP Reputation request - See https://xforce-api.mybluemix.net/doc/#!/IP_Reputation/ipr_ip_get
func (*Client) IPRHistory ¶
IPRHistory request - See https://xforce-api.mybluemix.net/doc/#!/IP_Reputation/ipr_history_ip_get
func (*Client) IPRMalware ¶
func (c *Client) IPRMalware(ip string) (*IPMalwareResp, error)
IPRMalware request - See https://xforce-api.mybluemix.net/doc/#!/IP_Reputation/ipr_malware_ip_get
func (*Client) InternetAppByName ¶
func (c *Client) InternetAppByName(name string) (*AppProfile, error)
InternetAppByName request - See https://xforce-api.mybluemix.net/doc/#!/Internet_Application_Profile/apps_fulltext_get
func (*Client) InternetAppProfiles ¶
InternetAppProfiles request - See https://xforce-api.mybluemix.net/doc/#!/Internet_Application_Profile/app__get
func (*Client) InternetAppsSearch ¶
func (c *Client) InternetAppsSearch(q string) (*AppsFullTextResp, error)
InternetAppsSearch request - See https://xforce-api.mybluemix.net/doc/#!/Internet_Application_Profile/apps_fulltext_get
func (*Client) MalwareDetails ¶
func (c *Client) MalwareDetails(md5 string) (*MalwareResp, error)
MalwareDetails request - See https://xforce-api.mybluemix.net/doc/#!/Malware/malware_md5_get
func (*Client) MalwareFamilyDetails ¶
func (c *Client) MalwareFamilyDetails(name string) (*MalwareFamilyResp, error)
MalwareFamilyDetails request - See https://xforce-api.mybluemix.net/doc/#!/Malware/malware_family_family_get
func (*Client) MalwareFamilyExtDetails ¶
func (c *Client) MalwareFamilyExtDetails(name string) (*MalwareFamilyResp, error)
MalwareFamilyExtDetails request - See https://xforce-api.mybluemix.net/doc/#!/Malware/get_malware_familyext_family
func (*Client) Resolve ¶
func (c *Client) Resolve(q string) (*ResolveResp, error)
Resolve request - See https://xforce-api.mybluemix.net/doc/#!/DNS/resolve_input_get
func (*Client) Signatures ¶
func (c *Client) Signatures(pamID string) (*SignaturesResp, error)
Signatures request - See https://xforce-api.mybluemix.net/doc/#!/Signatures/get_signatures_pamId
func (*Client) SignaturesSearch ¶
func (c *Client) SignaturesSearch(q string) (*SignaturesSearchResp, error)
SignaturesSearch request - See https://xforce-api.mybluemix.net/doc/#!/Signatures/get_signatures_fulltext
func (*Client) SignaturesXPU ¶
func (c *Client) SignaturesXPU(xpu string) (*SignaturesSearchResp, error)
SignaturesXPU request - See https://xforce-api.mybluemix.net/doc/#!/Signatures/get_signatures_xpu_xpu
func (*Client) URL ¶
URL request - See https://xforce-api.mybluemix.net/doc/#!/URL/url_url_get
func (*Client) URLMalware ¶
func (c *Client) URLMalware(q string) (*URLMalwareResp, error)
URLMalware request - See https://xforce-api.mybluemix.net/doc/#!/URL/url_malware_url_get
func (*Client) UserProfile ¶
func (c *Client) UserProfile() (*UserProfileResp, error)
UserProfile request - See https://xforce-api.mybluemix.net/doc/#!/User/get_user_profile
func (*Client) Version ¶
func (c *Client) Version() (*VersionResp, error)
Version request - See https://xforce-api.mybluemix.net/doc/#!/Version_Information/get_version
func (*Client) Vulnerabilities ¶
func (c *Client) Vulnerabilities(limit int) ([]Vulnerability, error)
Vulnerabilities request - See https://xforce-api.mybluemix.net/doc/#!/Vulnerabilities/vulnerabilities__get
func (*Client) VulnerabilitiesFullText ¶
func (c *Client) VulnerabilitiesFullText(q, bookmark string) (*VulnerabilitySearchResp, error)
VulnerabilitiesFullText request - See https://xforce-api.mybluemix.net/doc/#!/Vulnerabilities/vulnerabilities_fulltext_get TODO - You should be able to use the bookmark to scroll the results if more than 200 rows - currently not officially supported
func (*Client) VulnerabilityByCVE ¶
func (c *Client) VulnerabilityByCVE(cve string) ([]Vulnerability, error)
VulnerabilityByCVE request - See https://xforce-api.mybluemix.net/doc/#!/Vulnerabilities/vulnerabilities_search_stdcode_get
func (*Client) VulnerabilityByXFID ¶
func (c *Client) VulnerabilityByXFID(xfid int) (*Vulnerability, error)
VulnerabilityByXFID request - See https://xforce-api.mybluemix.net/doc/#!/Vulnerabilities/vulnerabilities_xfid_get
type Count ¶
type Count struct {
Count int `json:"count"`
}
Count is a helper struct holding a count
type Details ¶
type Details struct {
Type string `json:"type"`
MD5 string `json:"md5"`
Domain string `json:"domain"`
FirstSeen time.Time `json:"firstseen"`
LastSeen time.Time `json:"lastseen"`
IP string `json:"ip"`
Count int `json:"count"`
Filepath string `json:"filepath"`
Origin string `json:"origin"`
URI string `json:"uri"`
// Download servers specific
Host string `json:"host"`
Schema string `json:"schema"`
// Subject specific
Subject string `json:"subject"`
IPs []string `json:"ips"`
// CnC specific
Family []string `json:"family"`
}
Details holds malware details
type DetailsCount ¶
DetailsCount holds rows of details and a count
type IPDetails ¶
type IPDetails struct {
Geo map[string]interface{} `json:"geo"`
IP string `json:"ip"`
Reason string `json:"reason"`
Created time.Time `json:"created"`
Score float32 `json:"score"`
Cats map[string]int `json:"cats"`
Subnet string `json:"subnet"`
}
IPDetails holds information about an IP (and subnets)
type IPHistory ¶
type IPHistory struct {
IP string `json:"ip"`
Subnets []IPDetails `json:"subnets"`
History []IPDetails `json:"history"`
}
IPHistory holds the history for an IP
type IPMalware ¶
type IPMalware struct {
First time.Time `json:"first"`
Last time.Time `json:"last"`
MD5 string `json:"md5"`
Family []string `json:"family"`
Origin string `json:"origin"`
URI string `json:"uri"`
}
IPMalware holds the details for the malware hosted on an IP
type IPMalwareResp ¶
type IPMalwareResp struct {
Malware []IPMalware `json:"malware"`
}
IPMalwareResp is the response to the IPRMalware request
type IPReputation ¶
type IPReputation struct {
IP string `json:"ip"`
Subnets []IPDetails `json:"subnets"`
Cats map[string]int `json:"cats"`
Geo map[string]interface{} `json:"geo"`
Score float32 `json:"score"`
}
IPReputation is the response to the IPR request
type Malware ¶
type Malware struct {
MalwareBase
Origins Origins `json:"origins"`
FamilyMembers map[string]Count `json:"familyMembers"`
}
Malware holds all the additional information about a malware including origins
type MalwareBase ¶
type MalwareBase struct {
Type string `json:"type"`
Created time.Time `json:"created"`
MD5 string `json:"md5"`
Family []string `json:"family"`
MimeType string `json:"mimetype"`
}
MalwareBase is the basic info of a malware
type MalwareFamilyResp ¶
type MalwareFamilyResp struct {
Count int `json:"count"`
FirstSeen time.Time `json:"firstseen"`
LastSeen time.Time `json:"lastseen"`
Family []string `json:"family"`
Malware []MalwareBase `json:"malware"`
}
MalwareFamilyResp is the response to the malware family request
type MalwareResp ¶
type MalwareResp struct {
Malware Malware `json:"malware"`
}
MalwareResp is the response to the malware request
type OptionFunc ¶
OptionFunc is a function that configures a Client. It is used in New
func SetCredentials ¶
func SetCredentials(key string, password string) OptionFunc
SetCredentials sets the X-Force API credentials to use (key and password) Credentials can be generated from the user profile under https://exchange.xforce.ibmcloud.com/
func SetHTTPClient ¶
func SetHTTPClient(httpClient *http.Client) OptionFunc
SetHTTPClient can be used to specify the http.Client to use when making HTTP requests to X-Force.
func SetLang ¶
func SetLang(lang string) OptionFunc
SetLang sets the language we expect the return values to be
type Origins ¶
type Origins struct {
Emails DetailsCount `json:"emails"`
Subjects DetailsCount `json:"subjects"`
DownloadServers DetailsCount `json:"downloadServers"`
CnCServers DetailsCount `json:"CnCServers"`
External struct {
DetectionCoverage int `json:"detectionCoverage"`
Family []string `json:"family"`
} `json:"external"`
}
Origins holds the origins of malware
type PassiveRecord ¶
type PassiveRecord struct {
Value string `json:"value"`
Type string `json:"type"`
RecordType string `json:"recordType"`
First time.Time `json:"first"`
Last time.Time `json:"last"`
}
PassiveRecord holds a record for passive resolve
type PassiveResp ¶
type PassiveResp struct {
Query string `json:"query"`
Records []PassiveRecord `json:"records"`
}
PassiveResp holds the response for passive resolve
type Product ¶
type Product struct {
Name string `json:"prodname"`
Version string `json:"prodversion"`
ReleaseDate time.Time `json:"releasedate"`
}
Product describes a product for signatures
type Protects ¶
type Protects struct {
Reported time.Time `json:"reported"`
RiskLevel int `json:"risk_level"`
Title string `json:"title"`
XFDBID int `json:"xfdbid"`
}
Protects describes signature protection against
type Reference ¶
type Reference struct {
LinkTarget string `json:"link_target"`
LinkName string `json:"link_name"`
Description string `json:"description"`
}
Reference holds an external reference
type ResolveResp ¶
type ResolveResp struct {
A []string
AAAA []string
TXT [][]string
MX []MX
RDNS []string
Passive PassiveResp
}
ResolveResp is the response to the Resolve request
type Signature ¶
type Signature struct {
Coverage string `json:"coverage"`
CoverageDate time.Time `json:"coverage_date"`
}
Signature holds a vulnerability signature
type SignaturesResp ¶
type SignaturesResp struct {
Type string `json:"type"`
PAMID string `json:"pamid"`
Updated bool `json:"updated"`
ReleaseDate time.Time `json:"releaseDate"`
ShortDesc string `json:"shortDesc"`
PAMName string `json:"pamName"`
Description string `json:"description"`
Priority int `json:"priority"`
Category string `json:"category"`
ProductsContaining []Product `json:"products_containing"`
ProtectsAgainst Protects `json:"protects_against"`
Covers struct {
TotalRows int `json:"total_rows"`
Rows []Protects `json:"rows"`
} `json:"covers"`
}
SignaturesResp is the response to the Signatures request
type SignaturesSearchResp ¶
type SignaturesSearchResp struct {
TotalRows int `json:"total_rows"`
Bookmark string `json:"bookmark"`
Rows []SignaturesResp `json:"rows"`
}
SignaturesSearchResp is the response to the SignaturesSearch request
type URL ¶
type URL struct {
URL string `json:"url"`
Cats map[string]bool `json:"cats"`
CategoryDescriptions map[string]string `json:"categoryDescriptions"`
Score float32 `json:"score"`
}
URL holds URL details
type URLMalwareResp ¶
URLMalwareResp holds the response to the UrlMalware request
type UserProfileResp ¶
type UserProfileResp struct {
Statistics struct {
NumberOfCollections int `json:"numberOfCollections"`
MemberSince time.Time `json:"memberSince"`
NumberOfComments int `json:"numberOfComments"`
} `json:"statistics"`
}
UserProfileResp is the response to a UserProfile request
type VersionResp ¶
VersionResp is the response to a Version request
type Vulnerability ¶
type Vulnerability struct {
Type string `json:"type"`
Xfdbid int `json:"xfdbid"`
Updateid int `json:"updateid"`
Updated bool `json:"updated"`
Inserted bool `json:"inserted"`
Variant string `json:"variant"`
Title string `json:"title"`
Description string `json:"description"`
DescriptionFmt string `json:"description_fmt"`
RiskLevel float32 `json:"risk_level"`
AccessVector string `json:"access_vector"`
AccessComplexity string `json:"access_complexity"`
Authentication string `json:"authentication"`
ConfidentialityImpact string `json:"confidentiality_impact"`
IntegrityImpact string `json:"integrity_impact"`
AvailabilityImpact string `json:"availability_impact"`
TemporalScore float32 `json:"temporal_score"`
RemediationLevel string `json:"remediation_level"`
Remedy string `json:"remedy"`
RemedyFmt string `json:"remedy_fmt"`
Reported time.Time `json:"reported"`
Tagname string `json:"tagname"`
Stdcode []string `json:"stdcode"`
PlatformsAffected []string `json:"platforms_affected"`
PlatformsDependent []string `json:"platforms_dependent"`
Exploitability string `json:"exploitability"`
Consequences string `json:"consequences"`
References []Reference `json:"references"`
Signatures []Signature `json:"signatures"`
ReportConfidence string `json:"report_confidence"`
}
Vulnerability holds the full vulnerability description
type VulnerabilitySearchResp ¶
type VulnerabilitySearchResp struct {
TotalRows int `json:"total_rows"`
Bookmark string `json:"bookmark"`
Rows []Vulnerability `json:"rows"`
}
VulnerabilitySearchResp is the response to a vulnerability search
Source Files
Directories