misp

package module

v0.0.0-...-01a7c4d Latest Latest Go to latest Published: Aug 18, 2018 License: Apache-2.0 Imports: 11 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/dutchcoders/gomisp

Links

Open Source Insights

README ¶

gomisp

Golang client for MISP. The client currently only implements search, but it is easy to extend other features.

Usage

package misp

import (
	"fmt"

	misp "github.com/dutchcoders/gomisp"
)

func ExampleExamples_output() {
	client, err := misp.New(
		misp.WithURL("{url}"),
		misp.WithKey("{key}"),
	)
	if err != nil {
		panic(err.Error)
	}

	qry := misp.NewSearchRequest().Value(so.Query).From(time.Now().Add(time.Hour * 24 * 365 * -1)).To(time.Now())

	result, err := client.Search(qry)
	if err != nil {
		panic(err)
	}

	fmt.Printf("Search results: %s\n", result)
}

Contributors

Remco Verhoef

Copyright and license

Code released under Apache License 2.0.

Documentation ¶

Index ¶

func Merge(dest interface{}, src interface{}) error
func WithDebug() optionFn
func WithKey(key string) optionFn
func WithURL(u url.URL) optionFn
type Client
- func New(options ...optionFn) (*Client, error)
type ContextResult
type Error
- func (de *Error) Error() string
type ErrorResult
type Event
type MISPResponse
type SearchRequest
- func NewSearchRequest() *SearchRequest
type SearchResult

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Merge ¶

func Merge(dest interface{}, src interface{}) error

func WithDebug ¶

func WithDebug() optionFn

WithDebug enables debug output while interacting with MIPS

func WithKey ¶

func WithKey(key string) optionFn

WithKey contains the MIPS API key

func WithURL ¶

func WithURL(u url.URL) optionFn

WithURL contains the MIPS target url

Types ¶

type Client ¶

type Client struct {
	Key string

	*http.Client
	// contains filtered or unexported fields
}

func New ¶

func New(options ...optionFn) (*Client, error)

New returns a MIPS API client

func (*Client) Do ¶

func (wd *Client) Do(req *http.Request, v interface{}) error

Do will execute the http.Request and decode the result

func (*Client) NewRequest ¶

func (c *Client) NewRequest(method, urlStr string, body interface{}) (*http.Request, error)

NewRequest prepares http.Request to call the MISP API

func (*Client) Search ¶

func (c *Client) Search(sr *SearchRequest) ([]SearchResult, error)

type ContextResult ¶

type ContextResult struct {
	Actor     string `json:"actor"`
	FirstSeen string `json:"first_seen"`
	IP        string `json:"ip"`
	LastSeen  string `json:"last_seen"`
	Metadata  struct {
		ASN          string `json:"asn"`
		Category     string `json:"category"`
		City         string `json:"city"`
		Country      string `json:"country"`
		CountryCode  string `json:"country_code"`
		Organization string `json:"organization"`
		Os           string `json:"os"`
		Rdns         string `json:"rdns"`
		Tor          bool   `json:"tor"`
	} `json:"metadata"`
	RawData struct {
		Scan []struct {
			Port     int64  `json:"port"`
			Protocol string `json:"protocol"`
		} `json:"scan"`
		Web struct {
		} `json:"web"`
	} `json:"raw_data"`
	Seen bool     `json:"seen"`
	Tags []string `json:"tags"`
}

ContextResult is the result of the /context api

type Error ¶

type Error struct {
	ErrorCode   int    `json:"error_code"`
	ErrorString string `json:"error"`
}

func (*Error) Error ¶

func (de *Error) Error() string

type ErrorResult ¶

type ErrorResult struct {
	Error string `json:"error"`
}

ErrorResult is the result when an error occurs

type Event ¶

type Event struct {
	Analysis  string `json:"analysis"`
	Attribute []struct {
		Category           string `json:"category"`
		Comment            string `json:"comment"`
		Deleted            bool   `json:"deleted"`
		DisableCorrelation bool   `json:"disable_correlation"`
		Distribution       string `json:"distribution"`
		EventId            string `json:"event_id"`
		Galaxy             []interface{}
		Id                 string      `json:"id"`
		ObjectId           string      `json:"object_id"`
		ObjectRelation     interface{} `json:"object_relation"`
		ShadowAttribute    []interface{}
		SharingGroupId     string `json:"sharing_group_id"`
		Tag                []struct {
			Colour     string `json:"colour"`
			Exportable bool   `json:"exportable"`
			HideTag    bool   `json:"hide_tag"`
			Id         string `json:"id"`
			Name       string `json:"name"`
			UserId     string `json:"user_id"`
		}
		Timestamp string `json:"timestamp"`
		ToIds     bool   `json:"to_ids"`
		Type      string `json:"type"`
		Uuid      string `json:"uuid"`
		Value     string `json:"value"`
	}
	AttributeCount     string `json:"attribute_count"`
	Date               string `json:"date"`
	DisableCorrelation bool   `json:"disable_correlation"`
	Distribution       string `json:"distribution"`
	ExtendsUuid        string `json:"extends_uuid"`
	Galaxy             []interface{}
	Id                 string `json:"id"`
	Info               string `json:"info"`
	Locked             bool   `json:"locked"`
	Object             []interface{}
	Org                struct {
		Id   string `json:"id"`
		Name string `json:"name"`
		Uuid string `json:"uuid"`
	}
	OrgId string `json:"org_id"`
	Orgc  struct {
		Id   string `json:"id"`
		Name string `json:"name"`
		Uuid string `json:"uuid"`
	}
	OrgcId            string `json:"orgc_id"`
	ProposalEmailLock bool   `json:"proposal_email_lock"`
	PublishTimestamp  string `json:"publish_timestamp"`
	Published         bool   `json:"published"`
	RelatedEvent      []interface{}
	ShadowAttribute   []interface{}
	SharingGroupId    string `json:"sharing_group_id"`
	Tag               []struct {
		Colour     string `json:"colour"`
		Exportable bool   `json:"exportable"`
		HideTag    bool   `json:"hide_tag"`
		Id         string `json:"id"`
		Name       string `json:"name"`
		UserId     string `json:"user_id"`
	}
	ThreatLevelId string `json:"threat_level_id"`
	Timestamp     string `json:"timestamp"`
	Uuid          string `json:"uuid"`
}

type MISPResponse ¶

type MISPResponse struct {
	Response json.RawMessage `json:"response"`
}

type SearchRequest ¶

type SearchRequest struct {
	// contains filtered or unexported fields
}

func NewSearchRequest ¶

func NewSearchRequest() *SearchRequest

func (*SearchRequest) From ¶

func (sr *SearchRequest) From(t time.Time) *SearchRequest

func (*SearchRequest) MarshalJSON ¶

func (sr *SearchRequest) MarshalJSON() ([]byte, error)

func (*SearchRequest) To ¶

func (sr *SearchRequest) To(t time.Time) *SearchRequest

func (*SearchRequest) Type ¶

func (sr *SearchRequest) Type(t string) *SearchRequest

func (*SearchRequest) Value ¶

func (sr *SearchRequest) Value(val string) *SearchRequest

type SearchResult ¶

type SearchResult struct {
	Event Event `json:"Event"`
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL