README
¶
Darktrace API Library
A golang API library for Darktrace appliances.
Table of Contents
Install
This project uses go modules
You can install it locally by running:
$ go get github.com/rfizzle/darktrace
Usage
Import the library into your project, setup the client, and call the API with valid parameters:
package main
import (
"github.com/rfizzle/darktrace"
"log"
)
func main() {
client, err := darktrace.NewClient(
"https://darktrace.example.com",
"publicToken",
"privateToken",
)
if err != nil {
log.Fatal(err)
}
results, err := client.EventList(
darktrace.Param("pbid", "6000000053951"),
darktrace.Param("includetotalbytes", "true"),
)
if err != nil {
log.Fatal(err)
}
if len(results) > 0 {
return
}
return
}
Maintainers
Contributing
Feel free to dive in! Open an issue or submit PRs.
License
MIT © Coleton Pierson
Documentation
¶
Index ¶
- Constants
- Variables
- func ClientAddRootCA(localCertFile string) func(c *Client) error
- func ClientDisableTLSValidation(c *Client) error
- func Param(key, value string) func() (string, string)
- func TimeToUnixMicroSecond(t time.Time) int64
- func TimeToUnixMilliSecond(t time.Time) int64
- func TimeToUnixNanoSecond(t time.Time) int64
- func UnixMicroSecondToTime(unixMS int64) time.Time
- func UnixMilliSecondToTime(unixMS int64) time.Time
- func UnixNanoSecondToTime(unixNS int64) time.Time
- type Client
- func (c *Client) AcknowledgeEvent(parameters ...RequestParameter) error
- func (c *Client) DeviceInfo(parameters ...RequestParameter) (*DeviceInfo, error)
- func (c *Client) DeviceList(parameters ...RequestParameter) ([]Device, error)
- func (c *Client) DeviceMetrics(parameters ...RequestParameter) ([]DeviceMetric, error)
- func (c *Client) EndpointDetails(parameters ...RequestParameter) (*EndpointDetails, error)
- func (c *Client) EnumsApplicationProtocolsList() ([]Enum, error)
- func (c *Client) EnumsCountriesList() ([]Enum, error)
- func (c *Client) EnumsDestinationDeviceTypesList() ([]Enum, error)
- func (c *Client) EnumsList() (*EnumResponse, error)
- func (c *Client) EnumsProtocolsList() ([]Enum, error)
- func (c *Client) EnumsSourceDeviceTypesList() ([]Enum, error)
- func (c *Client) EventList(parameters ...RequestParameter) ([]Event, error)
- func (c *Client) ListModels() ([]Model, error)
- func (c *Client) ModelBreaches(parameters ...RequestParameter) ([]ModelBreach, error)
- func (c *Client) ModelComponents(parameters ...RequestParameter) ([]ModelComponent, error)
- func (c *Client) NetworkList(parameters ...RequestParameter) ([]interface{}, error)
- func (c *Client) PcapList() ([]interface{}, error)
- func (c *Client) SimilarDevices(parameters ...RequestParameter) ([]SimilarDevice, error)
- func (c *Client) UnAcknowledgeEvent(parameters ...RequestParameter) error
- type ConnectionEvent
- type Device
- type DeviceInfo
- type DeviceMetric
- type EndpointDetails
- type Enum
- type EnumResponse
- type Event
- type EventType
- type Model
- type ModelBreach
- type ModelComponent
- type NoticeEvent
- type OptionClient
- type PolicyBreachEvent
- type RequestParameter
- type SimilarDevice
Constants ¶
View Source
const ( EventTypePolicyBreach = EventType("policybreach") EventTypeConnection = EventType("connection") EventTypeNotice = EventType("notice") )
Types of events that can be received.
Variables ¶
View Source
var DefaultTimeout = 10 * time.Second
DefaultTimeout defines the default timeout for HTTP clients.
Functions ¶
func ClientAddRootCA ¶
Add root ca to current request store
func ClientDisableTLSValidation ¶
Disable TLS validation for endpoints without valid SSL certificates
func TimeToUnixMicroSecond ¶
func TimeToUnixMilliSecond ¶
func TimeToUnixNanoSecond ¶
func UnixMicroSecondToTime ¶ added in v0.1.2
func UnixMilliSecondToTime ¶ added in v0.1.2
func UnixNanoSecondToTime ¶ added in v0.1.2
Types ¶
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
A Client manages communication with the Darktrace API.
func NewClient ¶
func NewClient(basePath, publicToken, privateToken string, options ...OptionClient) (*Client, error)
NewClient creates a new Darktrace client with HMAC Authentication.
baseUrl is the domain with the correct protocol set. ex (https://darktrace.example.com)
func (*Client) AcknowledgeEvent ¶
func (c *Client) AcknowledgeEvent(parameters ...RequestParameter) error
func (*Client) DeviceInfo ¶
func (c *Client) DeviceInfo(parameters ...RequestParameter) (*DeviceInfo, error)
DeviceInfo returns an array of devices from the submitted parameters Supported params: datatype, did, externaldomain, fulldevicedetails, odid, showallgraphdata, similardevices
func (*Client) DeviceList ¶
func (c *Client) DeviceList(parameters ...RequestParameter) ([]Device, error)
DeviceList returns an array of devices from the submitted parameters Supported params: ip, iptime, mac, seensince
func (*Client) DeviceMetrics ¶
func (c *Client) DeviceMetrics(parameters ...RequestParameter) ([]DeviceMetric, error)
DeviceMetrics returns an array of device metrics Supported params: applicationprotocol, breachtimes, ddid, destinationport, did, endtime, from, fulldevicedetails,
interval, metric, odid, port, protocol, sourceport, starttime, to
func (*Client) EndpointDetails ¶
func (c *Client) EndpointDetails(parameters ...RequestParameter) (*EndpointDetails, error)
EndpointDetails returns an array of device metrics Supported params: additionalinfo, devices, hostname, ip, score
func (*Client) EnumsApplicationProtocolsList ¶
EnumsApplicationProtocolsList returns the list of application protocol enums
func (*Client) EnumsCountriesList ¶
EnumsCountriesList returns the list of country enums
func (*Client) EnumsDestinationDeviceTypesList ¶
EnumsDestinationDeviceTypesList returns the list of destination device type enums
func (*Client) EnumsList ¶
func (c *Client) EnumsList() (*EnumResponse, error)
EnumsList returns a full list of enums
func (*Client) EnumsProtocolsList ¶
EnumsProtocolsList returns the list of protocol enums
func (*Client) EnumsSourceDeviceTypesList ¶
EnumsSourceDeviceTypesList returns the list of source device type enums
func (*Client) EventList ¶
func (c *Client) EventList(parameters ...RequestParameter) ([]Event, error)
func (*Client) ListModels ¶
func (*Client) ModelBreaches ¶
func (c *Client) ModelBreaches(parameters ...RequestParameter) ([]ModelBreach, error)
func (*Client) ModelComponents ¶
func (c *Client) ModelComponents(parameters ...RequestParameter) ([]ModelComponent, error)
func (*Client) NetworkList ¶
func (c *Client) NetworkList(parameters ...RequestParameter) ([]interface{}, error)
func (*Client) SimilarDevices ¶
func (c *Client) SimilarDevices(parameters ...RequestParameter) ([]SimilarDevice, error)
SimilarDevices returns an array of devices with similar characteristics Supported params: did, count
func (*Client) UnAcknowledgeEvent ¶
func (c *Client) UnAcknowledgeEvent(parameters ...RequestParameter) error
type ConnectionEvent ¶ added in v0.1.4
type ConnectionEvent struct {
Recentbytessincems int64 `json:"recentbytessincems"`
Recentbytessince string `json:"recentbytessince"`
Recentbytesout int64 `json:"recentbytesout"`
Recentbytesin int64 `json:"recentbytesin"`
Totalbytessincems int64 `json:"totalbytessincems"`
Totalbytessince string `json:"totalbytessince"`
Totalbytesout int64 `json:"totalbytesout"`
Totalbytesin int64 `json:"totalbytesin"`
UID string `json:"uid"`
Status string `json:"status"`
Sdid int64 `json:"sdid"`
Ddid int64 `json:"ddid"`
Port int64 `json:"port"`
SourcePort int64 `json:"sourcePort"`
DestinationPort int64 `json:"destinationPort"`
Info string `json:"info"`
Direction string `json:"direction"`
Applicationprotocol string `json:"applicationprotocol"`
Protocol string `json:"protocol"`
SourceDevice struct {
ID int64 `json:"id"`
Did int64 `json:"did"`
Objecttype string `json:"objecttype"`
Macaddress string `json:"macaddress"`
IP string `json:"ip"`
Ips []struct {
IP string `json:"ip"`
Timems int64 `json:"timems"`
Time string `json:"time"`
Sid int64 `json:"sid"`
} `json:"ips"`
Sid int64 `json:"sid"`
Hostname string `json:"hostname"`
Time string `json:"time"`
Typename string `json:"typename"`
Typelabel string `json:"typelabel"`
DeduplicatedIds []int64 `json:"deduplicated_ids"`
} `json:"sourceDevice"`
DestinationDevice struct {
ID int64 `json:"id"`
Did int64 `json:"did"`
Objecttype string `json:"objecttype"`
Macaddress string `json:"macaddress"`
IP string `json:"ip"`
Ips []struct {
IP string `json:"ip"`
Timems int64 `json:"timems"`
Time string `json:"time"`
Sid int64 `json:"sid"`
} `json:"ips"`
Sid int64 `json:"sid"`
Hostname string `json:"hostname"`
Time string `json:"time"`
Os string `json:"os"`
Typename string `json:"typename"`
Typelabel string `json:"typelabel"`
DeduplicatedIds []int64 `json:"deduplicated_ids"`
} `json:"destinationDevice"`
Source string `json:"source"`
Destination string `json:"destination"`
}
type Device ¶
type Device struct {
ID int64 `json:"id"`
IP string `json:"ip,omitempty"`
Ips []struct {
IP string `json:"ip"`
Timems int64 `json:"timems"`
Time string `json:"time"`
Sid int64 `json:"sid"`
} `json:"ips,omitempty"`
Did int64 `json:"did,omitempty"`
Sid int64 `json:"sid,omitempty"`
Hostname string `json:"hostname,omitempty"`
Time int64 `json:"time,omitempty"`
Endtime int64 `json:"endtime,omitempty"`
Os string `json:"os,omitempty"`
Typename string `json:"typename,omitempty"`
Typelabel string `json:"typelabel,omitempty"`
DeduplicatedIds []int64 `json:"deduplicated_ids,omitempty"`
}
type DeviceInfo ¶
type DeviceInfo struct {
DeviceInfo []struct {
Did int64 `json:"did"`
SimilarityScore int64 `json:"similarityScore"`
GraphData []struct {
Time int64 `json:"time"`
Count int64 `json:"count"`
} `json:"graphData"`
Info struct {
TotalUsed int64 `json:"totalUsed"`
TotalServed int64 `json:"totalServed"`
TotalDevicesAndPorts int64 `json:"totalDevicesAndPorts"`
DevicesAndPorts []struct {
DeviceAndPort string `json:"deviceAndPort"`
Size int64 `json:"size"`
} `json:"devicesAndPorts"`
PortsUsed []struct {
Port interface{} `json:"port"`
Size int64 `json:"size"`
FirstTime int64 `json:"firstTime"`
} `json:"portsUsed"`
PortsServed []struct {
Port interface{} `json:"port"`
Size int64 `json:"size"`
} `json:"portsServed"`
DevicesUsed []struct {
Did interface{} `json:"did"`
Size int64 `json:"size"`
FirstTime int64 `json:"firstTime,omitempty"`
} `json:"devicesUsed"`
DevicesServed []struct {
Did interface{} `json:"did"`
Size int64 `json:"size"`
} `json:"devicesServed"`
} `json:"info"`
} `json:"deviceInfo"`
}
type DeviceMetric ¶
type EndpointDetails ¶
type EndpointDetails struct {
Hostname string `json:"hostname"`
Dgascore int64 `json:"dgascore"`
Firsttime int64 `json:"firsttime"`
Popularity int64 `json:"popularity"`
Devices []struct {
Did int64 `json:"did"`
Objecttype string `json:"objecttype"`
Macaddress string `json:"macaddress,omitempty"`
Vendor string `json:"vendor,omitempty"`
IP string `json:"ip"`
Ips []struct {
IP string `json:"ip"`
Timems int64 `json:"timems"`
Time string `json:"time"`
Sid int64 `json:"sid"`
} `json:"ips"`
Sid int64 `json:"sid"`
Hostname string `json:"hostname"`
FirstSeen int64 `json:"firstSeen"`
LastSeen int64 `json:"lastSeen"`
Os string `json:"os"`
Typename string `json:"typename"`
Typelabel string `json:"typelabel"`
DeduplicatedIds []int64 `json:"deduplicated_ids"`
} `json:"devices"`
Ips []struct {
IP string `json:"ip"`
Firsttime int64 `json:"firsttime"`
Lasttime int64 `json:"lasttime"`
} `json:"ips"`
Locations []struct {
Latitude int64 `json:"latitude"`
Longitude int64 `json:"longitude"`
Country string `json:"country"`
City string `json:"city"`
} `json:"locations"`
}
type EnumResponse ¶
type Event ¶
type Event struct {
Time string `json:"time"`
Timems int64 `json:"timems"`
Action string `json:"action"`
EventType EventType `json:"eventType"`
PolicyBreachEvent
NoticeEvent
ConnectionEvent
}
type Model ¶
type Model struct {
Name string `json:"name"`
Pid int64 `json:"pid"`
Phid int64 `json:"phid"`
UUID string `json:"uuid"`
Logic struct {
Data []interface{} `json:"data"`
Type string `json:"type"`
Version int64 `json:"version"`
} `json:"logic"`
Throttle int64 `json:"throttle"`
Actions struct {
Alert bool `json:"alert"`
Antigena struct {
} `json:"antigena"`
Breach bool `json:"breach"`
Model bool `json:"model"`
SetPriority interface{} `json:"setPriority"`
SetTag interface{} `json:"setTag"`
SetType interface{} `json:"setType"`
} `json:"actions"`
Tags []string `json:"tags"`
Interval int64 `json:"interval"`
Sequenced bool `json:"sequenced"`
Active bool `json:"active"`
Modified string `json:"modified"`
ActiveTimes struct {
Devices struct {
} `json:"devices"`
Tags struct {
} `json:"tags"`
Type string `json:"type"`
Version int64 `json:"version"`
} `json:"activeTimes"`
Priority int64 `json:"priority"`
AutoUpdatable bool `json:"autoUpdatable"`
AutoUpdate bool `json:"autoUpdate"`
AutoSuppress bool `json:"autoSuppress"`
Description string `json:"description"`
Behaviour string `json:"behaviour"`
Defeats []interface{} `json:"defeats"`
Created struct {
By string `json:"by"`
} `json:"created"`
Edited struct {
By string `json:"by"`
} `json:"edited"`
History []struct {
Modified string `json:"modified"`
Active bool `json:"active"`
Message string `json:"message"`
By string `json:"by"`
Phid int64 `json:"phid"`
} `json:"history"`
Message string `json:"message"`
Version int64 `json:"version"`
}
type ModelBreach ¶
type ModelBreach struct {
CreationTime int64 `json:"creationTime"`
CommentCount int64 `json:"commentCount"`
Pbid int64 `json:"pbid"`
Time int64 `json:"time"`
Model struct {
Then struct {
Name string `json:"name"`
Pid int64 `json:"pid"`
Phid int64 `json:"phid"`
UUID string `json:"uuid"`
Logic struct {
Data interface{} `json:"data"`
Type string `json:"type"`
Version int64 `json:"version"`
} `json:"logic"`
Throttle int64 `json:"throttle"`
SharedEndpoints bool `json:"sharedEndpoints"`
Actions struct {
Alert bool `json:"alert"`
Antigena struct {
} `json:"antigena"`
Breach bool `json:"breach"`
Model bool `json:"model"`
SetPriority bool `json:"setPriority"`
SetTag bool `json:"setTag"`
SetType bool `json:"setType"`
} `json:"actions"`
Tags []string `json:"tags"`
Interval int64 `json:"interval"`
Sequenced bool `json:"sequenced"`
Active bool `json:"active"`
ReadOnly bool `json:"readOnly"`
Modified string `json:"modified"`
ActiveTimes struct {
Devices struct {
} `json:"devices"`
Tags struct {
} `json:"tags"`
Type string `json:"type"`
Version int64 `json:"version"`
} `json:"activeTimes"`
Priority int64 `json:"priority"`
AutoUpdatable bool `json:"autoUpdatable"`
AutoUpdate bool `json:"autoUpdate"`
AutoSuppress bool `json:"autoSuppress"`
Description string `json:"description"`
Behaviour string `json:"behaviour"`
Defeats []interface{} `json:"defeats"`
Created struct {
} `json:"created"`
Edited struct {
} `json:"edited"`
Version int64 `json:"version"`
} `json:"then"`
Now struct {
Name string `json:"name"`
Pid int64 `json:"pid"`
Phid int64 `json:"phid"`
UUID string `json:"uuid"`
Logic struct {
Data interface{} `json:"data"`
Type string `json:"type"`
Version int64 `json:"version"`
} `json:"logic"`
Throttle int64 `json:"throttle"`
SharedEndpoints bool `json:"sharedEndpoints"`
Actions struct {
Alert bool `json:"alert"`
Antigena struct {
} `json:"antigena"`
Breach bool `json:"breach"`
Model bool `json:"model"`
SetPriority bool `json:"setPriority"`
SetTag bool `json:"setTag"`
SetType bool `json:"setType"`
} `json:"actions"`
Tags []string `json:"tags"`
Interval int64 `json:"interval"`
Sequenced bool `json:"sequenced"`
Active bool `json:"active"`
ReadOnly bool `json:"readOnly"`
Modified string `json:"modified"`
ActiveTimes struct {
Devices struct {
} `json:"devices"`
Tags struct {
} `json:"tags"`
Type string `json:"type"`
Version int64 `json:"version"`
} `json:"activeTimes"`
Priority int64 `json:"priority"`
AutoUpdatable bool `json:"autoUpdatable"`
AutoUpdate bool `json:"autoUpdate"`
AutoSuppress bool `json:"autoSuppress"`
Description string `json:"description"`
Behaviour string `json:"behaviour"`
Defeats []interface{} `json:"defeats"`
Created struct {
} `json:"created"`
Edited struct {
} `json:"edited"`
Version int64 `json:"version"`
} `json:"now"`
} `json:"model"`
TriggeredComponents []struct {
Time int64 `json:"time"`
Cbid int64 `json:"cbid"`
Cid int64 `json:"cid"`
Chid int64 `json:"chid"`
Size int64 `json:"size"`
Threshold int64 `json:"threshold"`
Interval int64 `json:"interval"`
Metric struct {
Mlid int64 `json:"mlid"`
Name string `json:"name"`
Label string `json:"label"`
} `json:"metric"`
TriggeredFilters []struct {
Cfid int64 `json:"cfid"`
ID string `json:"id"`
FilterType string `json:"filterType"`
Arguments struct {
Value interface{} `json:"value"`
} `json:"arguments,omitempty"`
ComparatorType string `json:"comparatorType"`
Trigger struct {
Value interface{} `json:"value"`
} `json:"trigger"`
} `json:"triggeredFilters"`
} `json:"triggeredComponents"`
Score float64 `json:"score"`
Device struct {
Did int64 `json:"did"`
Objecttype string `json:"objecttype"`
Hostname string `json:"hostname"`
IP string `json:"ip"`
Sid int64 `json:"sid"`
Typelabel string `json:"typelabel"`
Typename string `json:"typename"`
DeduplicatedIds []int64 `json:"deduplicated_ids"`
} `json:"device"`
}
type ModelComponent ¶
type ModelComponent struct {
Cid int64 `json:"cid"`
Chid int64 `json:"chid"`
Mlid int64 `json:"mlid"`
Threshold int64 `json:"threshold"`
Interval int64 `json:"interval"`
Logic struct {
Data interface{} `json:"data"`
Version string `json:"version"`
} `json:"logic"`
Filters []interface{} `json:"filters"`
Active bool `json:"active"`
}
type NoticeEvent ¶ added in v0.1.4
type NoticeEvent struct {
Nid int64 `json:"nid"`
Info string `json:"info"`
UID string `json:"uid"`
Direction string `json:"direction"`
Mlid int64 `json:"mlid"`
Type string `json:"type"`
Dpcode string `json:"dpcode"`
Dpcodetitle string `json:"dpcodetitle"`
Msg string `json:"msg"`
DestinationPort int64 `json:"destinationPort"`
Size int64 `json:"size"`
Details string `json:"details"`
SourceDevice struct {
ID int64 `json:"id"`
Did int64 `json:"did"`
Objecttype string `json:"objecttype"`
Macaddress string `json:"macaddress"`
IP string `json:"ip"`
Ips []struct {
IP string `json:"ip"`
Timems int64 `json:"timems"`
Time string `json:"time"`
Sid int64 `json:"sid"`
} `json:"ips"`
Sid int64 `json:"sid"`
Hostname string `json:"hostname"`
Time string `json:"time"`
Typename string `json:"typename"`
Typelabel string `json:"typelabel"`
DeduplicatedIds []int64 `json:"deduplicated_ids"`
} `json:"sourceDevice"`
DestinationDevice struct {
ID int64 `json:"id"`
Did int64 `json:"did"`
Objecttype string `json:"objecttype"`
Macaddress string `json:"macaddress"`
IP string `json:"ip"`
Ips []struct {
IP string `json:"ip"`
Timems int64 `json:"timems"`
Time string `json:"time"`
Sid int64 `json:"sid"`
} `json:"ips"`
Sid int64 `json:"sid"`
Hostname string `json:"hostname"`
Time string `json:"time"`
Os string `json:"os"`
Typename string `json:"typename"`
Typelabel string `json:"typelabel"`
DeduplicatedIds []int64 `json:"deduplicated_ids"`
} `json:"destinationDevice"`
Source string `json:"source"`
Destination string `json:"destination"`
}
type PolicyBreachEvent ¶ added in v0.1.4
type PolicyBreachEvent struct {
Pbid int64 `json:"pbid"`
Pid int64 `json:"pid"`
Phid int64 `json:"phid"`
CreationTime int64 `json:"creationTime"`
CreationTimestamp string `json:"creationTimestamp"`
Name string `json:"name"`
Components []int64 `json:"components"`
DidRestrictions []interface{} `json:"didRestrictions"`
DidExclusions []interface{} `json:"didExclusions"`
Throttle int64 `json:"throttle"`
Interval int64 `json:"interval"`
Sequenced bool `json:"sequenced"`
Active bool `json:"active"`
Retired bool `json:"retired"`
InstanceID int64 `json:"instanceID"`
Acknowledged bool `json:"acknowledged"`
State string `json:"state"`
Score float64 `json:"score"`
CommentCount int64 `json:"commentCount"`
ComponentBreaches []int64 `json:"componentBreaches"`
ComponentBreachTimes []int64 `json:"componentBreachTimes"`
Devices []int64 `json:"devices"`
DeviceLabels []string `json:"deviceLabels"`
}
type RequestParameter ¶
Dynamic parameter options for requests
type SimilarDevice ¶
type SimilarDevice struct {
Did int64 `json:"did"`
Objecttype string `json:"objecttype"`
Score int64 `json:"score"`
IP string `json:"ip"`
Ips []struct {
IP string `json:"ip"`
Timems int64 `json:"timems"`
Time string `json:"time"`
Sid int64 `json:"sid"`
} `json:"ips"`
Sid int64 `json:"sid"`
Hostname string `json:"hostname,omitempty"`
FirstSeen int64 `json:"firstSeen"`
LastSeen int64 `json:"lastSeen"`
Os string `json:"os,omitempty"`
Typename string `json:"typename"`
Typelabel string `json:"typelabel"`
Priority int64 `json:"priority,omitempty"`
}
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.