README
¶
Open Threat Exchange Go API Client
Overview
A working client implementation for https://otx.alienvault.com/ written in Golang Currently supports: Validate api key / obtain user statistics Get Subscriptions Get Pulse (with IOCs) by pulse_id
Installing
$ go get -u github.com/AlienVault-Labs/OTX-Go-SDK
- or -
$ go get -u gopkg.in/AlienVault-Labs/OTX-Go-SDK.v0
License
See LICENSE
Authors
Bill Smartt, Security Engineer (@bsmartt13)
Contributing
There's likely a lot of room for improvement here by a Golang expert. Please send PRs <3
Issues
Please file any issues you find on github.com
API Keys
If you haven't signed up, please visit https://otx.alienvault.com/ and do so!
Then, you can login and find your api key in your account settings.
Once you have your API Key, set it as an environment variable:
export X_OTX_API_KEY=mysecretkey
echo $X_OTX_API_KEY
or in your go code:
os.Setenv("X_OTX_API_KEY", "ab91e98e6dcac6303bd1522d3542f91fcb4be176ea262ecd892d39e0d82a218b")
For use with curl, or to write your own client, set the api key as a HTTP Header:
X-OTX-API-KEY: "ab91e98e6dcac6303bd1522d3542f91fcb4be176ea262ecd892d39e0d82a218b"
Subscriptions
Your subscriptions include all pulses:
- Created by authors you subscribe to
- Pulses you subscribe to directly
- Pulses you create
Documentation
¶
Index ¶
- Constants
- Variables
- func IsAPIError(err error) bool
- func Stringify(message interface{}) string
- type APIError
- type BaseIndicator
- type Client
- type ClientOption
- type Indicator
- type IndicatorAuthor
- type IndicatorObservation
- type IndicatorPulse
- type IndicatorPulseInfo
- type IndicatorTypeCounts
- type IndicatorValidation
- type ListOptions
- type OTXIndicatorService
- type OTXPulseDetailService
- type OTXUserDetailService
- type Pulse
- type PulseIndicator
- type PulseList
- type Timestamp
- type UserDetail
Examples ¶
Constants ¶
const ( DefaultBaseURL = "https://otx.alienvault.com" DefaultUserAgent = "go-otx-api/0.2" IndicatorsURLPath = "api/v1/indicators" SubscriptionsURLPath = "api/v1/pulses/subscribed" PulseDetailURLPath = "api/v1/pulses/" SearchPulseURLPath = "api/v1/search/pulses" UserURLPath = "api/v1/user/" )
Variables ¶
var ErrNoAPIKey = errors.New("api key not set in client")
var ErrNoPage = errors.New("no more pages")
ErrNoPage indicates that there is no "next" or "previous" page.
Functions ¶
func IsAPIError ¶
IsAPIError returns a bool indicating whether or not the given error is a *APIError.
Types ¶
type APIError ¶
type APIError struct {
Message string `json:"detail"`
// contains filtered or unexported fields
}
type BaseIndicator ¶
type BaseIndicator struct {
Indicator string `json:"indicator,omitempty"`
Description string `json:"description,omitempty"`
Title string `json:"title,omitempty"`
AccessReason string `json:"access_reason,omitempty"`
AccessType string `json:"access_type,omitempty"`
Content string `json:"content,omitempty"`
Type string `json:"type,omitempty"`
ID int `json:"id,omitempty"`
}
type Client ¶
type Client struct {
User *OTXUserDetailService
Pulses *OTXPulseDetailService
Indicator *OTXIndicatorService
// contains filtered or unexported fields
}
A Client manages communication with the OTX API.
func NewClient ¶
func NewClient(options ...ClientOption) (*Client, error)
NewClient returns a new OpenThreatExchange HTTP API client.
type ClientOption ¶
ClientOption is a function that configures a *Client.
func APIKey ¶
func APIKey(key string) ClientOption
APIKey sets the API key used by a *Client for authorizing requests to the OpenThreatExchange HTTP API.
Example ¶
client, err := NewClient(APIKey("..."))
if err != nil {
log.Fatalln(err)
}
fmt.Println(client)
Output:
func APIKeyFromEnv ¶
func APIKeyFromEnv(names ...string) ClientOption
APIKeyFromEnv sets the API key used by the *Client from one of the named environment variables. If no environment variable names are specified, the X_OTX_API_KEY, and ALIENVAULT_OTXAPI_KEY environment variables will be checked.
The returned ClientOption will return a non-nil error if it cannot find a non-empty environment variable.
Example (CustomVarNames) ¶
client, err := NewClient(APIKeyFromEnv(
"ALIENVAULT_OTX_KEY",
"OTX_KEY",
"OTX_API_KEY",
))
if err != nil {
log.Fatalln(err)
}
fmt.Println(client)
Output:
Example (Default) ¶
client, err := NewClient(APIKeyFromEnv())
if err != nil {
log.Fatalln(err)
}
fmt.Println(client)
Output:
func HTTPClient ¶
func HTTPClient(hc *http.Client) ClientOption
HTTPClient sets a *Client's internal *http.Client. If hc is nil, then http.DefaultClient is used.
Example ¶
customClient := &http.Client{}
client, err := NewClient(HTTPClient(customClient))
if err != nil {
log.Fatalln(err)
}
fmt.Println(client)
Output:
func UserAgent ¶
func UserAgent(ua string) ClientOption
UserAgent sets the User-Agent HTTP header for requests made by a *Client.
Example ¶
client, err := NewClient(UserAgent("custom-otx-api-client/13.37"))
if err != nil {
log.Fatalln(err)
}
fmt.Println(client)
Output:
type Indicator ¶
type Indicator struct {
Sections []string `json:"sections,omitempty"`
City interface{} `json:"city,omitempty"`
AreaCode int `json:"area_code,omitempty"`
PulseInfo IndicatorPulseInfo `json:"pulse_info,omitempty"`
ContinentCode string `json:"continent_code,omitempty"`
CountryName string `json:"country_name,omitempty"`
PostalCode interface{} `json:"postal_code,omitempty"`
DmaCode int `json:"dma_code,omitempty"`
CountryCode string `json:"country_code,omitempty"`
FlagURL string `json:"flag_url,omitempty"`
Asn string `json:"asn,omitempty"`
CityData bool `json:"city_data,omitempty"`
Indicator string `json:"indicator,omitempty"`
Whois string `json:"whois,omitempty"`
TypeTitle string `json:"type_title,omitempty"`
Region interface{} `json:"region,omitempty"`
Charset int `json:"charset,omitempty"`
Longitude float64 `json:"longitude,omitempty"`
CountryCode3 string `json:"country_code3,omitempty"`
Reputation int `json:"reputation,omitempty"`
BaseIndicator BaseIndicator `json:"base_indicator,omitempty"`
Latitude float64 `json:"latitude,omitempty"`
Validation IndicatorValidation `json:"validation,omitempty"`
Type string `json:"type,omitempty"`
FlagTitle string `json:"flag_title,omitempty"`
}
type IndicatorAuthor ¶
type IndicatorObservation ¶
type IndicatorObservation struct {
IndicatorTypeCounts IndicatorTypeCounts `json:"indicator_type_counts,omitempty"`
PulseSource string `json:"pulse_source,omitempty"`
Description string `json:"description,omitempty"`
SubscriberCount int `json:"subscriber_count,omitempty"`
ClonedFrom interface{} `json:"cloned_from,omitempty"`
IsSubscribed int `json:"is_subscribed,omitempty"`
CommentCount int `json:"comment_count,omitempty"`
AuthorName string `json:"author_name,omitempty"`
UpvotesCount float64 `json:"upvotes_count,omitempty"`
DownvotesCount float64 `json:"downvotes_count,omitempty"`
IsSubscribing int `json:"is_subscribing,omitempty"`
References []interface{} `json:"references,omitempty"`
TargetedCountries []interface{} `json:"targeted_countries,omitempty"`
Groups []interface{} `json:"groups,omitempty"`
Vote int `json:"vote,omitempty"`
ValidatorCount float64 `json:"validator_count,omitempty"`
Adversary string `json:"adversary,omitempty"`
ID string `json:"id,omitempty"`
ExtractSource []interface{} `json:"extract_source,omitempty"`
Industries []interface{} `json:"industries,omitempty"`
Tlp string `json:"tlp,omitempty"`
Locked int `json:"locked,omitempty"`
Name string `json:"name,omitempty"`
IsFollowing int `json:"is_following,omitempty"`
Created string `json:"created,omitempty"`
Tags []interface{} `json:"tags,omitempty"`
Modified string `json:"modified,omitempty"`
ExportCount float64 `json:"export_count,omitempty"`
AvatarURL string `json:"avatar_url,omitempty"`
FollowerCount float64 `json:"follower_count,omitempty"`
VotesCount float64 `json:"votes_count,omitempty"`
AuthorID int `json:"author_id,omitempty"`
UserSubscriberCount float64 `json:"user_subscriber_count,omitempty"`
Public int `json:"public,omitempty"`
Revision int `json:"revision,omitempty"`
}
type IndicatorPulse ¶
type IndicatorPulse struct {
IndicatorTypeCounts IndicatorTypeCounts `json:"indicator_type_counts,omitempty"`
PulseSource string `json:"pulse_source,omitempty"`
TLP string `json:"TLP,omitempty"`
Description string `json:"description,omitempty"`
SubscriberCount int `json:"subscriber_count,omitempty"`
Tags []interface{} `json:"tags,omitempty"`
ExportCount int `json:"export_count,omitempty"`
IsFollowing int `json:"is_following,omitempty"`
IsModified bool `json:"is_modified,omitempty"`
UpvotesCount float64 `json:"upvotes_count,omitempty"`
DownvotesCount float64 `json:"downvotes_count,omitempty"`
ModifiedText string `json:"modified_text,omitempty"`
IsSubscribing int `json:"is_subscribing,omitempty"`
References []interface{} `json:"references,omitempty"`
TargetedCountries []interface{} `json:"targeted_countries,omitempty"`
Groups []interface{} `json:"groups,omitempty"`
Vote int `json:"vote,omitempty"`
ValidatorCount float64 `json:"validator_count,omitempty"`
IsAuthor bool `json:"is_author,omitempty"`
Adversary string `json:"adversary,omitempty"`
ID string `json:"id,omitempty"`
Observation IndicatorObservation `json:"observation,omitempty"`
Industries []interface{} `json:"industries,omitempty"`
Locked int `json:"locked,omitempty"`
Name string `json:"name,omitempty"`
Created string `json:"created,omitempty"`
ClonedFrom interface{} `json:"cloned_from,omitempty"`
Modified string `json:"modified,omitempty"`
CommentCount float64 `json:"comment_count,omitempty"`
IndicatorCount float64 `json:"indicator_count,omitempty"`
Author IndicatorAuthor `json:"author,omitempty"`
InGroup bool `json:"in_group,omitempty"`
FollowerCount float64 `json:"follower_count,omitempty"`
VotesCount float64 `json:"votes_count,omitempty"`
Public int `json:"public,omitempty"`
}
type IndicatorPulseInfo ¶
type IndicatorPulseInfo struct {
Count int `json:"count,omitempty"`
References []interface{} `json:"references,omitempty"`
Pulses []IndicatorPulse `json:"pulses,omitempty"`
}
type IndicatorTypeCounts ¶
type IndicatorTypeCounts struct {
FileHashSHA256 int `json:"FileHash-SHA256,omitempty"`
Domain int `json:"domain,omitempty"`
URL int `json:"URL,omitempty"`
Hostname int `json:"hostname,omitempty"`
Email int `json:"email,omitempty"`
FileHashSHA1 int `json:"FileHash-SHA1,omitempty"`
IPv4 int `json:"IPv4,omitempty"`
CIDR int `json:"CIDR,omitempty"`
CVE int `json:"CVE,omitempty"`
FileHashMD5 int `json:"FileHash-MD5,omitempty"`
}
type IndicatorValidation ¶
type ListOptions ¶
type ListOptions struct {
// For paginated result sets, page of results to retrieve.
Page int `url:"page,omitempty"`
// For paginated result sets, the number of results to include per page.
// The maximum value is 20.
PerPage int `url:"limit,omitempty"`
}
ListOptions specifies the optional parameters to various List methods that support pagination. our list options: ?limit=50&page_num=1
type OTXIndicatorService ¶
type OTXIndicatorService struct {
// contains filtered or unexported fields
}
type OTXPulseDetailService ¶
type OTXPulseDetailService struct {
// contains filtered or unexported fields
}
func (*OTXPulseDetailService) Get ¶
func (svc *OTXPulseDetailService) Get(pulseID string) (*Pulse, error)
Get returns a single *Pulse.
func (*OTXPulseDetailService) List ¶
func (svc *OTXPulseDetailService) List(opt *ListOptions) (*PulseList, error)
List returns a *PulseList, which maps to a single page of pulses the user is subscribed to.
Passing nil *ListOptions will result in retrieving the first page of subscribed pulses, with the maximum number of results for the page (20).
func (*OTXPulseDetailService) Search ¶
func (svc *OTXPulseDetailService) Search(query string, opt *ListOptions) (*PulseList, error)
Search returns a PulseList.
type OTXUserDetailService ¶
type OTXUserDetailService struct {
// contains filtered or unexported fields
}
func (*OTXUserDetailService) Details ¶
func (c *OTXUserDetailService) Details() (*UserDetail, error)
type Pulse ¶
type Pulse struct {
ID string `json:"id"`
Author string `json:"author_name"`
Name string `json:"name"`
Description string `json:"description,omitempty"`
CreatedAt Timestamp `json:"created,omitempty"`
ModifiedAt Timestamp `json:"modified"`
References []string `json:"references,omitempty"`
Tags []string `json:"tags,omitempty"`
Indicators []PulseIndicator `json:"indicators,omitempty"`
Revision float32 `json:"revision,omitempty"`
TLP string `json:"tlp"`
Public int `json:"public"`
Adversary string `json:"adversary"`
TargetedCountries []string `json:"targeted_countries"`
Industries []string `json:"industries"`
}
Pulse represents an OTX Pulse.
type PulseIndicator ¶
type PulseIndicator struct {
Content string `json:"content"`
Indicator string `json:"indicator"`
Description string `json:"description,omitempty"`
Created Timestamp `json:"created"`
Expiration *Timestamp `json:"expiration,omitempty"`
Active int `json:"is_active"`
Title string `json:"title"`
AccessReason string `json:"access_reason"`
AccessType string `json:"access_type"`
AccessGroups []string `json:"access_groups"`
Type string `json:"type"`
ID int `json:"id"`
Observations int `json:"observations"`
}
func (PulseIndicator) String ¶
func (p PulseIndicator) String() string
type PulseList ¶
type PulseList struct {
Pulses []Pulse `json:"results"`
// These fields provide the page values for paginating through a set of
// results. Any or all of these may be set to the zero value for
// responses that are not part of a paginated set, or for which there
// are no additional pages.
//NextPageNum int Coming soon
//PrevPageNum int Coming soon
NextPageString *string `json:"next"`
PrevPageString *string `json:"prev"`
// Count is the total number of results, across all pages.
Count int `json:"count"`
}
PulseList represents a single page of results, where each page holds a list of pulses the user has subscribed to.
func (PulseList) NextPageOptions ¶
func (r PulseList) NextPageOptions() (*ListOptions, error)
NextPageOptions returns *ListOptions that can be used for retrieving the next page of results.
If the PulseList contains the last page of results, this method will return ErrNoPage.
func (PulseList) PrevPageOptions ¶
func (r PulseList) PrevPageOptions() (*ListOptions, error)
PrevPageOptions returns *ListOptions that can be used for retrieving the previous page of results.
If the PulseList contains the first page of results, this method will return ErrNoPage.
type Timestamp ¶
Timestamp represents a time that can be unmarshalled from a JSON string formatted as either an RFC3339 or Unix timestamp. This is necessary for some fields since the GitHub API is inconsistent in how it represents times. All exported methods of time.Time can be called on Timestamp.
func (*Timestamp) UnmarshalJSON ¶
UnmarshalJSON implements the json.Unmarshaler interface. Time is expected in RFC3339 or Unix format.
type UserDetail ¶
type UserDetail struct {
AwardCount *int `json:"award_count"`
FollowerCount *int `json:"follower_count"`
SubscriberCount *int `json:"subscriber_count"`
IndicatorCount *int `json:"indicator_count"`
PulseCount *int `json:"pulse_count"`
MemberSince *string `json:"member_since"`
UserId *int `json:"user_id"`
Username *string `json:"username"`
}
func (UserDetail) String ¶
func (r UserDetail) String() string
Source Files
Directories