misp

package

v1.0.3 Latest Latest Go to latest Published: Sep 12, 2019 License: GPL-2.0 Imports: 17 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/0xrawsec/golang-misp

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
type EmptyMispResponse
- func (emr EmptyMispResponse) Iter() chan MispObject
type MispAttribute
- func (ma MispAttribute) Timestamp() time.Time
type MispAttributeDict
type MispAttributeQuery
- func (maq MispAttributeQuery) Prepare() (j []byte)
type MispAttributeResponse
- func (mar MispAttributeResponse) Iter() (moc chan MispObject)
type MispCon
- func NewCon(proto, host, apiKey string) MispCon
- func NewInsecureCon(proto, host, apiKey string) MispCon
- func (mc MispCon) Search(mq MispQuery) (MispResponse, error)
- func (mc MispCon) TextExport(flags ...string) (out []string, err error)
type MispConfig
- func LoadConfig(path string) (mc MispConfig)
type MispError
- func (me MispError) Error() string
type MispEvent
- func (me MispEvent) PublishedTimestamp() time.Time
- func (me MispEvent) Timestamp() time.Time
type MispEventDict
type MispEventQuery
- func (meq MispEventQuery) Prepare() (j []byte)
type MispEventResponse
- func (mer MispEventResponse) Iter() (moc chan MispObject)
type MispObject
type MispQuery
type MispRelatedEvent
- func (mre *MispRelatedEvent) Timestamp() time.Time
type MispRequest
type MispResponse
type Org

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// ErrUnknownProtocol : raised when bad protocol specified
	ErrUnknownProtocol = errors.New("Unknown protocol")
)

Functions ¶

This section is empty.

Types ¶

type EmptyMispResponse ¶

type EmptyMispResponse struct{}

func (EmptyMispResponse) Iter ¶

func (emr EmptyMispResponse) Iter() chan MispObject

Iter : MispResponse implementation

type MispAttribute ¶

type MispAttribute struct {
	ID             string `json:"id"`
	EventID        string `json:"event_id"`
	UUID           string `json:"uuid"`
	SharingGroupID string `json:"sharing_group_id"`
	StrTimestamp   string `json:"timestamp"`
	Distribution   string `json:"distribution"`
	Category       string `json:"category"`
	Type           string `json:"type"`
	Value          string `json:"value"`
	ToIDS          bool   `json:"to_ids"`
	Deleted        bool   `json:"deleted"`
	Comment        string `json:"comment"`
}

MispAttribute : define structure of attribute object returned by API

func (MispAttribute) Timestamp ¶

func (ma MispAttribute) Timestamp() time.Time

Timestamp : return Time struct according to a string time

type MispAttributeDict ¶

type MispAttributeDict struct {
	Attribute []MispAttribute `json:"Attribute"`
}

MispAttributeDict : itermediate structure to handle MISP attribute search

type MispAttributeQuery ¶

type MispAttributeQuery struct {
	Value    string `json:"value,omitempty"`
	Type     string `json:"type,omitempty"`
	Category string `json:"category,omitempty"`
	Org      string `json:"org,omitempty"`
	Tags     string `json:"tags,omitempty"`
	From     string `json:"from,omitempty"`
	To       string `json:"to,omitempty"`
	Last     string `json:"last,omitempty"`
	EventID  string `json:"eventid,omitempty"`
	UUID     string `json:"uuid,omitempty"`
}

func (MispAttributeQuery) Prepare ¶

func (maq MispAttributeQuery) Prepare() (j []byte)

Prepare : MispQuery Implementation

type MispAttributeResponse ¶

type MispAttributeResponse struct {
	Response MispAttributeDict `json:"response"`
}

MispAttributeResponse : API response when attribute query is done

func (MispAttributeResponse) Iter ¶

func (mar MispAttributeResponse) Iter() (moc chan MispObject)

Iter : MispResponse implementation

type MispCon ¶

type MispCon struct {
	Proto  string
	Host   string
	APIKey string
	Client *http.Client
}

func NewCon ¶

func NewCon(proto, host, apiKey string) MispCon

NewCon : create a new MispCon struct return (MispcCon)

func NewInsecureCon ¶

func NewInsecureCon(proto, host, apiKey string) MispCon

NewInsecureCon : Return a new MispCon with insecured TLS connection settings return (MispCon)

func (MispCon) Search ¶

func (mc MispCon) Search(mq MispQuery) (MispResponse, error)

Search : Issue a search and return a MispObject @mq : a struct implementing MispQuery interface return (MispObject, error)

func (MispCon) TextExport ¶

func (mc MispCon) TextExport(flags ...string) (out []string, err error)

TextExport text export API wrapper https://<misp url>/attributes/text/download/ The wrapper takes care of removing the duplicated entries @flags: the list of flags to use for the query

type MispConfig ¶

type MispConfig struct {
	Proto  string `json:"protocol"`
	Host   string `json:"host"`
	APIKey string `json:"api-key"`
}

MispConfig structure

func LoadConfig ¶

func LoadConfig(path string) (mc MispConfig)

LoadConfig : load a configuration file from path return (MispConfig)

type MispError ¶

type MispError struct {
	StatusCode int
	Message    string
}

func (MispError) Error ¶

func (me MispError) Error() string

type MispEvent ¶

type MispEvent struct {
	ID                    string             `json:"id"`
	OrgcID                string             `json:"orgc_id"`
	OrgID                 string             `json:"org_id"`
	Date                  string             `json:"date"`
	ThreatLevelID         string             `json:"threat_level_id"`
	Info                  string             `json:"info"`
	Published             bool               `json:"published"`
	UUID                  string             `json:"uuid"`
	AttributeCount        string             `json:"attribute_count"`
	Analysis              string             `json:"analysis"`
	StrTimestamp          string             `json:"timestamp"`
	Distribution          string             `json:"distribution"`
	ProposalEmailLock     bool               `json:"proposal_email_lock"`
	Locked                bool               `json:"locked"`
	StrPublishedTimestamp string             `json:"publish_timestamp"`
	SharingGroupID        string             `json:"sharing_group_id"`
	Org                   Org                `json:"Org"`
	Orgc                  Org                `json:"Orgc"`
	Attribute             []MispAttribute    `json:"Attribute"`
	ShadowAttribute       []MispAttribute    `json:"ShadowAttribute"`
	RelatedEvent          []MispRelatedEvent `json:"RelatedEvent"`
	Galaxy                []MispRelatedEvent `json:"Galaxy"`
}

MispEvent definition

func (MispEvent) PublishedTimestamp ¶

func (me MispEvent) PublishedTimestamp() time.Time

PublishedTimestamp : return Time struct according to a string time

func (MispEvent) Timestamp ¶

func (me MispEvent) Timestamp() time.Time

Timestamp : return Time struct according to a string time

type MispEventDict ¶

type MispEventDict struct {
	Event MispEvent `json:"Event"`
}

MispEventDict : intermediate structure to handle properly MISP API results

type MispEventQuery ¶

type MispEventQuery struct {
	Value           string `json:"value,omitempty"`
	Type            string `json:"type,omitempty"`
	Category        string `json:"category,omitempty"`
	Org             string `json:"org,omitempty"`
	Tags            string `json:"tags,omitempty"`
	QuickFilter     string `json:"quickfilter,omitempty"`
	From            string `json:"from,omitempty"`
	To              string `json:"to,omitempty"`
	Last            string `json:"last,omitempty"`
	EventID         string `json:"eventid,omitempty"`
	WithAttachments string `json:"withAttachments,omitempty"`
	Metadata        string `json:"metadata,omitempty"`
	SearchAll       int8   `json:"searchall,omitempty"`
}

MispEventQuery : defines the structure of query to event search API

func (MispEventQuery) Prepare ¶

func (meq MispEventQuery) Prepare() (j []byte)

Prepare : MispQuery Implementation

type MispEventResponse ¶

type MispEventResponse struct {
	Response []MispEventDict `json:"response"`
}

MispEventResponse : intermediate structure to handle properly MISP API results

func (MispEventResponse) Iter ¶

func (mer MispEventResponse) Iter() (moc chan MispObject)

Iter : MispResponse implementation

type MispObject ¶

type MispObject interface{}

type MispQuery ¶

type MispQuery interface {
	// Prepare the query and returns a JSON object in a form of a byte array
	Prepare() []byte
}

type MispRelatedEvent ¶

type MispRelatedEvent struct {
	ID            string `json:"id"`
	Date          string `json:"date"`
	ThreatLevelID string `json:"threat_level_id"`
	Info          string `json:"info"`
	Published     bool   `json:"published"`
	UUID          string `json:"uuid"`
	Analysis      string `json:"analysis"`
	StrTimestamp  string `json:"timestamp"`
	Distribution  string `json:"distribution"`
	OrgID         string `json:"org_id"`
	OrgcID        string `json:"orgc_id"`
	Org           Org    `json:"Org"`
	Orgc          Org    `json:"Orgc"`
}

MispRelatedEvent definition

func (*MispRelatedEvent) Timestamp ¶

func (mre *MispRelatedEvent) Timestamp() time.Time

Timestamp : return Time struct according to a string time

type MispRequest ¶

type MispRequest struct {
	Request MispQuery `json:"request"`
}

type MispResponse ¶

type MispResponse interface {
	Iter() chan MispObject
}

type Org ¶

type Org struct {
	ID   string `json:"id"`
	Name string `json:"name"`
	UUID string `json:"uuid"`
}

Org definition

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL