README
¶
Go-MispFeedGenerator
Generate MISP feeds without a MISP Instance!
Go-MispFeedGenerator aka Go-MFG1000, is a library providing all functions needed to create events, adding attributes and generating needed feed files. Generated files can be consumed by any MISP instance.
Go-MispFeedGenerator has been created by manually reverse engineering PyMisp-FeedGenerator
Important Note: Go-MispFeedGenerator is not as sophisticated as PyMisp and PyMisp-FeedGenerator. For bugs and consumption issues on MISP, issue and pull requests are welcomed.
Capabilities
- Create Event
- Created event automatically gets a UUID and time fields
- Add attribute to Event with type and with optional category
- If category is not provided, library fetches the attributeTypes.json from official pymisp repo and gets the first category including the type
- If category is provided, library checks the type/category against attributeTypes.json from official pymisp repo
- Adding tags to event
- Generate Feed
- Library can generate event json with naming convention "EventUUID.json"
- Generate Feed Metadata
- Library can generate manifest.json and hashes.csv files alongside feed event
- Library checks existing manifest.json, hashes.csv files. New feed data will be appended to existing ones. (Note: for event feed files like EventUUID.json, a new file will be generated each time. For multiple events, multiple EventUUID.json should exist)
Usage
Install with:
go get github.com/KaanSK/Go-MISPFeedGenerator
Check Test Code
func TestFeedGenerationWithMetadata(t *testing.T) {
defer cleanGeneratedFiles()
event, err := NewMispEvent()
if err != nil {
t.Errorf("Could not create new event")
}
event.Info = "Dummy event"
event.Orgc.Name = "TEST ORG"
event.Orgc.UUID = "dc9de8b2-889c-42e5-a65f-68ecda38eed0"
event.AddTag("type:OSINT", "#004646")
event.AddTag("tlp:white", "#005151")
event.AddAttribute("email-dst", "111test1@test.com", "Network activity")
event.AddAttribute("btc", "111a3246asd8asd4a8asf5as8afs65fd77a", "")
event.AddAttribute("md5", "111847356890723489034292345875234", "")
err = event.GenerateFeed(true)
if err != nil {
t.Errorf("Could not generate feed with manifest and hashes. Error: %s", err)
}
}
Documentation
¶
Overview ¶
Package mispfeedgenerator used to generate MISP feeds without an instance.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewMispEvent ¶
func NewMispEvent() (event, error)
NewMispEvent Used to instantiate a MISP event
Types ¶
type Object ¶ added in v1.0.1
type Object struct {
StrTimestamp string `json:"timestamp"`
SharingGroupID string `json:"sharing_group_id"`
Description string `json:"description"`
Name string `json:"name"`
Comment string `json:"comment"`
UUID string `json:"uuid"`
TemplateVersion string `json:"template_version"`
Distribution string `json:"distribution"`
Deleted bool `json:"deleted"`
TemplateUUID string `json:"template_uuid"`
MetaCategory string `json:"meta-category"`
ObjectReference []struct {
Timestamp string `json:"timestamp"`
RelationshipType string `json:"relationship_type"`
ObjectUUID string `json:"object_uuid"`
Comment string `json:"comment"`
UUID string `json:"uuid"`
ReferencedUUID string `json:"referenced_uuid"`
} `json:"ObjectReference,omitempty"`
Attribute []struct {
Value string `json:"value"`
StrTimestamp string `json:"timestamp"`
Comment string `json:"comment"`
Category string `json:"category"`
UUID string `json:"uuid"`
ObjectRelation string `json:"object_relation"`
Type string `json:"type"`
ToIds bool `json:"to_ids"`
Deleted bool `json:"deleted"`
DisableCorrelation bool `json:"disable_correlation"`
} `json:"Attribute"`
}
Object is used for storing tag information
Source Files
Click to show internal directories.
Click to hide internal directories.