qradar

package module
v1.3.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 26, 2023 License: GPL-3.0 Imports: 11 Imported by: 3

README

go-radar

Go Reference Go Report Card

Documentation

Overview

Package qradar provides an API client for the QRadar API. See examples of the usage in the examples folder.

Index

Constants

View Source 
const (

	// ErrUnauthorized assigned on 401 http error.
	ErrUnauthorized = "unathorized"
)

Variables

View Source 
var SearchResultsWindow = 50

SearchResultsWindow is a default window for scrolling results of the query.

Functions

func CheckResponse 

func CheckResponse(r *http.Response) error

CheckResponse checks the API response for errors.

func SetAPIversion added in v1.1.1 

func SetAPIversion(api string) func(*Client) error

SetAPIversion sets a version of QRadar API

func SetHTTPClient 

func SetHTTPClient(httpClient *http.Client) func(*Client) error

SetHTTPClient sets an HTTP client.

func SetSECKey 

func SetSECKey(key string) func(*Client) error

SetSECKey sets a key to auth on the QRadar API

Types

type ArielService 

type ArielService service

ArielService handles communication with the search-related methods of the QRadar API.

func (*ArielService) DeleteSearch added in v1.3.3 

func (a *ArielService) DeleteSearch(ctx context.Context, searchID string) (string, error)

DeleteSearch returns a search status that has been deleted and the error.

func (*ArielService) NewSearchResultsScroller 

func (a *ArielService) NewSearchResultsScroller(ctx context.Context, searchID string) (*SearchResultsScroller, error)

NewSearchResultsScroller initializes struct to scroll the records.

func (*ArielService) ScrollByQuery added in v1.0.0 

func (a *ArielService) ScrollByQuery(ctx context.Context, sqlQuery string) (*SearchResultsScroller, *SearchMetadata, error)

ScrollByQuery events in the QRadar API. Recommended way to retrieve large amount of events.

func (*ArielService) SearchByQuery 

func (a *ArielService) SearchByQuery(ctx context.Context, sqlQuery string) (*Search, error)

SearchByQuery events in the QRadar API. It's caller responsibility to wait for results and get the final data.

func (*ArielService) SearchMetadata 

func (a *ArielService) SearchMetadata(ctx context.Context, searchID string) (*SearchMetadata, error)

SearchMetadata represents a metadata retriever.

func (*ArielService) SearchStatus 

func (a *ArielService) SearchStatus(ctx context.Context, searchID string) (string, int, error)

SearchStatus returns a status and count of the records of the search.

func (*ArielService) WaitForSearchID added in v1.0.0 

func (a *ArielService) WaitForSearchID(ctx context.Context, searchID string, status JobStatus, seconds int) (int, error)

WaitForSearchID returns amount of records and the error.

type BuildingBlock added in v1.1.1 

type BuildingBlock struct {
	ID                   *int    `json:"id,omitempty"`
	Name                 *string `json:"name,omitempty"`
	BuildingBlockType    *string `json:"building_block_type,omitempty"`
	Enabled              *bool   `json:"enabled,omitempty"`
	Owner                *string `json:"owner,omitempty"`
	Origin               *string `json:"origin,omitempty"`
	BaseCapacity         *int    `json:"base_capacity,omitempty"`
	BaseHostID           *int    `json:"base_host_id,omitempty"`
	AverageCapacity      *int    `json:"average_capacity,omitempty"`
	CapacityTimestamp    *int    `json:"capacity_timestamp,omitempty"`
	Identifier           *string `json:"identifier,omitempty"`
	LinkedRuleIdentifier *string `json:"linked_rule_identifier,omitempty"`
	CreationDate         *int    `json:"creation_date,omitempty"`
	ModificationDate     *int    `json:"modification_date,omitempty"`
}

BuildingBlock represents QRadar's BuildingBlock.

type BuildingBlockService added in v1.1.1 

type BuildingBlockService service

BuildingBlockService handles methods related to BuildingBlock of the QRadar API.

func (*BuildingBlockService) DeleteByID added in v1.1.1 

func (c *BuildingBlockService) DeleteByID(ctx context.Context, fields string, id int) (*DeleteTask, error)

DeleteByID creates A Delete Task in QRadar installation in order to safely delete BuildingBlock by ID.

func (*BuildingBlockService) Get added in v1.1.1 

func (c *BuildingBlockService) Get(ctx context.Context, fields, filter string, from, to int) ([]BuildingBlock, error)

Get returns BuildingBlocks of the current QRadar installation

func (*BuildingBlockService) GetByID added in v1.1.1 

func (c *BuildingBlockService) GetByID(ctx context.Context, fields string, id int) (*BuildingBlock, error)

GetByID returns BuildingBlock of the current QRadar installation by ID.

func (*BuildingBlockService) UpdateByID added in v1.1.1 

func (c *BuildingBlockService) UpdateByID(ctx context.Context, fields string, id int, data interface{}) (*BuildingBlock, error)

UpdateByID updates only the BuildingBlock owner or enabled/disabled by ID.

type BuildingBlockWithData added in v1.1.1 

type BuildingBlockWithData struct {
	BuildingBlock
	RuleXML *string `json:"rule_xml,omitempty"`
}

BuildingBlockWithData represents QRadar's BuildingBlock.

type BuildingBlockWithDataService added in v1.1.1 

type BuildingBlockWithDataService service

BuildingBlockWithDataService handles methods related to BuildingBlock of the QRadar Undocumented API.

func (*BuildingBlockWithDataService) Create added in v1.1.1 

func (c *BuildingBlockWithDataService) Create(ctx context.Context, fields string, data interface{}) (*BuildingBlockWithData, error)

Create creates BuildingBlockWithData in the current QRadar installation. Undocumented API.

func (*BuildingBlockWithDataService) Get added in v1.1.1 

func (c *BuildingBlockWithDataService) Get(ctx context.Context, fields, filter string, from, to int) ([]BuildingBlockWithData, error)

Get returns BuildingBlockWithData of the current QRadar installation. Undocumented API.

func (*BuildingBlockWithDataService) GetByID added in v1.1.1 

func (c *BuildingBlockWithDataService) GetByID(ctx context.Context, fields string, id int) (*BuildingBlockWithData, error)

GetByID returns BuildingBlockWithData of the current QRadar installation by ID. Undocumented API.

func (*BuildingBlockWithDataService) UpdateByID added in v1.1.1 

func (c *BuildingBlockWithDataService) UpdateByID(ctx context.Context, fields string, id int, data interface{}) (*BuildingBlockWithData, error)

UpdateByID updates BuildingBlockWithData by ID. Undocumented API.

type Client 

type Client struct {
	Client    *http.Client
	BaseURL   *url.URL
	UserAgent string
	SECKey    string
	APIv      string

	Ariel                 *ArielService
	BuildingBlock         *BuildingBlockService
	BuildingBlockWithData *BuildingBlockWithDataService
	EventCollector        *EventCollectorService
	Offense               *OffenseService
	OffenseType           *OffenseTypeService
	Domain                *DomainService
	DSM                   *DSMService
	QID                   *QIDService
	LowLevelCategory      *LowLevelCategoryService
	HighLevelCategory     *HighLevelCategoryService
	RegexProperty         *RegexPropertyService
	Tenant                *TenantService
	Rule                  *RuleService
	RuleWithData          *RuleWithDataService
	RuleGroup             *RuleGroupService
	NetworkHierarchy      *NetworkHierarchyService

	PropertyExpression            *PropertyExpressionService
	PropertyJSONExpression        *PropertyJSONExpressionService
	PropertyLEEFExpression        *PropertyLEEFExpressionService
	PropertyCEFExpression         *PropertyCEFExpressionService
	ProperetyNVPExpression        *PropertyNVPExpressionService
	PropertyGenericListExpression *PropertyGenericListExpressionService
	PropertyXMLExpression         *PropertyXMLExpressionService

	LogSourceExtension *LogSourceExtensionService
	LogSourceType      *LogSourceTypeService
	LogSourceGroup     *LogSourceGroupService
	LogSource          *LogSourceService

	ReferenceMapOfSets *ReferenceMapOfSetsService
	ReferenceMap       *ReferenceMapService
	ReferenceSet       *ReferenceSetService
	ReferenceTable     *ReferenceTableService
	// contains filtered or unexported fields
}

Client manages communication with the QRadar API.

func NewClient 

func NewClient(baseurl string, opts ...func(*Client) error) (*Client, error)

NewClient returns a new QRadar API client.

func (*Client) Do 

func (c *Client) Do(ctx context.Context, req *http.Request, v interface{}) (*http.Response, error)

Do sends an API request and returns the API response. The API response is JSON decoded and stored in the value pointed to by v, or returned as an error if an API error has occurred. If v implements the io.Writer interface, the raw response body will be written to v, without attempting to first decode it.

The provided ctx must be non-nil. If it is canceled or times out, ctx.Err() will be returned.

func (*Client) NewRequest 

func (c *Client) NewRequest(method, urlStr string, body interface{}) (*http.Request, error)

NewRequest constructs and new request to send.

type DSM added in v1.1.1 

type DSM struct {
	ID                     *int    `json:"id,omitempty"`
	LogSourceTypeID        *int    `json:"log_source_type_id,omitempty"`
	LogSourceEventID       *string `json:"log_source_event_id,omitempty"`
	LogSourceEventCategory *string `json:"log_source_event_category,omitempty"`
	CustomEvent            *bool   `json:"custom_event,omitempty"`
	QIDRecordID            *int    `json:"qid_record_id,omitempty"`
	UUID                   *string `json:"uuid,omitempty"`
}

DSM represents QRadar's DSM

type DSMService added in v1.1.1 

type DSMService service

DSMService handles methods related to DSMs of the QRadar API.

func (*DSMService) Create added in v1.1.1 

func (c *DSMService) Create(ctx context.Context, fields string, data interface{}) (*DSM, error)

Create creates DSM in the current QRadar installation.

func (*DSMService) Get added in v1.1.1 

func (c *DSMService) Get(ctx context.Context, fields, filter string, from, to int) ([]DSM, error)

Get returns DSMs of the current QRadar installation.

func (*DSMService) GetByID added in v1.1.1 

func (c *DSMService) GetByID(ctx context.Context, fields string, id int) (*DSM, error)

GetByID returns DSM of the current QRadar installation by ID.

func (*DSMService) UpdateByID added in v1.1.1 

func (c *DSMService) UpdateByID(ctx context.Context, fields string, id int, data interface{}) (*DSM, error)

UpdateByID updates DSM in QRadar installation by ID.

type DeleteTask added in v1.1.1 

type DeleteTask struct {
	ID        *int    `json:"id,omitempty"`
	Message   *string `json:"message,omitempty"`
	Status    *string `json:"status,omitempty"`
	Name      *string `json:"name,omitempty"`
	CreatedBy *string `json:"created_by,omitempty"`
	Created   *int    `json:"created,omitempty"`
	Started   *int    `json:"started,omitempty"`
	Modified  *int    `json:"modified,omitempty"`
	Completed *int    `json:"completed,omitempty"`
}

DeleteTask represents structure of a Delete Task to ensure safe deletion.

type Domain added in v1.0.0 

type Domain struct {
	AssetScannerIds  []int `json:"asset_scanner_ids,omitempty"`
	CustomProperties []struct {
		CaptureResult *string `json:"capture_result,omitempty"`
		ID            *int    `json:"id,omitempty"`
	} `json:"custom_properties,omitempty"`
	Deleted           *bool   `json:"deleted,omitempty"`
	Description       *string `json:"description,omitempty"`
	EventCollectorIds []int   `json:"event_collector_ids,omitempty"`
	FlowCollectorIds  []int   `json:"flow_collector_ids,omitempty"`
	FlowSourceIds     []int   `json:"flow_source_ids,omitempty"`
	FlowVlanIds       []int   `json:"flow_vlan_ids,omitempty"`
	ID                *int    `json:"id,omitempty"`
	LogSourceGroupIds []int   `json:"log_source_group_ids,omitempty"`
	LogSourceIds      []int   `json:"log_source_ids,omitempty"`
	Name              *string `json:"name,omitempty"`
	QvmScannerIds     []int   `json:"qvm_scanner_ids,omitempty"`
	TenantID          *int    `json:"tenant_id,omitempty"`
}

Domain represents QRadar's Domain.

type DomainService added in v1.1.1 

type DomainService service

DomainService handles methods related to Domains of the QRadar API.

func (*DomainService) Create added in v1.1.1 

func (c *DomainService) Create(ctx context.Context, fields string, data interface{}) (*Domain, error)

Create creates Domain in the current QRadar installation.

func (*DomainService) DeleteByID added in v1.1.1 

func (c *DomainService) DeleteByID(ctx context.Context, fields string, id int) (*Domain, error)

DeleteByID deletes Domain in QRadar installation by ID.

func (*DomainService) Get added in v1.1.1 

func (c *DomainService) Get(ctx context.Context, fields, filter string, from, to int) ([]Domain, error)

Get returns Domains of the current QRadar installation.

func (*DomainService) GetByID added in v1.1.1 

func (c *DomainService) GetByID(ctx context.Context, fields string, id int) (*Domain, error)

GetByID returns Domain of the current QRadar installation by ID.

func (*DomainService) UpdateByID added in v1.1.1 

func (c *DomainService) UpdateByID(ctx context.Context, fields string, id int, data interface{}) (*Domain, error)

UpdateByID updates Domain in QRadar installation by ID.

type ErrorMessage 

type ErrorMessage struct {
	Code        json.Number `json:"code,omitempty"`
	Contexts    []string    `json:"contexts,omitempty"`
	Message     string      `json:"message,omitempty"`
	Description string      `json:"description,omitempty"`
	Severity    string      `json:"severity,omitempty"`
	Details     struct {
		Reason      string `json:"reason,omitempty"`
		Code        int    `json:"code,omitempty"`
		StartIndex  int    `json:"start_index,omitempty"`
		LineNumber  int    `json:"line_number,omitempty"`
		QueryString string `json:"query_string,omitempty"`
		TokenText   string `json:"token_text,omitempty"`
	} `json:"details,omitempty"`
	// contains filtered or unexported fields
}

ErrorMessage represents generic error message by the QRadar API.

func (*ErrorMessage) Error 

func (e *ErrorMessage) Error() string

Error satisfies the error interface.

type Event 

type Event map[string]interface{}

Event represents generic event result.

type EventCollector added in v1.2.0 

type EventCollector struct {
	ID            *int    `json:"id,omitempty"`
	ComponentName *string `json:"component_name,omitempty"`
	Name          *string `json:"name,omitempty"`
	HostID        *int    `json:"host_id,omitempty"`
}

EventCollector represents QRadar's Event Collector

type EventCollectorService added in v1.2.0 

type EventCollectorService service

EventCollectorService handles methods related to Event Collector of the QRadar API.

func (*EventCollectorService) Get added in v1.2.0 

func (c *EventCollectorService) Get(ctx context.Context, fields, filter string, from, to int) ([]EventCollector, error)

Get returns DSMs of the current QRadar installation.

type HighLevelCategory added in v1.1.1 

type HighLevelCategory struct {
	ID          *int    `json:"id,omitempty"`
	Name        *string `json:"name,omitempty"`
	Description *string `json:"description,omitempty"`
}

HighLevelCategory represents QRadar's HighLevelCategory.

type HighLevelCategoryService added in v1.1.1 

type HighLevelCategoryService service

HighLevelCategoryService handles methods related to High Level Categories of the QRadar API.

func (*HighLevelCategoryService) Get added in v1.1.1 

func (c *HighLevelCategoryService) Get(ctx context.Context, fields, filter string, from, to int) ([]HighLevelCategory, error)

Get returns HighLevelCategories of the current QRadar installation.

func (*HighLevelCategoryService) GetByID added in v1.1.1 

func (c *HighLevelCategoryService) GetByID(ctx context.Context, fields string, id int) (*HighLevelCategory, error)

GetByID returns HighLevelCategory of the current QRadar installation by ID.

type JobStatus 

type JobStatus string

JobStatus represents status of the job: search, etc. 

const (
	// StatusWait wait
	StatusWait JobStatus = "WAIT"

	// StatusExecute executing
	StatusExecute JobStatus = "EXECUTE"

	// StatusSorting sorting
	StatusSorting JobStatus = "SORTING"

	// StatusCompleted completed
	StatusCompleted JobStatus = "COMPLETED"

	// StatusCanceled canceled
	StatusCanceled JobStatus = "CANCELED"

	// StatusError errored
	StatusError JobStatus = "ERROR"
)

type LogSource added in v1.2.0 

type LogSource struct {
	SendingIP           *string `json:"sending_ip,omitempty"`
	Internal            *bool   `json:"internal,omitempty"`
	LegacyBulkGroupName *string `json:"legacy_bulk_group_name,omitempty"`
	ProtocolParameters  []struct {
		Name  *string `json:"name,omitempty"`
		ID    *int    `json:"id,omitempty"`
		Value *string `json:"value,omitempty"`
	} `json:"protocol_parameters,omitempty"`
	Description                      *string `json:"description,omitempty"`
	CoalesceEvents                   *bool   `json:"coalesce_events,omitempty"`
	Enabled                          *bool   `json:"enabled,omitempty"`
	GroupIDs                         []int   `json:"group_ids,omitempty"`
	AverageEps                       *int    `json:"average_eps,omitempty"`
	Credibility                      *int    `json:"credibility,omitempty"`
	ID                               *int    `json:"id,omitempty"`
	StoreEventPayload                *bool   `json:"store_event_payload,omitempty"`
	TargetEventCollectorID           *int    `json:"target_event_collector_id,omitempty"`
	ProtocolTypeID                   *int    `json:"protocol_type_id,omitempty"`
	LanguageID                       *int    `json:"language_id,omitempty"`
	CreationDate                     *int    `json:"creation_date,omitempty"`
	LogSourceExtensionID             *int    `json:"log_source_extension_id,omitempty"`
	WincollectExternalDestinationIDs []int   `json:"wincollect_external_destination_ids,omitempty"`
	Name                             *string `json:"name,omitempty"`
	AutoDiscovered                   *bool   `json:"auto_discovered,omitempty"`
	ModifiedDate                     *int    `json:"modified_date,omitempty"`
	TypeID                           *int    `json:"type_id,omitempty"`
	LastEventTime                    *int    `json:"last_event_time,omitempty"`
	RequiresDeploy                   *bool   `json:"requires_deploy,omitempty"`
	Gateway                          *bool   `json:"gateway,omitempty"`
	WincollectInternalDestinationID  *int    `json:"wincollect_internal_destination_id,omitempty"`
	Status                           struct {
		LastUpdated *int `json:"last_updated,omitempty"`
		Messages    []struct {
			Severity  *string `json:"severity,omitempty"`
			Text      *string `json:"text,omitempty"`
			Timestamp *int    `json:"timestamp,omitempty"`
		} `json:"messages,omitempty"`
		Status *string `json:"status,omitempty"`
	} `json:"status,omitempty"`
}

LogSource represents QRadar's Log Source Type.

type LogSourceExtension added in v1.1.1 

type LogSourceExtension struct {
	ID           *int    `json:"id,omitempty"`
	Name         *string `json:"name,omitempty"`
	Description  *string `json:"description,omitempty"`
	Enabled      *bool   `json:"enabled,omitempty"`
	UseCondition *int    `json:"use_condition,omitempty"`
	XML          *string `json:"xml,omitempty"`
}

LogSourceExtension represents QRadar's Log Source Extension.

type LogSourceExtensionService added in v1.1.1 

type LogSourceExtensionService service

LogSourceExtensionService handles methods related to Log Source Extensions of the QRadar Undocumented API.

func (*LogSourceExtensionService) Create added in v1.2.0 

func (c *LogSourceExtensionService) Create(ctx context.Context, fields string, data interface{}) (*LogSourceExtension, error)

Create creates Log Source Extension in the current QRadar installation. Undocumented API.

func (*LogSourceExtensionService) Get added in v1.1.1 

func (c *LogSourceExtensionService) Get(ctx context.Context, fields, filter string, from, to int) ([]LogSourceExtension, error)

Get returns Log Source Extension of the current QRadar installation. Undocumented API.

func (*LogSourceExtensionService) GetByID added in v1.1.1 

func (c *LogSourceExtensionService) GetByID(ctx context.Context, fields string, id int) (*LogSourceExtension, error)

GetByID returns Log Source Extension of the current QRadar installation by ID. Undocumented API.

func (*LogSourceExtensionService) GetByName added in v1.1.1 

func (c *LogSourceExtensionService) GetByName(ctx context.Context, fields string, name string) (*LogSourceExtension, error)

GetByName returns Log Source Extension of the current QRadar installation by Name. Undocumented API.

type LogSourceGroup added in v1.1.1 

type LogSourceGroup struct {
	ID               *int    `json:"id,omitempty"`
	Name             *string `json:"name,omitempty"`
	Description      *string `json:"description,omitempty"`
	ParentID         *int    `json:"parent_id,omitempty"`
	Owner            *string `json:"owner,omitempty"`
	ModificationDate *int    `json:"modification_date,omitempty"`
	Assignable       *bool   `json:"assignable,omitempty"`
	ChildGroupIDs    []int   `json:"child_group_ids,omitempty"`
}

LogSourceGroup represents QRadar's Log Source Group.

type LogSourceGroupService added in v1.1.1 

type LogSourceGroupService service

LogSourceGroupService handles methods related to Log Source Groups of the QRadar API.

func (*LogSourceGroupService) Create added in v1.1.1 

func (c *LogSourceGroupService) Create(ctx context.Context, fields string, data interface{}) (*LogSourceGroup, error)

Create creates Log Source Group in the current QRadar installation.

func (*LogSourceGroupService) Get added in v1.1.1 

func (c *LogSourceGroupService) Get(ctx context.Context, fields, filter string, from, to int) ([]LogSourceGroup, error)

Get returns Log Source Groups of the current QRadar installation.

func (*LogSourceGroupService) GetByID added in v1.1.1 

func (c *LogSourceGroupService) GetByID(ctx context.Context, fields string, id int) (*LogSourceGroup, error)

GetByID returns Log Source Group of the current QRadar installation by ID.

type LogSourceService added in v1.2.0 

type LogSourceService service

LogSourceService handles methods related to Log Sources of the QRadar API.

func (*LogSourceService) Get added in v1.2.0 

func (c *LogSourceService) Get(ctx context.Context, fields, filter string, from, to int) ([]LogSource, error)

Get returns Log Sources of the current QRadar installation.

type LogSourceType added in v1.1.1 

type LogSourceType struct {
	ID                   *int    `json:"id,omitempty"`
	Name                 *string `json:"name,omitempty"`
	Internal             *bool   `json:"internal,omitempty"`
	Custom               *bool   `json:"custom,omitempty"`
	DefaultProtocolID    *int    `json:"default_protocol_id,omitempty"`
	LogSourceExtensionID *int    `json:"log_source_extension_id,omitempty"`
	Version              *string `json:"version,omitempty"`
	SupportedLanguageIDs []int   `json:"supported_language_ids,omitempty"`

	ProtocolTypes []struct {
		ProtocolID *int  `json:"protocol_id,omitempty"`
		Documented *bool `json:"documented,omitempty"`
	} `json:"protocol_types,omitempty"`
}

LogSourceType represents QRadar's Log Source Type.

type LogSourceTypeService added in v1.1.1 

type LogSourceTypeService service

LogSourceTypeService handles methods related to Log Source Types of the QRadar API.

func (*LogSourceTypeService) Create added in v1.1.1 

func (c *LogSourceTypeService) Create(ctx context.Context, fields string, data interface{}) (*LogSourceType, error)

Create creates Log Source Type in the current QRadar installation.

func (*LogSourceTypeService) DeleteByID added in v1.1.1 

func (c *LogSourceTypeService) DeleteByID(ctx context.Context, fields string, id int) (*DeleteTask, error)

DeleteByID creates A Delete Task in QRadar installation in order to safely delete Log Source Type by ID. TODO need to be tested

func (*LogSourceTypeService) Get added in v1.1.1 

func (c *LogSourceTypeService) Get(ctx context.Context, fields, filter string, from, to int) ([]LogSourceType, error)

Get returns Log Source Types of the current QRadar installation.

func (*LogSourceTypeService) GetByID added in v1.1.1 

func (c *LogSourceTypeService) GetByID(ctx context.Context, fields string, id int) (*LogSourceType, error)

GetByID returns Log Source Type of the current QRadar installation by ID.

func (*LogSourceTypeService) GetByName added in v1.1.1 

func (c *LogSourceTypeService) GetByName(ctx context.Context, fields string, name string) (*LogSourceType, error)

GetByName returns Log Source Type of the current QRadar installation by Name.

func (*LogSourceTypeService) UpdateByID added in v1.1.1 

func (c *LogSourceTypeService) UpdateByID(ctx context.Context, fields string, id int, data interface{}) (*LogSourceType, error)

UpdateByID updates Log Source Type in QRadar installation by ID.

type LowLevelCategory added in v1.1.1 

type LowLevelCategory struct {
	ID                  *int    `json:"id,omitempty"`
	Name                *string `json:"name,omitempty"`
	Description         *string `json:"description,omitempty"`
	Severity            *int    `json:"severity,omitempty"`
	HighLevelCategoryID *int    `json:"high_level_category_id,omitempty"`
}

LowLevelCategory represents QRadar's LowLevelCategory.

type LowLevelCategoryService added in v1.1.1 

type LowLevelCategoryService service

LowLevelCategoryService handles methods related to Low Level Categories of the QRadar API.

func (*LowLevelCategoryService) Get added in v1.1.1 

func (c *LowLevelCategoryService) Get(ctx context.Context, fields, filter string, from, to int) ([]LowLevelCategory, error)

Get returns LowLevelCategories of the current QRadar installation.

func (*LowLevelCategoryService) GetByID added in v1.1.1 

func (c *LowLevelCategoryService) GetByID(ctx context.Context, fields string, id int) (*LowLevelCategory, error)

GetByID returns LowLevelCategory of the current QRadar installation by ID.

type NetworkHierarchy added in v1.3.0 

type NetworkHierarchy struct {
	Name        *string `json:"name,omitempty"`
	Description *string `json:"description,omitempty"`
	Cidr        *string `json:"cidr,omitempty"`
	ID          *int    `json:"id,omitempty"`
	DomainID    *int    `json:"domain_id,omitempty"`
	Group       *string `json:"group,omitempty"`
}

NetworkHierarchy represents QRadar's generated NetworkHierarchy.

type NetworkHierarchyService added in v1.3.0 

type NetworkHierarchyService service

NetworkHierarchyService handles methods related to Networkhierarchy of the QRadar API.

func (*NetworkHierarchyService) Get added in v1.3.0 

func (c *NetworkHierarchyService) Get(ctx context.Context, fields string) ([]NetworkHierarchy, error)

Get returns Network Hierarchy of the current QRadar installation.

type Offense 

type Offense struct {
	UsernameCount *int    `json:"username_count,omitempty"`
	Description   *string `json:"description,omitempty"`
	Rules         []struct {
		ID   *int    `json:"id,omitempty"`
		Type *string `json:"type,omitempty"`
	} `json:"rules,omitempty"`
	EventCount                 *int     `json:"event_count,omitempty"`
	FlowCount                  *int     `json:"flow_count,omitempty"`
	AssignedTo                 *string  `json:"assigned_to,omitempty"`
	SecurityCategoryCount      *int     `json:"security_category_count,omitempty"`
	FollowUp                   *bool    `json:"follow_up,omitempty"`
	SourceAddressIds           []int    `json:"source_address_ids,omitempty"`
	SourceCount                *int     `json:"source_count,omitempty"`
	Inactive                   *bool    `json:"inactive,omitempty"`
	Protected                  *bool    `json:"protected,omitempty"`
	CategoryCount              *int     `json:"category_count,omitempty"`
	SourceNetwork              *string  `json:"source_network,omitempty"`
	DestinationNetworks        []string `json:"destination_networks,omitempty"`
	ClosingUser                *string  `json:"closing_user,omitempty"`
	CloseTime                  *int     `json:"close_time,omitempty"`
	RemoteDestinationCount     *int     `json:"remote_destination_count,omitempty"`
	StartTime                  *int     `json:"start_time,omitempty"`
	LastUpdatedTime            *int     `json:"last_updated_time,omitempty"`
	Credibility                *int     `json:"credibility,omitempty"`
	Magnitude                  *int     `json:"magnitude,omitempty"`
	ID                         *int     `json:"id,omitempty"`
	Categories                 []string `json:"categories,omitempty"`
	Severity                   *int     `json:"severity,omitempty"`
	PolicyCategoryCount        *int     `json:"policy_category_count,omitempty"`
	DeviceCount                *int     `json:"device_count,omitempty"`
	ClosingReasonID            *int     `json:"closing_reason_id,omitempty"`
	OffenseType                *int     `json:"offense_type,omitempty"`
	Relevance                  *int     `json:"relevance,omitempty"`
	DomainID                   *int     `json:"domain_id,omitempty"`
	OffenseSource              *string  `json:"offense_source,omitempty"`
	LocalDestinationAddressIds []int    `json:"local_destination_address_ids,omitempty"`
	LocalDestinationCount      *int     `json:"local_destination_count,omitempty"`
	Status                     *string  `json:"status,omitempty"`
}

Offense represents QRadar's generated Offense.

type OffenseService added in v1.1.1 

type OffenseService service

OffenseService handles methods related to Offenses of the QRadar API.

func (*OffenseService) Get added in v1.1.1 

func (c *OffenseService) Get(ctx context.Context, fields, filter string, from, to int) ([]Offense, error)

Get returns Offenses of the current QRadar installation.

func (*OffenseService) GetByID added in v1.1.1 

func (c *OffenseService) GetByID(ctx context.Context, fields string, id int) (*Offense, error)

GetByID returns Offense of the current QRadar installation by ID.

func (*OffenseService) UpdateByID added in v1.1.1 

func (c *OffenseService) UpdateByID(ctx context.Context, fields string, id int, data interface{}) (*Offense, error)

UpdateByID updates Offense in QRadar installation by ID.

type OffenseType added in v1.1.1 

type OffenseType struct {
	ID           *int    `json:"id,omitempty"`
	PropertyName *string `json:"property_name,omitempty"`
	Name         *string `json:"name,omitempty"`
	DatabaseType *string `json:"database_type,omitempty"`
	Custom       *bool   `json:"custom,omitempty"`
}

OffenseType represents QRadar's generated OffenseType.

type OffenseTypeService added in v1.1.1 

type OffenseTypeService service

OffenseTypeService handles methods related to OffenseTypes of the QRadar API.

func (*OffenseTypeService) Get added in v1.1.1 

func (c *OffenseTypeService) Get(ctx context.Context, fields, filter string, from, to int) ([]OffenseType, error)

Get returns OffenseTypes of the current QRadar installation.

func (*OffenseTypeService) GetByID added in v1.1.1 

func (c *OffenseTypeService) GetByID(ctx context.Context, fields string, id int) (*OffenseType, error)

GetByID returns OffenseType of the current QRadar installation by ID.

type PropertyCEFExpressionService added in v1.1.1 

type PropertyCEFExpressionService service

PropertyCEFExpressionService handles methods related to Property CEF Expressions of the QRadar API.

func (*PropertyCEFExpressionService) Create added in v1.1.1 

func (c *PropertyCEFExpressionService) Create(ctx context.Context, fields string, data interface{}) (*PropertyExpression, error)

Create creates Property CEF Expression in QRadar installation.

func (*PropertyCEFExpressionService) DeleteByID added in v1.1.1 

func (c *PropertyCEFExpressionService) DeleteByID(ctx context.Context, fields string, id int) error

DeleteByID creates A Delete Task in QRadar installation in order to safely delete Property CEF Expression by ID.

func (*PropertyCEFExpressionService) Get added in v1.1.1 

func (c *PropertyCEFExpressionService) Get(ctx context.Context, fields, filter string, from, to int) ([]PropertyExpression, error)

Get returns Property CEF Expressions of the current QRadar installation.

func (*PropertyCEFExpressionService) GetByID added in v1.1.1 

func (c *PropertyCEFExpressionService) GetByID(ctx context.Context, fields string, id int) (*PropertyExpression, error)

GetByID returns Property CEF Expression of the current QRadar installation by ID.

func (*PropertyCEFExpressionService) UpdateByID added in v1.1.1 

func (c *PropertyCEFExpressionService) UpdateByID(ctx context.Context, fields string, id int, data interface{}) (*PropertyExpression, error)

UpdateByID updates Property CEF Expression in QRadar installation by ID.

type PropertyExpression added in v1.1.1 

type PropertyExpression struct {
	Identifier              *string `json:"identifier,omitempty"`
	LogSourceTypeID         *int    `json:"log_source_type_id,omitempty"`
	ModificationDate        *int    `json:"modification_date,omitempty"`
	QID                     *int    `json:"qid,omitempty"`
	LogSourceID             *int    `json:"log_source_id,omitempty"`
	Enabled                 *bool   `json:"enabled,omitempty"`
	Payload                 *string `json:"payload,omitempty"`
	RegexPropertyIdentifier *string `json:"regex_property_identifier,omitempty"`
	ID                      *int    `json:"id,omitempty"`
	CreationDate            *int    `json:"creation_date,omitempty"`
	Username                *string `json:"username,omitempty"`
	LowLevelCategoryID      *int    `json:"low_level_category_id,omitempty"`

	Regex        *string `json:"regex,omitempty"`
	CaptureGroup *int    `json:"capture_group,omitempty"`

	DelimeterNameValue *string `json:"delimiter_name_value,omitempty"`
	DelimeterPair      *string `json:"delimiter_pair,omitempty"`

	Expression *string `json:"expression,omitempty"`
}

PropertyExpression represents QRadar various property expressions which are regular expression, json, cef and leef. The structure for those would be the same with a distinction that regular expression would have field "Regex" and "CaptureGroup" whereas others structure have just "Expression" field instead.

type PropertyExpressionService added in v1.1.1 

type PropertyExpressionService service

PropertyExpressionService handles methods related to Property Expressions of the QRadar API.

func (*PropertyExpressionService) Create added in v1.1.1 

func (c *PropertyExpressionService) Create(ctx context.Context, fields string, data interface{}) (*PropertyExpression, error)

Create creates Property Expression in QRadar installation.

func (*PropertyExpressionService) DeleteByID added in v1.1.1 

func (c *PropertyExpressionService) DeleteByID(ctx context.Context, fields string, id int) error

DeleteByID creates A Delete Task in QRadar installation in order to safely delete Property Expression by its id.

func (*PropertyExpressionService) Get added in v1.1.1 

func (c *PropertyExpressionService) Get(ctx context.Context, fields, filter string, from, to int) ([]PropertyExpression, error)

Get returns Property Expressions of the current QRadar installation.

func (*PropertyExpressionService) GetByID added in v1.1.1 

func (c *PropertyExpressionService) GetByID(ctx context.Context, fields string, id int) (*PropertyExpression, error)

GetByID returns Property Expressions of the current QRadar installation by ID.

func (*PropertyExpressionService) UpdateByID added in v1.1.1 

func (c *PropertyExpressionService) UpdateByID(ctx context.Context, fields string, id int, data interface{}) (*PropertyExpression, error)

UpdateByID updates Property Expression in QRadar installation by ID.

type PropertyGenericListExpressionService added in v1.3.2 

type PropertyGenericListExpressionService service

PropertyGenericListExpressionService handles methods related to Property GenericList Expressions of the QRadar API.

func (*PropertyGenericListExpressionService) Create added in v1.3.2 

func (c *PropertyGenericListExpressionService) Create(ctx context.Context, fields string, data interface{}) (*PropertyExpression, error)

Create creates Property GenericList Expression in QRadar installation.

func (*PropertyGenericListExpressionService) DeleteByID added in v1.3.2 

func (c *PropertyGenericListExpressionService) DeleteByID(ctx context.Context, fields string, id int) error

DeleteByID creates A Delete Task in QRadar installation in order to safely delete Property GenericList Expression by ID.

func (*PropertyGenericListExpressionService) Get added in v1.3.2 

func (c *PropertyGenericListExpressionService) Get(ctx context.Context, fields, filter string, from, to int) ([]PropertyExpression, error)

Get returns Property GenericList Expressions of the current QRadar installation

func (*PropertyGenericListExpressionService) GetByID added in v1.3.2 

func (c *PropertyGenericListExpressionService) GetByID(ctx context.Context, fields string, id int) (*PropertyExpression, error)

GetByID returns Property GenericList Expression of the current QRadar installation by ID.

func (*PropertyGenericListExpressionService) UpdateByID added in v1.3.2 

func (c *PropertyGenericListExpressionService) UpdateByID(ctx context.Context, fields string, id int, data interface{}) (*PropertyExpression, error)

UpdateByID updates Property GenericList Expression in QRadar installation by ID.

type PropertyJSONExpressionService added in v1.1.1 

type PropertyJSONExpressionService service

PropertyJSONExpressionService handles methods related to Property JSON Expressions of the QRadar API.

func (*PropertyJSONExpressionService) Create added in v1.1.1 

func (c *PropertyJSONExpressionService) Create(ctx context.Context, fields string, data interface{}) (*PropertyExpression, error)

Create creates Property JSON Expression in QRadar installation.

func (*PropertyJSONExpressionService) DeleteByID added in v1.1.1 

func (c *PropertyJSONExpressionService) DeleteByID(ctx context.Context, fields string, id int) error

DeleteByID creates A Delete Task in QRadar installation in order to safely delete Property JSON Expression by ID.

func (*PropertyJSONExpressionService) Get added in v1.1.1 

func (c *PropertyJSONExpressionService) Get(ctx context.Context, fields, filter string, from, to int) ([]PropertyExpression, error)

Get returns Property JSON Expressions of the current QRadar installation

func (*PropertyJSONExpressionService) GetByID added in v1.1.1 

func (c *PropertyJSONExpressionService) GetByID(ctx context.Context, fields string, id int) (*PropertyExpression, error)

GetByID returns Property JSON Expression of the current QRadar installation by ID.

func (*PropertyJSONExpressionService) UpdateByID added in v1.1.1 

func (c *PropertyJSONExpressionService) UpdateByID(ctx context.Context, fields string, id int, data interface{}) (*PropertyExpression, error)

UpdateByID updates Property JSON Expression in QRadar installation by ID.

type PropertyLEEFExpressionService added in v1.1.1 

type PropertyLEEFExpressionService service

PropertyLEEFExpressionService handles methods related to Property LEEF Expressions of the QRadar API.

func (*PropertyLEEFExpressionService) Create added in v1.1.1 

func (c *PropertyLEEFExpressionService) Create(ctx context.Context, fields string, data interface{}) (*PropertyExpression, error)

Create creates Property LEEF Expression in QRadar installation.

func (*PropertyLEEFExpressionService) DeleteByID added in v1.1.1 

func (c *PropertyLEEFExpressionService) DeleteByID(ctx context.Context, fields string, id int) error

DeleteByID creates A Delete Task in QRadar installation in order to safely delete Property LEEF Expression by ID.

func (*PropertyLEEFExpressionService) Get added in v1.1.1 

func (c *PropertyLEEFExpressionService) Get(ctx context.Context, fields, filter string, from, to int) ([]PropertyExpression, error)

Get returns Property LEEF Expressions of the current QRadar installation.

func (*PropertyLEEFExpressionService) GetByID added in v1.1.1 

func (c *PropertyLEEFExpressionService) GetByID(ctx context.Context, fields string, id int) (*PropertyExpression, error)

GetByID returns Property LEEF Expression of the current QRadar installation by ID.

func (*PropertyLEEFExpressionService) UpdateByID added in v1.1.1 

func (c *PropertyLEEFExpressionService) UpdateByID(ctx context.Context, fields string, id int, data interface{}) (*PropertyExpression, error)

UpdateByID updates Property LEEF Expression in QRadar installation by ID.

type PropertyNVPExpressionService added in v1.1.1 

type PropertyNVPExpressionService service

PropertyNVPExpressionService handles methods related to Property NVP Expressions of the QRadar API.

func (*PropertyNVPExpressionService) Create added in v1.1.1 

func (c *PropertyNVPExpressionService) Create(ctx context.Context, fields string, data interface{}) (*PropertyExpression, error)

Create creates Property NVP Expression in QRadar installation>

func (*PropertyNVPExpressionService) DeleteByID added in v1.1.1 

func (c *PropertyNVPExpressionService) DeleteByID(ctx context.Context, fields string, id int) error

DeleteByID creates A Delete Task in QRadar installation in order to safely delete Property NVP Expression by ID.

func (*PropertyNVPExpressionService) Get added in v1.1.1 

func (c *PropertyNVPExpressionService) Get(ctx context.Context, fields, filter string, from, to int) ([]PropertyExpression, error)

Get returns Property NVP Expressions of the current QRadar installation

func (*PropertyNVPExpressionService) GetByID added in v1.1.1 

func (c *PropertyNVPExpressionService) GetByID(ctx context.Context, fields string, id int) (*PropertyExpression, error)

GetByID returns Property NVP Expression of the current QRadar installation by ID.

func (*PropertyNVPExpressionService) UpdateByID added in v1.1.1 

func (c *PropertyNVPExpressionService) UpdateByID(ctx context.Context, fields string, id int, data interface{}) (*PropertyExpression, error)

UpdateByID updates Property NVP Expression in QRadar installation by ID.

type PropertyXMLExpressionService added in v1.3.2 

type PropertyXMLExpressionService service

PropertyXMLExpressionService handles methods related to Property XML Expressions of the QRadar API.

func (*PropertyXMLExpressionService) Create added in v1.3.2 

func (c *PropertyXMLExpressionService) Create(ctx context.Context, fields string, data interface{}) (*PropertyExpression, error)

Create creates Property XML Expression in QRadar installation.

func (*PropertyXMLExpressionService) DeleteByID added in v1.3.2 

func (c *PropertyXMLExpressionService) DeleteByID(ctx context.Context, fields string, id int) error

DeleteByID creates A Delete Task in QRadar installation in order to safely delete Property XML Expression by ID.

func (*PropertyXMLExpressionService) Get added in v1.3.2 

func (c *PropertyXMLExpressionService) Get(ctx context.Context, fields, filter string, from, to int) ([]PropertyExpression, error)

Get returns Property XML Expressions of the current QRadar installation

func (*PropertyXMLExpressionService) GetByID added in v1.3.2 

func (c *PropertyXMLExpressionService) GetByID(ctx context.Context, fields string, id int) (*PropertyExpression, error)

GetByID returns Property XML Expression of the current QRadar installation by ID.

func (*PropertyXMLExpressionService) UpdateByID added in v1.3.2 

func (c *PropertyXMLExpressionService) UpdateByID(ctx context.Context, fields string, id int, data interface{}) (*PropertyExpression, error)

UpdateByID updates Property XML Expression in QRadar installation by ID.

type QID added in v1.1.1 

type QID struct {
	Severity           *int    `json:"severity,omitempty"`
	Name               *string `json:"name,omitempty"`
	Description        *string `json:"description,omitempty"`
	LogSourceTypeID    *int    `json:"log_source_type_id,omitempty"`
	ID                 *int    `json:"id,omitempty"`
	LowLevelCategoryID *int    `json:"low_level_category_id,omitempty"`
	QID                *int    `json:"qid,omitempty"`
	UUID               *string `json:"uuid,omitempty"`
}

QID represents QRadar's QID.

type QIDService added in v1.1.1 

type QIDService service

QIDService handles methods related to QIDs of the QRadar API.

func (*QIDService) Create added in v1.1.1 

func (c *QIDService) Create(ctx context.Context, fields string, data interface{}) (*QID, error)

Create creates QID in QRadar installation.

func (*QIDService) Get added in v1.1.1 

func (c *QIDService) Get(ctx context.Context, fields, filter string, from, to int) ([]QID, error)

Get returns QIDs of the current QRadar installation.

func (*QIDService) GetByID added in v1.1.1 

func (c *QIDService) GetByID(ctx context.Context, fields string, id int) (*QID, error)

GetByID returns QID of the current QRadar installation by ID.

func (*QIDService) GetByName added in v1.1.1 

func (c *QIDService) GetByName(ctx context.Context, fields string, name string) (*QID, error)

GetByName returns QID of the current QRadar installation by name. If there are more than one QID that the same, this will returm the one with the least QID number

func (*QIDService) GetByQID added in v1.1.1 

func (c *QIDService) GetByQID(ctx context.Context, fields string, qid int) (*QID, error)

GetByQID returns QID of the current QRadar installation by QID.

func (*QIDService) UpdateByID added in v1.1.1 

func (c *QIDService) UpdateByID(ctx context.Context, fields string, id int, data interface{}) (*QID, error)

UpdateByID updates QID record in QRadar installation bu ID.

type ReferenceData added in v1.2.1 

type ReferenceData struct {
	FirstSeen *int    `json:"first_seen,omitempty"`
	LastSeen  *int    `json:"last_seen,omitempty"`
	Source    *string `json:"source,omitempty"`
	Value     *string `json:"value,omitempty"`
}

ReferenceData represents entry of Reference Object

type ReferenceMap added in v1.1.1 

type ReferenceMap struct {
	Name             *string `json:"name,omitempty"`
	CreationTime     *int    `json:"creation_time,omitempty"`
	ElementType      *string `json:"element_type,omitempty"`
	KeyLabel         *string `json:"key_label,omitempty"`
	NumberOfElements *int    `json:"number_of_elements,omitempty"`
	TimeToLive       *string `json:"time_to_live,omitempty"`
	TimeoutType      *string `json:"timeout_type,omitempty"`
	ValueLabel       *string `json:"value_label,omitempty"`

	Data map[string]ReferenceData `json:"data,omitempty"`
}

ReferenceMap represents QRadar's Reference Map.

type ReferenceMapOfSets added in v1.1.1 

type ReferenceMapOfSets struct {
	Name             *string `json:"name,omitempty"`
	CreationTime     *int    `json:"creation_time,omitempty"`
	ElementType      *string `json:"element_type,omitempty"`
	KeyLabel         *string `json:"key_label,omitempty"`
	NumberOfElements *int    `json:"number_of_elements,omitempty"`
	TimeToLive       *string `json:"time_to_live,omitempty"`
	TimeoutType      *string `json:"timeout_type,omitempty"`
	ValueLabel       *string `json:"value_label,omitempty"`

	Data map[string][]ReferenceData `json:"data,omitempty"`
}

ReferenceMapOfSets represents QRadar's Reference maps of sets.

type ReferenceMapOfSetsService added in v1.1.1 

type ReferenceMapOfSetsService service

ReferenceMapOfSetsService handles methods related to Reference Maps of Sets of the QRadar API.

func (*ReferenceMapOfSetsService) BulkLoad added in v1.2.0 

func (c *ReferenceMapOfSetsService) BulkLoad(ctx context.Context, fields, name string, data interface{}) (*ReferenceMapOfSets, error)

BulkLoad uploads many values in QRadar's Reference Map o Sets

func (*ReferenceMapOfSetsService) Create added in v1.1.1 

func (c *ReferenceMapOfSetsService) Create(ctx context.Context, fields string, data *ReferenceMapOfSets) (*ReferenceMapOfSets, error)

Create creates Reference maps of sets in QRadar installation.

func (*ReferenceMapOfSetsService) Get added in v1.1.1 

func (c *ReferenceMapOfSetsService) Get(ctx context.Context, fields, filter string, from, to int) ([]ReferenceMapOfSets, error)

Get returns Reference maps of sets of the current QRadar installation.

func (*ReferenceMapOfSetsService) GetWithData added in v1.2.0 

func (c *ReferenceMapOfSetsService) GetWithData(ctx context.Context, fields, filter, name string, from, to int) (*ReferenceMapOfSets, error)

GetWithData returns Reference Map of Sets with data of the current QRadar installation.

type ReferenceMapService added in v1.1.1 

type ReferenceMapService service

ReferenceMapService handles methods related to Reference Map of the QRadar API.

func (*ReferenceMapService) BulkLoad added in v1.2.0 

func (c *ReferenceMapService) BulkLoad(ctx context.Context, fields, name string, data interface{}) (*ReferenceMap, error)

BulkLoad uploads many values in QRadar's Reference Map

func (*ReferenceMapService) Create added in v1.1.1 

func (c *ReferenceMapService) Create(ctx context.Context, fields string, data *ReferenceMap) (*ReferenceMap, error)

Create creates Reference map in QRadar installation.

func (*ReferenceMapService) Get added in v1.1.1 

func (c *ReferenceMapService) Get(ctx context.Context, fields, filter string, from, to int) ([]ReferenceMap, error)

Get returns Reference maps of the current QRadar installation.

func (*ReferenceMapService) GetWithData added in v1.2.0 

func (c *ReferenceMapService) GetWithData(ctx context.Context, fields, filter, name string, from, to int) (*ReferenceMap, error)

GetWithData returns Reference Map with data of the current QRadar installation.

type ReferenceSet added in v1.1.1 

type ReferenceSet struct {
	Name             *string `json:"name,omitempty"`
	CreationTime     *int    `json:"creation_time,omitempty"`
	ElementType      *string `json:"element_type,omitempty"`
	NumberOfElements *int    `json:"number_of_elements,omitempty"`
	TimeToLive       *string `json:"time_to_live,omitempty"`
	TimeoutType      *string `json:"timeout_type,omitempty"`

	Data []ReferenceData `json:"data,omitempty"`
}

ReferenceSet represents QRadar's Reference sets.

type ReferenceSetService added in v1.1.1 

type ReferenceSetService service

ReferenceSetService handles methods related to Reference sets of the QRadar API.

func (*ReferenceSetService) BulkLoad added in v1.2.0 

func (c *ReferenceSetService) BulkLoad(ctx context.Context, fields, name string, data interface{}) (*ReferenceSet, error)

BulkLoad uploads many values in QRadar's Reference Set

func (*ReferenceSetService) Create added in v1.1.1 

func (c *ReferenceSetService) Create(ctx context.Context, fields string, data *ReferenceSet) (*ReferenceSet, error)

Create creates Reference set in QRadar installation. expects pointer on a ReferenceSet

func (*ReferenceSetService) Get added in v1.1.1 

func (c *ReferenceSetService) Get(ctx context.Context, fields, filter string, from, to int) ([]ReferenceSet, error)

Get returns Reference sets of the current QRadar installation.

func (*ReferenceSetService) GetWithData added in v1.2.0 

func (c *ReferenceSetService) GetWithData(ctx context.Context, fields, filter, name string, from, to int) (*ReferenceSet, error)

GetWithData returns Reference set with data of the current QRadar installation.

type ReferenceTable added in v1.1.1 

type ReferenceTable struct {
	Name             *string `json:"name,omitempty"`
	CreationTime     *int    `json:"creation_time,omitempty"`
	ElementType      *string `json:"element_type,omitempty"`
	NumberOfElements *int    `json:"number_of_elements,omitempty"`
	TimeToLive       *string `json:"time_to_live,omitempty"`
	TimeoutType      *string `json:"timeout_type,omitempty"`

	Data map[string]map[string]ReferenceData `json:"data,omitempty"`
}

ReferenceTable represents QRadar's Reference table.

type ReferenceTableService added in v1.1.1 

type ReferenceTableService service

ReferenceTableService handles methods related to Reference tables of the QRadar API.

func (*ReferenceTableService) BulkLoad added in v1.2.1 

func (c *ReferenceTableService) BulkLoad(ctx context.Context, fields, name string, data interface{}) (*ReferenceTable, error)

BulkLoad uploads many values in QRadar's Reference Table

func (*ReferenceTableService) Create added in v1.1.1 

func (c *ReferenceTableService) Create(ctx context.Context, fields string, data *ReferenceTable) (*ReferenceTable, error)

Create creates Reference table in QRadar installation.

func (*ReferenceTableService) Get added in v1.1.1 

func (c *ReferenceTableService) Get(ctx context.Context, fields, filter string, from, to int) ([]ReferenceTable, error)

Get returns Reference tables of the current QRadar installation.

func (*ReferenceTableService) GetWithData added in v1.2.1 

func (c *ReferenceTableService) GetWithData(ctx context.Context, fields, filter, name string, from, to int) (*ReferenceTable, error)

GetWithData returns Reference Table with data of the current QRadar installation.

type RegexProperty added in v1.1.1 

type RegexProperty struct {
	Identifier       *string `json:"identifier,omitempty"`
	ModificationDate *int    `json:"modification_date,omitempty"`
	DatetimeFormat   *string `json:"datetime_format,omitempty"`
	PropertyType     *string `json:"property_type,omitempty"`
	Name             *string `json:"name,omitempty"`
	AutoDiscovered   *bool   `json:"auto_discovered,omitempty"`
	Description      *string `json:"description,omitempty"`
	ID               *int    `json:"id,omitempty"`
	UseForRuleEngine *bool   `json:"use_for_rule_engine,omitempty"`
	CreationDate     *int    `json:"creation_date,omitempty"`
	Locale           *string `json:"locale,omitempty"`
	Username         *string `json:"username,omitempty"`
}

RegexProperty represents QRadar's Regex Property which is a metadata of a Custom Property.

type RegexPropertyService added in v1.1.1 

type RegexPropertyService service

RegexPropertyService handles methods related to Regex Properties of the QRadar API.

func (*RegexPropertyService) Create added in v1.1.1 

func (c *RegexPropertyService) Create(ctx context.Context, fields string, data interface{}) (*RegexProperty, error)

Create creates Regex Property in QRadar installation.

func (*RegexPropertyService) DeleteByID added in v1.1.1 

func (c *RegexPropertyService) DeleteByID(ctx context.Context, fields string, id int) (*DeleteTask, error)

DeleteByID creates A Delete Task in QRadar installation in order to safely delete Regex Property by ID.

func (*RegexPropertyService) Get added in v1.1.1 

func (c *RegexPropertyService) Get(ctx context.Context, fields, filter string, from, to int) ([]RegexProperty, error)

Get returns Regex Properties of the current QRadar installation.

func (*RegexPropertyService) GetByID added in v1.1.1 

func (c *RegexPropertyService) GetByID(ctx context.Context, fields string, id int) (*RegexProperty, error)

GetByID returns Regex Property of the current QRadar installation by ID.

func (*RegexPropertyService) GetByName added in v1.1.1 

func (c *RegexPropertyService) GetByName(ctx context.Context, fields string, name string) (*RegexProperty, error)

GetByName returns Regex Property of the current QRadar installation by Name.

func (*RegexPropertyService) GetByUUID added in v1.1.1 

func (c *RegexPropertyService) GetByUUID(ctx context.Context, fields string, uuid string) (*RegexProperty, error)

GetByUUID returns Regex Property of the current QRadar installation by UUID.

func (*RegexPropertyService) UpdateByID added in v1.1.1 

func (c *RegexPropertyService) UpdateByID(ctx context.Context, fields string, id int, data interface{}) (*RegexProperty, error)

UpdateByID updates Regex Property in QRadar installation by ID.

type Rule added in v1.1.1 

type Rule struct {
	ID                   *int    `json:"id,omitempty"`
	Name                 *string `json:"name,omitempty"`
	Type                 *string `json:"type,omitempty"`
	Enabled              *bool   `json:"enabled,omitempty"`
	Owner                *string `json:"owner,omitempty"`
	Origin               *string `json:"origin,omitempty"`
	BaseCapacity         *int    `json:"base_capacity,omitempty"`
	BaseHostID           *int    `json:"base_host_id,omitempty"`
	AverageCapacity      *int    `json:"average_capacity,omitempty"`
	CapacityTimestamp    *int    `json:"capacity_timestamp,omitempty"`
	Identifier           *string `json:"identifier,omitempty"`
	LinkedRuleIdentifier *string `json:"linked_rule_identifier,omitempty"`
	CreationDate         *int    `json:"creation_date,omitempty"`
	ModificationDate     *int    `json:"modification_date,omitempty"`
}

Rule represents QRadar's Rule.

type RuleGroup added in v1.3.0 

type RuleGroup struct {
	Owner        *string  `json:"owner"`
	ModifiedTime *int     `json:"modified_time"`
	Level        *int     `json:"level"`
	Name         *string  `json:"name"`
	Description  *string  `json:"description"`
	ChildGroups  []int    `json:"child_groups"`
	ID           *int     `json:"id"`
	ChildItems   []string `json:"child_items"`
	Type         *string  `json:"type"`
	ParentID     *int     `json:"parent_id"`
}

type RuleGroupService added in v1.3.0 

type RuleGroupService service

RuleGroupService handles methods related to Rule Groups of the QRadar API.

func (*RuleGroupService) Get added in v1.3.0 

func (c *RuleGroupService) Get(ctx context.Context, fields, filter string, from, to int) ([]RuleGroup, error)

Get returns Rule Groups of the current QRadar installation.

func (*RuleGroupService) GetByID added in v1.3.0 

func (c *RuleGroupService) GetByID(ctx context.Context, fields string, id int) (*RuleGroup, error)

GetByID returns Rule Group of the current QRadar installation by ID.

type RuleService added in v1.1.1 

type RuleService service

RuleService handles methods related to Rule of the QRadar API.

func (*RuleService) DeleteByID added in v1.1.1 

func (c *RuleService) DeleteByID(ctx context.Context, fields string, id int) (*DeleteTask, error)

DeleteByID creates A Delete Task in QRadar installation in order to safely delete Rule by ID.

func (*RuleService) Get added in v1.1.1 

func (c *RuleService) Get(ctx context.Context, fields, filter string, from, to int) ([]Rule, error)

Get returns Rules of the current QRadar installation.

func (*RuleService) GetByID added in v1.1.1 

func (c *RuleService) GetByID(ctx context.Context, fields string, id int) (*Rule, error)

GetByID returns Rule of the current QRadar installation by ID.

func (*RuleService) GetByName added in v1.1.1 

func (c *RuleService) GetByName(ctx context.Context, fields string, name string) (*Rule, error)

GetByName returns Rule of the current QRadar installation by Name.

func (*RuleService) GetByUUID added in v1.1.1 

func (c *RuleService) GetByUUID(ctx context.Context, fields string, uuid string) (*Rule, error)

GetByUUID returns Rule of the current QRadar installation by UUID.

func (*RuleService) UpdateByID added in v1.1.1 

func (c *RuleService) UpdateByID(ctx context.Context, fields string, id int, data interface{}) (*Rule, error)

UpdateByID updates the rule owner or toggle the rule enabled/disabled by ID.

type RuleWithData added in v1.1.1 

type RuleWithData struct {
	Rule
	CRE             *int    `json:"cre,omitempty"`
	TypeID          *int    `json:"type_id,omitempty"`
	IsBuildingBlock *bool   `json:"is_building_block,omitempty"`
	RuleXML         *string `json:"rule_xml,omitempty"`
}

RuleWithData represents QRadar's RuleWithData. Undocumented.

type RuleWithDataService added in v1.1.1 

type RuleWithDataService service

RuleWithDataService handles methods related to RuleWithData of the QRadar Undocumented API.

func (*RuleWithDataService) Create added in v1.1.1 

func (c *RuleWithDataService) Create(ctx context.Context, fields string, data interface{}) (*RuleWithData, error)

Create creates RuleWithData in the current QRadar installation. Undocumented API.

func (*RuleWithDataService) Get added in v1.1.1 

func (c *RuleWithDataService) Get(ctx context.Context, fields, filter string, from, to int) ([]RuleWithData, error)

Get returns RuleWithData of the current QRadar installation. Undocumented API.

func (*RuleWithDataService) GetByID added in v1.1.1 

func (c *RuleWithDataService) GetByID(ctx context.Context, fields string, id int) (*RuleWithData, error)

GetByID returns RuleWithData of the current QRadar installation by ID. Undocumented API.

func (*RuleWithDataService) GetByName added in v1.1.1 

func (c *RuleWithDataService) GetByName(ctx context.Context, fields string, name string) (*RuleWithData, error)

GetByName returns RuleWithData of the current QRadar installation by Name. Undocumented API.

func (*RuleWithDataService) GetByUUID added in v1.1.1 

func (c *RuleWithDataService) GetByUUID(ctx context.Context, fields string, uuid string) (*RuleWithData, error)

GetByUUID returns RuleWithData of the current QRadar installation by UUID. Undocumented API.

func (*RuleWithDataService) UpdateByID added in v1.1.1 

func (c *RuleWithDataService) UpdateByID(ctx context.Context, fields string, id int, data interface{}) (*RuleWithData, error)

UpdateByID updates RuleWithData of the current QRadar installation by ID. Undocumented API. 

type Search struct {
	CursorID                 *string        `json:"cursor_id,omitempty"`
	CompressedDataFileCount  *int           `json:"compressed_data_file_count,omitempty"`
	CompressedDataTotalSize  *int           `json:"compressed_data_total_size,omitempty"`
	DataFileCount            *int           `json:"data_file_count,omitempty"`
	DataTotalSize            *int           `json:"data_total_size,omitempty"`
	IndexFileCount           *int           `json:"index_file_count,omitempty"`
	IndexTotalSize           *int           `json:"index_total_size,omitempty"`
	ProcessedRecordCount     *int           `json:"processed_record_count,omitempty"`
	ErrorMessages            []ErrorMessage `json:"error_messages,omitempty"`
	DesiredRetentionTimeMsec *int           `json:"desired_retention_time_msec,omitempty"`
	Progress                 *int           `json:"progress,omitempty"`
	ProgressDetails          []int          `json:"progress_details,omitempty"`
	QueryExecutionTime       *int           `json:"query_execution_time,omitempty"`
	QueryString              *string        `json:"query_string,omitempty"`
	RecordCount              *int           `json:"record_count,omitempty"`
	SaveResults              *bool          `json:"save_results,omitempty"`
	Status                   *string        `json:"status,omitempty"`
	Snapshot                 *struct {
		Events []Event `json:"events,omitempty"`
	} `json:"snapshot,omitempty"`
	SubsearchIds []string `json:"subsearch_ids,omitempty"`
	SearchID     *string  `json:"search_id,omitempty"`
}

Search represent Ariel search state.

type SearchColumn 

type SearchColumn struct {
	ArgumentType    *string `json:"argument_type,omitempty"`
	Indexable       *bool   `json:"indexable,omitempty"`
	Name            *string `json:"name,omitempty"`
	Nullable        *bool   `json:"nullable,omitempty"`
	ObjectValueType *string `json:"object_value_type,omitempty"`
	ProviderName    *string `json:"provider_name,omitempty"`
}

SearchColumn represents found column and it's properties.

type SearchMetadata 

type SearchMetadata struct {
	Columns []SearchColumn `json:"columns,omitempty"`
}

SearchMetadata represents search metadata.

type SearchResult 

type SearchResult struct {
	Events []Event `json:"events,omitempty"`
}

SearchResult represents search result.

type SearchResultsScroller 

type SearchResultsScroller struct {
	// contains filtered or unexported fields
}

SearchResultsScroller represents a scroller for the results of the query.

func (*SearchResultsScroller) Length 

func (s *SearchResultsScroller) Length() int

Length returns the overall events count.

func (*SearchResultsScroller) Next 

func (s *SearchResultsScroller) Next(ctx context.Context) bool

Next returns true if an event is still available to be consumed by the Result() method.

func (*SearchResultsScroller) Result 

func (s *SearchResultsScroller) Result() Event

Result returns the event iterated by the Next.

type Tenant added in v1.1.1 

type Tenant struct {
	ID             *int    `json:"id,omitempty"`
	Name           *string `json:"name,omitempty"`
	Deleted        *bool   `json:"deleted,omitempty"`
	FlowRateLimit  *int    `json:"flow_rate_limit,omitempty"`
	EventRateLimit *int    `json:"event_rate_limit,omitempty"`
	Description    *string `json:"description,omitempty"`
}

Tenant represents QRadar's Tenant.

type TenantService added in v1.1.1 

type TenantService service

TenantService handles methods related to Tenants of the QRadar API.

func (*TenantService) Create added in v1.1.1 

func (c *TenantService) Create(ctx context.Context, fields string, data interface{}) (*Tenant, error)

Create creates Tenant in QRadar installation.

func (*TenantService) DeleteByID added in v1.1.1 

func (c *TenantService) DeleteByID(ctx context.Context, fields string, id int) (*Tenant, error)

DeleteByID deletes Tenant in QRadar installation by ID.

func (*TenantService) Get added in v1.1.1 

func (c *TenantService) Get(ctx context.Context, fields, filter string, from, to int) ([]Tenant, error)

Get returns Tenants of the current QRadar installation.

func (*TenantService) GetByID added in v1.1.1 

func (c *TenantService) GetByID(ctx context.Context, fields string, id int) (*Tenant, error)

GetByID returns Tenant of the current QRadar installation by ID.

func (*TenantService) GetByName added in v1.1.1 

func (c *TenantService) GetByName(ctx context.Context, fields string, name string) (*Tenant, error)

GetByName returns Tenant of the current QRadar installation by Name.

func (*TenantService) UpdateByID added in v1.1.1 

func (c *TenantService) UpdateByID(ctx context.Context, fields string, id int, data interface{}) (*Tenant, error)

UpdateByID updates Tenant record in QRadar installation by ID.

Source Files

View all Source files

Directories

Path Synopsis
examples
offenses
search

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.