gointelowl

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 5, 2022 License: AGPL-3.0 Imports: 16 Imported by: 0

Documentation

Overview

go-intelowl makes it easy to automate, configure, and use intelowl with your own set of tools with its Idiomatic approach making an analysis is easy as just writing one line of code!

Index

Constants

This section is empty.

Variables

View Source 
var TLPVALUES = map[string]int{
	"WHITE": 1,
	"GREEN": 2,
	"AMBER": 3,
	"RED":   4,
}

TLPVALUES represents a map to easily access the TLP values.

Functions

This section is empty.

Types

type AccessDetails 

type AccessDetails struct {
	TotalSubmissions int `json:"total_submissions"`
	MonthSubmissions int `json:"month_submissions"`
}

type AnalysisResponse 

type AnalysisResponse struct {
	JobID             int      `json:"job_id"`
	Status            string   `json:"status"`
	Warnings          []string `json:"warnings"`
	AnalyzersRunning  []string `json:"analyzers_running"`
	ConnectorsRunning []string `json:"connectors_running"`
}

AnalysisResponse represents a response returned by the API when you analyze an observable or file.

type AnalyzerConfig 

type AnalyzerConfig struct {
	BaseConfigurationType
	Type                  string   `json:"type"`
	ExternalService       bool     `json:"external_service"`
	LeaksInfo             bool     `json:"leaks_info"`
	DockerBased           bool     `json:"docker_based"`
	RunHash               bool     `json:"run_hash"`
	RunHashType           string   `json:"run_hash_type"`
	SupportedFiletypes    []string `json:"supported_filetypes"`
	NotSupportedFiletypes []string `json:"not_supported_filetypes"`
	ObservableSupported   []string `json:"observable_supported"`
}

AnalyzerConfig represents how an analyzer is configured in IntelOwl.

IntelOwl docs: https://intelowl.readthedocs.io/en/latest/Usage.html#analyzers-customization

type AnalyzerService 

type AnalyzerService struct {
	// contains filtered or unexported fields
}

AnalyzerService handles communication with analyzer related methods of the IntelOwl API.

IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/analyzer

func (*AnalyzerService) GetConfigs 

func (analyzerService *AnalyzerService) GetConfigs(ctx context.Context) (*[]AnalyzerConfig, error)

GetConfigs lists down every analyzer configuration in your IntelOwl instance. 

Endpoint: GET /api/get_analyzer_configs

IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/get_analyzer_configs

func (*AnalyzerService) HealthCheck 

func (analyzerService *AnalyzerService) HealthCheck(ctx context.Context, analyzerName string) (bool, error)

HealthCheck checks if the specified analyzer is up and running 

Endpoint: GET /api/analyzer/{NameOfAnalyzer}/healthcheck

IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/analyzer/operation/analyzer_healthcheck_retrieve

type BaseConfigurationType 

type BaseConfigurationType struct {
	Name         string               `json:"name"`
	PythonModule string               `json:"python_module"`
	Disabled     bool                 `json:"disabled"`
	Description  string               `json:"description"`
	Config       ConfigType           `json:"config"`
	Secrets      map[string]Secret    `json:"secrets"`
	Params       map[string]Parameter `json:"params"`
	Verification VerificationType     `json:"verification"`
}

BaseConfigurationType represents the common fields in an analyzer and a connector configuration.

type BaseJob 

type BaseJob struct {
	ID                       int         `json:"id"`
	User                     UserDetails `json:"user"`
	Tags                     []Tag       `json:"tags"`
	ProcessTime              float64     `json:"process_time"`
	IsSample                 bool        `json:"is_sample"`
	Md5                      string      `json:"md5"`
	ObservableName           string      `json:"observable_name"`
	ObservableClassification string      `json:"observable_classification"`
	FileName                 string      `json:"file_name"`
	FileMimetype             string      `json:"file_mimetype"`
	Status                   string      `json:"status"`
	AnalyzersRequested       []string    `json:"analyzers_requested" `
	ConnectorsRequested      []string    `json:"connectors_requested"`
	AnalyzersToExecute       []string    `json:"analyzers_to_execute"`
	ConnectorsToExecute      []string    `json:"connectors_to_execute"`
	ReceivedRequestTime      *time.Time  `json:"received_request_time"`
	FinishedAnalysisTime     *time.Time  `json:"finished_analysis_time"`
	Tlp                      string      `json:"tlp"`
	Errors                   []string    `json:"errors"`
}

BaseJob respresents all the common fields in a Job and JobList.

type BasicAnalysisParams 

type BasicAnalysisParams struct {
	User                 int                    `json:"user"`
	Tlp                  TLP                    `json:"tlp"`
	RuntimeConfiguration map[string]interface{} `json:"runtime_configuration"`
	AnalyzersRequested   []string               `json:"analyzers_requested"`
	ConnectorsRequested  []string               `json:"connectors_requested"`
	TagsLabels           []string               `json:"tags_labels"`
}

BasicAnalysisParams represents the common fields in an Observable and a File analysis

type ConfigType 

type ConfigType struct {
	Queue         string `json:"queue"`
	SoftTimeLimit int    `json:"soft_time_limit"`
}

type ConnectorConfig 

type ConnectorConfig struct {
	BaseConfigurationType
	MaximumTlp TLP `json:"maximum_tlp"`
}

ConnectorConfig represents how a connector is configured in IntelOwl.

IntelOwl docs: https://intelowl.readthedocs.io/en/latest/Usage.html#connectors-customization

type ConnectorService 

type ConnectorService struct {
	// contains filtered or unexported fields
}

ConnectorService handles communication with connector related methods of the IntelOwl API.

IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/connector

func (*ConnectorService) GetConfigs 

func (connectorService *ConnectorService) GetConfigs(ctx context.Context) (*[]ConnectorConfig, error)

GetConfigs lists down every connector configuration in your IntelOwl instance. 

Endpoint: GET /api/get_connector_configs

IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/get_connector_configs

func (*ConnectorService) HealthCheck 

func (connectorService *ConnectorService) HealthCheck(ctx context.Context, connectorName string) (bool, error)

HealthCheck checks if the specified connector is up and running 

Endpoint: GET /api/connector/{NameOfConnector}/healthcheck

IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/connector/operation/connector_healthcheck_retrieve

type Details 

type Details struct {
	Username  string `json:"username"`
	FirstName string `json:"first_name"`
	LastName  string `json:"last_name"`
	FullName  string `json:"full_name"`
	Email     string `json:"email"`
}

type FileAnalysisParams 

type FileAnalysisParams struct {
	BasicAnalysisParams
	File *os.File
}

FileAnalysisParams represents the fields needed to analyze a file.

type IntelOwlClient 

type IntelOwlClient struct {
	TagService       *TagService
	JobService       *JobService
	AnalyzerService  *AnalyzerService
	ConnectorService *ConnectorService
	UserService      *UserService
	Logger           *IntelOwlLogger
	// contains filtered or unexported fields
}

IntelOwlClient handles all the communication with your IntelOwl instance.

func NewIntelOwlClient 

func NewIntelOwlClient(options *IntelOwlClientOptions, httpClient *http.Client, loggerParams *LoggerParams) IntelOwlClient

NewIntelOwlClient lets you easily create a new IntelOwlClient by providing IntelOwlClientOptions, http.Clients, and LoggerParams.

func NewIntelOwlClientThroughJsonFile 

func NewIntelOwlClientThroughJsonFile(filePath string, httpClient *http.Client, loggerParams *LoggerParams) (*IntelOwlClient, error)

NewIntelOwlClientThroughJsonFile lets you create a new IntelOwlClient through a JSON file that contains your IntelOwlClientOptions

func (*IntelOwlClient) CreateFileAnalysis 

func (client *IntelOwlClient) CreateFileAnalysis(ctx context.Context, fileAnalysisParams *FileAnalysisParams) (*AnalysisResponse, error)

CreateFileAnalysis lets you analyze a file. 

Endpoint: POST /api/analyze_file

IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/analyze_file

func (*IntelOwlClient) CreateMultipleFileAnalysis 

func (client *IntelOwlClient) CreateMultipleFileAnalysis(ctx context.Context, fileAnalysisParams *MultipleFileAnalysisParams) (*MultipleAnalysisResponse, error)

CreateMultipleFileAnalysis lets you analyze multiple files. 

Endpoint: POST /api/analyze_mutliple_files

IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/analyze_multiple_files

func (*IntelOwlClient) CreateMultipleObservableAnalysis 

func (client *IntelOwlClient) CreateMultipleObservableAnalysis(ctx context.Context, params *MultipleObservableAnalysisParams) (*MultipleAnalysisResponse, error)

CreateMultipleObservableAnalysis lets you analyze multiple observables. 

Endpoint: POST /api/analyze_multiple_observables

IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/analyze_multiple_observables

func (*IntelOwlClient) CreateObservableAnalysis 

func (client *IntelOwlClient) CreateObservableAnalysis(ctx context.Context, params *ObservableAnalysisParams) (*AnalysisResponse, error)

CreateObservableAnalysis lets you analyze an observable. 

Endpoint: POST /api/analyze_observable

IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/analyze_observable

type IntelOwlClientOptions 

type IntelOwlClientOptions struct {
	Url   string `json:"url"`
	Token string `json:"token"`
	// Certificate represents your SSL cert: path to the cert file!
	Certificate string `json:"certificate"`
	// Timeout is in seconds
	Timeout uint64 `json:"timeout"`
}

IntelOwlClientOptions represents the fields needed to configure and use the IntelOwlClient

type IntelOwlError 

type IntelOwlError struct {
	StatusCode int
	Message    string
	Response   *http.Response
}

IntelOwlError represents an error that has occurred when communicating with IntelOwl.

func (*IntelOwlError) Error 

func (intelOwlError *IntelOwlError) Error() string

Error lets you implement the error interface. This is used for making custom go errors.

type IntelOwlLogger 

type IntelOwlLogger struct {
	Logger *logrus.Logger
}

IntelOwlLogger represents a logger to be used by the developer. IntelOwlLogger implements the Logrus logger.

Logrus docs: https://github.com/sirupsen/logrus

func (*IntelOwlLogger) Init 

func (intelOwlLogger *IntelOwlLogger) Init(loggerParams *LoggerParams)

Init initializes the IntelOwlLogger via LoggerParams

type Invitation 

type Invitation struct {
	Invite
	Organization Organization `json:"organization"`
}

type InvitationParams 

type InvitationParams struct {
	Organization OrganizationParams `json:"organization"`
	Status       string             `json:"status"`
}

type Invite 

type Invite struct {
	Id        int       `json:"id"`
	CreatedAt time.Time `json:"created_at"`
	Status    string    `json:"status"`
}

type Job 

type Job struct {
	BaseJob
	AnalyzerReports  []Report               `json:"analyzer_reports"`
	ConnectorReports []Report               `json:"connector_reports"`
	Permission       map[string]interface{} `json:"permission"`
}

Job represents a job that is being processed in IntelOwl.

type JobList 

type JobList struct {
	BaseJob
}

JobList represents a list of jobs in IntelOwl.

type JobListResponse 

type JobListResponse struct {
	Count      int       `json:"count"`
	TotalPages int       `json:"total_pages"`
	Results    []JobList `json:"results"`
}

type JobService 

type JobService struct {
	// contains filtered or unexported fields
}

JobService handles communication with job related methods of IntelOwl API.

IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/jobs

func (*JobService) Delete 

func (jobService *JobService) Delete(ctx context.Context, jobId uint64) (bool, error)

Delete removes the given job from your IntelOwl instance. 

Endpoint: DELETE /api/jobs/{jobID}

IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/jobs/operation/jobs_destroy

func (*JobService) DownloadSample 

func (jobService *JobService) DownloadSample(ctx context.Context, jobId uint64) ([]byte, error)

DownloadSample fetches the File sample with the given job through its job ID. 

Endpoint: GET /api/jobs/{jobID}/download_sample

IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/jobs/operation/jobs_download_sample_retrieve

func (*JobService) Get 

func (jobService *JobService) Get(ctx context.Context, jobId uint64) (*Job, error)

Get fetches a specific job through its job ID. 

Endpoint: GET /api/jobs/{jobID}

IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/jobs/operation/jobs_retrieve

func (*JobService) Kill 

func (jobService *JobService) Kill(ctx context.Context, jobId uint64) (bool, error)

Kill lets you stop a running job through its ID 

Endpoint: PATCH /api/jobs/{jobID}/kill

IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/jobs/operation/jobs_kill_partial_update

func (*JobService) KillAnalyzer 

func (jobService *JobService) KillAnalyzer(ctx context.Context, jobId uint64, analyzerName string) (bool, error)

KillAnalyzer lets you stop an analyzer from running on a processed job through its ID and analyzer name. 

Endpoint: PATCH /api/jobs/{jobID}/analyzer/{nameOfAnalyzer}/kill

IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/jobs/operation/jobs_analyzer_kill_partial_update

func (*JobService) KillConnector 

func (jobService *JobService) KillConnector(ctx context.Context, jobId uint64, connectorName string) (bool, error)

KillConnector lets you stop a connector from running on a processed job through its ID and connector name. 

Endpoint: PATCH /api/jobs/{jobID}/connector/{nameOfConnector}/kill

IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/jobs/operation/jobs_connector_kill_partial_update

func (*JobService) List 

func (jobService *JobService) List(ctx context.Context) (*JobListResponse, error)

List fetches all the jobs in your IntelOwl instance. 

Endpoint: GET /api/jobs

IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/jobs/operation/jobs_list

func (*JobService) RetryAnalyzer 

func (jobService *JobService) RetryAnalyzer(ctx context.Context, jobId uint64, analyzerName string) (bool, error)

RetryAnalyzer lets you re-run the selected analyzer on a processed job through its ID and the analyzer name. 

Endpoint: PATCH /api/jobs/{jobID}/analyzer/{nameOfAnalyzer}/retry

IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/jobs/operation/jobs_analyzer_retry_partial_update

func (*JobService) RetryConnector 

func (jobService *JobService) RetryConnector(ctx context.Context, jobId uint64, connectorName string) (bool, error)

RetryConnector lets you re-run the selected connector on a processed job through its ID and connector name 

Endpoint: PATCH /api/jobs/{jobID}/connector/{nameOfConnector}/retry

IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/jobs/operation/jobs_connector_retry_partial_update

type LoggerParams 

type LoggerParams struct {
	File      io.Writer
	Formatter logrus.Formatter
	Level     logrus.Level
}

LoggerParams represents the fields to configure your logger.

type MemberParams 

type MemberParams struct {
	Username string `json:"username"`
}

type MultipleAnalysisResponse 

type MultipleAnalysisResponse struct {
	Count   int                `json:"count"`
	Results []AnalysisResponse `json:"results"`
}

MultipleAnalysisResponse represent a response returned by the API when you analyze multiple observables or files.

type MultipleFileAnalysisParams 

type MultipleFileAnalysisParams struct {
	BasicAnalysisParams
	Files []*os.File
}

MultipleFileAnalysisParams represents the fields needed to analyze multiple files.

type MultipleObservableAnalysisParams 

type MultipleObservableAnalysisParams struct {
	BasicAnalysisParams
	Observables [][]string `json:"observables"`
}

MultipleObservableAnalysisParams represents the fields needed to analyze multiple observables.

type ObservableAnalysisParams 

type ObservableAnalysisParams struct {
	BasicAnalysisParams
	ObservableName           string `json:"observable_name"`
	ObservableClassification string `json:"classification"`
}

ObservableAnalysisParams represents the fields needed to make an observable analysis.

type Organization 

type Organization struct {
	MembersCount int        `json:"members_count"`
	Owner        Owner      `json:"owner"`
	IsUserOwner  bool       `json:"is_user_owner,omitempty"`
	CreatedAt    *time.Time `json:"created_at,omitempty"`
	Name         string     `json:"name"`
}

type OrganizationParams 

type OrganizationParams struct {
	Name string `json:"name"`
}

type Owner 

type Owner struct {
	Username string    `json:"username"`
	FullName string    `json:"full_name"`
	Joined   time.Time `json:"joined"`
}

type Parameter 

type Parameter struct {
	Value       interface{} `json:"value"`
	Type        interface{} `json:"type"`
	Description string      `json:"description"`
}

type Report 

type Report struct {
	Name                 string                 `json:"name"`
	Status               string                 `json:"status"`
	Report               map[string]interface{} `json:"report"`
	Errors               []string               `json:"errors"`
	ProcessTime          float64                `json:"process_time"`
	StartTime            time.Time              `json:"start_time"`
	EndTime              time.Time              `json:"end_time"`
	RuntimeConfiguration map[string]interface{} `json:"runtime_configuration"`
	Type                 string                 `json:"type"`
}

Report represents a report generated by an IntelOwl job.

type Secret 

type Secret struct {
	EnvironmentVariableKey string `json:"env_var_key"`
	Description            string `json:"description"`
	Required               bool   `json:"required"`
}

type StatusResponse 

type StatusResponse struct {
	Status bool `json:"status"`
}

StatusResponse represents the status of an analyzer or connector i.e are they working or not.

type TLP 

type TLP int

TLP represents an enum for the TLP attribute used in IntelOwl's REST API.

IntelOwl docs: https://intelowl.readthedocs.io/en/latest/Usage.html#tlp-support 

const (
	WHITE TLP = iota + 1
	GREEN
	AMBER
	RED
)

Values of the TLP enum.

func ParseTLP 

func ParseTLP(s string) TLP

ParseTLP is used to easily make a TLP enum

func (TLP) MarshalJSON 

func (tlp TLP) MarshalJSON() ([]byte, error)

Implementing the MarshalJSON interface to make our custom Marshal for the enum

func (TLP) String 

func (tlp TLP) String() string

Overriding the String method to get the string representation of the TLP enum

func (*TLP) UnmarshalJSON 

func (tlp *TLP) UnmarshalJSON(data []byte) (err error)

Implementing the UnmarshalJSON interface to make our custom Unmarshal for the enum

type Tag 

type Tag struct {
	ID    uint64 `json:"id"`
	Label string `json:"label"`
	Color string `json:"color"`
}

Tag represents a tag in an IntelOwl job.

type TagParams 

type TagParams struct {
	Label string `json:"label"`
	Color string `json:"color"`
}

TagParams represents the fields needed for creating and updating tags

type TagService 

type TagService struct {
	// contains filtered or unexported fields
}

TagService handles communication with tag related methods of IntelOwl API.

IntelOwl REST API tag docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/tags

func (*TagService) Create 

func (tagService *TagService) Create(ctx context.Context, tagParams *TagParams) (*Tag, error)

Create lets you easily create a new tag by passing TagParams. 

Endpoint: POST "/api/tags/"

IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/tags/operation/tags_create

func (*TagService) Delete 

func (tagService *TagService) Delete(ctx context.Context, tagId uint64) (bool, error)

Delete removes the given tag from your IntelOwl instance. 

Endpoint: DELETE "/api/tags/{id}"

IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/tags/operation/tags_destroy

func (*TagService) Get 

func (tagService *TagService) Get(ctx context.Context, tagId uint64) (*Tag, error)

Get fetches a specific tag through its tag ID. 

Endpoint: GET "/api/tags/{id}"

IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/tags/operation/tags_retrieve

func (*TagService) List 

func (tagService *TagService) List(ctx context.Context) (*[]Tag, error)

List fetches all the working tags in IntelOwl. 

Endpoint: GET "/api/tags"

IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/tags/operation/tags_list

func (*TagService) Update 

func (tagService *TagService) Update(ctx context.Context, tagId uint64, tagParams *TagParams) (*Tag, error)

Update lets you edit a tag throght its tag ID. 

Endpoint: PUT "/api/tags/{id}"

IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/tags/operation/tags_update

type User 

type User struct {
	User   Details       `json:"user"`
	Access AccessDetails `json:"access"`
}

type UserDetails 

type UserDetails struct {
	Username string `json:"username"`
}

UserDetails represents user details in an IntelOwl job.

type UserService 

type UserService struct {
	// contains filtered or unexported fields
}

func (*UserService) Access 

func (userService *UserService) Access(ctx context.Context) (*User, error)

Access retrieves user details 

Endpoint: GET /api/me/access

IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/me/operation/me_access_retrieve

func (*UserService) CreateOrganization 

func (userService *UserService) CreateOrganization(ctx context.Context, organizationParams *OrganizationParams) (*Organization, error)

CreateOrganization allows you to create a super cool organization! 

Endpoint: POST /api/me/organization

IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/me/operation/me_organization_create

func (*UserService) InviteToOrganization 

func (userService *UserService) InviteToOrganization(ctx context.Context, memberParams *MemberParams) (*Invite, error)

InviteToOrganization allows you to invite someone to your super cool organization! This is only accessible to the organization's owner. 

Endpoint: POST /api/me/organization/invite

IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/me/operation/me_organization_invite_create

func (*UserService) Organization 

func (userService *UserService) Organization(ctx context.Context) (*Organization, error)

Organization returns the organization's details. 

Endpoint: GET /api/me/organization

IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/me/operation/me_organization_list

func (*UserService) RemoveMemberFromOrganization 

func (userService *UserService) RemoveMemberFromOrganization(ctx context.Context, memberParams *MemberParams) (bool, error)

RemoveMemberFromOrganization lets you remove someone from your super cool organization! (you had your reasons) This is only accessible to the organization's owner. 

Endpoint: POST /api/me/organization/remove_member

IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/me/operation/me_organization_create

type VerificationType 

type VerificationType struct {
	Configured     bool     `json:"configured"`
	ErrorMessage   string   `json:"error_message"`
	MissingSecrets []string `json:"missing_secrets"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.