Documentation ¶
Overview ¶
go-intelowl makes it easy to automate, configure, and use intelowl with your own set of tools with its Idiomatic approach making an analysis is easy as just writing one line of code!
Index ¶
- Variables
- type AccessDetails
- type AnalysisResponse
- type AnalyzerConfig
- type AnalyzerService
- type BaseConfigurationType
- type BaseJob
- type BasicAnalysisParams
- type ConfigType
- type ConnectorConfig
- type ConnectorService
- type Details
- type FileAnalysisParams
- type IntelOwlClient
- func (client *IntelOwlClient) CreateFileAnalysis(ctx context.Context, fileAnalysisParams *FileAnalysisParams) (*AnalysisResponse, error)
- func (client *IntelOwlClient) CreateMultipleFileAnalysis(ctx context.Context, fileAnalysisParams *MultipleFileAnalysisParams) (*MultipleAnalysisResponse, error)
- func (client *IntelOwlClient) CreateMultipleObservableAnalysis(ctx context.Context, params *MultipleObservableAnalysisParams) (*MultipleAnalysisResponse, error)
- func (client *IntelOwlClient) CreateObservableAnalysis(ctx context.Context, params *ObservableAnalysisParams) (*AnalysisResponse, error)
- type IntelOwlClientOptions
- type IntelOwlError
- type IntelOwlLogger
- type Invitation
- type InvitationParams
- type Invite
- type Job
- type JobList
- type JobListResponse
- type JobService
- func (jobService *JobService) Delete(ctx context.Context, jobId uint64) (bool, error)
- func (jobService *JobService) DownloadSample(ctx context.Context, jobId uint64) ([]byte, error)
- func (jobService *JobService) Get(ctx context.Context, jobId uint64) (*Job, error)
- func (jobService *JobService) Kill(ctx context.Context, jobId uint64) (bool, error)
- func (jobService *JobService) KillAnalyzer(ctx context.Context, jobId uint64, analyzerName string) (bool, error)
- func (jobService *JobService) KillConnector(ctx context.Context, jobId uint64, connectorName string) (bool, error)
- func (jobService *JobService) List(ctx context.Context) (*JobListResponse, error)
- func (jobService *JobService) RetryAnalyzer(ctx context.Context, jobId uint64, analyzerName string) (bool, error)
- func (jobService *JobService) RetryConnector(ctx context.Context, jobId uint64, connectorName string) (bool, error)
- type LoggerParams
- type MemberParams
- type MultipleAnalysisResponse
- type MultipleFileAnalysisParams
- type MultipleObservableAnalysisParams
- type ObservableAnalysisParams
- type Organization
- type OrganizationParams
- type Owner
- type Parameter
- type Report
- type Secret
- type StatusResponse
- type TLP
- type Tag
- type TagParams
- type TagService
- func (tagService *TagService) Create(ctx context.Context, tagParams *TagParams) (*Tag, error)
- func (tagService *TagService) Delete(ctx context.Context, tagId uint64) (bool, error)
- func (tagService *TagService) Get(ctx context.Context, tagId uint64) (*Tag, error)
- func (tagService *TagService) List(ctx context.Context) (*[]Tag, error)
- func (tagService *TagService) Update(ctx context.Context, tagId uint64, tagParams *TagParams) (*Tag, error)
- type User
- type UserDetails
- type UserService
- func (userService *UserService) Access(ctx context.Context) (*User, error)
- func (userService *UserService) CreateOrganization(ctx context.Context, organizationParams *OrganizationParams) (*Organization, error)
- func (userService *UserService) InviteToOrganization(ctx context.Context, memberParams *MemberParams) (*Invite, error)
- func (userService *UserService) Organization(ctx context.Context) (*Organization, error)
- func (userService *UserService) RemoveMemberFromOrganization(ctx context.Context, memberParams *MemberParams) (bool, error)
- type VerificationType
Constants ¶
This section is empty.
Variables ¶
var TLPVALUES = map[string]int{
"WHITE": 1,
"GREEN": 2,
"AMBER": 3,
"RED": 4,
}
TLPVALUES represents a map to easily access the TLP values.
Functions ¶
This section is empty.
Types ¶
type AccessDetails ¶
type AnalysisResponse ¶
type AnalysisResponse struct { JobID int `json:"job_id"` Status string `json:"status"` Warnings []string `json:"warnings"` AnalyzersRunning []string `json:"analyzers_running"` ConnectorsRunning []string `json:"connectors_running"` }
AnalysisResponse represents a response returned by the API when you analyze an observable or file.
type AnalyzerConfig ¶
type AnalyzerConfig struct { BaseConfigurationType Type string `json:"type"` ExternalService bool `json:"external_service"` LeaksInfo bool `json:"leaks_info"` DockerBased bool `json:"docker_based"` RunHash bool `json:"run_hash"` RunHashType string `json:"run_hash_type"` SupportedFiletypes []string `json:"supported_filetypes"` NotSupportedFiletypes []string `json:"not_supported_filetypes"` ObservableSupported []string `json:"observable_supported"` }
AnalyzerConfig represents how an analyzer is configured in IntelOwl.
IntelOwl docs: https://intelowl.readthedocs.io/en/latest/Usage.html#analyzers-customization
type AnalyzerService ¶
type AnalyzerService struct {
// contains filtered or unexported fields
}
AnalyzerService handles communication with analyzer related methods of the IntelOwl API.
IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/analyzer
func (*AnalyzerService) GetConfigs ¶
func (analyzerService *AnalyzerService) GetConfigs(ctx context.Context) (*[]AnalyzerConfig, error)
GetConfigs lists down every analyzer configuration in your IntelOwl instance.
Endpoint: GET /api/get_analyzer_configs
IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/get_analyzer_configs
func (*AnalyzerService) HealthCheck ¶
func (analyzerService *AnalyzerService) HealthCheck(ctx context.Context, analyzerName string) (bool, error)
HealthCheck checks if the specified analyzer is up and running
Endpoint: GET /api/analyzer/{NameOfAnalyzer}/healthcheck
IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/analyzer/operation/analyzer_healthcheck_retrieve
type BaseConfigurationType ¶
type BaseConfigurationType struct { Name string `json:"name"` PythonModule string `json:"python_module"` Disabled bool `json:"disabled"` Description string `json:"description"` Config ConfigType `json:"config"` Secrets map[string]Secret `json:"secrets"` Params map[string]Parameter `json:"params"` Verification VerificationType `json:"verification"` }
BaseConfigurationType represents the common fields in an analyzer and a connector configuration.
type BaseJob ¶
type BaseJob struct { ID int `json:"id"` User UserDetails `json:"user"` Tags []Tag `json:"tags"` ProcessTime float64 `json:"process_time"` IsSample bool `json:"is_sample"` Md5 string `json:"md5"` ObservableName string `json:"observable_name"` ObservableClassification string `json:"observable_classification"` FileName string `json:"file_name"` FileMimetype string `json:"file_mimetype"` Status string `json:"status"` AnalyzersRequested []string `json:"analyzers_requested" ` ConnectorsRequested []string `json:"connectors_requested"` AnalyzersToExecute []string `json:"analyzers_to_execute"` ConnectorsToExecute []string `json:"connectors_to_execute"` ReceivedRequestTime *time.Time `json:"received_request_time"` FinishedAnalysisTime *time.Time `json:"finished_analysis_time"` Tlp string `json:"tlp"` Errors []string `json:"errors"` }
BaseJob respresents all the common fields in a Job and JobList.
type BasicAnalysisParams ¶
type BasicAnalysisParams struct { User int `json:"user"` Tlp TLP `json:"tlp"` RuntimeConfiguration map[string]interface{} `json:"runtime_configuration"` AnalyzersRequested []string `json:"analyzers_requested"` ConnectorsRequested []string `json:"connectors_requested"` TagsLabels []string `json:"tags_labels"` }
BasicAnalysisParams represents the common fields in an Observable and a File analysis
type ConfigType ¶
type ConnectorConfig ¶
type ConnectorConfig struct { BaseConfigurationType MaximumTlp TLP `json:"maximum_tlp"` }
ConnectorConfig represents how a connector is configured in IntelOwl.
IntelOwl docs: https://intelowl.readthedocs.io/en/latest/Usage.html#connectors-customization
type ConnectorService ¶
type ConnectorService struct {
// contains filtered or unexported fields
}
ConnectorService handles communication with connector related methods of the IntelOwl API.
IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/connector
func (*ConnectorService) GetConfigs ¶
func (connectorService *ConnectorService) GetConfigs(ctx context.Context) (*[]ConnectorConfig, error)
GetConfigs lists down every connector configuration in your IntelOwl instance.
Endpoint: GET /api/get_connector_configs
IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/get_connector_configs
func (*ConnectorService) HealthCheck ¶
func (connectorService *ConnectorService) HealthCheck(ctx context.Context, connectorName string) (bool, error)
HealthCheck checks if the specified connector is up and running
Endpoint: GET /api/connector/{NameOfConnector}/healthcheck
IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/connector/operation/connector_healthcheck_retrieve
type FileAnalysisParams ¶
type FileAnalysisParams struct { BasicAnalysisParams File *os.File }
FileAnalysisParams represents the fields needed to analyze a file.
type IntelOwlClient ¶
type IntelOwlClient struct { TagService *TagService JobService *JobService AnalyzerService *AnalyzerService ConnectorService *ConnectorService UserService *UserService Logger *IntelOwlLogger // contains filtered or unexported fields }
IntelOwlClient handles all the communication with your IntelOwl instance.
func NewIntelOwlClient ¶
func NewIntelOwlClient(options *IntelOwlClientOptions, httpClient *http.Client, loggerParams *LoggerParams) IntelOwlClient
NewIntelOwlClient lets you easily create a new IntelOwlClient by providing IntelOwlClientOptions, http.Clients, and LoggerParams.
func NewIntelOwlClientThroughJsonFile ¶
func NewIntelOwlClientThroughJsonFile(filePath string, httpClient *http.Client, loggerParams *LoggerParams) (*IntelOwlClient, error)
NewIntelOwlClientThroughJsonFile lets you create a new IntelOwlClient through a JSON file that contains your IntelOwlClientOptions
func (*IntelOwlClient) CreateFileAnalysis ¶
func (client *IntelOwlClient) CreateFileAnalysis(ctx context.Context, fileAnalysisParams *FileAnalysisParams) (*AnalysisResponse, error)
CreateFileAnalysis lets you analyze a file.
Endpoint: POST /api/analyze_file
IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/analyze_file
func (*IntelOwlClient) CreateMultipleFileAnalysis ¶
func (client *IntelOwlClient) CreateMultipleFileAnalysis(ctx context.Context, fileAnalysisParams *MultipleFileAnalysisParams) (*MultipleAnalysisResponse, error)
CreateMultipleFileAnalysis lets you analyze multiple files.
Endpoint: POST /api/analyze_mutliple_files
IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/analyze_multiple_files
func (*IntelOwlClient) CreateMultipleObservableAnalysis ¶
func (client *IntelOwlClient) CreateMultipleObservableAnalysis(ctx context.Context, params *MultipleObservableAnalysisParams) (*MultipleAnalysisResponse, error)
CreateMultipleObservableAnalysis lets you analyze multiple observables.
Endpoint: POST /api/analyze_multiple_observables
IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/analyze_multiple_observables
func (*IntelOwlClient) CreateObservableAnalysis ¶
func (client *IntelOwlClient) CreateObservableAnalysis(ctx context.Context, params *ObservableAnalysisParams) (*AnalysisResponse, error)
CreateObservableAnalysis lets you analyze an observable.
Endpoint: POST /api/analyze_observable
IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/analyze_observable
type IntelOwlClientOptions ¶
type IntelOwlClientOptions struct { Url string `json:"url"` Token string `json:"token"` // Certificate represents your SSL cert: path to the cert file! Certificate string `json:"certificate"` // Timeout is in seconds Timeout uint64 `json:"timeout"` }
IntelOwlClientOptions represents the fields needed to configure and use the IntelOwlClient
type IntelOwlError ¶
IntelOwlError represents an error that has occurred when communicating with IntelOwl.
func (*IntelOwlError) Error ¶
func (intelOwlError *IntelOwlError) Error() string
Error lets you implement the error interface. This is used for making custom go errors.
type IntelOwlLogger ¶
IntelOwlLogger represents a logger to be used by the developer. IntelOwlLogger implements the Logrus logger.
Logrus docs: https://github.com/sirupsen/logrus
func (*IntelOwlLogger) Init ¶
func (intelOwlLogger *IntelOwlLogger) Init(loggerParams *LoggerParams)
Init initializes the IntelOwlLogger via LoggerParams
type Invitation ¶
type Invitation struct { Invite Organization Organization `json:"organization"` }
type InvitationParams ¶
type InvitationParams struct { Organization OrganizationParams `json:"organization"` Status string `json:"status"` }
type Job ¶
type Job struct { BaseJob AnalyzerReports []Report `json:"analyzer_reports"` ConnectorReports []Report `json:"connector_reports"` Permission map[string]interface{} `json:"permission"` }
Job represents a job that is being processed in IntelOwl.
type JobListResponse ¶
type JobService ¶
type JobService struct {
// contains filtered or unexported fields
}
JobService handles communication with job related methods of IntelOwl API.
IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/jobs
func (*JobService) Delete ¶
Delete removes the given job from your IntelOwl instance.
Endpoint: DELETE /api/jobs/{jobID}
IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/jobs/operation/jobs_destroy
func (*JobService) DownloadSample ¶
DownloadSample fetches the File sample with the given job through its job ID.
Endpoint: GET /api/jobs/{jobID}/download_sample
IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/jobs/operation/jobs_download_sample_retrieve
func (*JobService) Get ¶
Get fetches a specific job through its job ID.
Endpoint: GET /api/jobs/{jobID}
IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/jobs/operation/jobs_retrieve
func (*JobService) Kill ¶
Kill lets you stop a running job through its ID
Endpoint: PATCH /api/jobs/{jobID}/kill
IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/jobs/operation/jobs_kill_partial_update
func (*JobService) KillAnalyzer ¶
func (jobService *JobService) KillAnalyzer(ctx context.Context, jobId uint64, analyzerName string) (bool, error)
KillAnalyzer lets you stop an analyzer from running on a processed job through its ID and analyzer name.
Endpoint: PATCH /api/jobs/{jobID}/analyzer/{nameOfAnalyzer}/kill
IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/jobs/operation/jobs_analyzer_kill_partial_update
func (*JobService) KillConnector ¶
func (jobService *JobService) KillConnector(ctx context.Context, jobId uint64, connectorName string) (bool, error)
KillConnector lets you stop a connector from running on a processed job through its ID and connector name.
Endpoint: PATCH /api/jobs/{jobID}/connector/{nameOfConnector}/kill
IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/jobs/operation/jobs_connector_kill_partial_update
func (*JobService) List ¶
func (jobService *JobService) List(ctx context.Context) (*JobListResponse, error)
List fetches all the jobs in your IntelOwl instance.
Endpoint: GET /api/jobs
IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/jobs/operation/jobs_list
func (*JobService) RetryAnalyzer ¶
func (jobService *JobService) RetryAnalyzer(ctx context.Context, jobId uint64, analyzerName string) (bool, error)
RetryAnalyzer lets you re-run the selected analyzer on a processed job through its ID and the analyzer name.
Endpoint: PATCH /api/jobs/{jobID}/analyzer/{nameOfAnalyzer}/retry
IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/jobs/operation/jobs_analyzer_retry_partial_update
func (*JobService) RetryConnector ¶
func (jobService *JobService) RetryConnector(ctx context.Context, jobId uint64, connectorName string) (bool, error)
RetryConnector lets you re-run the selected connector on a processed job through its ID and connector name
Endpoint: PATCH /api/jobs/{jobID}/connector/{nameOfConnector}/retry
IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/jobs/operation/jobs_connector_retry_partial_update
type LoggerParams ¶
LoggerParams represents the fields to configure your logger.
type MemberParams ¶
type MemberParams struct {
Username string `json:"username"`
}
type MultipleAnalysisResponse ¶
type MultipleAnalysisResponse struct { Count int `json:"count"` Results []AnalysisResponse `json:"results"` }
MultipleAnalysisResponse represent a response returned by the API when you analyze multiple observables or files.
type MultipleFileAnalysisParams ¶
type MultipleFileAnalysisParams struct { BasicAnalysisParams Files []*os.File }
MultipleFileAnalysisParams represents the fields needed to analyze multiple files.
type MultipleObservableAnalysisParams ¶
type MultipleObservableAnalysisParams struct { BasicAnalysisParams Observables [][]string `json:"observables"` }
MultipleObservableAnalysisParams represents the fields needed to analyze multiple observables.
type ObservableAnalysisParams ¶
type ObservableAnalysisParams struct { BasicAnalysisParams ObservableName string `json:"observable_name"` ObservableClassification string `json:"classification"` }
ObservableAnalysisParams represents the fields needed to make an observable analysis.
type Organization ¶
type OrganizationParams ¶
type OrganizationParams struct {
Name string `json:"name"`
}
type Parameter ¶
type Parameter struct { Value interface{} `json:"value"` Type interface{} `json:"type"` Description string `json:"description"` }
type Report ¶
type Report struct { Name string `json:"name"` Status string `json:"status"` Report map[string]interface{} `json:"report"` Errors []string `json:"errors"` ProcessTime float64 `json:"process_time"` StartTime time.Time `json:"start_time"` EndTime time.Time `json:"end_time"` RuntimeConfiguration map[string]interface{} `json:"runtime_configuration"` Type string `json:"type"` }
Report represents a report generated by an IntelOwl job.
type StatusResponse ¶
type StatusResponse struct {
Status bool `json:"status"`
}
StatusResponse represents the status of an analyzer or connector i.e are they working or not.
type TLP ¶
type TLP int
TLP represents an enum for the TLP attribute used in IntelOwl's REST API.
IntelOwl docs: https://intelowl.readthedocs.io/en/latest/Usage.html#tlp-support
func (TLP) MarshalJSON ¶
Implementing the MarshalJSON interface to make our custom Marshal for the enum
func (*TLP) UnmarshalJSON ¶
Implementing the UnmarshalJSON interface to make our custom Unmarshal for the enum
type TagService ¶
type TagService struct {
// contains filtered or unexported fields
}
TagService handles communication with tag related methods of IntelOwl API.
IntelOwl REST API tag docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/tags
func (*TagService) Create ¶
Create lets you easily create a new tag by passing TagParams.
Endpoint: POST "/api/tags/"
IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/tags/operation/tags_create
func (*TagService) Delete ¶
Delete removes the given tag from your IntelOwl instance.
Endpoint: DELETE "/api/tags/{id}"
IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/tags/operation/tags_destroy
func (*TagService) Get ¶
Get fetches a specific tag through its tag ID.
Endpoint: GET "/api/tags/{id}"
IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/tags/operation/tags_retrieve
func (*TagService) List ¶
func (tagService *TagService) List(ctx context.Context) (*[]Tag, error)
List fetches all the working tags in IntelOwl.
Endpoint: GET "/api/tags"
IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/tags/operation/tags_list
func (*TagService) Update ¶
func (tagService *TagService) Update(ctx context.Context, tagId uint64, tagParams *TagParams) (*Tag, error)
Update lets you edit a tag throght its tag ID.
Endpoint: PUT "/api/tags/{id}"
IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/tags/operation/tags_update
type User ¶
type User struct { User Details `json:"user"` Access AccessDetails `json:"access"` }
type UserDetails ¶
type UserDetails struct {
Username string `json:"username"`
}
UserDetails represents user details in an IntelOwl job.
type UserService ¶
type UserService struct {
// contains filtered or unexported fields
}
func (*UserService) Access ¶
func (userService *UserService) Access(ctx context.Context) (*User, error)
Access retrieves user details
Endpoint: GET /api/me/access
IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/me/operation/me_access_retrieve
func (*UserService) CreateOrganization ¶
func (userService *UserService) CreateOrganization(ctx context.Context, organizationParams *OrganizationParams) (*Organization, error)
CreateOrganization allows you to create a super cool organization!
Endpoint: POST /api/me/organization
IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/me/operation/me_organization_create
func (*UserService) InviteToOrganization ¶
func (userService *UserService) InviteToOrganization(ctx context.Context, memberParams *MemberParams) (*Invite, error)
InviteToOrganization allows you to invite someone to your super cool organization! This is only accessible to the organization's owner.
Endpoint: POST /api/me/organization/invite
IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/me/operation/me_organization_invite_create
func (*UserService) Organization ¶
func (userService *UserService) Organization(ctx context.Context) (*Organization, error)
Organization returns the organization's details.
Endpoint: GET /api/me/organization
IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/me/operation/me_organization_list
func (*UserService) RemoveMemberFromOrganization ¶
func (userService *UserService) RemoveMemberFromOrganization(ctx context.Context, memberParams *MemberParams) (bool, error)
RemoveMemberFromOrganization lets you remove someone from your super cool organization! (you had your reasons) This is only accessible to the organization's owner.
Endpoint: POST /api/me/organization/remove_member
IntelOwl REST API docs: https://intelowl.readthedocs.io/en/latest/Redoc.html#tag/me/operation/me_organization_create