Documentation ¶
Overview ¶
API for the OpenDNS Security Graph / Investigate.
To use it, use your Investigate API key to build an Investigate object.
key := "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" inv, err := goinvestigate.New(key) if err != nil { log.Fatal(err) }
Then you can call any API method, e.g.:
data, err := inv.DomainRRHistory("www.test.com")
which returns a DomainRRHistory object.
Be sure to set runtime.GOMAXPROCS() in the init() function of your program to enable concurrency.
The official OpenDNS Investigate Documentation can be found at: https://sgraph.opendns.com/docs/api
Index ¶
- type Cooccurrence
- type CooccurrenceList
- type DomainCategorization
- type DomainRRHistory
- type DomainResourceRecordFeatures
- type DomainTag
- type GeoFeatures
- type IPRRHistory
- type IPResourceRecordFeatures
- type Investigate
- func (inv *Investigate) Categorization(domain string, labels bool) (*DomainCategorization, error)
- func (inv *Investigate) Categorizations(domains []string, labels bool) (map[string]DomainCategorization, error)
- func (inv *Investigate) Cooccurrences(domain string) ([]Cooccurrence, error)
- func (inv *Investigate) DomainRRHistory(domain string, queryType string) (*DomainRRHistory, error)
- func (inv *Investigate) DomainTags(domain string) ([]DomainTag, error)
- func (inv *Investigate) Get(subUri string) (*http.Response, error)
- func (inv *Investigate) GetParse(subUri string, v interface{}) error
- func (inv *Investigate) IpRRHistory(ip string, queryType string) (*IPRRHistory, error)
- func (inv *Investigate) LatestDomains(ip string) ([]string, error)
- func (inv *Investigate) Log(s string)
- func (inv *Investigate) LogHTTPResponseBody(respBody io.ReadCloser)
- func (inv *Investigate) Logf(fs string, args ...interface{})
- func (inv *Investigate) Post(subUri string, body io.Reader) (*http.Response, error)
- func (inv *Investigate) PostParse(subUri string, body io.Reader, v interface{}) error
- func (inv *Investigate) RelatedDomains(domain string) ([]RelatedDomain, error)
- func (inv *Investigate) Request(req *http.Request) (*http.Response, error)
- func (inv *Investigate) Security(domain string) (*SecurityFeatures, error)
- func (inv *Investigate) SetVerbose(verbose bool)
- type Location
- type MaliciousDomain
- type PeriodType
- type RelatedDomain
- type RelatedDomainList
- type ResourceRecord
- type ResourceRecordPeriod
- type SecurityFeatures
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Cooccurrence ¶
type CooccurrenceList ¶
type CooccurrenceList []Cooccurrence
func (*CooccurrenceList) UnmarshalJSON ¶
func (r *CooccurrenceList) UnmarshalJSON(b []byte) error
type DomainCategorization ¶
type DomainRRHistory ¶
type DomainRRHistory struct { RRPeriods []ResourceRecordPeriod `json:"rrs_tf"` RRFeatures DomainResourceRecordFeatures `json:"features"` }
type DomainResourceRecordFeatures ¶
type DomainResourceRecordFeatures struct { Age int TTLsMin int `json:"ttls_min"` TTLsMax int `json:"ttls_max"` TTLsMean float64 `json:"ttls_mean"` TTLsMedian float64 `json:"ttls_median"` TTLsStdDev float64 `json:"ttls_stddev"` CountryCodes []string `json:"country_codes"` ASNs []int Prefixes []string RIPSCount int `json:"rips"` RIPSDiversity float64 `json:"div_rips"` Locations []Location GeoDistanceSum float64 `json:"geo_distance_sum"` GeoDistanceMean float64 `json:"geo_distance_mean"` NonRoutable bool `json:"non_routable"` MailExchanger bool `json:"mail_exchanger"` CName bool FFCandidate bool `json:"ff_candidate"` RIPSStability float64 `json:"rips_stability"` BaseDomain string `json:"base_domain"` IsSubdomain bool `json:"is_subdomain"` }
type DomainTag ¶
type DomainTag struct { Url string Category string Period PeriodType }
type GeoFeatures ¶
func (*GeoFeatures) UnmarshalJSON ¶
func (gf *GeoFeatures) UnmarshalJSON(b []byte) error
type IPRRHistory ¶
type IPRRHistory struct { RRs []ResourceRecord RRFeatures IPResourceRecordFeatures `json:"features"` }
type IPResourceRecordFeatures ¶
type IPResourceRecordFeatures struct { RRCount int `json:"rr_count"` LD2Count int `json:"ld2_count"` LD3Count int `json:"ld3_count"` LD21Count int `json:"ld2_1_count"` LD22Count int `json:"ld2_2_count"` DivLD2 float64 `json:"div_ld2"` DivLD3 float64 `json:"div_ld3"` DivLD21 float64 `json:"div_ld2_1"` DivLD22 float64 `json:"div_ld2_2"` }
type Investigate ¶
type Investigate struct {
// contains filtered or unexported fields
}
func New ¶
func New(key string) *Investigate
Build a new Investigate client using an Investigate API key.
func (*Investigate) Categorization ¶
func (inv *Investigate) Categorization(domain string, labels bool) (*DomainCategorization, error)
Get the domain status and categorization of a domain. Setting 'labels' to true will give back categorizations in human-readable form.
For more detail, see https://sgraph.opendns.com/docs/api#categorization
func (*Investigate) Categorizations ¶
func (inv *Investigate) Categorizations(domains []string, labels bool) (map[string]DomainCategorization, error)
Get the status and categorization of a list of domains Setting 'labels' to true will give back categorizations in human-readable form.
For more detail, see https://sgraph.opendns.com/docs/api#categorization
func (*Investigate) Cooccurrences ¶
func (inv *Investigate) Cooccurrences(domain string) ([]Cooccurrence, error)
Get the cooccurrences of the given domain.
For details, see https://sgraph.opendns.com/docs/api#co-occurrences
func (*Investigate) DomainRRHistory ¶
func (inv *Investigate) DomainRRHistory(domain string, queryType string) (*DomainRRHistory, error)
Get the RR (Resource Record) History of the given domain. queryType is the type of DNS query to perform on the database. The following query types are supported:
A, NS, MX, TXT, CNAME ¶
For details, see https://sgraph.opendns.com/docs/api#dnsrr_domain
func (*Investigate) DomainTags ¶
func (inv *Investigate) DomainTags(domain string) ([]DomainTag, error)
Get the domain tagging dates for the given domain.
For details, see https://sgraph.opendns.com/docs/api#latest_tags
func (*Investigate) Get ¶
func (inv *Investigate) Get(subUri string) (*http.Response, error)
A generic GET call to the Investigate API. Will make an HTTP request to: https://investigate.api.opendns.com{subUri}
func (*Investigate) GetParse ¶
func (inv *Investigate) GetParse(subUri string, v interface{}) error
Convenience function to perform Get and parse the response body. Parses the response into the value pointed to by v.
func (*Investigate) IpRRHistory ¶
func (inv *Investigate) IpRRHistory(ip string, queryType string) (*IPRRHistory, error)
Get the RR (Resource Record) History of the given IP. queryType is the type of DNS query to perform on the database. The following query types are supported:
A, NS, MX, TXT, CNAME ¶
For details, see https://sgraph.opendns.com/docs/api#dnsrr_ip
func (*Investigate) LatestDomains ¶
func (inv *Investigate) LatestDomains(ip string) ([]string, error)
Gets the latest known malicious domains associated with the given IP address, if any. Returns the list of malicious domains.
For details, see https://sgraph.opendns.com/docs/api#latest_domains
func (*Investigate) LogHTTPResponseBody ¶
func (inv *Investigate) LogHTTPResponseBody(respBody io.ReadCloser)
Log the response body
func (*Investigate) Logf ¶
func (inv *Investigate) Logf(fs string, args ...interface{})
Log something to stdout with a format string
func (*Investigate) PostParse ¶
func (inv *Investigate) PostParse(subUri string, body io.Reader, v interface{}) error
Convenience function to perform Post and parse the response body. Parses the response into the value pointed to by v.
func (*Investigate) RelatedDomains ¶
func (inv *Investigate) RelatedDomains(domain string) ([]RelatedDomain, error)
Use domain to make the HTTP request: /links/name/{domain}.json Get the related domains of the given domain.
For details, see https://sgraph.opendns.com/docs/api#relatedDomains
func (*Investigate) Request ¶
A generic Request method which makes the given request. Will retry up to 5 times on failure.
func (*Investigate) Security ¶
func (inv *Investigate) Security(domain string) (*SecurityFeatures, error)
Get the Security Information for the given domain.
For details, see https://sgraph.opendns.com/docs/api#securityInfo
func (*Investigate) SetVerbose ¶
func (inv *Investigate) SetVerbose(verbose bool)
Sets verbose messages to the given boolean value.
type MaliciousDomain ¶
type PeriodType ¶
type RelatedDomain ¶
type RelatedDomainList ¶
type RelatedDomainList []RelatedDomain
func (*RelatedDomainList) UnmarshalJSON ¶
func (r *RelatedDomainList) UnmarshalJSON(b []byte) error
type ResourceRecord ¶
type ResourceRecordPeriod ¶
type ResourceRecordPeriod struct { FirstSeen string `json:"first_seen"` LastSeen string `json:"last_seen"` RRs []ResourceRecord }
type SecurityFeatures ¶
type SecurityFeatures struct { DGAScore float64 `json:"dga_score"` Perplexity float64 Entropy float64 SecureRank2 float64 `json:"securerank2"` PageRank float64 `json:"pagerank"` ASNScore float64 `json:"asn_score"` PrefixScore float64 `json:"prefix_score"` RIPScore float64 `json:"rip_score"` Fastflux bool Popularity float64 Geodiversity []GeoFeatures `json:"geodiversity"` GeodiversityNormalized []GeoFeatures `json:"geodiversity_normalized"` TLDGeodiversity []GeoFeatures `json:"tld_geodiversity"` Geoscore float64 KSTest float64 `json:"ks_test"` Attack string ThreatType string `json:"threat_type"` }