Documentation
¶
Overview ¶
Package gotie provides high-level bindings and a simple command line client for the DCSO Threat Intelligence Engine (TIE) API.
Index ¶
- Variables
- func GetIOCChan(query string, dataType string, extraArgs string) <-chan IOCResult
- func GetIOCJSONInChan(reader io.Reader) (<-chan IOCResult, error)
- func GetIOCPeriodFeedChan(feedPeriod string, dataType string, extraArgs string) <-chan IOCResult
- func IOCQuery(baseuri string, outchan chan IOCResult, data IOCQueryStruct)
- func PingBackCall(dataType string, value string, token string) error
- func PrintIOCs(query string, dataType string, extraArgs string, outputFormat string) error
- func PrintPeriodFeeds(feedPeriod string, dataType string, extraArgs string, outputFormat string) error
- func WriteIOCs(query string, dataType string, extraArgs string, outputFormat string, ...) error
- func WritePeriodFeeds(feedPeriod string, dataType string, extraArgs string, outputFormat string, ...) error
- type IOC
- type IOCParams
- type IOCQueryStruct
- type IOCResult
- type JSONPageAggregator
- type JSONTopLevelResponse
- type PageContentAggregator
- type PaginatedRawPageAggregator
Constants ¶
This section is empty.
Variables ¶
View Source
var ( // Debug turns on verbose output Debug bool // IOCLimit defines the maximum number of IOCs to query per request IOCLimit = 10000 // AuthToken can be generated in the TIE webinterface and is used for authentication AuthToken string )
Functions ¶
func GetIOCJSONInChan ¶ added in v0.1.1
func GetIOCPeriodFeedChan ¶
func IOCQuery ¶
func IOCQuery(baseuri string, outchan chan IOCResult, data IOCQueryStruct)
func PingBackCall ¶
PingBackCall allows to tell the TIE about observed hits for IOCs
func PrintIOCs ¶
PrintIOCs allows queries for TIE IOC objects with "query" being a case insensitive string to search for. The results are printed to stdout.
func PrintPeriodFeeds ¶
func PrintPeriodFeeds(feedPeriod string, dataType string, extraArgs string, outputFormat string) error
PrintPeriodFeeds gets file based feeds for the given period and IOC data type. Valid outputFormats are: "csv" (default), "json" and "stix". Results are printed to stdout.
Types ¶
type IOC ¶
type IOC struct {
ID string `json:"id"`
Value string `json:"value"`
DataType string `json:"data_type"`
EntityIDs []string `json:"entity_ids"`
EventIDs []string `json:"event_ids"`
EventAttributes []string `json:"event_attributes"`
Categories []string `json:"categories"`
SourcePseudonyms []string `json:"source_pseudonyms"`
SourceNames []string `json:"source_names"`
NOccurrences int `json:"n_occurrences"`
MinSeverity int `json:"min_severity"`
MaxSeverity int `json:"max_severity"`
FirstSeen *time.Time `json:"first_seen"`
LastSeen *time.Time `json:"last_seen"`
MinConfidence int `json:"min_confidence"`
MaxConfidence int `json:"max_confidence"`
Enrich bool `json:"enrich"`
EnrichmentRequestedAt *time.Time `json:"enrichment_requested_at,omitempty"`
EnrichedAt *time.Time `json:"enriched_at,omitempty"`
UpdatedAt *time.Time `json:"updated_at"`
CreatedAt *time.Time `json:"created_at"`
ObservationAttributes []string `json:"observation_attributes"`
}
IOC defines the basic data structure of IOCs in TIE
type IOCParams ¶
type IOCParams struct {
NoDefaults bool `json:"no_defaults"`
Direction string `json:"direction"`
OrderBy string `json:"order_by"`
Severity string `json:"severity"`
Confidence string `json:"confidence"`
Ivalue string `json:"ivalue"`
GroupBy []string `json:"group_by"`
Limit int `json:"limit"`
Offset int `json:"offset"`
WithCompositions bool `json:"with_compositions"`
FirstSeenSince *time.Time `json:"first_seen_since,omitempty"`
LastSeenSince *time.Time `json:"last_seen_since,omitempty"`
DateField string `json:"date_field"`
Enriched bool `json:"enriched"`
DateFormat string `json:"date_format"`
}
IOCParams contains all necessary query parameters
type IOCQueryStruct ¶
type IOCQueryStruct struct {
HasMore bool `json:"has_more"`
Iocs []IOC `json:"iocs"`
Params IOCParams `json:"params"`
}
IOCQueryStruct defines the returned data of a TIE API IOC query
func GetIOCPeriodFeeds ¶
func GetIOCPeriodFeeds(feedPeriod string, dataType string, extraArgs string) (*IOCQueryStruct, error)
GetIOCPeriodFeeds gets file based feeds for the given period and IOC data type. Feed types are, for example, 'hourly', 'daily', 'weekly' or 'monthly'.
func GetIOCs ¶
func GetIOCs(query string, dataType string, extraArgs string) (*IOCQueryStruct, error)
GetIOCs allows queries for TIE IOC objects with "query" being a case insensitive string to search for.
func IOCChanCollect ¶
func IOCChanCollect(inchan <-chan IOCResult) (*IOCQueryStruct, error)
type JSONPageAggregator ¶ added in v0.1.1
func (*JSONPageAggregator) AddPage ¶ added in v0.1.1
func (pa *JSONPageAggregator) AddPage(reader io.Reader) error
func (*JSONPageAggregator) Finish ¶ added in v0.1.1
func (pa *JSONPageAggregator) Finish(writer io.Writer) error
func (*JSONPageAggregator) Reset ¶ added in v0.1.1
func (pa *JSONPageAggregator) Reset()
type JSONTopLevelResponse ¶ added in v0.1.1
type PageContentAggregator ¶ added in v0.1.1
type PaginatedRawPageAggregator ¶ added in v0.1.1
type PaginatedRawPageAggregator struct {
// contains filtered or unexported fields
}
func (*PaginatedRawPageAggregator) AddPage ¶ added in v0.1.1
func (pa *PaginatedRawPageAggregator) AddPage(reader io.Reader) error
func (*PaginatedRawPageAggregator) Finish ¶ added in v0.1.1
func (pa *PaginatedRawPageAggregator) Finish(writer io.Writer) error
func (*PaginatedRawPageAggregator) Reset ¶ added in v0.1.1
func (pa *PaginatedRawPageAggregator) Reset()
Source Files
Click to show internal directories.
Click to hide internal directories.