Documentation ¶
Index ¶
- Constants
- Variables
- type API
- func (api *API) AlertToCase(id string) (Alert, error)
- func (api *API) CreateAlert(alert *Alert) (Alert, error)
- func (api *API) CreateCase(cas *Case) (Case, error)
- func (api *API) CreateObservable(caseId string, observable *Observable) (*Observable, error)
- func (api *API) CreateTask(caseID string, task *Task) (Task, error)
- func (api *API) DeleteAlert(id string) error
- func (api *API) DeleteCase(id string) error
- func (api *API) DeleteObservable(id string) error
- func (api *API) FollowAlert(id string) (Alert, error)
- func (api *API) GetAlert(id string) (Alert, error)
- func (api *API) GetAlerts() ([]Alert, error)
- func (api *API) GetCase(id string) (Case, error)
- func (api *API) GetCases() ([]Case, error)
- func (api *API) GetObservable(id string) (*Observable, error)
- func (api *API) GetObservableStats(stats *Stats) (ObservableStats, error)
- func (api *API) GetObservables() ([]Observable, error)
- func (api *API) GetSimilarObservable(id string) ([]Observable, error)
- func (api *API) GetTask(id string) (Task, error)
- func (api *API) MergeAlertIntoCase(alertID, caseID string) (Case, error)
- func (api *API) MergeCase(id, mergeID string) (Case, error)
- func (api *API) ReadAlert(id string) (Alert, error)
- func (api *API) SearchAlert(query *Query) ([]Alert, error)
- func (api *API) SearchCase(query *Query) ([]Case, error)
- func (api *API) SearchTask(query *Query) ([]Task, error)
- func (api *API) UnfollowAlert(id string) (Alert, error)
- func (api *API) UnreadAlert(id string) (Alert, error)
- func (api *API) UpdateAlert(id string, values map[string]interface{}) (Alert, error)
- func (api *API) UpdateCase(id string, values map[string]interface{}) (Case, error)
- func (api *API) UpdateObservable(observable *Observable) (*Observable, error)
- func (api *API) UpdateTask(id string, values map[string]interface{}) (Task, error)
- type Alert
- func (a *Alert) AddArtifact(art *Artifact)
- func (a *Alert) SetArtifacts(artifacts []*Artifact) error
- func (a *Alert) SetCaseTemplate(casetpl string) error
- func (a *Alert) SetDescription(d string) error
- func (a *Alert) SetFollow(follow bool) error
- func (a *Alert) SetSeverity(severity Severity) error
- func (a *Alert) SetSource(s string) error
- func (a *Alert) SetSourceRef(sr string) error
- func (a *Alert) SetStatus(status AlertStatus) error
- func (a *Alert) SetTLP(tlp TLP) error
- func (a *Alert) SetTags(tags []string) error
- func (a *Alert) SetTitle(t string) error
- func (a *Alert) SetType(t string) error
- type AlertStatus
- type And
- type ApiError
- type Artifact
- type Attachment
- type Between
- type Case
- func (c *Case) SetDescription(description string) error
- func (c *Case) SetFlag(flag bool) error
- func (c *Case) SetImpactStatus(impact ImpactStatus) error
- func (c *Case) SetOwner(owner string) error
- func (c *Case) SetPAP(pap TLP) error
- func (c *Case) SetResolutionStatus(resolution ResolutionStatus) error
- func (c *Case) SetSeverity(severity Severity) error
- func (c *Case) SetStatus(s CaseStatus) error
- func (c *Case) SetSummary(summary string) error
- func (c *Case) SetTLP(tlp TLP) error
- func (c *Case) SetTags(tags []string) error
- func (c *Case) SetTitle(title string) error
- type CaseStatus
- type Child
- type Contains
- type CustomField
- type Eq
- type Error
- type Gt
- type Gte
- type ID
- type ImpactStatus
- type In
- type Lt
- type Lte
- type Not
- type Observable
- func (o *Observable) AddTag(tag string) error
- func (o *Observable) RemoveTag(tag string) error
- func (o *Observable) SetData(data string) error
- func (o *Observable) SetDataType(dt string) error
- func (o *Observable) SetIoc(ioc bool) error
- func (o *Observable) SetMessage(message string) error
- func (o *Observable) SetSighted(sighted bool) error
- func (o *Observable) SetTLP(tlp TLP) error
- func (o *Observable) SetTags(tags []string) error
- type ObservableStats
- type Or
- type Parent
- type ParentID
- type Query
- func (q *Query) And(query ...interface{}) (And, error)
- func (q *Query) Between(field string, from, to interface{}) (Between, error)
- func (q *Query) Child(typ, query interface{}) (Child, error)
- func (q *Query) Contains(contains interface{}) (Contains, error)
- func (q *Query) Eq(field string, value interface{}) (Eq, error)
- func (q *Query) Gt(field string, value interface{}) (Gt, error)
- func (q *Query) Gte(field string, value interface{}) (Gte, error)
- func (q *Query) ID(id interface{}) (ID, error)
- func (q *Query) In(field string, value interface{}) (In, error)
- func (q *Query) Lt(field string, value interface{}) (Lt, error)
- func (q *Query) Lte(field string, value interface{}) (Lte, error)
- func (q *Query) Not(not interface{}) (Not, error)
- func (q *Query) Or(query ...interface{}) (Or, error)
- func (q *Query) Parent(typ, query interface{}) (Parent, error)
- func (q *Query) ParentID(typ, id interface{}) (ParentID, error)
- func (q *Query) Status(str interface{}) (Status, error)
- func (q *Query) String(str interface{}) (String, error)
- func (q *Query) Type(typ interface{}) (Type, error)
- type ResolutionStatus
- type Severity
- type Stat
- type Stats
- type Status
- type String
- type TLP
- type Task
- type TaskStatus
- type Type
- type Updater
Constants ¶
const ( // White, Green, Amber, and Red are the accepted TLP values White TLP = 0 Green TLP = 1 Amber TLP = 2 Red TLP = 3 // Low, Medium, and High are the accepted Severity values Low Severity = 1 Medium Severity = 2 High Severity = 3 Waiting TaskStatus = "Waiting" InProgress TaskStatus = "InProgress" Completed TaskStatus = "Completed" Cancel TaskStatus = "Cancel" // New, Updated, Ignored, and Imported are the accepted AlertStatus values New AlertStatus = "New" Updated AlertStatus = "Updated" Ignored AlertStatus = "Ignored" Imported AlertStatus = "Imported" Indeterminate ResolutionStatus = "Indeterminate" FalsePositive ResolutionStatus = "FalsePositive" TruePositive ResolutionStatus = "TruePositive" Other ResolutionStatus = "Other" Duplicated ResolutionStatus = "Duplicated" NoImpact ImpactStatus = "NoImpact" WithImpact ImpactStatus = "WithImpact" NotApplicable ImpactStatus = "NotApplicable" Open CaseStatus = "Open" Resolved CaseStatus = "Resolved" Deleted CaseStatus = "Deleted" )
Variables ¶
var UserName = "go4th"
UserName is the username that is login
Functions ¶
This section is empty.
Types ¶
type API ¶
type API struct {
// contains filtered or unexported fields
}
API defines the methods to exchenge information between clinet and The Hive
func (*API) AlertToCase ¶
AlertToCase converts an alert to a case. The alert ID must be provided. If the alert ID is empty an error is returned. If everything was ok, the returned alert is the alert converted to case.
func (*API) CreateAlert ¶
CreateAlert creates an alert. An alert must be provided as parameter it also needs to have the required fields filled. Returns the same alert with ID number and same extra information. If any error is produced while creating the alert, that error will be returned.
func (*API) CreateCase ¶
CreateCase creates an case. An case must be provided as parameter it also needs to have the required fields filled. Returns the same case with ID number and same extra information. If any error is produced while creating the case, that error will be returned.
func (*API) CreateObservable ¶
func (api *API) CreateObservable(caseId string, observable *Observable) (*Observable, error)
CreateObservable create an observable associated to a case
func (*API) CreateTask ¶
CreateTask created a task associated to an case ID
func (*API) DeleteAlert ¶
DeleteAlert deletes and alert. The alert ID must be provided. If ID is empty string, an error will be returned, otherwise if everything goes well, no error will be returned.
func (*API) DeleteCase ¶
DeleteCase deletes and case. The case ID must be provided. If ID is empty string, an error will be returned, otherwise if everything goes well, no error will be returned.
func (*API) DeleteObservable ¶
DeleteObservable deletes an observable based on its ID
func (*API) FollowAlert ¶
FollowAlert switches Follow field to true. The alert ID must be provied otherwise an error is returned.
func (*API) GetAlert ¶
GetAlert gets an specific alert. The alert ID must be provided in terms to get the alert. If there is an error, an empty Alert will be returned, otherwise the alert is returned with nil error.
func (*API) GetAlerts ¶
GetAlerts gets the whole list of alerts. GetAlerts returns a list of Alert or an empty list. It can also return an error.
func (*API) GetCase ¶
GetCase gets an specific case. The case ID must be provided in terms to get the case. If there is an error, an empty case will be returned, otherwise the case is returned with nil error.
func (*API) GetCases ¶
GetCases gets the whole list of cases. GetCases returns a list of Alert or an empty list. It can also return an error.
func (*API) GetObservable ¶
func (api *API) GetObservable(id string) (*Observable, error)
GetObservable get a observable based on its ID
func (*API) GetObservableStats ¶
func (api *API) GetObservableStats(stats *Stats) (ObservableStats, error)
GetObservableStats gets an observable stats
func (*API) GetObservables ¶
func (api *API) GetObservables() ([]Observable, error)
GetObservables get a whole list of observables
func (*API) GetSimilarObservable ¶
func (api *API) GetSimilarObservable(id string) ([]Observable, error)
GetSimilarObservable gets a list of similar observables based on an observable ID
func (*API) MergeAlertIntoCase ¶
MergeAlertIntoCase merges data from an alrt into case
func (*API) MergeCase ¶
MergeCase merges one case into another. Both ID must be provided, otherwise an error will be returned. If everything goes well, MegeCase will return a merged case.
func (*API) ReadAlert ¶
ReadAlert marks an alert as read. The alert ID must be provied and the modified alert is returned. If alert ID is empty or there is any other, it is returned.
func (*API) SearchAlert ¶
SearchAlert searches alerts based on the query
func (*API) SearchCase ¶
SearchCase searches cases based on the query
func (*API) SearchTask ¶
SearchTask searches tasks based on the query
func (*API) UnfollowAlert ¶
UnfollowAlert switches Follow field to false. The alert ID must be provied otherwise an error is returned.
func (*API) UnreadAlert ¶
UnreadAlert marks an alert as unread. The alert ID must be provied and the modified alert is returned. If alert ID is empty or there is any other, it is returned.
func (*API) UpdateAlert ¶
UpdateAlert updates the alert information. The alert ID must me provided as well as a map of fields:values that are going to be updated. The fileds couldn't be the ones that are readonly and they must be defined in the Alert type. The alert with its fields updated is returned, or an empty alert with an error will do it instead
func (*API) UpdateCase ¶
UpdateCase updates the case information. The case ID must me provided as well as a map of fields:values that are going to be updated. The fileds couldn't be the ones that are readonly and they must be defined in the Case type. The case with its fields updated is returned, or an empty case with an error will do it instead
func (*API) UpdateObservable ¶
func (api *API) UpdateObservable(observable *Observable) (*Observable, error)
UpdateObservable [NotImplemented]
type Alert ¶
type Alert struct { ID string `json:"id,omitempty"` Title string `json:"title,omitempty"` Description string `json:"description,omitempty"` Severity Severity `json:"severity,omitempty"` Date int64 `json:"date,omitempty"` Tags []string `json:"tags,omitempty"` TLP TLP `json:"tlp,omitempty"` Status AlertStatus `json:"status,omitempty"` Type string `json:"type,omitempty"` Source string `json:"source,omitempty"` SourceRef string `json:"sourceRef,omitempty"` Artifacts []*Artifact `json:"artifacts,omitempty"` Follow bool `json:"follow,omitempty"` CaseTemplate string `json:"caseTemplate,omitempty"` LastSyncDate int64 `json:"lastSyncDate,omitempty"` Case string `json:"case,omitempty"` CreatedBy string `json:"createdBy,omitempty"` CreatedAt int64 `json:"createdAt,omitempty"` UpdatedBy string `json:"updatedBy,omitempty"` UpdatedAt int64 `json:"updatedAt,omitempty"` User string `json:"user,omitempty"` CustomField CustomField `json:"customFields,omitempty"` }
Alert is the data model for an alert.
func NewAlert ¶
func NewAlert() *Alert
NewAlert generates an empty alert with the required fields filled with its defaults
func (*Alert) AddArtifact ¶
AddArtifact adds an artifact to the alert
func (*Alert) SetArtifacts ¶
SetArtifacts sets alert's artifacts. Artifacts couldn't be an empty list. Otherwise an error will be returned
func (*Alert) SetCaseTemplate ¶
SetCaseTemplate sets alert's case template.
func (*Alert) SetDescription ¶
SetDescription sets alert's description. Description couldn't be an empty string, otherwise an error will be returned
func (*Alert) SetSeverity ¶
SetSeverity sets alert's severity.
func (*Alert) SetSource ¶
SetSource sets alert's source. Source couldn't be an empty string, otherwise an error will be returned
func (*Alert) SetSourceRef ¶
SetSourceRef sets alert's sourceRef. SourceRef couldn't be an empty string, otherwise an error will be returned
func (*Alert) SetStatus ¶
func (a *Alert) SetStatus(status AlertStatus) error
SetStatus sets alert's status.
func (*Alert) SetTags ¶
SetTags sets alert's tags list. Tags couldn't be empty slice, otherwise an error will be returned
type And ¶
type And struct {
And []interface{} `json:"_and,omitempty"`
}
And will construct a logical and query
type ApiError ¶
type ApiError struct { TableName string `json:"tableName,omitempty"` Type string `json:"type,omitempty"` Errors []Error `json:"errors,omitempty"` }
ApiError represents an error response from The Hive
type Artifact ¶
type Artifact struct { DataType string `json:"dataType,omitempty"` Data string `json:"data,omitempty"` Message string `json:"message,omitempty"` TLP TLP `json:"tlp,omitempty"` Tags []string `json:"tags,omitempty"` }
Artifact defines an Alert/Case artifact
func NewArtifact ¶
NewArtifact returns a new artifact
func (*Artifact) SetMessage ¶
SetMessage sets the message for the artifact
type Attachment ¶
type Attachment struct { Name string `json:"name,omitempty"` Hashes []string `json:"hashes,omitempty"` Size int `json:"size,omitempty"` ContentType string `json:"contentType,omitempty"` ID string `json:"id,omitempty"` }
Attachment represents an attachment for observables
type Between ¶
type Between struct { Between struct { Field string `json:"_field,omitempty"` From interface{} `json:"_from,omitempty"` To interface{} `json:"_to,omitempty"` } `json:"_between,omitempty"` }
IBetweenD will construct a query to filter a field
type Case ¶
type Case struct { ID string `json:"id,omitempty"` Title string `json:"title,omitempty"` Description string `json:"description,omitempty"` Severity Severity `json:"severity,omitempty"` StartDate int64 `json:"startDate,omitempty"` Owner string `json:"owner,omitempty"` Flag bool `json:"flag,omitempty"` TLP TLP `json:"tlp,omitempty"` PAP TLP `json:"pap,omitempty"` Tags []string `json:"tags,omitempty"` ResolutionStatus ResolutionStatus `json:"resolutionStatus,omitempty"` ImpactStatus ImpactStatus `json:"impactStatus,omitempty"` Summary string `json:"summary,omitempty"` EndDate int64 `json:"endDate,omitempty"` Metrics interface{} `json:"metrics,omitempty"` Status CaseStatus `json:"status,omitempty"` CaseID int `json:"caseID,omitempty"` MergeInto string `json:"mergeInto,omitempty"` MergeFrom []string `json:"mergeFrom,omitempty"` CustomField CustomField `json:"customFields,omitempty"` CreatedBy string `json:"createdBy,omitempty"` CreatedAt int64 `json:"createdAt,omitempty"` UpdatedBy string `json:"updatedBy,omitempty"` UpdatedAt int64 `json:"updatedAt,omitempty"` User string `json:"user,omitempty"` }
Case is the data model for an Cases.
func (*Case) SetDescription ¶
SetDescription sets Case's description
func (*Case) SetImpactStatus ¶
func (c *Case) SetImpactStatus(impact ImpactStatus) error
SetImpactStatus sets Case's impact status
func (*Case) SetResolutionStatus ¶
func (c *Case) SetResolutionStatus(resolution ResolutionStatus) error
SetResolutionStatus sets Case's resolution status
func (*Case) SetSeverity ¶
SetSeverity sets Case's severity
func (*Case) SetSummary ¶
SetSummary sets Case's summary
type Child ¶
type Child struct {
Child struct {
Type interface{} `json:"_type,omitempty"`
Query interface{} `json:"_query,omitempty"`
} `json:"_child,omitempty"`
}
Child will construct a query to filter by child
type Contains ¶
type Contains struct {
Contains interface{} `json:"_contains,omitempty"`
}
Contains will construct a contains query
type CustomField ¶
CustomField defines a custom fields
type Eq ¶
type Eq struct { Field string `json:"_field,omitempty"` Value interface{} `json:"_value,omitempty"` }
Eq will construct a equal query
type Error ¶
type Error struct { Name string `json:"name,omitempty"` Type string `json:"type,omitempty"` Message string `json:"message,omitempty"` }
Error is part of the ApiError structure and it conteins a specific error
type Gt ¶
type Gt struct {
Gt map[string]interface{} `json:"_gt,omitempty"`
}
Gt will construct a greater than query
type Gte ¶
type Gte struct {
Gte map[string]interface{} `json:"_gte,omitempty"`
}
Gte will construct a greater than equal query
type ID ¶
type ID struct {
ID interface{} `json:"_id,omitempty"`
}
ID will construct a query to filter by ID
type In ¶
type In struct { In struct { Field string `json:"_field,omitempty"` Value interface{} `json:"_value,omitempty"` } `json:"_in,omitempty"` }
In will construct a in query
type Lt ¶
type Lt struct {
Lt map[string]interface{} `json:"_lt,omitempty"`
}
Lt will construct a less than query
type Lte ¶
type Lte struct {
Lte map[string]interface{} `json:"_lte,omitempty"`
}
Lte will construct a less than equal query
type Not ¶
type Not struct {
Not interface{} `json:"_not,omitempty"`
}
Not will construct a logical not query
type Observable ¶
type Observable struct { ID string `json:"id,omitempty"` DataType string `json:"dataType,omitempty"` CreatedBy string `json:"createdBy,omitempty"` Sighted bool `json:"sighted,omitempty"` CreatedAt int64 `json:"createdAt,omitempty"` Tags []string `json:"tags,omitempty"` Ioc bool `json:"ioc,omitempty"` Data string `json:"data,omitempty"` Reports interface{} `json:"reports,omitempty"` TLP TLP `json:"tlp,omitempty"` Message string `json:"message,omitempty"` Status string `json:"status,omitempty"` StartDate int64 `json:"startDate,omitempty"` Attachment *Attachment `json:"attachment,omitempty"` Case *Case `json:"case,omitempty"` }
Observable represets an observable
func NewObservable ¶
func NewObservable() *Observable
NewCase returns a new case object with default values
func (*Observable) AddTag ¶
func (o *Observable) AddTag(tag string) error
AddTag adds one tag to the tag list
func (*Observable) RemoveTag ¶
func (o *Observable) RemoveTag(tag string) error
RemoveTag remove a tag from the tag list
func (*Observable) SetData ¶
func (o *Observable) SetData(data string) error
SetData sets the observable data If you need to provide multiple observable you have to instanciate several Observable objects one per Observable.
func (*Observable) SetDataType ¶
func (o *Observable) SetDataType(dt string) error
SetDataType sets the observable type
func (*Observable) SetIoc ¶
func (o *Observable) SetIoc(ioc bool) error
SetIoc sets whether the observable is a IoC
func (*Observable) SetMessage ¶
func (o *Observable) SetMessage(message string) error
SetMessage sets the observable description message
func (*Observable) SetSighted ¶
func (o *Observable) SetSighted(sighted bool) error
SetSighted sets whether the observable is sighted or not
func (*Observable) SetTLP ¶
func (o *Observable) SetTLP(tlp TLP) error
SetTLP sets the observable TLP
func (*Observable) SetTags ¶
func (o *Observable) SetTags(tags []string) error
SetTags sets a list of tags
type ObservableStats ¶
type ObservableStats struct { IP struct { Count int `json:"count,omitempty"` } `json:"IP,omitempty"` URL struct { Count int `json:"count,omitempty"` } `json:"URL,omitempty"` Regex struct { Count int `json:"count,omitempty"` } `json:"regex,omitempty"` Count int `json:"count,omitempty"` }
ObservableStats represents stats for observables. [Missing some fields]
type Or ¶
type Or struct {
Or []interface{} `json:"_or,omitempty"`
}
Or will construct a logical or query
type Parent ¶
type Parent struct {
Parent struct {
Type interface{} `json:"_type,omitempty"`
Query interface{} `json:"_query,omitempty"`
} `json:"_parent,omitempty"`
}
Parent will construct a query to filter by parent
type ParentID ¶
type ParentID struct {
ParentID struct {
Type interface{} `json:"_type,omitempty"`
ID interface{} `json:"_id,omitempty"`
} `json:"_parent,omitempty"`
}
ParentID will construct a query to filter by parent ID
type Query ¶
type Query struct {
Query interface{} `json:"query,omitempty"`
}
Query is a global object just to give a method scope
func BuildQuery ¶
func BuildQuery(q interface{}) *Query
BuildQuery returns a new query ready to be used
func NewQuery ¶
func NewQuery() *Query
NewQuery returns a new pointer to Query whichs is used to build up a query
type ResolutionStatus ¶
type ResolutionStatus string
ResolutionStatus defines the case resolution status
type Stat ¶
type Stat struct { Agg string `json:"_agg,omitempty"` Field string `json:"_field,omitempty"` Select []map[string]string `json:"_select,omitempty"` Order []string `json:"_order,omitempty"` Size int `json:"_size,omitempty"` }
Stat defines a stat object
type Stats ¶
type Stats struct { Query interface{} `json:"query,omitempty"` Stats []*Stat `json:"stats,omitempty"` }
Stats represents a stats based on a query
type Status ¶
type Status struct {
Status interface{} `json:"status,omitempty"`
}
Status will construct a query to filter by status
type String ¶
type String struct {
String interface{} `json:"_string,omitempty"`
}
String will construct a query to filter by string
type Task ¶
type Task struct { ID string `json:"id,omitempty"` Title string `json:"title,omitempty"` Description string `json:"description,omitempty"` Status TaskStatus `json:"status,omitempty"` Flag bool `json:"flag,omitempty"` Group string `json:"group,omitempty"` Owner string `json:"owner,omitempty"` Order int `json:"order,omitempty"` StartDate int64 `json:"startDate,omitempty"` EndDate int64 `json:"endDate,omitempty"` CreatedBy string `json:"createdBy,omitempty"` CreatedAt int64 `json:"createdAt,omitempty"` UpdatedBy string `json:"updatedBy,omitempty"` UpdatedAt int64 `json:"updatedAt,omitempty"` User string `json:"user,omitempty"` }
Task represents a Task
func (*Task) SetDescription ¶
SetDescription sets task's description
type Type ¶
type Type struct {
Type interface{} `json:"_type,omitempty"`
}
Type will construct a query to filter by type