misp

package module
v0.0.0-...-01a7c4d Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 18, 2018 License: Apache-2.0 Imports: 11 Imported by: 0

README

gomisp Go Report Card

Golang client for MISP. The client currently only implements search, but it is easy to extend other features.

Usage

package misp

import (
	"fmt"

	misp "github.com/dutchcoders/gomisp"
)

func ExampleExamples_output() {
	client, err := misp.New(
		misp.WithURL("{url}"),
		misp.WithKey("{key}"),
	)
	if err != nil {
		panic(err.Error)
	}

	qry := misp.NewSearchRequest().Value(so.Query).From(time.Now().Add(time.Hour * 24 * 365 * -1)).To(time.Now())

	result, err := client.Search(qry)
	if err != nil {
		panic(err)
	}

	fmt.Printf("Search results: %s\n", result)
}

Contributors

Code released under Apache License 2.0.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Merge 

func Merge(dest interface{}, src interface{}) error

func WithDebug 

func WithDebug() optionFn

WithDebug enables debug output while interacting with MIPS

func WithKey 

func WithKey(key string) optionFn

WithKey contains the MIPS API key

func WithURL 

func WithURL(u url.URL) optionFn

WithURL contains the MIPS target url

Types

type Client 

type Client struct {
	Key string

	*http.Client
	// contains filtered or unexported fields
}

func New 

func New(options ...optionFn) (*Client, error)

New returns a MIPS API client

func (*Client) Do 

func (wd *Client) Do(req *http.Request, v interface{}) error

Do will execute the http.Request and decode the result

func (*Client) NewRequest 

func (c *Client) NewRequest(method, urlStr string, body interface{}) (*http.Request, error)

NewRequest prepares http.Request to call the MISP API

func (*Client) Search 

func (c *Client) Search(sr *SearchRequest) ([]SearchResult, error)

type ContextResult 

type ContextResult struct {
	Actor     string `json:"actor"`
	FirstSeen string `json:"first_seen"`
	IP        string `json:"ip"`
	LastSeen  string `json:"last_seen"`
	Metadata  struct {
		ASN          string `json:"asn"`
		Category     string `json:"category"`
		City         string `json:"city"`
		Country      string `json:"country"`
		CountryCode  string `json:"country_code"`
		Organization string `json:"organization"`
		Os           string `json:"os"`
		Rdns         string `json:"rdns"`
		Tor          bool   `json:"tor"`
	} `json:"metadata"`
	RawData struct {
		Scan []struct {
			Port     int64  `json:"port"`
			Protocol string `json:"protocol"`
		} `json:"scan"`
		Web struct {
		} `json:"web"`
	} `json:"raw_data"`
	Seen bool     `json:"seen"`
	Tags []string `json:"tags"`
}

ContextResult is the result of the /context api

type Error 

type Error struct {
	ErrorCode   int    `json:"error_code"`
	ErrorString string `json:"error"`
}

func (*Error) Error 

func (de *Error) Error() string

type ErrorResult 

type ErrorResult struct {
	Error string `json:"error"`
}

ErrorResult is the result when an error occurs

type Event 

type Event struct {
	Analysis  string `json:"analysis"`
	Attribute []struct {
		Category           string `json:"category"`
		Comment            string `json:"comment"`
		Deleted            bool   `json:"deleted"`
		DisableCorrelation bool   `json:"disable_correlation"`
		Distribution       string `json:"distribution"`
		EventId            string `json:"event_id"`
		Galaxy             []interface{}
		Id                 string      `json:"id"`
		ObjectId           string      `json:"object_id"`
		ObjectRelation     interface{} `json:"object_relation"`
		ShadowAttribute    []interface{}
		SharingGroupId     string `json:"sharing_group_id"`
		Tag                []struct {
			Colour     string `json:"colour"`
			Exportable bool   `json:"exportable"`
			HideTag    bool   `json:"hide_tag"`
			Id         string `json:"id"`
			Name       string `json:"name"`
			UserId     string `json:"user_id"`
		}
		Timestamp string `json:"timestamp"`
		ToIds     bool   `json:"to_ids"`
		Type      string `json:"type"`
		Uuid      string `json:"uuid"`
		Value     string `json:"value"`
	}
	AttributeCount     string `json:"attribute_count"`
	Date               string `json:"date"`
	DisableCorrelation bool   `json:"disable_correlation"`
	Distribution       string `json:"distribution"`
	ExtendsUuid        string `json:"extends_uuid"`
	Galaxy             []interface{}
	Id                 string `json:"id"`
	Info               string `json:"info"`
	Locked             bool   `json:"locked"`
	Object             []interface{}
	Org                struct {
		Id   string `json:"id"`
		Name string `json:"name"`
		Uuid string `json:"uuid"`
	}
	OrgId string `json:"org_id"`
	Orgc  struct {
		Id   string `json:"id"`
		Name string `json:"name"`
		Uuid string `json:"uuid"`
	}
	OrgcId            string `json:"orgc_id"`
	ProposalEmailLock bool   `json:"proposal_email_lock"`
	PublishTimestamp  string `json:"publish_timestamp"`
	Published         bool   `json:"published"`
	RelatedEvent      []interface{}
	ShadowAttribute   []interface{}
	SharingGroupId    string `json:"sharing_group_id"`
	Tag               []struct {
		Colour     string `json:"colour"`
		Exportable bool   `json:"exportable"`
		HideTag    bool   `json:"hide_tag"`
		Id         string `json:"id"`
		Name       string `json:"name"`
		UserId     string `json:"user_id"`
	}
	ThreatLevelId string `json:"threat_level_id"`
	Timestamp     string `json:"timestamp"`
	Uuid          string `json:"uuid"`
}

type MISPResponse 

type MISPResponse struct {
	Response json.RawMessage `json:"response"`
}

type SearchRequest 

type SearchRequest struct {
	// contains filtered or unexported fields
}

func NewSearchRequest 

func NewSearchRequest() *SearchRequest

func (*SearchRequest) From 

func (sr *SearchRequest) From(t time.Time) *SearchRequest

func (*SearchRequest) MarshalJSON 

func (sr *SearchRequest) MarshalJSON() ([]byte, error)

func (*SearchRequest) To 

func (sr *SearchRequest) To(t time.Time) *SearchRequest

func (*SearchRequest) Type 

func (sr *SearchRequest) Type(t string) *SearchRequest

func (*SearchRequest) Value 

func (sr *SearchRequest) Value(val string) *SearchRequest

type SearchResult 

type SearchResult struct {
	Event Event `json:"Event"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.