gotie

module
v0.1.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 3, 2018 License: BSD-3-Clause

README

GOTIE Build Status

Go bindings and simple command line client for the DCSO Threat Intelligence Engine API (TIE).

Install

To use the Go binding you will have to install a golang environment and configure a $GOPATH for your user/system. Most modern distributions include a recent version of Go. To install the bindings and the command line client into your configured $GOPATH you can use the following command:

$ go get -u github.com/DCSO/gotie/...

The command line client expects a configuration file in your home directory (~/.gotie) containing the following two variables:

tie_token = "<token>"
pingback_token = "<token>"

The tie_token is mandatory. The pingback_token is optional.

NOTE: You can always set an alternative path for the configuration file using the -c / --config command line flag.

Command-line Client

The example command-line client can be used to query the TIE API for IOCs and feeds.

$ gotie iocs -q <query_string>

Run gotie -h to see all options.

Output formats

Depending on your use case, you can choose between the output formats CSV (default), JSON and Bloom filter. The latter integrates well with the DCSO Bloom filter CLI and lib.

Retrieve IOCs of type DomainName created today in JSON format:

gotie iocs -t domainname -f json --created-since $(date +%F)

Print only value field using jq:

gotie iocs -f json --created-since $(date +%F) | jq '.iocs[] | .value'

Build a Bloom filter with capacity of 2000 entries and a false-positive probability of 0.01%:

gotie iocs -f bloom --bloom-p 0.0001 --bloom-n 2000 --created-since $(date +%F) > test.bloom

The default Bloom filter format (bloom) is TIE's 64-bit Bloom filter (v2). Gotie also supports the old Bloom filter format (v1) by specifying bloomv1.

Perform a check with the bloom CLI tool:

echo www.example.com | bloom check test.bloom

The value will be echoed for a match, otherwise the tool stays silent. Read the Bloom CLI Readme for further details.

Tests

To run the included tests you have to set an environment variable containing your API token:

TIE_TOKEN=<token> make test

License

This software is released under a BSD 3-Clause license. Please have a look at the LICENSE file included in the repository.

Copyright (c) 2016-2018, DCSO Deutsche Cyber-Sicherheitsorganisation GmbH

Directories

Path Synopsis
cmd
gotie
Package gotie provides high-level bindings and a simple command line client for the DCSO Threat Intelligence Engine (TIE) API.
 Package gotie provides high-level bindings and a simple command line client for the DCSO Threat Intelligence Engine (TIE) API.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.