gotie

module

v0.1.4 Latest Latest Go to latest Published: Dec 3, 2018 License: BSD-3-Clause

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/DCSO/gotie

Links

Open Source Insights

README ¶

GOTIE

Go bindings and simple command line client for the DCSO Threat Intelligence Engine API (TIE).

Install

To use the Go binding you will have to install a golang environment and configure a $GOPATH for your user/system. Most modern distributions include a recent version of Go. To install the bindings and the command line client into your configured $GOPATH you can use the following command:

$ go get -u github.com/DCSO/gotie/...

The command line client expects a configuration file in your home directory (~/.gotie) containing the following two variables:

tie_token = "<token>"
pingback_token = "<token>"

The tie_token is mandatory. The pingback_token is optional.

NOTE: You can always set an alternative path for the configuration file using the -c / --config command line flag.

Command-line Client

The example command-line client can be used to query the TIE API for IOCs and feeds.

$ gotie iocs -q <query_string>

Run gotie -h to see all options.

Output formats

Depending on your use case, you can choose between the output formats CSV (default), JSON and Bloom filter. The latter integrates well with the DCSO Bloom filter CLI and lib.

Retrieve IOCs of type DomainName created today in JSON format:

gotie iocs -t domainname -f json --created-since $(date +%F)

Print only value field using jq:

gotie iocs -f json --created-since $(date +%F) | jq '.iocs[] | .value'

Build a Bloom filter with capacity of 2000 entries and a false-positive probability of 0.01%:

gotie iocs -f bloom --bloom-p 0.0001 --bloom-n 2000 --created-since $(date +%F) > test.bloom

The default Bloom filter format (bloom) is TIE's 64-bit Bloom filter (v2). Gotie also supports the old Bloom filter format (v1) by specifying bloomv1.

Perform a check with the bloom CLI tool:

echo www.example.com | bloom check test.bloom

The value will be echoed for a match, otherwise the tool stays silent. Read the Bloom CLI Readme for further details.

Tests

To run the included tests you have to set an environment variable containing your API token:

TIE_TOKEN=<token> make test

License

This software is released under a BSD 3-Clause license. Please have a look at the LICENSE file included in the repository.

Directories ¶

Path	Synopsis
cmd
gotie
v1 Package gotie provides high-level bindings and a simple command line client for the DCSO Threat Intelligence Engine (TIE) API.	Package gotie provides high-level bindings and a simple command line client for the DCSO Threat Intelligence Engine (TIE) API.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL