qradar

package module
v1.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 30, 2024 License: GPL-3.0 Imports: 11 Imported by: 0

README

go-qradar

Go Reference Go Report Card

Documentation

Overview

Package qradar provides an API client for the QRadar API. See examples of the usage in the examples folder.

Index

Constants

View Source 
const (

	// ErrUnauthorized assigned on 401 http error.
	ErrUnauthorized = "unathorized"
)

Variables

View Source 
var SearchResultsWindow = 50

SearchResultsWindow is a default window for scrolling results of the query.

Functions

func CheckResponse 

func CheckResponse(r *http.Response) error

CheckResponse checks the API response for errors.

func SetAPIversion 

func SetAPIversion(api string) func(*Client) error

SetAPIversion sets a version of QRadar API

func SetHTTPClient 

func SetHTTPClient(httpClient *http.Client) func(*Client) error

SetHTTPClient sets an HTTP client.

func SetSECKey 

func SetSECKey(key string) func(*Client) error

SetSECKey sets a key to auth on the QRadar API

func SetUserAgent 

func SetUserAgent(userAgent string) func(*Client) error

SetUserAgent sets user agent of the qradar api

Types

type ArielService 

type ArielService service

ArielService handles communication with the search-related methods of the QRadar API.

func (*ArielService) DeleteSearch 

func (a *ArielService) DeleteSearch(ctx context.Context, searchID string) (string, error)

DeleteSearch returns a search status that has been deleted and the error.

func (*ArielService) NewSearchResultsScroller 

func (a *ArielService) NewSearchResultsScroller(ctx context.Context, searchID string) (*SearchResultsScroller, error)

NewSearchResultsScroller initializes struct to scroll the records.

func (*ArielService) ScrollByQuery 

func (a *ArielService) ScrollByQuery(ctx context.Context, sqlQuery string) (*SearchResultsScroller, *SearchMetadata, error)

ScrollByQuery events in the QRadar API. Recommended way to retrieve large amount of events.

func (*ArielService) SearchByQuery 

func (a *ArielService) SearchByQuery(ctx context.Context, sqlQuery string) (*Search, error)

SearchByQuery events in the QRadar API. It's caller responsibility to wait for results and get the final data.

func (*ArielService) SearchMetadata 

func (a *ArielService) SearchMetadata(ctx context.Context, searchID string) (*SearchMetadata, error)

SearchMetadata represents a metadata retriever.

func (*ArielService) SearchStatus 

func (a *ArielService) SearchStatus(ctx context.Context, searchID string) (string, int, error)

SearchStatus returns a status and count of the records of the search.

func (*ArielService) WaitForSearchID 

func (a *ArielService) WaitForSearchID(ctx context.Context, searchID string, status JobStatus, seconds int) (int, error)

WaitForSearchID returns amount of records and the error.

type BuildingBlock 

type BuildingBlock struct {
	ID                   *int    `json:"id,omitempty"`
	Name                 *string `json:"name,omitempty"`
	BuildingBlockType    *string `json:"building_block_type,omitempty"`
	Enabled              *bool   `json:"enabled,omitempty"`
	Owner                *string `json:"owner,omitempty"`
	Origin               *string `json:"origin,omitempty"`
	BaseCapacity         *int    `json:"base_capacity,omitempty"`
	BaseHostID           *int    `json:"base_host_id,omitempty"`
	AverageCapacity      *int    `json:"average_capacity,omitempty"`
	CapacityTimestamp    *int    `json:"capacity_timestamp,omitempty"`
	Identifier           *string `json:"identifier,omitempty"`
	LinkedRuleIdentifier *string `json:"linked_rule_identifier,omitempty"`
	CreationDate         *int    `json:"creation_date,omitempty"`
	ModificationDate     *int    `json:"modification_date,omitempty"`
}

BuildingBlock represents QRadar's BuildingBlock.

type BuildingBlockService 

type BuildingBlockService service

BuildingBlockService handles methods related to BuildingBlock of the QRadar API.

func (*BuildingBlockService) DeleteByID 

func (c *BuildingBlockService) DeleteByID(ctx context.Context, fields string, id int) (*DeleteTask, error)

DeleteByID creates A Delete Task in QRadar installation in order to safely delete BuildingBlock by ID.

func (*BuildingBlockService) Get 

func (c *BuildingBlockService) Get(ctx context.Context, fields, filter string, from, to int) ([]BuildingBlock, error)

Get returns BuildingBlocks of the current QRadar installation

func (*BuildingBlockService) GetByID 

func (c *BuildingBlockService) GetByID(ctx context.Context, fields string, id int) (*BuildingBlock, error)

GetByID returns BuildingBlock of the current QRadar installation by ID.

func (*BuildingBlockService) UpdateByID 

func (c *BuildingBlockService) UpdateByID(ctx context.Context, fields string, id int, data interface{}) (*BuildingBlock, error)

UpdateByID updates only the BuildingBlock owner or enabled/disabled by ID.

type BuildingBlockWithData 

type BuildingBlockWithData struct {
	BuildingBlock
	RuleXML *string `json:"rule_xml,omitempty"`
}

BuildingBlockWithData represents QRadar's BuildingBlock.

type BuildingBlockWithDataService 

type BuildingBlockWithDataService service

BuildingBlockWithDataService handles methods related to BuildingBlock of the QRadar Undocumented API.

func (*BuildingBlockWithDataService) Create 

func (c *BuildingBlockWithDataService) Create(ctx context.Context, fields string, data interface{}) (*BuildingBlockWithData, error)

Create creates BuildingBlockWithData in the current QRadar installation. Undocumented API.

func (*BuildingBlockWithDataService) Get 

func (c *BuildingBlockWithDataService) Get(ctx context.Context, fields, filter string, from, to int) ([]BuildingBlockWithData, error)

Get returns BuildingBlockWithData of the current QRadar installation. Undocumented API.

func (*BuildingBlockWithDataService) GetByID 

func (c *BuildingBlockWithDataService) GetByID(ctx context.Context, fields string, id int) (*BuildingBlockWithData, error)

GetByID returns BuildingBlockWithData of the current QRadar installation by ID. Undocumented API.

func (*BuildingBlockWithDataService) UpdateByID 

func (c *BuildingBlockWithDataService) UpdateByID(ctx context.Context, fields string, id int, data interface{}) (*BuildingBlockWithData, error)

UpdateByID updates BuildingBlockWithData by ID. Undocumented API.

type Client 

type Client struct {
	Client    *http.Client
	BaseURL   *url.URL
	UserAgent string
	SECKey    string
	APIv      string

	Ariel                 *ArielService
	BuildingBlock         *BuildingBlockService
	BuildingBlockWithData *BuildingBlockWithDataService
	EventCollector        *EventCollectorService
	Offense               *OffenseService
	OffenseType           *OffenseTypeService
	Domain                *DomainService
	DSM                   *DSMService
	QID                   *QIDService
	LowLevelCategory      *LowLevelCategoryService
	HighLevelCategory     *HighLevelCategoryService
	RegexProperty         *RegexPropertyService
	Tenant                *TenantService
	Rule                  *RuleService
	RuleWithData          *RuleWithDataService
	RuleGroup             *RuleGroupService
	NetworkHierarchy      *NetworkHierarchyService

	PropertyExpression            *PropertyExpressionService
	PropertyJSONExpression        *PropertyJSONExpressionService
	PropertyLEEFExpression        *PropertyLEEFExpressionService
	PropertyCEFExpression         *PropertyCEFExpressionService
	ProperetyNVPExpression        *PropertyNVPExpressionService
	PropertyGenericListExpression *PropertyGenericListExpressionService
	PropertyXMLExpression         *PropertyXMLExpressionService

	LogSourceExtension *LogSourceExtensionService
	LogSourceType      *LogSourceTypeService
	LogSourceGroup     *LogSourceGroupService
	LogSource          *LogSourceService

	ReferenceMapOfSets *ReferenceMapOfSetsService
	ReferenceMap       *ReferenceMapService
	ReferenceSet       *ReferenceSetService
	ReferenceTable     *ReferenceTableService
	// contains filtered or unexported fields
}

Client manages communication with the QRadar API.

func NewClient 

func NewClient(baseurl string, opts ...func(*Client) error) (*Client, error)

NewClient returns a new QRadar API client.

func (*Client) Do 

func (c *Client) Do(ctx context.Context, req *http.Request, v interface{}) (*http.Response, error)

Do sends an API request and returns the API response. The API response is JSON decoded and stored in the value pointed to by v, or returned as an error if an API error has occurred. If v implements the io.Writer interface, the raw response body will be written to v, without attempting to first decode it.

The provided ctx must be non-nil. If it is canceled or times out, ctx.Err() will be returned.

func (*Client) NewRequest 

func (c *Client) NewRequest(method, urlStr string, body interface{}) (*http.Request, error)

NewRequest constructs and new request to send.

type DSM 

type DSM struct {
	ID                     *int    `json:"id,omitempty"`
	LogSourceTypeID        *int    `json:"log_source_type_id,omitempty"`
	LogSourceEventID       *string `json:"log_source_event_id,omitempty"`
	LogSourceEventCategory *string `json:"log_source_event_category,omitempty"`
	CustomEvent            *bool   `json:"custom_event,omitempty"`
	QIDRecordID            *int    `json:"qid_record_id,omitempty"`
	UUID                   *string `json:"uuid,omitempty"`
}

DSM represents QRadar's DSM

type DSMService 

type DSMService service

DSMService handles methods related to DSMs of the QRadar API.

func (*DSMService) Create 

func (c *DSMService) Create(ctx context.Context, fields string, data interface{}) (*DSM, error)

Create creates DSM in the current QRadar installation.

func (*DSMService) Get 

func (c *DSMService) Get(ctx context.Context, fields, filter string, from, to int) ([]DSM, error)

Get returns DSMs of the current QRadar installation.

func (*DSMService) GetByID 

func (c *DSMService) GetByID(ctx context.Context, fields string, id int) (*DSM, error)

GetByID returns DSM of the current QRadar installation by ID.

func (*DSMService) UpdateByID 

func (c *DSMService) UpdateByID(ctx context.Context, fields string, id int, data interface{}) (*DSM, error)

UpdateByID updates DSM in QRadar installation by ID.

type DeleteTask 

type DeleteTask struct {
	ID        *int    `json:"id,omitempty"`
	Message   *string `json:"message,omitempty"`
	Status    *string `json:"status,omitempty"`
	Name      *string `json:"name,omitempty"`
	CreatedBy *string `json:"created_by,omitempty"`
	Created   *int    `json:"created,omitempty"`
	Started   *int    `json:"started,omitempty"`
	Modified  *int    `json:"modified,omitempty"`
	Completed *int    `json:"completed,omitempty"`
}

DeleteTask represents structure of a Delete Task to ensure safe deletion.

type Domain 

type Domain struct {
	AssetScannerIds  []int `json:"asset_scanner_ids,omitempty"`
	CustomProperties []struct {
		CaptureResult *string `json:"capture_result,omitempty"`
		ID            *int    `json:"id,omitempty"`
	} `json:"custom_properties,omitempty"`
	Deleted           *bool   `json:"deleted,omitempty"`
	Description       *string `json:"description,omitempty"`
	EventCollectorIds []int   `json:"event_collector_ids,omitempty"`
	FlowCollectorIds  []int   `json:"flow_collector_ids,omitempty"`
	FlowSourceIds     []int   `json:"flow_source_ids,omitempty"`
	FlowVlanIds       []int   `json:"flow_vlan_ids,omitempty"`
	ID                *int    `json:"id,omitempty"`
	LogSourceGroupIds []int   `json:"log_source_group_ids,omitempty"`
	LogSourceIds      []int   `json:"log_source_ids,omitempty"`
	Name              *string `json:"name,omitempty"`
	QvmScannerIds     []int   `json:"qvm_scanner_ids,omitempty"`
	TenantID          *int    `json:"tenant_id,omitempty"`
}

Domain represents QRadar's Domain.

type DomainService 

type DomainService service

DomainService handles methods related to Domains of the QRadar API.

func (*DomainService) Create 

func (c *DomainService) Create(ctx context.Context, fields string, data interface{}) (*Domain, error)

Create creates Domain in the current QRadar installation.

func (*DomainService) DeleteByID 

func (c *DomainService) DeleteByID(ctx context.Context, fields string, id int) (*Domain, error)

DeleteByID deletes Domain in QRadar installation by ID.

func (*DomainService) Get 

func (c *DomainService) Get(ctx context.Context, fields, filter string, from, to int) ([]Domain, error)

Get returns Domains of the current QRadar installation.

func (*DomainService) GetByID 

func (c *DomainService) GetByID(ctx context.Context, fields string, id int) (*Domain, error)

GetByID returns Domain of the current QRadar installation by ID.

func (*DomainService) UpdateByID 

func (c *DomainService) UpdateByID(ctx context.Context, fields string, id int, data interface{}) (*Domain, error)

UpdateByID updates Domain in QRadar installation by ID.

type ErrorMessage 

type ErrorMessage struct {
	Code        json.Number `json:"code,omitempty"`
	Contexts    []string    `json:"contexts,omitempty"`
	Message     string      `json:"message,omitempty"`
	Description string      `json:"description,omitempty"`
	Severity    string      `json:"severity,omitempty"`
	Details     struct {
		Reason      string `json:"reason,omitempty"`
		Code        int    `json:"code,omitempty"`
		StartIndex  int    `json:"start_index,omitempty"`
		LineNumber  int    `json:"line_number,omitempty"`
		QueryString string `json:"query_string,omitempty"`
		TokenText   string `json:"token_text,omitempty"`
	} `json:"details,omitempty"`
	// contains filtered or unexported fields
}

ErrorMessage represents generic error message by the QRadar API.

func (*ErrorMessage) Error 

func (e *ErrorMessage) Error() string

Error satisfies the error interface.

type Event 

type Event map[string]interface{}

Event represents generic event result.

type EventCollector 

type EventCollector struct {
	ID            *int    `json:"id,omitempty"`
	ComponentName *string `json:"component_name,omitempty"`
	Name          *string `json:"name,omitempty"`
	HostID        *int    `json:"host_id,omitempty"`
}

EventCollector represents QRadar's Event Collector

type EventCollectorService 

type EventCollectorService service

EventCollectorService handles methods related to Event Collector of the QRadar API.

func (*EventCollectorService) Get 

func (c *EventCollectorService) Get(ctx context.Context, fields, filter string, from, to int) ([]EventCollector, error)

Get returns DSMs of the current QRadar installation.

type HighLevelCategory 

type HighLevelCategory struct {
	ID          *int    `json:"id,omitempty"`
	Name        *string `json:"name,omitempty"`
	Description *string `json:"description,omitempty"`
}

HighLevelCategory represents QRadar's HighLevelCategory.

type HighLevelCategoryService 

type HighLevelCategoryService service

HighLevelCategoryService handles methods related to High Level Categories of the QRadar API.

func (*HighLevelCategoryService) Get 

func (c *HighLevelCategoryService) Get(ctx context.Context, fields, filter string, from, to int) ([]HighLevelCategory, error)

Get returns HighLevelCategories of the current QRadar installation.

func (*HighLevelCategoryService) GetByID 

func (c *HighLevelCategoryService) GetByID(ctx context.Context, fields string, id int) (*HighLevelCategory, error)

GetByID returns HighLevelCategory of the current QRadar installation by ID.

type JobStatus 

type JobStatus string

JobStatus represents status of the job: search, etc. 

const (
	// StatusWait wait
	StatusWait JobStatus = "WAIT"

	// StatusExecute executing
	StatusExecute JobStatus = "EXECUTE"

	// StatusSorting sorting
	StatusSorting JobStatus = "SORTING"

	// StatusCompleted completed
	StatusCompleted JobStatus = "COMPLETED"

	// StatusCanceled canceled
	StatusCanceled JobStatus = "CANCELED"

	// StatusError errored
	StatusError JobStatus = "ERROR"
)

type LogSource 

type LogSource struct {
	SendingIP           *string `json:"sending_ip,omitempty"`
	Internal            *bool   `json:"internal,omitempty"`
	LegacyBulkGroupName *string `json:"legacy_bulk_group_name,omitempty"`
	ProtocolParameters  []struct {
		Name  *string `json:"name,omitempty"`
		ID    *int    `json:"id,omitempty"`
		Value *string `json:"value,omitempty"`
	} `json:"protocol_parameters,omitempty"`
	Description                      *string `json:"description,omitempty"`
	CoalesceEvents                   *bool   `json:"coalesce_events,omitempty"`
	Enabled                          *bool   `json:"enabled,omitempty"`
	GroupIDs                         []int   `json:"group_ids,omitempty"`
	AverageEps                       *int    `json:"average_eps,omitempty"`
	Credibility                      *int    `json:"credibility,omitempty"`
	ID                               *int    `json:"id,omitempty"`
	StoreEventPayload                *bool   `json:"store_event_payload,omitempty"`
	TargetEventCollectorID           *int    `json:"target_event_collector_id,omitempty"`
	ProtocolTypeID                   *int    `json:"protocol_type_id,omitempty"`
	LanguageID                       *int    `json:"language_id,omitempty"`
	CreationDate                     *int    `json:"creation_date,omitempty"`
	LogSourceExtensionID             *int    `json:"log_source_extension_id,omitempty"`
	WincollectExternalDestinationIDs []int   `json:"wincollect_external_destination_ids,omitempty"`
	Name                             *string `json:"name,omitempty"`
	AutoDiscovered                   *bool   `json:"auto_discovered,omitempty"`
	ModifiedDate                     *int    `json:"modified_date,omitempty"`
	TypeID                           *int    `json:"type_id,omitempty"`
	LastEventTime                    *int    `json:"last_event_time,omitempty"`
	RequiresDeploy                   *bool   `json:"requires_deploy,omitempty"`
	Gateway                          *bool   `json:"gateway,omitempty"`
	WincollectInternalDestinationID  *int    `json:"wincollect_internal_destination_id,omitempty"`
	Status                           struct {
		LastUpdated *int `json:"last_updated,omitempty"`
		Messages    []struct {
			Severity  *string `json:"severity,omitempty"`
			Text      *string `json:"text,omitempty"`
			Timestamp *int    `json:"timestamp,omitempty"`
		} `json:"messages,omitempty"`
		Status *string `json:"status,omitempty"`
	} `json:"status,omitempty"`
}

LogSource represents QRadar's Log Source Type.

type LogSourceExtension 

type LogSourceExtension struct {
	ID           *int    `json:"id,omitempty"`
	Name         *string `json:"name,omitempty"`
	Description  *string `json:"description,omitempty"`
	Enabled      *bool   `json:"enabled,omitempty"`
	UseCondition *int    `json:"use_condition,omitempty"`
	XML          *string `json:"xml,omitempty"`
}

LogSourceExtension represents QRadar's Log Source Extension.

type LogSourceExtensionService 

type LogSourceExtensionService service

LogSourceExtensionService handles methods related to Log Source Extensions of the QRadar Undocumented API.

func (*LogSourceExtensionService) Create 

func (c *LogSourceExtensionService) Create(ctx context.Context, fields string, data interface{}) (*LogSourceExtension, error)

Create creates Log Source Extension in the current QRadar installation. Undocumented API.

func (*LogSourceExtensionService) Get 

func (c *LogSourceExtensionService) Get(ctx context.Context, fields, filter string, from, to int) ([]LogSourceExtension, error)

Get returns Log Source Extension of the current QRadar installation. Undocumented API.

func (*LogSourceExtensionService) GetByID 

func (c *LogSourceExtensionService) GetByID(ctx context.Context, fields string, id int) (*LogSourceExtension, error)

GetByID returns Log Source Extension of the current QRadar installation by ID. Undocumented API.

func (*LogSourceExtensionService) GetByName 

func (c *LogSourceExtensionService) GetByName(ctx context.Context, fields string, name string) (*LogSourceExtension, error)

GetByName returns Log Source Extension of the current QRadar installation by Name. Undocumented API.

type LogSourceGroup 

type LogSourceGroup struct {
	ID               *int    `json:"id,omitempty"`
	Name             *string `json:"name,omitempty"`
	Description      *string `json:"description,omitempty"`
	ParentID         *int    `json:"parent_id,omitempty"`
	Owner            *string `json:"owner,omitempty"`
	ModificationDate *int    `json:"modification_date,omitempty"`
	Assignable       *bool   `json:"assignable,omitempty"`
	ChildGroupIDs    []int   `json:"child_group_ids,omitempty"`
}

LogSourceGroup represents QRadar's Log Source Group.

type LogSourceGroupService 

type LogSourceGroupService service

LogSourceGroupService handles methods related to Log Source Groups of the QRadar API.

func (*LogSourceGroupService) Create 

func (c *LogSourceGroupService) Create(ctx context.Context, fields string, data interface{}) (*LogSourceGroup, error)

Create creates Log Source Group in the current QRadar installation.

func (*LogSourceGroupService) Get 

func (c *LogSourceGroupService) Get(ctx context.Context, fields, filter string, from, to int) ([]LogSourceGroup, error)

Get returns Log Source Groups of the current QRadar installation.

func (*LogSourceGroupService) GetByID 

func (c *LogSourceGroupService) GetByID(ctx context.Context, fields string, id int) (*LogSourceGroup, error)

GetByID returns Log Source Group of the current QRadar installation by ID.

type LogSourceService 

type LogSourceService service

LogSourceService handles methods related to Log Sources of the QRadar API.

func (*LogSourceService) Get 

func (c *LogSourceService) Get(ctx context.Context, fields, filter string, from, to int) ([]LogSource, error)

Get returns Log Sources of the current QRadar installation.

type LogSourceType 

type LogSourceType struct {
	ID                   *int    `json:"id,omitempty"`
	Name                 *string `json:"name,omitempty"`
	Internal             *bool   `json:"internal,omitempty"`
	Custom               *bool   `json:"custom,omitempty"`
	DefaultProtocolID    *int    `json:"default_protocol_id,omitempty"`
	LogSourceExtensionID *int    `json:"log_source_extension_id,omitempty"`
	Version              *string `json:"version,omitempty"`
	SupportedLanguageIDs []int   `json:"supported_language_ids,omitempty"`

	ProtocolTypes []struct {
		ProtocolID *int  `json:"protocol_id,omitempty"`
		Documented *bool `json:"documented,omitempty"`
	} `json:"protocol_types,omitempty"`
}

LogSourceType represents QRadar's Log Source Type.

type LogSourceTypeService 

type LogSourceTypeService service

LogSourceTypeService handles methods related to Log Source Types of the QRadar API.

func (*LogSourceTypeService) Create 

func (c *LogSourceTypeService) Create(ctx context.Context, fields string, data interface{}) (*LogSourceType, error)

Create creates Log Source Type in the current QRadar installation.

func (*LogSourceTypeService) DeleteByID 

func (c *LogSourceTypeService) DeleteByID(ctx context.Context, fields string, id int) (*DeleteTask, error)

DeleteByID creates A Delete Task in QRadar installation in order to safely delete Log Source Type by ID. TODO need to be tested

func (*LogSourceTypeService) Get 

func (c *LogSourceTypeService) Get(ctx context.Context, fields, filter string, from, to int) ([]LogSourceType, error)

Get returns Log Source Types of the current QRadar installation.

func (*LogSourceTypeService) GetByID 

func (c *LogSourceTypeService) GetByID(ctx context.Context, fields string, id int) (*LogSourceType, error)

GetByID returns Log Source Type of the current QRadar installation by ID.

func (*LogSourceTypeService) GetByName 

func (c *LogSourceTypeService) GetByName(ctx context.Context, fields string, name string) (*LogSourceType, error)

GetByName returns Log Source Type of the current QRadar installation by Name.

func (*LogSourceTypeService) UpdateByID 

func (c *LogSourceTypeService) UpdateByID(ctx context.Context, fields string, id int, data interface{}) (*LogSourceType, error)

UpdateByID updates Log Source Type in QRadar installation by ID.

type LowLevelCategory 

type LowLevelCategory struct {
	ID                  *int    `json:"id,omitempty"`
	Name                *string `json:"name,omitempty"`
	Description         *string `json:"description,omitempty"`
	Severity            *int    `json:"severity,omitempty"`
	HighLevelCategoryID *int    `json:"high_level_category_id,omitempty"`
}

LowLevelCategory represents QRadar's LowLevelCategory.

type LowLevelCategoryService 

type LowLevelCategoryService service

LowLevelCategoryService handles methods related to Low Level Categories of the QRadar API.

func (*LowLevelCategoryService) Get 

func (c *LowLevelCategoryService) Get(ctx context.Context, fields, filter string, from, to int) ([]LowLevelCategory, error)

Get returns LowLevelCategories of the current QRadar installation.

func (*LowLevelCategoryService) GetByID 

func (c *LowLevelCategoryService) GetByID(ctx context.Context, fields string, id int) (*LowLevelCategory, error)

GetByID returns LowLevelCategory of the current QRadar installation by ID.

type NetworkHierarchy 

type NetworkHierarchy struct {
	Name        *string `json:"name,omitempty"`
	Description *string `json:"description,omitempty"`
	Cidr        *string `json:"cidr,omitempty"`
	ID          *int    `json:"id,omitempty"`
	DomainID    *int    `json:"domain_id,omitempty"`
	Group       *string `json:"group,omitempty"`
}

NetworkHierarchy represents QRadar's generated NetworkHierarchy.

type NetworkHierarchyService 

type NetworkHierarchyService service

NetworkHierarchyService handles methods related to Networkhierarchy of the QRadar API.

func (*NetworkHierarchyService) Get 

func (c *NetworkHierarchyService) Get(ctx context.Context, fields string) ([]NetworkHierarchy, error)

Get returns Network Hierarchy of the current QRadar installation.

type Offense 

type Offense struct {
	UsernameCount *int    `json:"username_count,omitempty"`
	Description   *string `json:"description,omitempty"`
	Rules         []struct {
		ID   *int    `json:"id,omitempty"`
		Type *string `json:"type,omitempty"`
	} `json:"rules,omitempty"`
	EventCount                 *int     `json:"event_count,omitempty"`
	FlowCount                  *int     `json:"flow_count,omitempty"`
	AssignedTo                 *string  `json:"assigned_to,omitempty"`
	SecurityCategoryCount      *int     `json:"security_category_count,omitempty"`
	FollowUp                   *bool    `json:"follow_up,omitempty"`
	SourceAddressIds           []int    `json:"source_address_ids,omitempty"`
	SourceCount                *int     `json:"source_count,omitempty"`
	Inactive                   *bool    `json:"inactive,omitempty"`
	Protected                  *bool    `json:"protected,omitempty"`
	CategoryCount              *int     `json:"category_count,omitempty"`
	SourceNetwork              *string  `json:"source_network,omitempty"`
	DestinationNetworks        []string `json:"destination_networks,omitempty"`
	ClosingUser                *string  `json:"closing_user,omitempty"`
	CloseTime                  *int     `json:"close_time,omitempty"`
	RemoteDestinationCount     *int     `json:"remote_destination_count,omitempty"`
	StartTime                  *int     `json:"start_time,omitempty"`
	LastUpdatedTime            *int     `json:"last_updated_time,omitempty"`
	Credibility                *int     `json:"credibility,omitempty"`
	Magnitude                  *int     `json:"magnitude,omitempty"`
	ID                         *int     `json:"id,omitempty"`
	Categories                 []string `json:"categories,omitempty"`
	Severity                   *int     `json:"severity,omitempty"`
	PolicyCategoryCount        *int     `json:"policy_category_count,omitempty"`
	DeviceCount                *int     `json:"device_count,omitempty"`
	ClosingReasonID            *int     `json:"closing_reason_id,omitempty"`
	OffenseType                *int     `json:"offense_type,omitempty"`
	Relevance                  *int     `json:"relevance,omitempty"`
	DomainID                   *int     `json:"domain_id,omitempty"`
	OffenseSource              *string  `json:"offense_source,omitempty"`
	LocalDestinationAddressIds []int    `json:"local_destination_address_ids,omitempty"`
	LocalDestinationCount      *int     `json:"local_destination_count,omitempty"`
	Status                     *string  `json:"status,omitempty"`
	LogSources                 []struct {
		ID       *int    `json:"id,omitempty"`
		TypeID   *int    `json:"type_id,omitempty"`
		TypeName *string `json:"type_name,omitempty"`
		Name     *string `json:"name,omitempty"`
	} `json:"log_sources,omitempty"`
}

Offense represents QRadar's generated Offense.

type OffenseService 

type OffenseService service

OffenseService handles methods related to Offenses of the QRadar API.

func (*OffenseService) Get 

func (c *OffenseService) Get(ctx context.Context, fields, filter string, from, to int) ([]Offense, error)

Get returns Offenses of the current QRadar installation.

func (*OffenseService) GetByID 

func (c *OffenseService) GetByID(ctx context.Context, fields string, id int) (*Offense, error)

GetByID returns Offense of the current QRadar installation by ID.

func (*OffenseService) ListSourceAddress added in v1.2.0 

func (c *OffenseService) ListSourceAddress(ctx context.Context, fields, filter string) ([]SourceAddress, error)

GetByID returns Offense of the current QRadar installation by ID.

func (*OffenseService) UpdateByID 

func (c *OffenseService) UpdateByID(ctx context.Context, fields string, id int, data interface{}) (*Offense, error)

UpdateByID updates Offense in QRadar installation by ID.

type OffenseType 

type OffenseType struct {
	ID           *int    `json:"id,omitempty"`
	PropertyName *string `json:"property_name,omitempty"`
	Name         *string `json:"name,omitempty"`
	DatabaseType *string `json:"database_type,omitempty"`
	Custom       *bool   `json:"custom,omitempty"`
}

OffenseType represents QRadar's generated OffenseType.

type OffenseTypeService 

type OffenseTypeService service

OffenseTypeService handles methods related to OffenseTypes of the QRadar API.

func (*OffenseTypeService) Get 

func (c *OffenseTypeService) Get(ctx context.Context, fields, filter string, from, to int) ([]OffenseType, error)

Get returns OffenseTypes of the current QRadar installation.

func (*OffenseTypeService) GetByID 

func (c *OffenseTypeService) GetByID(ctx context.Context, fields string, id int) (*OffenseType, error)

GetByID returns OffenseType of the current QRadar installation by ID.

type PropertyCEFExpressionService 

type PropertyCEFExpressionService service

PropertyCEFExpressionService handles methods related to Property CEF Expressions of the QRadar API.

func (*PropertyCEFExpressionService) Create 

func (c *PropertyCEFExpressionService) Create(ctx context.Context, fields string, data interface{}) (*PropertyExpression, error)

Create creates Property CEF Expression in QRadar installation.

func (*PropertyCEFExpressionService) DeleteByID 

func (c *PropertyCEFExpressionService) DeleteByID(ctx context.Context, fields string, id int) error

DeleteByID creates A Delete Task in QRadar installation in order to safely delete Property CEF Expression by ID.

func (*PropertyCEFExpressionService) Get 

func (c *PropertyCEFExpressionService) Get(ctx context.Context, fields, filter string, from, to int) ([]PropertyExpression, error)

Get returns Property CEF Expressions of the current QRadar installation.

func (*PropertyCEFExpressionService) GetByID 

func (c *PropertyCEFExpressionService) GetByID(ctx context.Context, fields string, id int) (*PropertyExpression, error)

GetByID returns Property CEF Expression of the current QRadar installation by ID.

func (*PropertyCEFExpressionService) UpdateByID 

func (c *PropertyCEFExpressionService) UpdateByID(ctx context.Context, fields string, id int, data interface{}) (*PropertyExpression, error)

UpdateByID updates Property CEF Expression in QRadar installation by ID.

type PropertyExpression 

type PropertyExpression struct {
	Identifier              *string `json:"identifier,omitempty"`
	LogSourceTypeID         *int    `json:"log_source_type_id,omitempty"`
	ModificationDate        *int    `json:"modification_date,omitempty"`
	QID                     *int    `json:"qid,omitempty"`
	LogSourceID             *int    `json:"log_source_id,omitempty"`
	Enabled                 *bool   `json:"enabled,omitempty"`
	Payload                 *string `json:"payload,omitempty"`
	RegexPropertyIdentifier *string `json:"regex_property_identifier,omitempty"`
	ID                      *int    `json:"id,omitempty"`
	CreationDate            *int    `json:"creation_date,omitempty"`
	Username                *string `json:"username,omitempty"`
	LowLevelCategoryID      *int    `json:"low_level_category_id,omitempty"`

	Regex        *string `json:"regex,omitempty"`
	CaptureGroup *int    `json:"capture_group,omitempty"`

	DelimeterNameValue *string `json:"delimiter_name_value,omitempty"`
	DelimeterPair      *string `json:"delimiter_pair,omitempty"`

	Expression *string `json:"expression,omitempty"`
}

PropertyExpression represents QRadar various property expressions which are regular expression, json, cef and leef. The structure for those would be the same with a distinction that regular expression would have field "Regex" and "CaptureGroup" whereas others structure have just "Expression" field instead.

type PropertyExpressionService 

type PropertyExpressionService service

PropertyExpressionService handles methods related to Property Expressions of the QRadar API.

func (*PropertyExpressionService) Create 

func (c *PropertyExpressionService) Create(ctx context.Context, fields string, data interface{}) (*PropertyExpression, error)

Create creates Property Expression in QRadar installation.

func (*PropertyExpressionService) DeleteByID 

func (c *PropertyExpressionService) DeleteByID(ctx context.Context, fields string, id int) error

DeleteByID creates A Delete Task in QRadar installation in order to safely delete Property Expression by its id.

func (*PropertyExpressionService) Get 

func (c *PropertyExpressionService) Get(ctx context.Context, fields, filter string, from, to int) ([]PropertyExpression, error)

Get returns Property Expressions of the current QRadar installation.

func (*PropertyExpressionService) GetByID 

func (c *PropertyExpressionService) GetByID(ctx context.Context, fields string, id int) (*PropertyExpression, error)

GetByID returns Property Expressions of the current QRadar installation by ID.

func (*PropertyExpressionService) UpdateByID 

func (c *PropertyExpressionService) UpdateByID(ctx context.Context, fields string, id int, data interface{}) (*PropertyExpression, error)

UpdateByID updates Property Expression in QRadar installation by ID.

type PropertyGenericListExpressionService 

type PropertyGenericListExpressionService service

PropertyGenericListExpressionService handles methods related to Property GenericList Expressions of the QRadar API.

func (*PropertyGenericListExpressionService) Create 

func (c *PropertyGenericListExpressionService) Create(ctx context.Context, fields string, data interface{}) (*PropertyExpression, error)

Create creates Property GenericList Expression in QRadar installation.

func (*PropertyGenericListExpressionService) DeleteByID 

func (c *PropertyGenericListExpressionService) DeleteByID(ctx context.Context, fields string, id int) error

DeleteByID creates A Delete Task in QRadar installation in order to safely delete Property GenericList Expression by ID.

func (*PropertyGenericListExpressionService) Get 

func (c *PropertyGenericListExpressionService) Get(ctx context.Context, fields, filter string, from, to int) ([]PropertyExpression, error)

Get returns Property GenericList Expressions of the current QRadar installation

func (*PropertyGenericListExpressionService) GetByID 

func (c *PropertyGenericListExpressionService) GetByID(ctx context.Context, fields string, id int) (*PropertyExpression, error)

GetByID returns Property GenericList Expression of the current QRadar installation by ID.

func (*PropertyGenericListExpressionService) UpdateByID 

func (c *PropertyGenericListExpressionService) UpdateByID(ctx context.Context, fields string, id int, data interface{}) (*PropertyExpression, error)

UpdateByID updates Property GenericList Expression in QRadar installation by ID.

type PropertyJSONExpressionService 

type PropertyJSONExpressionService service

PropertyJSONExpressionService handles methods related to Property JSON Expressions of the QRadar API.

func (*PropertyJSONExpressionService) Create 

func (c *PropertyJSONExpressionService) Create(ctx context.Context, fields string, data interface{}) (*PropertyExpression, error)

Create creates Property JSON Expression in QRadar installation.

func (*PropertyJSONExpressionService) DeleteByID 

func (c *PropertyJSONExpressionService) DeleteByID(ctx context.Context, fields string, id int) error

DeleteByID creates A Delete Task in QRadar installation in order to safely delete Property JSON Expression by ID.

func (*PropertyJSONExpressionService) Get 

func (c *PropertyJSONExpressionService) Get(ctx context.Context, fields, filter string, from, to int) ([]PropertyExpression, error)

Get returns Property JSON Expressions of the current QRadar installation

func (*PropertyJSONExpressionService) GetByID 

func (c *PropertyJSONExpressionService) GetByID(ctx context.Context, fields string, id int) (*PropertyExpression, error)

GetByID returns Property JSON Expression of the current QRadar installation by ID.

func (*PropertyJSONExpressionService) UpdateByID 

func (c *PropertyJSONExpressionService) UpdateByID(ctx context.Context, fields string, id int, data interface{}) (*PropertyExpression, error)

UpdateByID updates Property JSON Expression in QRadar installation by ID.

type PropertyLEEFExpressionService 

type PropertyLEEFExpressionService service

PropertyLEEFExpressionService handles methods related to Property LEEF Expressions of the QRadar API.

func (*PropertyLEEFExpressionService) Create 

func (c *PropertyLEEFExpressionService) Create(ctx context.Context, fields string, data interface{}) (*PropertyExpression, error)

Create creates Property LEEF Expression in QRadar installation.

func (*PropertyLEEFExpressionService) DeleteByID 

func (c *PropertyLEEFExpressionService) DeleteByID(ctx context.Context, fields string, id int) error

DeleteByID creates A Delete Task in QRadar installation in order to safely delete Property LEEF Expression by ID.

func (*PropertyLEEFExpressionService) Get 

func (c *PropertyLEEFExpressionService) Get(ctx context.Context, fields, filter string, from, to int) ([]PropertyExpression, error)

Get returns Property LEEF Expressions of the current QRadar installation.

func (*PropertyLEEFExpressionService) GetByID 

func (c *PropertyLEEFExpressionService) GetByID(ctx context.Context, fields string, id int) (*PropertyExpression, error)

GetByID returns Property LEEF Expression of the current QRadar installation by ID.

func (*PropertyLEEFExpressionService) UpdateByID 

func (c *PropertyLEEFExpressionService) UpdateByID(ctx context.Context, fields string, id int, data interface{}) (*PropertyExpression, error)

UpdateByID updates Property LEEF Expression in QRadar installation by ID.

type PropertyNVPExpressionService 

type PropertyNVPExpressionService service

PropertyNVPExpressionService handles methods related to Property NVP Expressions of the QRadar API.

func (*PropertyNVPExpressionService) Create 

func (c *PropertyNVPExpressionService) Create(ctx context.Context, fields string, data interface{}) (*PropertyExpression, error)

Create creates Property NVP Expression in QRadar installation>

func (*PropertyNVPExpressionService) DeleteByID 

func (c *PropertyNVPExpressionService) DeleteByID(ctx context.Context, fields string, id int) error

DeleteByID creates A Delete Task in QRadar installation in order to safely delete Property NVP Expression by ID.

func (*PropertyNVPExpressionService) Get 

func (c *PropertyNVPExpressionService) Get(ctx context.Context, fields, filter string, from, to int) ([]PropertyExpression, error)

Get returns Property NVP Expressions of the current QRadar installation

func (*PropertyNVPExpressionService) GetByID 

func (c *PropertyNVPExpressionService) GetByID(ctx context.Context, fields string, id int) (*PropertyExpression, error)

GetByID returns Property NVP Expression of the current QRadar installation by ID.

func (*PropertyNVPExpressionService) UpdateByID 

func (c *PropertyNVPExpressionService) UpdateByID(ctx context.Context, fields string, id int, data interface{}) (*PropertyExpression, error)

UpdateByID updates Property NVP Expression in QRadar installation by ID.

type PropertyXMLExpressionService 

type PropertyXMLExpressionService service

PropertyXMLExpressionService handles methods related to Property XML Expressions of the QRadar API.

func (*PropertyXMLExpressionService) Create 

func (c *PropertyXMLExpressionService) Create(ctx context.Context, fields string, data interface{}) (*PropertyExpression, error)

Create creates Property XML Expression in QRadar installation.

func (*PropertyXMLExpressionService) DeleteByID 

func (c *PropertyXMLExpressionService) DeleteByID(ctx context.Context, fields string, id int) error

DeleteByID creates A Delete Task in QRadar installation in order to safely delete Property XML Expression by ID.

func (*PropertyXMLExpressionService) Get 

func (c *PropertyXMLExpressionService) Get(ctx context.Context, fields, filter string, from, to int) ([]PropertyExpression, error)

Get returns Property XML Expressions of the current QRadar installation

func (*PropertyXMLExpressionService) GetByID 

func (c *PropertyXMLExpressionService) GetByID(ctx context.Context, fields string, id int) (*PropertyExpression, error)

GetByID returns Property XML Expression of the current QRadar installation by ID.

func (*PropertyXMLExpressionService) UpdateByID 

func (c *PropertyXMLExpressionService) UpdateByID(ctx context.Context, fields string, id int, data interface{}) (*PropertyExpression, error)

UpdateByID updates Property XML Expression in QRadar installation by ID.

type QID 

type QID struct {
	Severity           *int    `json:"severity,omitempty"`
	Name               *string `json:"name,omitempty"`
	Description        *string `json:"description,omitempty"`
	LogSourceTypeID    *int    `json:"log_source_type_id,omitempty"`
	ID                 *int    `json:"id,omitempty"`
	LowLevelCategoryID *int    `json:"low_level_category_id,omitempty"`
	QID                *int    `json:"qid,omitempty"`
	UUID               *string `json:"uuid,omitempty"`
}

QID represents QRadar's QID.

type QIDService 

type QIDService service

QIDService handles methods related to QIDs of the QRadar API.

func (*QIDService) Create 

func (c *QIDService) Create(ctx context.Context, fields string, data interface{}) (*QID, error)

Create creates QID in QRadar installation.

func (*QIDService) Get 

func (c *QIDService) Get(ctx context.Context, fields, filter string, from, to int) ([]QID, error)

Get returns QIDs of the current QRadar installation.

func (*QIDService) GetByID 

func (c *QIDService) GetByID(ctx context.Context, fields string, id int) (*QID, error)

GetByID returns QID of the current QRadar installation by ID.

func (*QIDService) GetByName 

func (c *QIDService) GetByName(ctx context.Context, fields string, name string) (*QID, error)

GetByName returns QID of the current QRadar installation by name. If there are more than one QID that the same, this will returm the one with the least QID number

func (*QIDService) GetByQID 

func (c *QIDService) GetByQID(ctx context.Context, fields string, qid int) (*QID, error)

GetByQID returns QID of the current QRadar installation by QID.

func (*QIDService) UpdateByID 

func (c *QIDService) UpdateByID(ctx context.Context, fields string, id int, data interface{}) (*QID, error)

UpdateByID updates QID record in QRadar installation bu ID.

type ReferenceData 

type ReferenceData struct {
	FirstSeen *int    `json:"first_seen,omitempty"`
	LastSeen  *int    `json:"last_seen,omitempty"`
	Source    *string `json:"source,omitempty"`
	Value     *string `json:"value,omitempty"`
}

ReferenceData represents entry of Reference Object

type ReferenceMap 

type ReferenceMap struct {
	Name             *string `json:"name,omitempty"`
	CreationTime     *int    `json:"creation_time,omitempty"`
	ElementType      *string `json:"element_type,omitempty"`
	KeyLabel         *string `json:"key_label,omitempty"`
	NumberOfElements *int    `json:"number_of_elements,omitempty"`
	TimeToLive       *string `json:"time_to_live,omitempty"`
	TimeoutType      *string `json:"timeout_type,omitempty"`
	ValueLabel       *string `json:"value_label,omitempty"`

	Data map[string]ReferenceData `json:"data,omitempty"`
}

ReferenceMap represents QRadar's Reference Map.

type ReferenceMapOfSets 

type ReferenceMapOfSets struct {
	Name             *string `json:"name,omitempty"`
	CreationTime     *int    `json:"creation_time,omitempty"`
	ElementType      *string `json:"element_type,omitempty"`
	KeyLabel         *string `json:"key_label,omitempty"`
	NumberOfElements *int    `json:"number_of_elements,omitempty"`
	TimeToLive       *string `json:"time_to_live,omitempty"`
	TimeoutType      *string `json:"timeout_type,omitempty"`
	ValueLabel       *string `json:"value_label,omitempty"`

	Data map[string][]ReferenceData `json:"data,omitempty"`
}

ReferenceMapOfSets represents QRadar's Reference maps of sets.

type ReferenceMapOfSetsService 

type ReferenceMapOfSetsService service

ReferenceMapOfSetsService handles methods related to Reference Maps of Sets of the QRadar API.

func (*ReferenceMapOfSetsService) BulkLoad 

func (c *ReferenceMapOfSetsService) BulkLoad(ctx context.Context, fields, name string, data interface{}) (*ReferenceMapOfSets, error)

BulkLoad uploads many values in QRadar's Reference Map o Sets

func (*ReferenceMapOfSetsService) Create 

func (c *ReferenceMapOfSetsService) Create(ctx context.Context, fields string, data *ReferenceMapOfSets) (*ReferenceMapOfSets, error)

Create creates Reference maps of sets in QRadar installation.

func (*ReferenceMapOfSetsService) Get 

func (c *ReferenceMapOfSetsService) Get(ctx context.Context, fields, filter string, from, to int) ([]ReferenceMapOfSets, error)

Get returns Reference maps of sets of the current QRadar installation.

func (*ReferenceMapOfSetsService) GetWithData 

func (c *ReferenceMapOfSetsService) GetWithData(ctx context.Context, fields, filter, name string, from, to int) (*ReferenceMapOfSets, error)

GetWithData returns Reference Map of Sets with data of the current QRadar installation.

type ReferenceMapService 

type ReferenceMapService service

ReferenceMapService handles methods related to Reference Map of the QRadar API.

func (*ReferenceMapService) BulkLoad 

func (c *ReferenceMapService) BulkLoad(ctx context.Context, fields, name string, data interface{}) (*ReferenceMap, error)

BulkLoad uploads many values in QRadar's Reference Map

func (*ReferenceMapService) Create 

func (c *ReferenceMapService) Create(ctx context.Context, fields string, data *ReferenceMap) (*ReferenceMap, error)

Create creates Reference map in QRadar installation.

func (*ReferenceMapService) Get 

func (c *ReferenceMapService) Get(ctx context.Context, fields, filter string, from, to int) ([]ReferenceMap, error)

Get returns Reference maps of the current QRadar installation.

func (*ReferenceMapService) GetWithData 

func (c *ReferenceMapService) GetWithData(ctx context.Context, fields, filter, name string, from, to int) (*ReferenceMap, error)

GetWithData returns Reference Map with data of the current QRadar installation.

type ReferenceSet 

type ReferenceSet struct {
	Name             *string `json:"name,omitempty"`
	CreationTime     *int    `json:"creation_time,omitempty"`
	ElementType      *string `json:"element_type,omitempty"`
	NumberOfElements *int    `json:"number_of_elements,omitempty"`
	TimeToLive       *string `json:"time_to_live,omitempty"`
	TimeoutType      *string `json:"timeout_type,omitempty"`

	Data []ReferenceData `json:"data,omitempty"`
}

ReferenceSet represents QRadar's Reference sets.

type ReferenceSetService 

type ReferenceSetService service

ReferenceSetService handles methods related to Reference sets of the QRadar API.

func (*ReferenceSetService) BulkLoad 

func (c *ReferenceSetService) BulkLoad(ctx context.Context, fields, name string, data interface{}) (*ReferenceSet, error)

BulkLoad uploads many values in QRadar's Reference Set

func (*ReferenceSetService) Create 

func (c *ReferenceSetService) Create(ctx context.Context, fields string, data *ReferenceSet) (*ReferenceSet, error)

Create creates Reference set in QRadar installation. expects pointer on a ReferenceSet

func (*ReferenceSetService) Get 

func (c *ReferenceSetService) Get(ctx context.Context, fields, filter string, from, to int) ([]ReferenceSet, error)

Get returns Reference sets of the current QRadar installation.

func (*ReferenceSetService) GetWithData 

func (c *ReferenceSetService) GetWithData(ctx context.Context, fields, filter, name string, from, to int) (*ReferenceSet, error)

GetWithData returns Reference set with data of the current QRadar installation.

type ReferenceTable 

type ReferenceTable struct {
	Name             *string `json:"name,omitempty"`
	CreationTime     *int    `json:"creation_time,omitempty"`
	ElementType      *string `json:"element_type,omitempty"`
	NumberOfElements *int    `json:"number_of_elements,omitempty"`
	TimeToLive       *string `json:"time_to_live,omitempty"`
	TimeoutType      *string `json:"timeout_type,omitempty"`

	Data map[string]map[string]ReferenceData `json:"data,omitempty"`
}

ReferenceTable represents QRadar's Reference table.

type ReferenceTableService 

type ReferenceTableService service

ReferenceTableService handles methods related to Reference tables of the QRadar API.

func (*ReferenceTableService) BulkLoad 

func (c *ReferenceTableService) BulkLoad(ctx context.Context, fields, name string, data interface{}) (*ReferenceTable, error)

BulkLoad uploads many values in QRadar's Reference Table

func (*ReferenceTableService) Create 

func (c *ReferenceTableService) Create(ctx context.Context, fields string, data *ReferenceTable) (*ReferenceTable, error)

Create creates Reference table in QRadar installation.

func (*ReferenceTableService) Get 

func (c *ReferenceTableService) Get(ctx context.Context, fields, filter string, from, to int) ([]ReferenceTable, error)

Get returns Reference tables of the current QRadar installation.

func (*ReferenceTableService) GetWithData 

func (c *ReferenceTableService) GetWithData(ctx context.Context, fields, filter, name string, from, to int) (*ReferenceTable, error)

GetWithData returns Reference Table with data of the current QRadar installation.

type RegexProperty 

type RegexProperty struct {
	Identifier       *string `json:"identifier,omitempty"`
	ModificationDate *int    `json:"modification_date,omitempty"`
	DatetimeFormat   *string `json:"datetime_format,omitempty"`
	PropertyType     *string `json:"property_type,omitempty"`
	Name             *string `json:"name,omitempty"`
	AutoDiscovered   *bool   `json:"auto_discovered,omitempty"`
	Description      *string `json:"description,omitempty"`
	ID               *int    `json:"id,omitempty"`
	UseForRuleEngine *bool   `json:"use_for_rule_engine,omitempty"`
	CreationDate     *int    `json:"creation_date,omitempty"`
	Locale           *string `json:"locale,omitempty"`
	Username         *string `json:"username,omitempty"`
}

RegexProperty represents QRadar's Regex Property which is a metadata of a Custom Property.

type RegexPropertyService 

type RegexPropertyService service

RegexPropertyService handles methods related to Regex Properties of the QRadar API.

func (*RegexPropertyService) Create 

func (c *RegexPropertyService) Create(ctx context.Context, fields string, data interface{}) (*RegexProperty, error)

Create creates Regex Property in QRadar installation.

func (*RegexPropertyService) DeleteByID 

func (c *RegexPropertyService) DeleteByID(ctx context.Context, fields string, id int) (*DeleteTask, error)

DeleteByID creates A Delete Task in QRadar installation in order to safely delete Regex Property by ID.

func (*RegexPropertyService) Get 

func (c *RegexPropertyService) Get(ctx context.Context, fields, filter string, from, to int) ([]RegexProperty, error)

Get returns Regex Properties of the current QRadar installation.

func (*RegexPropertyService) GetByID 

func (c *RegexPropertyService) GetByID(ctx context.Context, fields string, id int) (*RegexProperty, error)

GetByID returns Regex Property of the current QRadar installation by ID.

func (*RegexPropertyService) GetByName 

func (c *RegexPropertyService) GetByName(ctx context.Context, fields string, name string) (*RegexProperty, error)

GetByName returns Regex Property of the current QRadar installation by Name.

func (*RegexPropertyService) GetByUUID 

func (c *RegexPropertyService) GetByUUID(ctx context.Context, fields string, uuid string) (*RegexProperty, error)

GetByUUID returns Regex Property of the current QRadar installation by UUID.

func (*RegexPropertyService) UpdateByID 

func (c *RegexPropertyService) UpdateByID(ctx context.Context, fields string, id int, data interface{}) (*RegexProperty, error)

UpdateByID updates Regex Property in QRadar installation by ID.

type Rule 

type Rule struct {
	ID                   *int    `json:"id,omitempty"`
	Name                 *string `json:"name,omitempty"`
	Type                 *string `json:"type,omitempty"`
	Enabled              *bool   `json:"enabled,omitempty"`
	Owner                *string `json:"owner,omitempty"`
	Origin               *string `json:"origin,omitempty"`
	BaseCapacity         *int    `json:"base_capacity,omitempty"`
	BaseHostID           *int    `json:"base_host_id,omitempty"`
	AverageCapacity      *int    `json:"average_capacity,omitempty"`
	CapacityTimestamp    *int    `json:"capacity_timestamp,omitempty"`
	Identifier           *string `json:"identifier,omitempty"`
	LinkedRuleIdentifier *string `json:"linked_rule_identifier,omitempty"`
	CreationDate         *int    `json:"creation_date,omitempty"`
	ModificationDate     *int    `json:"modification_date,omitempty"`
}

Rule represents QRadar's Rule.

type RuleGroup 

type RuleGroup struct {
	Owner        *string  `json:"owner"`
	ModifiedTime *int     `json:"modified_time"`
	Level        *int     `json:"level"`
	Name         *string  `json:"name"`
	Description  *string  `json:"description"`
	ChildGroups  []int    `json:"child_groups"`
	ID           *int     `json:"id"`
	ChildItems   []string `json:"child_items"`
	Type         *string  `json:"type"`
	ParentID     *int     `json:"parent_id"`
}

type RuleGroupService 

type RuleGroupService service

RuleGroupService handles methods related to Rule Groups of the QRadar API.

func (*RuleGroupService) Get 

func (c *RuleGroupService) Get(ctx context.Context, fields, filter string, from, to int) ([]RuleGroup, error)

Get returns Rule Groups of the current QRadar installation.

func (*RuleGroupService) GetByID 

func (c *RuleGroupService) GetByID(ctx context.Context, fields string, id int) (*RuleGroup, error)

GetByID returns Rule Group of the current QRadar installation by ID.

type RuleService 

type RuleService service

RuleService handles methods related to Rule of the QRadar API.

func (*RuleService) DeleteByID 

func (c *RuleService) DeleteByID(ctx context.Context, fields string, id int) (*DeleteTask, error)

DeleteByID creates A Delete Task in QRadar installation in order to safely delete Rule by ID.

func (*RuleService) Get 

func (c *RuleService) Get(ctx context.Context, fields, filter string, from, to int) ([]Rule, error)

Get returns Rules of the current QRadar installation.

func (*RuleService) GetByID 

func (c *RuleService) GetByID(ctx context.Context, fields string, id int) (*Rule, error)

GetByID returns Rule of the current QRadar installation by ID.

func (*RuleService) GetByName 

func (c *RuleService) GetByName(ctx context.Context, fields string, name string) (*Rule, error)

GetByName returns Rule of the current QRadar installation by Name.

func (*RuleService) GetByUUID 

func (c *RuleService) GetByUUID(ctx context.Context, fields string, uuid string) (*Rule, error)

GetByUUID returns Rule of the current QRadar installation by UUID.

func (*RuleService) UpdateByID 

func (c *RuleService) UpdateByID(ctx context.Context, fields string, id int, data interface{}) (*Rule, error)

UpdateByID updates the rule owner or toggle the rule enabled/disabled by ID.

type RuleWithData 

type RuleWithData struct {
	Rule
	CRE             *int    `json:"cre,omitempty"`
	TypeID          *int    `json:"type_id,omitempty"`
	IsBuildingBlock *bool   `json:"is_building_block,omitempty"`
	RuleXML         *string `json:"rule_xml,omitempty"`
}

RuleWithData represents QRadar's RuleWithData. Undocumented.

type RuleWithDataService 

type RuleWithDataService service

RuleWithDataService handles methods related to RuleWithData of the QRadar Undocumented API.

func (*RuleWithDataService) Create 

func (c *RuleWithDataService) Create(ctx context.Context, fields string, data interface{}) (*RuleWithData, error)

Create creates RuleWithData in the current QRadar installation. Undocumented API.

func (*RuleWithDataService) Get 

func (c *RuleWithDataService) Get(ctx context.Context, fields, filter string, from, to int) ([]RuleWithData, error)

Get returns RuleWithData of the current QRadar installation. Undocumented API.

func (*RuleWithDataService) GetByID 

func (c *RuleWithDataService) GetByID(ctx context.Context, fields string, id int) (*RuleWithData, error)

GetByID returns RuleWithData of the current QRadar installation by ID. Undocumented API.

func (*RuleWithDataService) GetByName 

func (c *RuleWithDataService) GetByName(ctx context.Context, fields string, name string) (*RuleWithData, error)

GetByName returns RuleWithData of the current QRadar installation by Name. Undocumented API.

func (*RuleWithDataService) GetByUUID 

func (c *RuleWithDataService) GetByUUID(ctx context.Context, fields string, uuid string) (*RuleWithData, error)

GetByUUID returns RuleWithData of the current QRadar installation by UUID. Undocumented API.

func (*RuleWithDataService) UpdateByID 

func (c *RuleWithDataService) UpdateByID(ctx context.Context, fields string, id int, data interface{}) (*RuleWithData, error)

UpdateByID updates RuleWithData of the current QRadar installation by ID. Undocumented API. 

type Search struct {
	CursorID                 *string        `json:"cursor_id,omitempty"`
	CompressedDataFileCount  *int           `json:"compressed_data_file_count,omitempty"`
	CompressedDataTotalSize  *int           `json:"compressed_data_total_size,omitempty"`
	DataFileCount            *int           `json:"data_file_count,omitempty"`
	DataTotalSize            *int           `json:"data_total_size,omitempty"`
	IndexFileCount           *int           `json:"index_file_count,omitempty"`
	IndexTotalSize           *int           `json:"index_total_size,omitempty"`
	ProcessedRecordCount     *int           `json:"processed_record_count,omitempty"`
	ErrorMessages            []ErrorMessage `json:"error_messages,omitempty"`
	DesiredRetentionTimeMsec *int           `json:"desired_retention_time_msec,omitempty"`
	Progress                 *int           `json:"progress,omitempty"`
	ProgressDetails          []int          `json:"progress_details,omitempty"`
	QueryExecutionTime       *int           `json:"query_execution_time,omitempty"`
	QueryString              *string        `json:"query_string,omitempty"`
	RecordCount              *int           `json:"record_count,omitempty"`
	SaveResults              *bool          `json:"save_results,omitempty"`
	Status                   *string        `json:"status,omitempty"`
	Snapshot                 *struct {
		Events []Event `json:"events,omitempty"`
	} `json:"snapshot,omitempty"`
	SubsearchIds []string `json:"subsearch_ids,omitempty"`
	SearchID     *string  `json:"search_id,omitempty"`
}

Search represent Ariel search state.

type SearchColumn 

type SearchColumn struct {
	ArgumentType    *string `json:"argument_type,omitempty"`
	Indexable       *bool   `json:"indexable,omitempty"`
	Name            *string `json:"name,omitempty"`
	Nullable        *bool   `json:"nullable,omitempty"`
	ObjectValueType *string `json:"object_value_type,omitempty"`
	ProviderName    *string `json:"provider_name,omitempty"`
}

SearchColumn represents found column and it's properties.

type SearchMetadata 

type SearchMetadata struct {
	Columns []SearchColumn `json:"columns,omitempty"`
}

SearchMetadata represents search metadata.

type SearchResult 

type SearchResult struct {
	Events []Event `json:"events,omitempty"`
}

SearchResult represents search result.

type SearchResultsScroller 

type SearchResultsScroller struct {
	// contains filtered or unexported fields
}

SearchResultsScroller represents a scroller for the results of the query.

func (*SearchResultsScroller) Length 

func (s *SearchResultsScroller) Length() int

Length returns the overall events count.

func (*SearchResultsScroller) Next 

func (s *SearchResultsScroller) Next(ctx context.Context) bool

Next returns true if an event is still available to be consumed by the Result() method.

func (*SearchResultsScroller) Result 

func (s *SearchResultsScroller) Result() Event

Result returns the event iterated by the Next.

type SourceAddress added in v1.2.0 

type SourceAddress struct {
	DomainID                   int    `json:"domain_id"`
	EventFlowCount             int    `json:"event_flow_count"`
	FirstEventFlowSeen         int    `json:"first_event_flow_seen"`
	ID                         int    `json:"id"`
	LastEventFlowSeen          int    `json:"last_event_flow_seen"`
	LocalDestinationAddressIds []int  `json:"local_destination_address_ids"`
	Magnitude                  int    `json:"magnitude"`
	Network                    string `json:"network"`
	OffenseIds                 []int  `json:"offense_ids"`
	SourceIP                   string `json:"source_ip"`
}

type Tenant 

type Tenant struct {
	ID             *int    `json:"id,omitempty"`
	Name           *string `json:"name,omitempty"`
	Deleted        *bool   `json:"deleted,omitempty"`
	FlowRateLimit  *int    `json:"flow_rate_limit,omitempty"`
	EventRateLimit *int    `json:"event_rate_limit,omitempty"`
	Description    *string `json:"description,omitempty"`
}

Tenant represents QRadar's Tenant.

type TenantService 

type TenantService service

TenantService handles methods related to Tenants of the QRadar API.

func (*TenantService) Create 

func (c *TenantService) Create(ctx context.Context, fields string, data interface{}) (*Tenant, error)

Create creates Tenant in QRadar installation.

func (*TenantService) DeleteByID 

func (c *TenantService) DeleteByID(ctx context.Context, fields string, id int) (*Tenant, error)

DeleteByID deletes Tenant in QRadar installation by ID.

func (*TenantService) Get 

func (c *TenantService) Get(ctx context.Context, fields, filter string, from, to int) ([]Tenant, error)

Get returns Tenants of the current QRadar installation.

func (*TenantService) GetByID 

func (c *TenantService) GetByID(ctx context.Context, fields string, id int) (*Tenant, error)

GetByID returns Tenant of the current QRadar installation by ID.

func (*TenantService) GetByName 

func (c *TenantService) GetByName(ctx context.Context, fields string, name string) (*Tenant, error)

GetByName returns Tenant of the current QRadar installation by Name.

func (*TenantService) UpdateByID 

func (c *TenantService) UpdateByID(ctx context.Context, fields string, id int, data interface{}) (*Tenant, error)

UpdateByID updates Tenant record in QRadar installation by ID.

Source Files

View all Source files

Directories

Path Synopsis
examples
offenses
search

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.