cticlient

package
v1.5.0-freebsd Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 16, 2023 License: MIT Imports: 8 Imported by: 1

Documentation

Index

Constants

View Source
const (
	CTIBaseUrl = "https://cti.api.crowdsec.net/v2"
)

Variables

View Source
var (
	ErrUnauthorized = errors.New("unauthorized")
	ErrLimit        = errors.New("request quota exceeded, please reduce your request rate")
	ErrNotFound     = errors.New("ip not found")
	ErrDisabled     = errors.New("cti is disabled")
	ErrUnknown      = errors.New("unknown error")
)

Functions

func WithAPIKey

func WithAPIKey(apiKey string) func(*CrowdsecCTIClient)

func WithHTTPClient

func WithHTTPClient(httpClient *http.Client) func(*CrowdsecCTIClient)

func WithLogger

func WithLogger(logger *log.Entry) func(*CrowdsecCTIClient)

Types

type CTIAttackDetails

type CTIAttackDetails struct {
	Name        string   `json:"name"`
	Label       string   `json:"label"`
	Description string   `json:"description"`
	References  []string `json:"references"`
}

type CTIBehavior

type CTIBehavior struct {
	Name        string `json:"name"`
	Label       string `json:"label"`
	Description string `json:"description"`
}

type CTIClassification

type CTIClassification struct {
	Name        string `json:"name"`
	Label       string `json:"label"`
	Description string `json:"description"`
}

type CTIClassifications

type CTIClassifications struct {
	FalsePositives  []CTIClassification `json:"false_positives"`
	Classifications []CTIClassification `json:"classifications"`
}

type CTIHistory

type CTIHistory struct {
	FirstSeen *string `json:"first_seen"`
	LastSeen  *string `json:"last_seen"`
	FullAge   int     `json:"full_age"`
	DaysAge   int     `json:"days_age"`
}

type CTILocationInfo

type CTILocationInfo struct {
	Country   *string  `json:"country"`
	City      *string  `json:"city"`
	Latitude  *float64 `json:"latitude"`
	Longitude *float64 `json:"longitude"`
}

type CTIReferences

type CTIReferences struct {
	Name        string `json:"name"`
	Label       string `json:"label"`
	Description string `json:"description"`
}

type CTIScore

type CTIScore struct {
	Aggressiveness int `json:"aggressiveness"`
	Threat         int `json:"threat"`
	Trust          int `json:"trust"`
	Anomaly        int `json:"anomaly"`
	Total          int `json:"total"`
}

type CTIScores

type CTIScores struct {
	Overall   CTIScore `json:"overall"`
	LastDay   CTIScore `json:"last_day"`
	LastWeek  CTIScore `json:"last_week"`
	LastMonth CTIScore `json:"last_month"`
}

type CrowdsecCTIClient

type CrowdsecCTIClient struct {
	Logger *log.Entry
	// contains filtered or unexported fields
}

func NewCrowdsecCTIClient

func NewCrowdsecCTIClient(options ...func(*CrowdsecCTIClient)) *CrowdsecCTIClient

func (*CrowdsecCTIClient) Fire

func (c *CrowdsecCTIClient) Fire(params FireParams) (*FireResponse, error)

func (*CrowdsecCTIClient) GetIPInfo

func (c *CrowdsecCTIClient) GetIPInfo(ip string) (*SmokeItem, error)

func (*CrowdsecCTIClient) SearchIPs

func (c *CrowdsecCTIClient) SearchIPs(ips []string) (*SearchIPResponse, error)

type CustomTime

type CustomTime struct {
	time.Time
}

func (*CustomTime) UnmarshalJSON

func (ct *CustomTime) UnmarshalJSON(b []byte) error

type FireItem

type FireItem struct {
	IpRangeScore         int                 `json:"ip_range_score"`
	Ip                   string              `json:"ip"`
	IpRange              *string             `json:"ip_range"`
	AsName               *string             `json:"as_name"`
	AsNum                *int                `json:"as_num"`
	Location             CTILocationInfo     `json:"location"`
	ReverseDNS           *string             `json:"reverse_dns"`
	Behaviors            []*CTIBehavior      `json:"behaviors"`
	History              CTIHistory          `json:"history"`
	Classifications      CTIClassifications  `json:"classifications"`
	AttackDetails        []*CTIAttackDetails `json:"attack_details"`
	TargetCountries      map[string]int      `json:"target_countries"`
	BackgroundNoiseScore *int                `json:"background_noise_score"`
	Scores               CTIScores           `json:"scores"`
	References           []CTIReferences     `json:"references"`
	Status               string              `json:"status"`
	Expiration           CustomTime          `json:"expiration"`
}

func (*FireItem) GetAttackDetails

func (c *FireItem) GetAttackDetails() []string

func (*FireItem) GetBackgroundNoiseScore

func (c *FireItem) GetBackgroundNoiseScore() int

func (*FireItem) GetBehaviors

func (c *FireItem) GetBehaviors() []string

func (*FireItem) GetFalsePositives

func (c *FireItem) GetFalsePositives() []string

func (*FireItem) GetMaliciousnessScore

func (c *FireItem) GetMaliciousnessScore() float32

Provide the likelihood of the IP being bad

func (*FireItem) IsFalsePositive

func (c *FireItem) IsFalsePositive() bool

func (*FireItem) IsPartOfCommunityBlocklist

func (c *FireItem) IsPartOfCommunityBlocklist() bool

type FirePaginator

type FirePaginator struct {
	// contains filtered or unexported fields
}

func NewFirePaginator

func NewFirePaginator(client *CrowdsecCTIClient, params FireParams) *FirePaginator

func (*FirePaginator) Next

func (p *FirePaginator) Next() ([]FireItem, error)

type FireParams

type FireParams struct {
	Since *string `json:"since"`
	Page  *int    `json:"page"`
	Limit *int    `json:"limit"`
}

type FireResponse

type FireResponse struct {
	Links Links      `json:"_links"`
	Items []FireItem `json:"items"`
}

type Href

type Href struct {
	Href string `json:"href"`
}
type Links struct {
	First *Href `json:"first"`
	Self  *Href `json:"self"`
	Prev  *Href `json:"prev"`
	Next  *Href `json:"next"`
}

type SearchIPResponse

type SearchIPResponse struct {
	Total    int         `json:"total"`
	NotFound int         `json:"not_found"`
	Items    []SmokeItem `json:"items"`
}

type SmokeItem

type SmokeItem struct {
	IpRangeScore         int                 `json:"ip_range_score"`
	Ip                   string              `json:"ip"`
	IpRange              *string             `json:"ip_range"`
	AsName               *string             `json:"as_name"`
	AsNum                *int                `json:"as_num"`
	Location             CTILocationInfo     `json:"location"`
	ReverseDNS           *string             `json:"reverse_dns"`
	Behaviors            []*CTIBehavior      `json:"behaviors"`
	History              CTIHistory          `json:"history"`
	Classifications      CTIClassifications  `json:"classifications"`
	AttackDetails        []*CTIAttackDetails `json:"attack_details"`
	TargetCountries      map[string]int      `json:"target_countries"`
	BackgroundNoiseScore *int                `json:"background_noise_score"`
	Scores               CTIScores           `json:"scores"`
	References           []CTIReferences     `json:"references"`
	IsOk                 bool                `json:"-"`
}

func (*SmokeItem) GetAttackDetails

func (c *SmokeItem) GetAttackDetails() []string

func (*SmokeItem) GetBackgroundNoiseScore

func (c *SmokeItem) GetBackgroundNoiseScore() int

func (*SmokeItem) GetBehaviors

func (c *SmokeItem) GetBehaviors() []string

func (*SmokeItem) GetFalsePositives

func (c *SmokeItem) GetFalsePositives() []string

func (*SmokeItem) GetMaliciousnessScore

func (c *SmokeItem) GetMaliciousnessScore() float32

Provide the likelihood of the IP being bad

func (*SmokeItem) IsFalsePositive

func (c *SmokeItem) IsFalsePositive() bool

func (*SmokeItem) IsPartOfCommunityBlocklist

func (c *SmokeItem) IsPartOfCommunityBlocklist() bool

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL