README
¶
gomisp 
Golang client for MISP. The client currently only implements search, but it is easy to extend other features.
Usage
package misp
import (
"fmt"
misp "github.com/dutchcoders/gomisp"
)
func ExampleExamples_output() {
client, err := misp.New(
misp.WithURL("{url}"),
misp.WithKey("{key}"),
)
if err != nil {
panic(err.Error)
}
qry := misp.NewSearchRequest().Value(so.Query).From(time.Now().Add(time.Hour * 24 * 365 * -1)).To(time.Now())
result, err := client.Search(qry)
if err != nil {
panic(err)
}
fmt.Printf("Search results: %s\n", result)
}
Contributors
Copyright and license
Code released under Apache License 2.0.
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Client ¶
func (*Client) NewRequest ¶
NewRequest prepares http.Request to call the MISP API
func (*Client) Search ¶
func (c *Client) Search(sr *SearchRequest) ([]SearchResult, error)
type ContextResult ¶
type ContextResult struct {
Actor string `json:"actor"`
FirstSeen string `json:"first_seen"`
IP string `json:"ip"`
LastSeen string `json:"last_seen"`
Metadata struct {
ASN string `json:"asn"`
Category string `json:"category"`
City string `json:"city"`
Country string `json:"country"`
CountryCode string `json:"country_code"`
Organization string `json:"organization"`
Os string `json:"os"`
Rdns string `json:"rdns"`
Tor bool `json:"tor"`
} `json:"metadata"`
RawData struct {
Scan []struct {
Port int64 `json:"port"`
Protocol string `json:"protocol"`
} `json:"scan"`
Web struct {
} `json:"web"`
} `json:"raw_data"`
Seen bool `json:"seen"`
Tags []string `json:"tags"`
}
ContextResult is the result of the /context api
type ErrorResult ¶
type ErrorResult struct {
Error string `json:"error"`
}
ErrorResult is the result when an error occurs
type Event ¶
type Event struct {
Analysis string `json:"analysis"`
Attribute []struct {
Category string `json:"category"`
Comment string `json:"comment"`
Deleted bool `json:"deleted"`
DisableCorrelation bool `json:"disable_correlation"`
Distribution string `json:"distribution"`
EventId string `json:"event_id"`
Galaxy []interface{}
Id string `json:"id"`
ObjectId string `json:"object_id"`
ObjectRelation interface{} `json:"object_relation"`
ShadowAttribute []interface{}
SharingGroupId string `json:"sharing_group_id"`
Tag []struct {
Colour string `json:"colour"`
Exportable bool `json:"exportable"`
HideTag bool `json:"hide_tag"`
Id string `json:"id"`
Name string `json:"name"`
UserId string `json:"user_id"`
}
Timestamp string `json:"timestamp"`
ToIds bool `json:"to_ids"`
Type string `json:"type"`
Uuid string `json:"uuid"`
Value string `json:"value"`
}
AttributeCount string `json:"attribute_count"`
Date string `json:"date"`
DisableCorrelation bool `json:"disable_correlation"`
Distribution string `json:"distribution"`
ExtendsUuid string `json:"extends_uuid"`
Galaxy []interface{}
Id string `json:"id"`
Info string `json:"info"`
Locked bool `json:"locked"`
Object []interface{}
Org struct {
Id string `json:"id"`
Name string `json:"name"`
Uuid string `json:"uuid"`
}
OrgId string `json:"org_id"`
Orgc struct {
Id string `json:"id"`
Name string `json:"name"`
Uuid string `json:"uuid"`
}
OrgcId string `json:"orgc_id"`
ProposalEmailLock bool `json:"proposal_email_lock"`
PublishTimestamp string `json:"publish_timestamp"`
Published bool `json:"published"`
RelatedEvent []interface{}
ShadowAttribute []interface{}
SharingGroupId string `json:"sharing_group_id"`
Tag []struct {
Colour string `json:"colour"`
Exportable bool `json:"exportable"`
HideTag bool `json:"hide_tag"`
Id string `json:"id"`
Name string `json:"name"`
UserId string `json:"user_id"`
}
ThreatLevelId string `json:"threat_level_id"`
Timestamp string `json:"timestamp"`
Uuid string `json:"uuid"`
}
type MISPResponse ¶
type MISPResponse struct {
Response json.RawMessage `json:"response"`
}
type SearchRequest ¶
type SearchRequest struct {
// contains filtered or unexported fields
}
func NewSearchRequest ¶
func NewSearchRequest() *SearchRequest
func (*SearchRequest) From ¶
func (sr *SearchRequest) From(t time.Time) *SearchRequest
func (*SearchRequest) MarshalJSON ¶
func (sr *SearchRequest) MarshalJSON() ([]byte, error)
func (*SearchRequest) To ¶
func (sr *SearchRequest) To(t time.Time) *SearchRequest
func (*SearchRequest) Type ¶
func (sr *SearchRequest) Type(t string) *SearchRequest
func (*SearchRequest) Value ¶
func (sr *SearchRequest) Value(val string) *SearchRequest
type SearchResult ¶
type SearchResult struct {
Event Event `json:"Event"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.