threatfox

package

v0.0.14 Latest Latest Go to latest Published: Feb 18, 2024 License: Apache-2.0 Imports: 7 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/rollwagen/abusech

Links

Open Source Insights

Documentation ¶

Overview ¶

Package threatfox provides convenience methods to access the threatfox.abuse.ch API

Index ¶

type IOC
type IOCDetail
type IOCType
type IOCs
type ThreatFox
- func New() *ThreatFox
type TimeSeen
- func (s TimeSeen) MarshalJSON() ([]byte, error)
- func (s *TimeSeen) UnmarshalJSON(b []byte) error

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type IOC ¶

type IOC struct {
	ConfidenceLevel int `json:"confidence_level"`
	// FirstSeen       string   `json:"first_seen"`
	FirstSeen        TimeSeen `json:"first_seen"`
	ID               string   `json:"id"`
	Ioc              string   `json:"ioc"`
	IocType          string   `json:"ioc_type"`
	IocTypeDesc      string   `json:"ioc_type_desc"`
	LastSeen         *string  `json:"last_seen"`
	Malware          string   `json:"malware"`
	MalwareAlias     *string  `json:"malware_alias"`
	MalwareMalpedia  string   `json:"malware_malpedia"`
	MalwarePrintable string   `json:"malware_printable"`
	Reference        *string  `json:"reference"`
	Reporter         string   `json:"reporter"`
	Tags             []string `json:"tags"`
	ThreatType       string   `json:"threat_type"`
	ThreatTypeDesc   string   `json:"threat_type_desc"`
}

IOC indicator of compromise details returned by 'query' API call

type IOCDetail ¶

type IOCDetail struct {
	Comment         *string `json:"comment"`
	ConfidenceLevel int     `json:"confidence_level"`
	Credits         []struct {
		CreditsAmount any    `json:"credits_amount"`
		CreditsFrom   string `json:"credits_from"`
	} `json:"credits"`
	FirstSeen        TimeSeen `json:"first_seen"`
	ID               string   `json:"id"`
	Ioc              string   `json:"ioc"`
	IocType          string   `json:"ioc_type"`
	IocTypeDesc      string   `json:"ioc_type_desc"`
	LastSeen         *string  `json:"last_seen"`
	Malware          string   `json:"malware"`
	MalwareAlias     *string  `json:"malware_alias"`
	MalwareMalpedia  string   `json:"malware_malpedia"`
	MalwarePrintable string   `json:"malware_printable"`
	MalwareSamples   []struct {
		MalwareBazaar string `json:"malware_bazaar"`
		Md5Hash       string `json:"md5_hash"`
		Sha256Hash    string `json:"sha256_hash"`
		TimeStamp     string `json:"time_stamp"`
	} `json:"malware_samples"`
	Reference      *string  `json:"reference"`
	Reporter       string   `json:"reporter"`
	Tags           []string `json:"tags"`
	ThreatType     string   `json:"threat_type"`
	ThreatTypeDesc string   `json:"threat_type_desc"`
}

type IOCType ¶

type IOCType struct {
	Description  string `json:"description"`
	FKThreatType string `json:"fk_threat_type"`
	Type         string `json:"ioc_type"`
}

type IOCs ¶

type IOCs struct {
	Data        []IOC  `json:"data"`
	QueryStatus string `json:"query_status"`
}

type ThreatFox ¶

type ThreatFox struct {
	// contains filtered or unexported fields
}

func New ¶

func New() *ThreatFox

func (*ThreatFox) GetIOCByID ¶

func (t *ThreatFox) GetIOCByID(id string) (IOCDetail, error)

GetIOCByID queries ThreatFox for a particular IOC id sending an HTTP POST request to the Threatfox API

func (*ThreatFox) GetIOCTypes ¶

func (t *ThreatFox) GetIOCTypes() ([]IOCType, error)

GetIOCTypes obtains a list of supported IOC / threat types from ThreatFox

func (*ThreatFox) GetIOCs ¶

func (t *ThreatFox) GetIOCs(days int) ([]IOC, error)

GetIOCs return a copy of the current IOC dataset from ThreatFox by sending an HTTP POST request to the Threatfox API

func (*ThreatFox) IsValidIOCType ¶

func (t *ThreatFox) IsValidIOCType(iocType string) (bool, error)

func (*ThreatFox) SearchIOC ¶ added in v0.0.6

func (t *ThreatFox) SearchIOC(term string) ([]IOC, error)

SearchIOC searches IOC for the given term

type TimeSeen ¶

type TimeSeen time.Time

TimeSeen provides a JSON type for the fields LastSeen and FirstSeen

func (TimeSeen) MarshalJSON ¶

func (s TimeSeen) MarshalJSON() ([]byte, error)

func (*TimeSeen) UnmarshalJSON ¶

func (s *TimeSeen) UnmarshalJSON(b []byte) error

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL