threatactor

package

v0.1.6 Latest Latest Go to latest Published: Apr 14, 2026 License: GPL-3.0 Imports: 5 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/openctemio/api

Links

Open Source Insights

Documentation ¶

Overview ¶

Package threatactor provides domain models for threat actor intelligence. Threat actor data is enrichment — typically imported from STIX/TAXII feeds or MISP, not manually created. Links to CVEs and findings for prioritization.

Index ¶

type ActorType
type ExternalReference
type Filter
type Repository
type TTP
type ThreatActor
- func NewThreatActor(tenantID shared.ID, name string, actorType ActorType) (*ThreatActor, error)
- func ReconstituteThreatActor(id, tenantID shared.ID, name string, aliases []string, description string, ...) *ThreatActor
type ThreatActorCVE
- func NewThreatActorCVE(tenantID, actorID shared.ID, cveID, confidence, source string) *ThreatActorCVE

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type ActorType ¶

type ActorType string

ActorType classifies the threat actor.

const (
	ActorTypeAPT         ActorType = "apt"
	ActorTypeCybercrime  ActorType = "cybercrime"
	ActorTypeHacktivist  ActorType = "hacktivist"
	ActorTypeInsider     ActorType = "insider"
	ActorTypeNationState ActorType = "nation_state"
	ActorTypeUnknown     ActorType = "unknown"
)

type ExternalReference ¶

type ExternalReference struct {
	Source      string `json:"source"`
	URL         string `json:"url"`
	Description string `json:"description"`
}

ExternalReference links to external intelligence sources.

type Filter ¶

type Filter struct {
	TenantID  *shared.ID
	ActorType *ActorType
	IsActive  *bool
	Search    *string
}

Filter defines criteria for listing threat actors.

type Repository ¶

type Repository interface {
	Create(ctx context.Context, actor *ThreatActor) error
	GetByID(ctx context.Context, tenantID, id shared.ID) (*ThreatActor, error)
	Update(ctx context.Context, actor *ThreatActor) error
	Delete(ctx context.Context, tenantID, id shared.ID) error
	List(ctx context.Context, filter Filter, page pagination.Pagination) (pagination.Result[*ThreatActor], error)
	// CVE links
	LinkCVE(ctx context.Context, cve *ThreatActorCVE) error
	ListCVEsByActor(ctx context.Context, tenantID, actorID shared.ID) ([]*ThreatActorCVE, error)
	ListActorsByCVE(ctx context.Context, tenantID shared.ID, cveID string) ([]*ThreatActor, error)
}

Repository defines persistence for threat actors.

type TTP ¶

type TTP struct {
	Tactic        string `json:"tactic"`
	TechniqueID   string `json:"technique_id"`
	TechniqueName string `json:"technique_name"`
}

TTP represents a MITRE ATT&CK Tactic, Technique, and Procedure.

type ThreatActor ¶

type ThreatActor struct {
	// contains filtered or unexported fields
}

ThreatActor represents a known threat actor profile.

func NewThreatActor ¶

func NewThreatActor(tenantID shared.ID, name string, actorType ActorType) (*ThreatActor, error)

NewThreatActor creates a new threat actor.

func ReconstituteThreatActor ¶

func ReconstituteThreatActor(
	id, tenantID shared.ID,
	name string, aliases []string, description string,
	actorType ActorType, sophistication, motivation, countryOfOrigin string,
	firstSeen, lastSeen *time.Time, isActive bool,
	mitreGroupID string, ttps []TTP,
	targetIndustries, targetRegions []string,
	externalReferences []ExternalReference,
	tags []string,
	createdAt, updatedAt time.Time,
) *ThreatActor

ReconstituteThreatActor creates from persisted data.

func (*ThreatActor) ActorType ¶

func (t *ThreatActor) ActorType() ActorType

func (*ThreatActor) Aliases ¶

func (t *ThreatActor) Aliases() []string

func (*ThreatActor) CountryOfOrigin ¶

func (t *ThreatActor) CountryOfOrigin() string

func (*ThreatActor) CreatedAt ¶

func (t *ThreatActor) CreatedAt() time.Time

func (*ThreatActor) Description ¶

func (t *ThreatActor) Description() string

func (*ThreatActor) ExternalReferences ¶

func (t *ThreatActor) ExternalReferences() []ExternalReference

func (*ThreatActor) FirstSeen ¶

func (t *ThreatActor) FirstSeen() *time.Time

func (*ThreatActor) ID ¶

func (t *ThreatActor) ID() shared.ID

Getters

func (*ThreatActor) IsActive ¶

func (t *ThreatActor) IsActive() bool

func (*ThreatActor) LastSeen ¶

func (t *ThreatActor) LastSeen() *time.Time

func (*ThreatActor) MitreGroupID ¶

func (t *ThreatActor) MitreGroupID() string

func (*ThreatActor) Motivation ¶

func (t *ThreatActor) Motivation() string

func (*ThreatActor) Name ¶

func (t *ThreatActor) Name() string

func (*ThreatActor) SetIntel ¶

func (t *ThreatActor) SetIntel(sophistication, motivation, country, mitreGroupID string)

SetIntel sets intelligence details.

func (*ThreatActor) SetTTPs ¶

func (t *ThreatActor) SetTTPs(ttps []TTP)

SetTTPs sets MITRE ATT&CK tactics, techniques, and procedures.

func (*ThreatActor) SetTargeting ¶

func (t *ThreatActor) SetTargeting(industries, regions []string)

SetTargeting sets targeted industries and regions.

func (*ThreatActor) Sophistication ¶

func (t *ThreatActor) Sophistication() string

func (*ThreatActor) TTPs ¶

func (t *ThreatActor) TTPs() []TTP

func (*ThreatActor) Tags ¶

func (t *ThreatActor) Tags() []string

func (*ThreatActor) TargetIndustries ¶

func (t *ThreatActor) TargetIndustries() []string

func (*ThreatActor) TargetRegions ¶

func (t *ThreatActor) TargetRegions() []string

func (*ThreatActor) TenantID ¶

func (t *ThreatActor) TenantID() shared.ID

func (*ThreatActor) Update ¶

func (t *ThreatActor) Update(name, description string, actorType ActorType)

Update sets mutable fields.

func (*ThreatActor) UpdatedAt ¶

func (t *ThreatActor) UpdatedAt() time.Time

type ThreatActorCVE ¶

type ThreatActorCVE struct {
	// contains filtered or unexported fields
}

ThreatActorCVE links a threat actor to a CVE.

func NewThreatActorCVE ¶

func NewThreatActorCVE(tenantID, actorID shared.ID, cveID, confidence, source string) *ThreatActorCVE

NewThreatActorCVE creates a new threat actor CVE link.

func (*ThreatActorCVE) Confidence ¶

func (c *ThreatActorCVE) Confidence() string

func (*ThreatActorCVE) CreatedAt ¶

func (c *ThreatActorCVE) CreatedAt() time.Time

func (*ThreatActorCVE) CveID ¶

func (c *ThreatActorCVE) CveID() string

func (*ThreatActorCVE) FirstObserved ¶

func (c *ThreatActorCVE) FirstObserved() *time.Time

func (*ThreatActorCVE) ID ¶

func (c *ThreatActorCVE) ID() shared.ID

Getters

func (*ThreatActorCVE) Notes ¶

func (c *ThreatActorCVE) Notes() string

func (*ThreatActorCVE) Source ¶

func (c *ThreatActorCVE) Source() string

func (*ThreatActorCVE) TenantID ¶

func (c *ThreatActorCVE) TenantID() shared.ID

func (*ThreatActorCVE) ThreatActorID ¶

func (c *ThreatActorCVE) ThreatActorID() shared.ID

Source Files ¶

View all Source files

entity.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL