threat

package

v0.2.0 Latest Latest Go to latest Published: Apr 23, 2026 License: GPL-3.0 Imports: 17 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/openctemio/api

Links

Open Source Insights

Documentation ¶

Index ¶

type ActorService
- func NewActorService(repo threatactor.Repository, log *logger.Logger) *ActorService
type CreateActorInput
type EPSSScore
type EPSSStats
type IntelRefresher
- func NewIntelRefresher(log *logger.Logger) *IntelRefresher
type IntelService
- func NewIntelService(repo threatintel.ThreatIntelRepository, log *logger.Logger) *IntelService
type IntelSyncResult
type KEVEntry
type KEVEscalator
type KEVStats
type ThreatIntelStats
type ThreatIntelSyncDTO

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type ActorService ¶

type ActorService struct {
	// contains filtered or unexported fields
}

ActorService manages threat actor intelligence.

func NewActorService ¶

func NewActorService(repo threatactor.Repository, log *logger.Logger) *ActorService

NewActorService creates a new threat actor service.

func (*ActorService) CreateActor ¶

func (s *ActorService) CreateActor(ctx context.Context, input CreateActorInput) (*threatactor.ThreatActor, error)

CreateActor creates a new threat actor.

func (*ActorService) DeleteActor ¶

func (s *ActorService) DeleteActor(ctx context.Context, tenantID, actorID string) error

DeleteActor deletes a threat actor.

func (*ActorService) GetActor ¶

func (s *ActorService) GetActor(ctx context.Context, tenantID, actorID string) (*threatactor.ThreatActor, error)

GetActor retrieves a threat actor by ID.

func (*ActorService) ListActors ¶

func (s *ActorService) ListActors(ctx context.Context, tenantID string, filter threatactor.Filter, page pagination.Pagination) (pagination.Result[*threatactor.ThreatActor], error)

ListActors lists threat actors with filtering.

type CreateActorInput ¶

type CreateActorInput struct {
	TenantID         string
	Name             string
	Aliases          []string
	Description      string
	ActorType        string
	Sophistication   string
	Motivation       string
	CountryOfOrigin  string
	MitreGroupID     string
	TTPs             []threatactor.TTP
	TargetIndustries []string
	TargetRegions    []string
	Tags             []string
}

CreateActorInput holds input for creating a threat actor.

type EPSSScore ¶

type EPSSScore struct {
	CVE   string  `json:"cve"`
	EPSS  float64 `json:"epss"`
	Model string  `json:"model"`
	Date  string  `json:"date"`
}

EPSSScore represents an EPSS score entry.

type EPSSStats ¶

type EPSSStats struct {
	TotalScores       int `json:"total_scores"`
	HighRiskCount     int `json:"high_risk_count"`     // EPSS > 0.1 (10%)
	CriticalRiskCount int `json:"critical_risk_count"` // EPSS > 0.3 (30%)
}

EPSSStats contains EPSS statistics.

type IntelRefresher ¶

type IntelRefresher struct {
	// contains filtered or unexported fields
}

IntelRefresher handles automated EPSS and KEV data refresh.

func NewIntelRefresher ¶

func NewIntelRefresher(log *logger.Logger) *IntelRefresher

NewIntelRefresher creates a new refresher.

func (*IntelRefresher) FetchEPSSForCVEs ¶

func (r *IntelRefresher) FetchEPSSForCVEs(ctx context.Context, cveIDs []string) ([]EPSSScore, error)

FetchEPSSForCVEs fetches EPSS scores for specific CVE IDs.

func (*IntelRefresher) FetchEPSSScores ¶

func (r *IntelRefresher) FetchEPSSScores(ctx context.Context) ([]EPSSScore, error)

FetchEPSSScores fetches EPSS scores from FIRST.org API. Returns top 1000 CVEs by EPSS score.

func (*IntelRefresher) FetchKEVCatalog ¶

func (r *IntelRefresher) FetchKEVCatalog(ctx context.Context) ([]KEVEntry, error)

FetchKEVCatalog fetches CISA Known Exploited Vulnerabilities catalog.

type IntelService ¶

type IntelService struct {
	// contains filtered or unexported fields
}

IntelService handles threat intelligence operations.

func NewIntelService ¶

func NewIntelService(
	repo threatintel.ThreatIntelRepository,
	log *logger.Logger,
) *IntelService

NewIntelService creates a new IntelService.

func (*IntelService) EnrichCVE ¶

func (s *IntelService) EnrichCVE(ctx context.Context, cveID string) (*threatintel.ThreatIntelEnrichment, error)

EnrichCVE enriches a single CVE with threat intel data.

func (*IntelService) EnrichCVEs ¶

func (s *IntelService) EnrichCVEs(ctx context.Context, cveIDs []string) (map[string]*threatintel.ThreatIntelEnrichment, error)

EnrichCVEs enriches multiple CVEs with threat intel data.

func (*IntelService) GetEPSSScore ¶

func (s *IntelService) GetEPSSScore(ctx context.Context, cveID string) (*threatintel.EPSSScore, error)

GetEPSSScore retrieves an EPSS score by CVE ID.

func (*IntelService) GetEPSSScores ¶

func (s *IntelService) GetEPSSScores(ctx context.Context, cveIDs []string) ([]*threatintel.EPSSScore, error)

GetEPSSScores retrieves EPSS scores for multiple CVE IDs.

func (*IntelService) GetEPSSStats ¶

func (s *IntelService) GetEPSSStats(ctx context.Context) (*EPSSStats, error)

GetEPSSStats returns EPSS statistics.

func (*IntelService) GetHighRiskEPSS ¶

func (s *IntelService) GetHighRiskEPSS(ctx context.Context, threshold float64, limit int) ([]*threatintel.EPSSScore, error)

GetHighRiskEPSS retrieves high-risk EPSS scores.

func (*IntelService) GetKEVEntry ¶

func (s *IntelService) GetKEVEntry(ctx context.Context, cveID string) (*threatintel.KEVEntry, error)

GetKEVEntry retrieves a KEV entry by CVE ID.

func (*IntelService) GetKEVStats ¶

func (s *IntelService) GetKEVStats(ctx context.Context) (*KEVStats, error)

GetKEVStats returns KEV statistics.

func (*IntelService) GetSyncStatus ¶

func (s *IntelService) GetSyncStatus(ctx context.Context, source string) (*threatintel.SyncStatus, error)

GetSyncStatus returns sync status for a specific source.

func (*IntelService) GetSyncStatuses ¶

func (s *IntelService) GetSyncStatuses(ctx context.Context) ([]*threatintel.SyncStatus, error)

GetSyncStatuses returns all sync statuses.

func (*IntelService) GetThreatIntelStats ¶

func (s *IntelService) GetThreatIntelStats(ctx context.Context) (*ThreatIntelStats, error)

GetThreatIntelStats returns unified threat intelligence statistics. This combines EPSS stats, KEV stats, and sync statuses in a single call.

func (*IntelService) IsInKEV ¶

func (s *IntelService) IsInKEV(ctx context.Context, cveID string) (bool, error)

IsInKEV checks if a CVE is in the KEV catalog.

func (*IntelService) SetSyncEnabled ¶

func (s *IntelService) SetSyncEnabled(ctx context.Context, source string, enabled bool) error

SetSyncEnabled enables or disables sync for a source.

func (*IntelService) SyncAll ¶

func (s *IntelService) SyncAll(ctx context.Context) []IntelSyncResult

SyncAll syncs all enabled threat intel sources.

func (*IntelService) SyncEPSS ¶

func (s *IntelService) SyncEPSS(ctx context.Context) IntelSyncResult

SyncEPSS syncs EPSS scores from FIRST.org.

func (*IntelService) SyncKEV ¶

func (s *IntelService) SyncKEV(ctx context.Context) IntelSyncResult

SyncKEV syncs KEV catalog from CISA.

type IntelSyncResult ¶

type IntelSyncResult struct {
	Source        string
	RecordsSynced int
	DurationMs    int64
	Error         error
}

IntelSyncResult contains the result of a sync operation.

type KEVEntry ¶

type KEVEntry struct {
	CVEID                      string `json:"cveID"`
	VendorProject              string `json:"vendorProject"`
	Product                    string `json:"product"`
	VulnerabilityName          string `json:"vulnerabilityName"`
	DateAdded                  string `json:"dateAdded"`
	ShortDescription           string `json:"shortDescription"`
	RequiredAction             string `json:"requiredAction"`
	DueDate                    string `json:"dueDate"`
	KnownRansomwareCampaignUse string `json:"knownRansomwareCampaignUse"`
}

KEVEntry represents a CISA KEV catalog entry.

type KEVEscalator ¶

type KEVEscalator interface {
	// EscalateKEVFindings sets severity to 'critical' for open findings
	// whose cve_id is in the kev_catalog. Returns the number of escalated findings.
	EscalateKEVFindings(ctx context.Context) (int, error)
}

KEVEscalator auto-escalates findings whose CVEs appear in the CISA KEV catalog.

type KEVStats ¶

type KEVStats struct {
	TotalEntries            int `json:"total_entries"`
	PastDueCount            int `json:"past_due_count"`
	RecentlyAddedLast30Days int `json:"recently_added_last_30_days"`
	RansomwareRelatedCount  int `json:"ransomware_related_count"`
}

KEVStats contains KEV catalog statistics.

type ThreatIntelStats ¶

type ThreatIntelStats struct {
	EPSS         *EPSSStats            `json:"epss"`
	KEV          *KEVStats             `json:"kev"`
	SyncStatuses []*ThreatIntelSyncDTO `json:"sync_statuses"`
}

ThreatIntelStats contains unified threat intelligence statistics.

type ThreatIntelSyncDTO ¶

type ThreatIntelSyncDTO struct {
	Source         string  `json:"source"`
	Enabled        bool    `json:"enabled"`
	LastSyncAt     *string `json:"last_sync_at,omitempty"`
	LastSyncStatus string  `json:"last_sync_status"`
	RecordsSynced  int     `json:"records_synced"`
	LastError      *string `json:"last_error,omitempty"`
	NextSyncAt     *string `json:"next_sync_at,omitempty"`
}

ThreatIntelSyncDTO is a data transfer object for sync status.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL