README
¶
ThreatWinds Entities - Data Validation and Schema Definitions
This package provides a comprehensive set of tools for data validation, schema definitions, and entity management within the ThreatWinds ecosystem.
🎯 Features
- ✅ Extensive Data Validation: Support for dozens of data types including IP, FQDN, Email, CIDR, Hashes (MD5, SHA1, SHA256, etc.), URLs, MAC addresses, and more.
- 🏗️ Structured Schemas: Definitions for Consolidated Entities, Entity History, Relations, and Comments.
- 🔍 Universal Validator: A single
ValidateValuefunction that routes to the appropriate validator based on type definitions. - 🏷️ Metadata Support: Flexible attribute management and tagging for entities.
- 🔗 Relationship Management: Support for entity associations and aggregations.
📦 Installation
go get github.com/threatwinds/go-sdk/entities
🚀 Quick Start
Validating a Value
package main
import (
"fmt"
"github.com/threatwinds/go-sdk/entities"
)
func main() {
value := "8.8.8.8"
typeStr := "ip"
validatedValue, hash, err := entities.ValidateValue(value, typeStr)
if err != nil {
fmt.Printf("Validation failed: %v\n", err)
return
}
fmt.Printf("Validated Value: %v\n", validatedValue)
fmt.Printf("SHA3-256 Hash: %s\n", hash)
}
Using Entity Schemas
package main
import (
"github.com/threatwinds/go-sdk/entities"
)
func main() {
entity := entities.Entity{
Type: "ip",
Attributes: entities.Attributes{
// Add attributes here
},
Reputation: -1,
Tags: []string{"dns-server"},
VisibleBy: []string{"public"},
}
// Process entity...
}
🛠️ Supported Data Types
The package includes validators for:
- Network: IP (IPv4/IPv6), CIDR, FQDN, MAC, Port.
- Hashes: MD5, SHA1, SHA224, SHA256, SHA384, SHA512, SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHA512-224, SHA512-256.
- Identity/System: Email, URL, UUID, Path, UserID, Adversary, Identifier, Regex.
- Geographic: City, Country.
- Common: String, Case-Insensitive String (ISTR), Integer, Float, Boolean, Date, Datetime, Hexadecimal, Base64, MIME, Phone.
📝 Schema Definitions
EntityConsolidated
Represents the current state of an entity with its reputation and accuracy.
EntityHistory
Tracks changes to an entity over time.
RelationConsolidated & RelationHistory
Manage relationships between different entities.
Comment
Allows adding comments and threaded discussions to entities.
🤝 Contribution
Contributions are welcome! Please feel free to submit a Pull Request.
Documentation
¶
Index ¶
- Constants
- Variables
- func GenerateSHA3256[T string | int64 | float64 | bool](value T) string
- func ValidateAdversary(value string) (string, string, error)
- func ValidateBase64(value string) (string, string, error)
- func ValidateBoolean(value bool) (bool, string, error)
- func ValidateCIDR(value string) (string, string, error)
- func ValidateCity(value string) (string, string, error)
- func ValidateCountry(value string) (string, string, error)
- func ValidateDate(value string) (string, string, error)
- func ValidateDatetime(value string) (string, string, error)
- func ValidateEmail(value string) (string, string, error)
- func ValidateFQDN(value string) (string, string, error)
- func ValidateFloat(value float64) (float64, string, error)
- func ValidateHexadecimal(value string) (string, string, error)
- func ValidateIP(value string) (string, string, error)
- func ValidateIdentifier(value string) (string, string, error)
- func ValidateInteger(value int64) (int64, string, error)
- func ValidateMAC(value string) (string, string, error)
- func ValidateMD5(value string) (string, string, error)
- func ValidateMime(value string) (string, string, error)
- func ValidatePath(value string) (string, string, error)
- func ValidatePhone(value string) (string, string, error)
- func ValidatePort(value string) (string, string, error)
- func ValidateRegEx(regex, value string) error
- func ValidateRegexComp(value interface{}) (string, string, error)
- func ValidateSHA1(value string) (string, string, error)
- func ValidateSHA224(value string) (string, string, error)
- func ValidateSHA256(value string) (string, string, error)
- func ValidateSHA384(value string) (string, string, error)
- func ValidateSHA512(value string) (string, string, error)
- func ValidateSHA3224(value string) (string, string, error)
- func ValidateSHA3256(value string) (string, string, error)
- func ValidateSHA3384(value string) (string, string, error)
- func ValidateSHA3512(value string) (string, string, error)
- func ValidateSHA512224(value string) (string, string, error)
- func ValidateSHA512256(value string) (string, string, error)
- func ValidateString(value string, insensitive bool) (string, string, error)
- func ValidateURL(value string) (string, string, error)
- func ValidateUUID(value string) (uuid.UUID, string, error)
- func ValidateValue(value interface{}, t string) (interface{}, string, error)
- type Attributes
- type Comment
- type Definition
- type Entity
- type EntityAssociation
- type EntityConsolidated
- type EntityHistory
- type RelationConsolidated
- type RelationHistory
Constants ¶
const ( STR = "Case-sensitive string" IP = "IP" EMAIL = "Email" FQDN = "FQDN" INTEGER = "Integer" CIDR = "CIDR" CITY = "City" COUNTRY = "Country" FLOAT = "Float" URL = "URL" MD5 = "MD5" HEXADECIMAL = "Hexadecimal" BASE64 = "BASE64" DATE = "Date" MAC = "MAC" MIME = "MIME type" PHONE = "Phone" SHA1 = "SHA-1" SHA224 = "SHA-224" SHA256 = "SHA-256" SHA384 = "SHA-384" SHA512 = "SHA-512" SHA3_224 = "SHA3-224" SHA3_256 = "SHA3-256" SHA3_384 = "SHA3-384" SHA3_512 = "SHA3-512" SHA512_224 = "SHA512-224" SHA512_256 = "SHA512-256" DATETIME = "Datetime" UUID = "UUID" BOOLEAN = "Boolean" ISTR = "String" PATH = "Path" IDENTIFIER = "UUID|MD5|SHA3-256" ADVERSARY = "Adversary" REGEX = "Regex" PORT = "Port" )
const MaxEntityAttrLength = 65536 // 64KB
Variables ¶
var Definitions = []Definition{}/* 129 elements not displayed */
Functions ¶
func GenerateSHA3256 ¶
GenerateSHA3256 generates a SHA3-256 hash from the given value.
func ValidateAdversary ¶
ValidateAdversary validates if the given value is a valid adversary. It checks if the value is a valid URL, UUID, email, IP, phone, or FQDN. If any of these validations pass, it returns an error. If the value isn't a string, it returns an error. Otherwise, it returns the value and its SHA3-256 hash.
func ValidateBase64 ¶
ValidateBase64 validates if a given string is a valid base64 encoded string. It returns the original string, its SHA3-256 hash and an error if the validation fails.
func ValidateBoolean ¶
ValidateBoolean validates if a given value is a boolean and generates a SHA3-256 hash of the value. Returns a boolean indicating if the value is a boolean, the SHA3-256 hash of the value and an error if any.
func ValidateCIDR ¶
ValidateCIDR validates if a given string is a valid CIDR notation and returns the CIDR string and its SHA3-256 hash.
func ValidateCity ¶
ValidateCity validates a city name by converting it to title case and generating a SHA3-256 hash. It takes a value of type interface{} and returns the validated city name, its SHA3-256 hash, and an error (if any).
func ValidateCountry ¶
ValidateCountry validates a given country string value by converting it to title case and generating a SHA3-256 hash. Returns the validated country string value, its SHA3-256 hash, and an error if the value is not a string.
func ValidateDate ¶
ValidateDate validates a date string in the format "2006-01-02" and returns the formatted date string and its SHA3-256 hash.
func ValidateDatetime ¶
ValidateDatetime validates a datetime string in the RFC3339Nano format and returns the formatted datetime string and its SHA3-256 hash.
func ValidateEmail ¶
ValidateEmail validates if a given string is a valid email address. It returns the email address, its SHA3-256 hash and an error if any.
func ValidateFQDN ¶
ValidateFQDN validates a fully qualified domain name (FQDN) string. It returns the validated FQDN, its SHA3-256 hash, and an error if the validation fails.
func ValidateFloat ¶
ValidateFloat validates if the given value is a float64 or an int64 that can be converted to a float64. It returns the validated float64 value, its SHA3-256 hash, and an error if the value is not a float64 or an int64.
func ValidateHexadecimal ¶
ValidateHexadecimal validates if the given value is a valid hexadecimal string. It returns the hexadecimal string in lowercase format, its SHA3-256 hash and an error if any.
func ValidateIP ¶
ValidateIP validates if the given IP address is valid and not private, multicast, loopback, or unspecified. It returns the validated IP address and its SHA3-256 hash.
func ValidateIdentifier ¶
ValidateIdentifier validates a value by checking if it's a valid UUID, MD5 or SHA3256 hash. If the value is valid, it returns the string representation of the hash, the hash itself and no error. If the value is invalid, it returns empty strings and an error.
func ValidateInteger ¶
ValidateInteger validates if a value is an integer and returns its int64 representation, its SHA3-256 hash and an error if the value is not an integer.
func ValidateMAC ¶
ValidateMAC validates if a given string is a valid MAC address and returns the MAC address in uppercase and its SHA3-256 hash.
func ValidateMD5 ¶
ValidateMD5 validates if a given string is a valid MD5 hash. It receives a value of type interface{} and returns the validated string, its SHA3-256 hash and an error.
func ValidateMime ¶
ValidateMime validates if a given string is a valid MIME type and returns the validated string, its SHA3-256 hash and an error if any.
func ValidatePath ¶
ValidatePath validates if the given value is a valid path and returns the path in lowercase and its SHA3-256 hash. If the value is not a string or contains "://" it returns an error.
func ValidatePhone ¶
ValidatePhone validates a phone number and returns the validated phone number and its SHA3-256 hash. If the value is not a string, it returns an error.
func ValidatePort ¶
ValidatePort validates a port with protocol. It returns the validated PORT, its SHA3-256 hash, and an error if the validation fails.
func ValidateRegEx ¶
ValidateRegEx validates if a given value matches a regular expression. It returns an error if the value does not match the expression.
func ValidateRegexComp ¶
ValidateRegexComp validates if a given value is a valid regular expression. It returns the validated value, its SHA3-256 hash, and an error if the value is not a string or is not a valid regular expression.
func ValidateSHA1 ¶
ValidateSHA1 validates if a given value is a valid SHA1 hash. It receives a value of any type and returns the validated SHA1 hash as a string, its SHA3-256 hash as a string and an error if the value is not a string or if it is not a valid SHA1 hash.
func ValidateSHA224 ¶
ValidateSHA224 validates if a given string is a valid SHA-224 hash and returns the hash in lowercase and its SHA3-256 hash.
func ValidateSHA256 ¶
ValidateSHA256 validates that a given value is a valid SHA256 hash. It takes an interface{} value and returns the validated value as a string, the SHA3256 hash of the value as a string, and an error if the value is not a valid SHA256 hash.
func ValidateSHA384 ¶
ValidateSHA384 validates a string value as a SHA384 hash and returns the hash value, its SHA3256 hash, and an error if any.
func ValidateSHA512 ¶
ValidateSHA512 validates if a given value is a valid SHA512 hash. It receives a value of any type and returns the validated hash as a string, its SHA3256 hash as a string and an error if the value is not a valid SHA512 hash.
func ValidateSHA3224 ¶
ValidateSHA3224 validates if a given string is a valid SHA3-224 hash and returns the hash in lowercase and its SHA3-256 hash.
func ValidateSHA3256 ¶
ValidateSHA3256 validates if the given value is a valid SHA3-256 hash.
func ValidateSHA3384 ¶
ValidateSHA3256 validates if a given string is a valid SHA3-256 hash and returns the hash in lowercase and its SHA3-256 hash.
func ValidateSHA3512 ¶
ValidateSHA3512 validates if a given string is a valid SHA3-512 hash and returns the hash in lowercase and its SHA3-256 hash.
func ValidateSHA512224 ¶
ValidateSHA512224 validates if a given value is a valid SHA512/224 hash. It receives a value of any type and returns the validated hash as a string, the hash generated using SHA3-256 and an error if the value is not a string or if it doesn't match the expected format.
func ValidateSHA512256 ¶
ValidateSHA512256 validates that a given value is a valid SHA512-256 hash. It takes an interface{} value and returns the validated hash as a string, the hash generated by the GenerateSHA3256 function, and an error if any.
func ValidateString ¶
ValidateString validates a string value and returns the original value, its SHA3-256 hash and an error. If the insensitive flag is set to true, the value is converted to lowercase before hashing.
func ValidateURL ¶
ValidateURL validates a given URL string and returns the URL in lowercase and its SHA3-256 hash. If the value is not a string, it returns an error.
func ValidateUUID ¶
ValidateUUID validates if a given value is a valid UUID string and returns the UUID, its SHA3-256 hash and an error if any.
func ValidateValue ¶
ValidateValue validates a value against a specified type. It takes a value of any type and a string representing the type to validate against. It returns the validated value, its SHA3-256 hash, and an error if validation fails. The function looks up the type in the Definitions and calls the appropriate validation function.
Types ¶
type Attributes ¶
type Attributes struct {
AbaRtn *int `json:"aba-rtn,omitempty" example:"123456789"`
AccuracyRadius *float64 `json:"accuracy-radius,omitempty" example:"100"`
Adversary *string `json:"adversary,omitempty" example:"APT1"`
Airport *string `json:"airport-name,omitempty" example:"London"`
Asn *int `json:"asn,omitempty" example:"12345"`
Aso *string `json:"aso,omitempty" example:"AS12345"`
AuthentiHash *string `json:"authentihash,omitempty" example:""`
BankAccountNr *int `json:"bank-account-nr,omitempty" example:"987654321"`
Base64 *string `json:"base64,omitempty" example:"SGVsbG8gV29ybGQ="`
Bic *string `json:"bic,omitempty" example:"BOFAUS3N"`
Bin *int `json:"bin,omitempty" example:"411111"`
Breach *string `json:"breach,omitempty" example:"3a7c9d8e-1b2f-4g5h-6j7k-8l9m0n1o2p3q"`
BreachCount *int `json:"breach-count,omitempty" example:"1000000"`
BreachDate *string `json:"breach-date,omitempty" example:"2023-01-15"`
BreachDescription *string `json:"breach-description,omitempty" example:"A major data breach exposing user credentials and personal information"`
Btc *string `json:"btc,omitempty" example:"1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa"`
Category *string `json:"category,omitempty" example:"malware"`
CcNumber *int `json:"cc-number,omitempty" example:"4111111111111111"`
CdHash *string `json:"cdhash,omitempty" example:"a3b9e2f18c6d5b4a7d8e9f1a2b3c4d5e"`
CertificateFingerprint *string `json:"certificate-fingerprint,omitempty" example:"5E:FF:56:A2:AF:15:88:DD:F1:D5:B9:A3:E9:BD:1F:48:5F:EE:CB:1E"`
ChromeExtension *string `json:"chrome-extension-id,omitempty" example:"mhjfbmdgcfjbbpaeojofohoefgiehjai"`
Cidr *string `json:"cidr,omitempty" example:"192.168.1.0/24"`
City *string `json:"city,omitempty" example:"New York"`
Command *string `json:"command,omitempty" example:"ping -c 4 example.com"`
Cookie *string `json:"cookie,omitempty" example:"sessionid=abc123; Path=/; HttpOnly"`
Country *string `json:"country,omitempty" example:"United States"`
Cpe *string `json:"cpe,omitempty" example:"cpe:2.3:a:microsoft:windows:10:*:*:*:*:*:*:*"`
Cve *string `json:"cve,omitempty" example:"CVE-2021-44228"`
Dash *string `json:"dash,omitempty" example:"XpAy7Zm6aPDPWaJeHHRQ4YECqD1F7bVqhL"`
Date *string `json:"date,omitempty" example:"2023-05-20"`
DateOfIssue *string `json:"date-of-issue,omitempty" example:"2020-01-01"`
Datetime *string `json:"datetime,omitempty" example:"2023-05-20T14:30:15.123456789Z"`
Dkim *string `json:"dkim,omitempty" example:"v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC"`
DkimSignature *string `` /* 143-byte string literal not displayed */
Domain *string `json:"domain,omitempty" example:"example.com"`
Email *string `json:"email,omitempty" example:"<CAE01+9=7sg@mail.example.com>"`
EmailAddress *string `json:"email-address,omitempty" example:"user@example.com"`
EmailBody *string `json:"email-body,omitempty" example:"Hello, this is the body of the email message."`
EmailDisplayName *string `json:"email-display-name,omitempty" example:"John Doe"`
EmailHeader *string `json:"email-header,omitempty" example:"From: sender@example.com\r\nTo: recipient@example.com\r\nSubject: Test Email"`
EmailMimeBoundary *string `json:"email-mime-boundary,omitempty" example:"----=_NextPart_000_0012_01D7A988.9A5F0E30"`
EmailSubject *string `json:"email-subject,omitempty" example:"Important Security Alert"`
EmailThreadIndex *string `json:"email-thread-index,omitempty" example:"AQHSR8AAAA=="`
EmailXMailer *string `json:"email-x-mailer,omitempty" example:"Microsoft Outlook 16.0"`
Eppn *string `json:"eppn,omitempty" example:"user@university.edu"`
ExpirationDate *string `json:"expiration-date,omitempty" example:"2025-12-31"`
FacebookProfile *string `json:"facebook-profile,omitempty" example:"https://www.facebook.com/username"`
Ffn *string `json:"ffn,omitempty" example:"ABC123456"`
File *string `json:"file,omitempty" example:"21a1610ce915d5d5a8ab5b1f5b6d6715cf4f4e3bc0c868352a175279b1881afe"`
FileData *string `json:"file-data,omitempty" example:"https://example.com/files/sample.exe"`
Filename *string `json:"filename,omitempty" example:"malware_sample.exe"`
FilenamePattern *string `json:"filename-pattern,omitempty" example:".*\\.exe$"`
Flight *string `json:"flight,omitempty" example:"AA1234"`
GitHubOrganization *string `json:"github-organization,omitempty" example:"https://github.com/threatwinds"`
GitHubRepository *string `json:"github-repository,omitempty" example:"https://github.com/threatwinds/platform"`
GitHubUser *string `json:"github-user,omitempty" example:"https://github.com/username"`
Group *string `json:"group,omitempty" example:"APT29"`
Hex *string `json:"hex,omitempty" example:"0xDEADBEEF"`
Hostname *string `json:"hostname,omitempty" example:"server01.example.com"`
Iban *string `json:"iban,omitempty" example:"DE89370400440532013000"`
IdNumber *string `json:"id-number,omitempty" example:"AB123456"`
IP *string `json:"ip,omitempty" example:"1.65.1.1"`
Issuer *string `json:"issuer,omitempty" example:"Department of State"`
IssuingCountry *string `json:"issuing-country,omitempty" example:"United States"`
Ja3Fingerprint *string `json:"ja3-fingerprint,omitempty" example:"e7d705a3286e19ea42f587b344ee6865"`
JabberId *string `json:"jabber-id,omitempty" example:"user@jabber.org"`
JarmFingerprint *string `json:"jarm-fingerprint,omitempty" example:"27d40d40d29d40d1dc42d43d00041d4689ee210389f4f6b4b5b1b93f92252d"`
LastAnalysis *string `json:"last-analysis,omitempty" example:"2023-06-15T10:30:00.000Z"`
Latitude *float64 `json:"latitude,omitempty" example:"40.7128"`
Link *string `json:"link,omitempty" example:"https://example.com/reference/doc123"`
Longitude *float64 `json:"longitude,omitempty" example:"-74.0060"`
MacAddress *string `json:"mac-address,omitempty" example:"00:1A:2B:3C:4D:5E"`
Malware *string `json:"malware,omitempty" example:"pdf dropper agent"`
MalwareFamily *string `json:"malware-family,omitempty" example:"pdf"`
MalwareSample *string `json:"malware-sample,omitempty" example:"https://malware.example.com/samples/trojan.exe"`
MalwareType *string `json:"malware-type,omitempty" example:"dropper"`
Md5 *string `json:"md5,omitempty" example:"d41d8cd98f00b204e9800998ecf8427e"`
MimeType *string `json:"mime-type,omitempty" example:"application/pdf"`
MobileAppId *string `json:"mobile-app-id,omitempty" example:"com.example.maliciousapp"`
Os *string `json:"os,omitempty" example:"Windows 10"`
Passport *string `json:"passport,omitempty" example:"AB1234567"`
Path *string `json:"path,omitempty" example:"/var/log/suspicious.log"`
PatternInFile *string `json:"pattern-in-file,omitempty" example:"eval\\(base64_decode\\(.*\\)\\)"`
PatternInMemory *string `json:"pattern-in-memory,omitempty" example:"password=[a-zA-Z0-9]{8,}"`
PatternInTraffic *string `json:"pattern-in-traffic,omitempty" example:"User-Agent: Mozilla\\/5\\.0 \\(compatible; MSIE 9\\.0;"`
Payload *string `json:"payload,omitempty" example:"7a28a1d6ac5b4a7e8c9d0e3f2b1a4c5d6e8f7a9b0c1d2e3f4a5b6c7d8e9f0a1"`
PgpPrivateKey *string `json:"pgp-private-key,omitempty" example:"-----BEGIN PGP PRIVATE KEY BLOCK----- ... -----END PGP PRIVATE KEY BLOCK-----"`
PgpPublicKey *string `json:"pgp-public-key,omitempty" example:"-----BEGIN PGP PUBLIC KEY BLOCK----- ... -----END PGP PUBLIC KEY BLOCK-----"`
Phone *string `json:"phone,omitempty" example:"+15551234567"`
Pnr *string `json:"pnr,omitempty" example:"ABC123"`
Port *string `json:"port,omitempty" example:"443/tcp"`
PostalAddress *string `json:"postal-address,omitempty" example:"123 Main St, Anytown, CA 12345"`
Process *string `json:"process,omitempty" example:"svchost.exe"`
ProcessState *string `json:"process-state,omitempty" example:"running"`
ProfilePhoto *string `json:"profile-photo,omitempty" example:"https://example.com/photos/user123.jpg"`
PRtn *string `json:"prtn,omitempty" example:"1-900-123-4567"`
RedressNumber *string `json:"redress-number,omitempty" example:"987654321"`
RegKey *string `json:"regkey,omitempty" example:"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run"`
Sha1 *string `json:"sha1,omitempty" example:"da39a3ee5e6b4b0d3255bfef95601890afd80709"`
Sha224 *string `json:"sha224,omitempty" example:"d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f"`
Sha256 *string `json:"sha256,omitempty" example:"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"`
Sha384 *string `` /* 130-byte string literal not displayed */
Sha3224 *string `json:"sha3-224,omitempty" example:"6b4e03423667dbb73b6e15454f0eb1abd4597f9a1b078e3f5b5a6bc7"`
Sha3256 *string `json:"sha3-256,omitempty" example:"a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a"`
Sha3384 *string `` /* 132-byte string literal not displayed */
Sha3512 *string `` /* 164-byte string literal not displayed */
Sha512 *string `` /* 162-byte string literal not displayed */
Sha512224 *string `json:"sha512-224,omitempty" example:"6ed0dd02806fa89e25de060c19d3ac86cabb87d6a0ddd05c333b84f4"`
Sha512256 *string `json:"sha512-256,omitempty" example:"c672b8d1ef56ed28ab87c3622c5114069bdd3ad7b8f9737498d0c01ecef0967a"`
SizeInBytes *float64 `json:"size-in-bytes,omitempty" example:"1048576"`
SshBanner *string `json:"ssh-banner,omitempty" example:"SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.1"`
SshFingerprint *string `json:"ssh-fingerprint,omitempty" example:"SHA256:uNiVztksCsDhcc0u9e8BujQXVUpKZIDTMczCvj3tD2s"`
Ssr *string `json:"ssr,omitempty" example:"WCHR"`
Text *string `json:"text,omitempty" example:"This is a sample text content"`
Threat *string `json:"threat,omitempty" example:"ransomware"`
TikTokProfile *string `json:"tiktok-profile,omitempty" example:"https://www.tiktok.com/@username"`
TwitterProfile *string `json:"twitter-profile,omitempty" example:"https://twitter.com/username"`
Url *string `json:"url,omitempty" example:"https://malicious-site.example.com/payload.php"`
Username *string `json:"username,omitempty" example:"johndoe"`
Value *string `json:"value,omitempty" example:"sensitive-data-value"`
Visa *string `json:"visa,omitempty" example:"A12345678"`
WhoisRegistrant *string `json:"whois-registrant,omitempty" example:"Example Organization Inc."`
WhoisRegistrar *string `json:"whois-registrar,omitempty" example:"GoDaddy.com, LLC"`
WindowsScheduledTask *string `json:"windows-scheduled-task,omitempty" example:"\\Microsoft\\Windows\\Defrag\\ScheduledDefrag"`
WindowsServiceDisplayName *string `json:"windows-service-displayname,omitempty" example:"Windows Update"`
WindowsServiceName *string `json:"windows-service-name,omitempty" example:"wuauserv"`
Xmr *string `` /* 126-byte string literal not displayed */
ZipCode *string `json:"zip-code,omitempty" example:"10001"`
}
Attributes represent a collection of various attribute types that can be associated with entities.
func (*Attributes) GetAttribute ¶
func (d *Attributes) GetAttribute(tagName string) (interface{}, bool)
GetAttribute returns the value of the attribute with the specified JSON tag name. It returns the attribute value and a boolean indicating whether the attribute was found. If the attribute isn't found, it returns nil and false.
func (*Attributes) SetAttribute ¶
func (d *Attributes) SetAttribute(tagName string, value interface{}) bool
SetAttribute sets the value of the attribute with the specified JSON tag name. It returns a boolean indicating whether the attribute was found and set successfully. If the attribute isn't found, it returns false.
func (*Attributes) ToMap ¶
func (d *Attributes) ToMap() map[string]interface{}
ToMap returns all existing attributes and values of the Definition as a map[string]interface{}
type Comment ¶
type Comment struct {
ID *string `json:"id,omitempty" example:"f47ac10b-58cc-4372-a567-0e02b2c3d479"`
Timestamp string `json:"@timestamp" example:"2021-09-29T15:59:59.000Z"`
EntityID string `json:"entityID" example:"ip-fe0c2ed9a0a9b23822e5907b0d009bcaf8f969db793cd1d94c40e17e0287c04b"`
Comment string `json:"comment" example:"This is a comment"`
UserID uuid.UUID `json:"userID" example:"f47ac10b-58cc-4372-a567-0e02b2c3d479"`
ParentID uuid.UUID `json:"parentID,omitempty" example:"f47ac10b-58cc-4372-a567-0e02b2c3d479"`
VisibleBy []string `json:"visibleBy" example:"[\"public\",\"quantfall\"]"`
}
type Definition ¶
type Definition struct {
Type string `json:"type" example:"object"`
Description string `json:"description" example:"Important description about the type"`
DataType string `json:"dataType" example:"String"`
Example *Entity `json:"example,omitempty"`
Attributes []Definition `json:"attributes,omitempty"`
Associations []Definition `json:"associations,omitempty"`
Tags []string `json:"tags,omitempty"`
Correlate []string `json:"correlate,omitempty"`
Label string `json:"label,omitempty"`
}
type Entity ¶
type Entity struct {
Type string `json:"type" example:"object"`
Attributes Attributes `json:"attributes"`
Associations []EntityAssociation `json:"associations"`
Reputation int `json:"reputation" example:"-1"`
Correlate []string `json:"correlate" example:"[\"md5\", \"sha1\", \"sha256\", \"sha3-256\"]"`
Tags []string `json:"tags" example:"[\"malware\", \"common-file\"]"`
VisibleBy []string `json:"visibleBy" example:"[\"public\"]"`
}
type EntityAssociation ¶
type EntityConsolidated ¶
type EntityConsolidated struct {
ID *string `json:"id,omitempty" example:"ip-ad0c2ed9a0a9b23822e5907b0d009bcaf8f969db793cd1d94c40e17e0287c04b"`
Timestamp string `json:"@timestamp" example:"2021-09-29T15:59:59.000Z"`
LastSeen string `json:"lastSeen" example:"2021-09-29T15:59:59.000Z"`
Type string `json:"type" example:"ip"`
Reputation int `json:"reputation" example:"-3"`
BestReputation int `json:"bestReputation" example:"-1"`
WorstReputation int `json:"worstReputation" example:"-3"`
Accuracy int `json:"accuracy" example:"3"`
Attributes Attributes `json:"attributes"`
Tags []string `json:"tags" example:"[\"web-server\",\"mail-server\"]"`
VisibleBy []string `json:"visibleBy" example:"[\"public\",\"quantfall\"]"`
WellKnown bool `json:"wellKnown" example:"false"`
}
type EntityHistory ¶
type EntityHistory struct {
ID *uuid.UUID `json:"id,omitempty" example:"f47ac10b-58cc-4372-a567-0e02b2c3d479"`
Timestamp string `json:"@timestamp" example:"2021-09-29T15:59:59.000Z"`
EntityID string `json:"entityID" example:"ip-ad0c2ed9a0a9b23822e5907b0d009bcaf8f969db793cd1d94c40e17e0287c04b"`
Type string `json:"type" example:"ip"`
UserID uuid.UUID `json:"userID" example:"f47ac10b-58cc-4372-a567-0e02b2c3d479"`
Reputation int `json:"reputation" example:"-3"`
Attributes Attributes `json:"attributes"`
Tags []string `json:"tags" example:"[\"web-server\",\"mail-server\"]"`
VisibleBy []string `json:"visibleBy" example:"[\"public\",\"quantfall\"]"`
WellKnown bool `json:"wellKnown" example:"false"`
}
type RelationConsolidated ¶
type RelationConsolidated struct {
ID *string `json:"id,omitempty" example:"ad0c2ed9a0a9b23822e5907b0d009bcaf8f969db793cd1d94c40e17e0287c04b"`
Timestamp string `json:"@timestamp" example:"2021-09-29T15:59:59.000Z"`
LastSeen string `json:"lastSeen" example:"2021-09-29T15:59:59.000Z"`
EntityID string `json:"entityID" example:"ip-fe0c2ed9a0a9b23822e5907b0d009bcaf8f969db793cd1d94c40e17e0287c04b"`
RelatedEntityID string `json:"relatedEntityID" example:"domain-da0c2ed9a0a9b23822e5907b0d009bcaf8f969db793cd1d94c40e17e0287c04b"`
Mode string `json:"mode" example:"aggregation"`
VisibleBy []string `json:"visibleBy" example:"[\"public\",\"quantfall\"]"`
}
type RelationHistory ¶
type RelationHistory struct {
ID *uuid.UUID `json:"id,omitempty" example:"f47ac10b-58cc-4372-a567-0e02b2c3d479"`
Timestamp string `json:"@timestamp" example:"2021-09-29T15:59:59.000Z"`
RelationID string `json:"relationID" example:"ad0c2ed9a0a9b23822e5907b0d009bcaf8f969db793cd1d94c40e17e0287c04b"`
EntityID string `json:"entityID" example:"ip-fe0c2ed9a0a9b23822e5907b0d009bcaf8f969db793cd1d94c40e17e0287c04b"`
RelatedEntityID string `json:"relatedEntityID" example:"domain-da0c2ed9a0a9b23822e5907b0d009bcaf8f969db793cd1d94c40e17e0287c04b"`
UserID uuid.UUID `json:"userID" example:"f47ac10b-58cc-4372-a567-0e02b2c3d479"`
Mode string `json:"mode" example:"association"`
VisibleBy []string `json:"visibleBy" example:"[\"public\",\"quantfall\"]"`
}
Source Files
¶
- adversary.go
- attributes.go
- base64.go
- boolean.go
- cidr.go
- city.go
- country.go
- date.go
- definitions.go
- email.go
- float.go
- fqdn.go
- hexadecimal.go
- integer.go
- ip.go
- mac.go
- md5.go
- mime.go
- object.go
- path.go
- phone.go
- port.go
- regex.go
- schema.go
- sha1.go
- sha224.go
- sha256.go
- sha3-224.go
- sha3-256.go
- sha3-384.go
- sha3-512.go
- sha384.go
- sha512-224.go
- sha512-256.go
- sha512.go
- string.go
- url.go
- uuid.go
- validations.go