-
Notifications
You must be signed in to change notification settings - Fork 4
/
insight_objects.go
128 lines (114 loc) · 3.87 KB
/
insight_objects.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
package limacharlie
import (
"fmt"
"net/http"
)
type InsightObjectType string
var InsightObjectTypes = struct {
Domain InsightObjectType
Username InsightObjectType
IP InsightObjectType
FileHash InsightObjectType
FilePath InsightObjectType
FileName InsightObjectType
ServiceName InsightObjectType
PackageName InsightObjectType
}{
Domain: "domain",
Username: "user",
IP: "ip",
FileHash: "file_hash",
FilePath: "file_path",
FileName: "file_name",
ServiceName: "service_name",
PackageName: "package_name",
}
type InsightObjectTypeInfoType string
var InsightObjectTypeInfoTypes = struct {
Summary InsightObjectTypeInfoType
Location InsightObjectTypeInfoType
}{
Summary: "summary",
Location: "locations",
}
type InsightObjectsRequest struct {
IndicatorName string
ObjectType InsightObjectType
ObjectTypeInfo InsightObjectTypeInfoType
IsCaseSensitive bool
AllowWildcards bool
SearchInLogs bool
}
type InsightObjectsResponse struct {
ObjectType InsightObjectType `json:"type"`
IndicatorName string `json:"name"`
FromCache bool `json:"from_cache"`
Last1Day int64 `json:"last_1_days"`
Last7Days int64 `json:"last_7_days"`
Last30Days int64 `json:"last_30_days"`
Last365Days int64 `json:"last_365_days"`
}
func (org Organization) InsightObjects(insightReq InsightObjectsRequest) (InsightObjectsResponse, error) {
var resp InsightObjectsResponse
if err := org.insightObjects(insightReq, false, &resp); err != nil {
return InsightObjectsResponse{}, err
}
return resp, nil
}
type InsightObjectsPerObjectResponse struct {
ObjectType InsightObjectType `json:"type"`
IndicatorName string `json:"name"`
FromCache bool `json:"from_cache"`
Last1Day Dict `json:"last_1_days"`
Last7Days Dict `json:"last_7_days"`
Last30Days Dict `json:"last_30_days"`
Last365Days Dict `json:"last_365_days"`
}
func (org Organization) InsightObjectsPerObject(insightReq InsightObjectsRequest) (InsightObjectsPerObjectResponse, error) {
var resp InsightObjectsPerObjectResponse
if err := org.insightObjects(insightReq, true, &resp); err != nil {
return InsightObjectsPerObjectResponse{}, err
}
return resp, nil
}
type InsightObjectsBatchRequest struct {
Objects map[InsightObjectType][]string
IsCaseSensitive bool
}
type InsightObjectBatchResponse struct {
FromCache bool `json:"from_cache"`
Last1Day Dict `json:"last_1_days"`
Last7Days Dict `json:"last_7_days"`
Last30Days Dict `json:"last_30_days"`
Last365Days Dict `json:"last_365_days"`
}
func (org Organization) InsightObjectsBatch(insightReq InsightObjectsBatchRequest) (InsightObjectBatchResponse, error) {
req := Dict{
"objects": insightReq.Objects,
"case_sensitive": insightReq.IsCaseSensitive,
}
var resp InsightObjectBatchResponse
request := makeDefaultRequest(&resp).withFormData(req)
if err := org.client.reliableRequest(http.MethodPost, fmt.Sprintf("insight/%s/objects", org.client.options.OID), request); err != nil {
return InsightObjectBatchResponse{}, err
}
return resp, nil
}
func (org Organization) insightObjects(insightReq InsightObjectsRequest, perObject bool, resp interface{}) error {
req := Dict{
"name": insightReq.IndicatorName,
"info": insightReq.ObjectTypeInfo,
"case_sensitive": insightReq.IsCaseSensitive,
"with_wildcards": insightReq.AllowWildcards,
"per_object": perObject,
"origin_type": "sid",
}
if insightReq.SearchInLogs {
req["origin_type"] = "lsid"
}
request := makeDefaultRequest(resp).withQueryData(req)
if err := org.client.reliableRequest(http.MethodGet, fmt.Sprintf("insight/%s/objects/%s", org.client.options.OID, insightReq.ObjectType), request); err != nil {
return err
}
return nil
}