timesketch

package
v0.0.0-...-0e761cb Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 7, 2025 License: MIT Imports: 16 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var ErrNoRows = errors.New("timesketch: no rows in result set")
View Source 
var StarredEventsChip = Chip{
	Type:     "label",
	Field:    "label",
	Value:    "__ts_star",
	Operator: "must",
	Active:   true,
}

Functions

This section is empty.

Types

type Chip 

type Chip struct {
	Type     string `json:"type"`
	Field    string `json:"field"`
	Value    string `json:"value"`
	Operator string `json:"operator"`
	Active   bool   `json:"active"`
}

type Client 

type Client struct {
	BaseURL  string
	Username string
	Password string
	// contains filtered or unexported fields
}

func NewClient 

func NewClient(uri, username, password string) (*Client, error)

func (Client) Explore 

func (client Client) Explore(id int, query string, filter Filter) ([]Event, error)

func (Client) GetSketch 

func (client Client) GetSketch(id int) (Sketch, error)

func (Client) ListSketches 

func (client Client) ListSketches() ([]Sketch, error)

func (Client) Upload 

func (client Client) Upload(sketch int, path string) error

type Event 

type Event struct {
	ID     string         `json:"_id"`
	Index  string         `json:"_index"`
	Score  string         `json:"_score"`
	Source map[string]any `json:"_source"`

	// copied over from source
	Message       string
	Datetime      time.Time
	TimestampDesc string
}

type Field 

type Field struct {
	Field string `json:"field"`
	Type  string `json:"type"`
}

type Filter 

type Filter struct {
	Size    int     `json:"size"`
	Indices []int   `json:"indices"`
	Order   string  `json:"order"`
	Chips   []Chip  `json:"chips"`
	Fields  []Field `json:"fields"`
}

type Response 

type Response[T any] struct {
	Meta struct {
		CurrentPage int    `json:"current_page"`
		CurrentUser string `json:"current_user"`
		HasNext     bool   `json:"has_next"`
		HasPrev     bool   `json:"has_prev"`
		NextPage    string `json:"next_page"`
		PrevPage    string `json:"prev_page"`
		TotalItems  int    `json:"total_items"`
		TotalPages  int    `json:"total_pages"`

		Attributes map[string]struct {
			Ontology string `json:"ontology"`
			Values   struct {
				Data []struct {
					Type        string   `json:"type"`
					IOC         string   `json:"ioc"`
					Tags        []string `json:"tags"`
					ExternalURI string   `json:"externalURI"`
				} `json:"data"`
			} `json:"value"`
		} `json:"attributes"`

		Mappings []Field `json:"mappings"`
	} `json:"meta"`
	Objects []T `json:"objects"`
}

type Sketch 

type Sketch struct {
	ID          int    `json:"id"`
	Name        string `json:"name"`
	Description string `json:"description"`

	Timelines []Timeline `json:"timelines"`

	// copied over from meta
	Mappings   []Field `json:"mappings"`
	Attributes map[string]struct {
		Ontology string `json:"ontology"`
		Values   struct {
			Data []struct {
				Type        string   `json:"type"`
				IOC         string   `json:"ioc"`
				Tags        []string `json:"tags"`
				ExternalURI string   `json:"externalURI"`
			} `json:"data"`
		} `json:"value"`
	} `json:"attributes"`
}

type Timeline 

type Timeline struct {
	ID   int    `json:"id"`
	Name string `json:"name"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.