482 lines
16 KiB
Go
482 lines
16 KiB
Go
// Package cti provides primitives to interact with the openapi HTTP API.
|
|
//
|
|
// Code generated by github.com/deepmap/oapi-codegen/v2 version v2.1.0 DO NOT EDIT.
|
|
package cti
|
|
|
|
const (
|
|
Api_keyScopes = "api_key.Scopes"
|
|
)
|
|
|
|
// Defines values for FireIPCTIResponseState.
|
|
const (
|
|
Refused FireIPCTIResponseState = "refused"
|
|
Validated FireIPCTIResponseState = "validated"
|
|
)
|
|
|
|
// CTIObject defines model for CTIObject.
|
|
type CTIObject struct {
|
|
// AsName The autonomous system name to which the IP belongs
|
|
AsName *string `json:"as_name"`
|
|
|
|
// AsNum The autonomous system number to which the IP belongs
|
|
AsNum *float32 `json:"as_num"`
|
|
|
|
// AttackDetails A more exhaustive list of the scenarios for which a given IP was reported
|
|
AttackDetails *[]struct {
|
|
// Description Human-friendly descriptions of scenarios
|
|
Description *string `json:"description,omitempty"`
|
|
|
|
// Label Human-friendly descriptions of scenarios
|
|
Label *string `json:"label,omitempty"`
|
|
|
|
// Name Name of the scenario (see hub.crowdsec.net)
|
|
Name *string `json:"name,omitempty"`
|
|
References *[]string `json:"references,omitempty"`
|
|
} `json:"attack_details,omitempty"`
|
|
|
|
// BackgroundNoiseScore The background noise score of the IP ranging from 0 to 10 (highly noisy)
|
|
BackgroundNoiseScore *float32 `json:"background_noise_score"`
|
|
|
|
// Behaviors A list of the attack categories for which the IP was reported
|
|
Behaviors []struct {
|
|
// Description Human-friendly description of the category
|
|
Description *string `json:"description,omitempty"`
|
|
|
|
// Label Human-friendly description of the category
|
|
Label *string `json:"label,omitempty"`
|
|
|
|
// Name The category of the attack, often in the form "protocol-or-scope:attack_type"
|
|
Name *string `json:"name,omitempty"`
|
|
} `json:"behaviors"`
|
|
Classifications struct {
|
|
// Classifications A list of categories associated with the IP. Those data can be sourced from 3rd parties (i.e. tor exit nodes list)
|
|
Classifications *[]struct {
|
|
// Description Human-friendly description of the category
|
|
Description *string `json:"description,omitempty"`
|
|
|
|
// Label Human-friendly name of the category
|
|
Label *string `json:"label,omitempty"`
|
|
|
|
// Name The name of the category, often in the form "protocol-or-scope:attack_type"
|
|
Name *string `json:"name,omitempty"`
|
|
} `json:"classifications,omitempty"`
|
|
|
|
// FalsePositives A list of false positives tags associated with the IP. Any IP with `false_positives` tags shouldn't be considered as malicious
|
|
FalsePositives *[]struct {
|
|
// Description Human-friendly description of the category
|
|
Description *string `json:"description,omitempty"`
|
|
|
|
// Label Human-friendly name of the category
|
|
Label *string `json:"label,omitempty"`
|
|
|
|
// Name The name of the false positive, often in the form "protocol-or-scope:attack_type"
|
|
Name *string `json:"name,omitempty"`
|
|
} `json:"false_positives,omitempty"`
|
|
} `json:"classifications"`
|
|
|
|
// Cves A list of CVEs reported for this IP.
|
|
Cves *[]string `json:"cves,omitempty"`
|
|
History struct {
|
|
// DaysAge Delta in days between first and last seen timestamps
|
|
DaysAge *float32 `json:"days_age,omitempty"`
|
|
|
|
// FirstSeen Date of the first time this IP was reported. Due to "progressive data degradation", this date might be later than the first time the IP was actually seen
|
|
FirstSeen *string `json:"first_seen,omitempty"`
|
|
|
|
// FullAge Delta in days between first seen and today
|
|
FullAge *float32 `json:"full_age,omitempty"`
|
|
|
|
// LastSeen Date of the last time this IP was reported
|
|
LastSeen *string `json:"last_seen,omitempty"`
|
|
} `json:"history"`
|
|
|
|
// Ip Requested IP
|
|
Ip string `json:"ip"`
|
|
|
|
// IpRange The range to which the IP belongs
|
|
IpRange *string `json:"ip_range"`
|
|
|
|
// IpRangeScore The score of the range (ip_range) the IP belongs to. 0 is good/unknown, 5 is worse
|
|
IpRangeScore float32 `json:"ip_range_score"`
|
|
|
|
// Location Location information about the IP address
|
|
Location struct {
|
|
// City The associated City of the IP
|
|
City *string `json:"city"`
|
|
|
|
// Country The two letters country code of the IP
|
|
Country *string `json:"country"`
|
|
|
|
// Latitude Coordinates of the IP
|
|
Latitude *float32 `json:"latitude"`
|
|
|
|
// Longitude Coordinates of the IP
|
|
Longitude *float32 `json:"longitude"`
|
|
} `json:"location"`
|
|
|
|
// MitreTechniques A list of Mitre Enterprise Techniques associated with the IP.
|
|
MitreTechniques *[]struct {
|
|
// Description Description of the Mitre technique
|
|
Description *string `json:"description,omitempty"`
|
|
|
|
// Label The name of the Mitre technique
|
|
Label *string `json:"label,omitempty"`
|
|
|
|
// Name The ID of the Mitre technique"
|
|
Name *string `json:"name,omitempty"`
|
|
} `json:"mitre_techniques,omitempty"`
|
|
|
|
// References A list of the references for which the IP was see
|
|
References []struct {
|
|
// Description Human-friendly description of the reference
|
|
Description *string `json:"description,omitempty"`
|
|
|
|
// Label Human-friendly description of the reference
|
|
Label *string `json:"label,omitempty"`
|
|
|
|
// Name The reference, often in the form "list:list_name"
|
|
Name *string `json:"name,omitempty"`
|
|
} `json:"references"`
|
|
|
|
// ReverseDns Reverse dns lookup of the IP
|
|
ReverseDns *string `json:"reverse_dns"`
|
|
Scores struct {
|
|
LastDay *struct {
|
|
// Aggressiveness Last day aggressiveness score
|
|
Aggressiveness *float32 `json:"aggressiveness,omitempty"`
|
|
|
|
// Anomaly Last day anomaly score
|
|
Anomaly *float32 `json:"anomaly,omitempty"`
|
|
|
|
// Threat Last day threat score
|
|
Threat *float32 `json:"threat,omitempty"`
|
|
|
|
// Total Last day score
|
|
Total *float32 `json:"total,omitempty"`
|
|
|
|
// Trust Last day trust score
|
|
Trust *float32 `json:"trust,omitempty"`
|
|
} `json:"last_day,omitempty"`
|
|
LastMonth *struct {
|
|
// Aggressiveness Last month aggressiveness score
|
|
Aggressiveness *float32 `json:"aggressiveness,omitempty"`
|
|
|
|
// Anomaly Last month anomaly score
|
|
Anomaly *float32 `json:"anomaly,omitempty"`
|
|
|
|
// Threat Last month threat score
|
|
Threat *float32 `json:"threat,omitempty"`
|
|
|
|
// Total Last month score
|
|
Total *float32 `json:"total,omitempty"`
|
|
|
|
// Trust Last month trust score
|
|
Trust *float32 `json:"trust,omitempty"`
|
|
} `json:"last_month,omitempty"`
|
|
LastWeek *struct {
|
|
// Aggressiveness Last week aggressiveness score
|
|
Aggressiveness *float32 `json:"aggressiveness,omitempty"`
|
|
|
|
// Anomaly Last week anomaly score
|
|
Anomaly *float32 `json:"anomaly,omitempty"`
|
|
|
|
// Threat Last week threat score
|
|
Threat *float32 `json:"threat,omitempty"`
|
|
|
|
// Total Last week score
|
|
Total *float32 `json:"total,omitempty"`
|
|
|
|
// Trust Last week trust score
|
|
Trust *float32 `json:"trust,omitempty"`
|
|
} `json:"last_week,omitempty"`
|
|
Overall *struct {
|
|
// Aggressiveness Overall aggressiveness score
|
|
Aggressiveness *float32 `json:"aggressiveness,omitempty"`
|
|
|
|
// Anomaly Overall anomaly score
|
|
Anomaly *float32 `json:"anomaly,omitempty"`
|
|
|
|
// Threat Overall threat score
|
|
Threat *float32 `json:"threat,omitempty"`
|
|
|
|
// Total Overall score
|
|
Total *float32 `json:"total,omitempty"`
|
|
|
|
// Trust Overall trust score
|
|
Trust *float32 `json:"trust,omitempty"`
|
|
} `json:"overall,omitempty"`
|
|
} `json:"scores"`
|
|
|
|
// TargetCountries The top 10 reports repartition by country about the IP, as a percentage
|
|
TargetCountries map[string]interface{} `json:"target_countries"`
|
|
}
|
|
|
|
// ErrorResponse Error response return by the API
|
|
type ErrorResponse struct {
|
|
// Errors More details on individual errors
|
|
Errors *string `json:"errors,omitempty"`
|
|
|
|
// Message Error message
|
|
Message string `json:"message"`
|
|
}
|
|
|
|
// FireCTIResponse defines model for FireCTIResponse.
|
|
type FireCTIResponse struct {
|
|
Links struct {
|
|
// First Url of the first page of result set
|
|
First struct {
|
|
Href *string `json:"href"`
|
|
} `json:"first"`
|
|
|
|
// Next Url of the next page of result set
|
|
Next struct {
|
|
Href string `json:"href"`
|
|
} `json:"next"`
|
|
|
|
// Prev Url of the previous page of result set
|
|
Prev *struct {
|
|
Href string `json:"href"`
|
|
} `json:"prev,omitempty"`
|
|
|
|
// Self Url of the current result set
|
|
Self struct {
|
|
Href string `json:"href"`
|
|
} `json:"self"`
|
|
} `json:"_links"`
|
|
Items []FireIPCTIResponse `json:"items"`
|
|
}
|
|
|
|
// FireIPCTIResponse defines model for FireIPCTIResponse.
|
|
type FireIPCTIResponse struct {
|
|
// AsName The autonomous system name to which the IP belongs
|
|
AsName *string `json:"as_name"`
|
|
|
|
// AsNum The autonomous system number to which the IP belongs
|
|
AsNum *float32 `json:"as_num"`
|
|
|
|
// AttackDetails A more exhaustive list of the scenarios for which a given IP was reported
|
|
AttackDetails *[]struct {
|
|
// Description Human-friendly descriptions of scenarios
|
|
Description *string `json:"description,omitempty"`
|
|
|
|
// Label Human-friendly descriptions of scenarios
|
|
Label *string `json:"label,omitempty"`
|
|
|
|
// Name Name of the scenario (see hub.crowdsec.net)
|
|
Name *string `json:"name,omitempty"`
|
|
References *[]string `json:"references,omitempty"`
|
|
} `json:"attack_details,omitempty"`
|
|
|
|
// BackgroundNoiseScore The background noise score of the IP ranging from 0 to 10 (highly noisy)
|
|
BackgroundNoiseScore *float32 `json:"background_noise_score"`
|
|
|
|
// Behaviors A list of the attack categories for which the IP was reported
|
|
Behaviors []struct {
|
|
// Description Human-friendly description of the category
|
|
Description *string `json:"description,omitempty"`
|
|
|
|
// Label Human-friendly description of the category
|
|
Label *string `json:"label,omitempty"`
|
|
|
|
// Name The category of the attack, often in the form "protocol-or-scope:attack_type"
|
|
Name *string `json:"name,omitempty"`
|
|
} `json:"behaviors"`
|
|
Classifications struct {
|
|
// Classifications A list of categories associated with the IP. Those data can be sourced from 3rd parties (i.e. tor exit nodes list)
|
|
Classifications *[]struct {
|
|
// Description Human-friendly description of the category
|
|
Description *string `json:"description,omitempty"`
|
|
|
|
// Label Human-friendly name of the category
|
|
Label *string `json:"label,omitempty"`
|
|
|
|
// Name The name of the category, often in the form "protocol-or-scope:attack_type"
|
|
Name *string `json:"name,omitempty"`
|
|
} `json:"classifications,omitempty"`
|
|
|
|
// FalsePositives A list of false positives tags associated with the IP. Any IP with `false_positives` tags shouldn't be considered as malicious
|
|
FalsePositives *[]struct {
|
|
// Description Human-friendly description of the category
|
|
Description *string `json:"description,omitempty"`
|
|
|
|
// Label Human-friendly name of the category
|
|
Label *string `json:"label,omitempty"`
|
|
|
|
// Name The name of the false positive, often in the form "protocol-or-scope:attack_type"
|
|
Name *string `json:"name,omitempty"`
|
|
} `json:"false_positives,omitempty"`
|
|
} `json:"classifications"`
|
|
|
|
// Cves A list of CVEs reported for this IP.
|
|
Cves *[]string `json:"cves,omitempty"`
|
|
|
|
// Expiration Date at which the IP address expire from the community blocklist
|
|
Expiration *string `json:"expiration,omitempty"`
|
|
History struct {
|
|
// DaysAge Delta in days between first and last seen timestamps
|
|
DaysAge *float32 `json:"days_age,omitempty"`
|
|
|
|
// FirstSeen Date of the first time this IP was reported. Due to "progressive data degradation", this date might be later than the first time the IP was actually seen
|
|
FirstSeen *string `json:"first_seen,omitempty"`
|
|
|
|
// FullAge Delta in days between first seen and today
|
|
FullAge *float32 `json:"full_age,omitempty"`
|
|
|
|
// LastSeen Date of the last time this IP was reported
|
|
LastSeen *string `json:"last_seen,omitempty"`
|
|
} `json:"history"`
|
|
|
|
// Ip Requested IP
|
|
Ip string `json:"ip"`
|
|
|
|
// IpRange The range to which the IP belongs
|
|
IpRange *string `json:"ip_range"`
|
|
|
|
// IpRangeScore The score of the range (ip_range) the IP belongs to. 0 is good/unknown, 5 is worse
|
|
IpRangeScore float32 `json:"ip_range_score"`
|
|
|
|
// Location Location information about the IP address
|
|
Location struct {
|
|
// City The associated City of the IP
|
|
City *string `json:"city"`
|
|
|
|
// Country The two letters country code of the IP
|
|
Country *string `json:"country"`
|
|
|
|
// Latitude Coordinates of the IP
|
|
Latitude *float32 `json:"latitude"`
|
|
|
|
// Longitude Coordinates of the IP
|
|
Longitude *float32 `json:"longitude"`
|
|
} `json:"location"`
|
|
|
|
// MitreTechniques A list of Mitre Enterprise Techniques associated with the IP.
|
|
MitreTechniques *[]struct {
|
|
// Description Description of the Mitre technique
|
|
Description *string `json:"description,omitempty"`
|
|
|
|
// Label The name of the Mitre technique
|
|
Label *string `json:"label,omitempty"`
|
|
|
|
// Name The ID of the Mitre technique"
|
|
Name *string `json:"name,omitempty"`
|
|
} `json:"mitre_techniques,omitempty"`
|
|
|
|
// References A list of the references for which the IP was see
|
|
References []struct {
|
|
// Description Human-friendly description of the reference
|
|
Description *string `json:"description,omitempty"`
|
|
|
|
// Label Human-friendly description of the reference
|
|
Label *string `json:"label,omitempty"`
|
|
|
|
// Name The reference, often in the form "list:list_name"
|
|
Name *string `json:"name,omitempty"`
|
|
} `json:"references"`
|
|
|
|
// ReverseDns Reverse dns lookup of the IP
|
|
ReverseDns *string `json:"reverse_dns"`
|
|
Scores struct {
|
|
LastDay *struct {
|
|
// Aggressiveness Last day aggressiveness score
|
|
Aggressiveness *float32 `json:"aggressiveness,omitempty"`
|
|
|
|
// Anomaly Last day anomaly score
|
|
Anomaly *float32 `json:"anomaly,omitempty"`
|
|
|
|
// Threat Last day threat score
|
|
Threat *float32 `json:"threat,omitempty"`
|
|
|
|
// Total Last day score
|
|
Total *float32 `json:"total,omitempty"`
|
|
|
|
// Trust Last day trust score
|
|
Trust *float32 `json:"trust,omitempty"`
|
|
} `json:"last_day,omitempty"`
|
|
LastMonth *struct {
|
|
// Aggressiveness Last month aggressiveness score
|
|
Aggressiveness *float32 `json:"aggressiveness,omitempty"`
|
|
|
|
// Anomaly Last month anomaly score
|
|
Anomaly *float32 `json:"anomaly,omitempty"`
|
|
|
|
// Threat Last month threat score
|
|
Threat *float32 `json:"threat,omitempty"`
|
|
|
|
// Total Last month score
|
|
Total *float32 `json:"total,omitempty"`
|
|
|
|
// Trust Last month trust score
|
|
Trust *float32 `json:"trust,omitempty"`
|
|
} `json:"last_month,omitempty"`
|
|
LastWeek *struct {
|
|
// Aggressiveness Last week aggressiveness score
|
|
Aggressiveness *float32 `json:"aggressiveness,omitempty"`
|
|
|
|
// Anomaly Last week anomaly score
|
|
Anomaly *float32 `json:"anomaly,omitempty"`
|
|
|
|
// Threat Last week threat score
|
|
Threat *float32 `json:"threat,omitempty"`
|
|
|
|
// Total Last week score
|
|
Total *float32 `json:"total,omitempty"`
|
|
|
|
// Trust Last week trust score
|
|
Trust *float32 `json:"trust,omitempty"`
|
|
} `json:"last_week,omitempty"`
|
|
Overall *struct {
|
|
// Aggressiveness Overall aggressiveness score
|
|
Aggressiveness *float32 `json:"aggressiveness,omitempty"`
|
|
|
|
// Anomaly Overall anomaly score
|
|
Anomaly *float32 `json:"anomaly,omitempty"`
|
|
|
|
// Threat Overall threat score
|
|
Threat *float32 `json:"threat,omitempty"`
|
|
|
|
// Total Overall score
|
|
Total *float32 `json:"total,omitempty"`
|
|
|
|
// Trust Overall trust score
|
|
Trust *float32 `json:"trust,omitempty"`
|
|
} `json:"overall,omitempty"`
|
|
} `json:"scores"`
|
|
|
|
// State state of the IP in the community blocklist: validated means IP is currently part of community blocklist, refused means it was part of the community blocklist, but was manually purged (ie. false positive)
|
|
State *FireIPCTIResponseState `json:"state,omitempty"`
|
|
|
|
// TargetCountries The top 10 reports repartition by country about the IP, as a percentage
|
|
TargetCountries map[string]interface{} `json:"target_countries"`
|
|
}
|
|
|
|
// FireIPCTIResponseState state of the IP in the community blocklist: validated means IP is currently part of community blocklist, refused means it was part of the community blocklist, but was manually purged (ie. false positive)
|
|
type FireIPCTIResponseState string
|
|
|
|
// QueryCTIResponse defines model for QueryCTIResponse.
|
|
type QueryCTIResponse = CTIObject
|
|
|
|
// SearchCTIResponse defines model for SearchCTIResponse.
|
|
type SearchCTIResponse struct {
|
|
Items []CTIObject `json:"items"`
|
|
NotFound float32 `json:"not_found"`
|
|
|
|
// Total IP of the request
|
|
Total float32 `json:"total"`
|
|
}
|
|
|
|
// GetFireParams defines parameters for GetFire.
|
|
type GetFireParams struct {
|
|
// Page Number of the page to fetch
|
|
Page *float32 `form:"page,omitempty" json:"page,omitempty"`
|
|
|
|
// Since Filter records updated since - duration in h (hours), d(days), m(minutes) )
|
|
Since *string `form:"since,omitempty" json:"since,omitempty"`
|
|
}
|
|
|
|
// GetSmokeParams defines parameters for GetSmoke.
|
|
type GetSmokeParams struct {
|
|
// Ips List of IPs to query, separated by comma
|
|
Ips string `form:"ips" json:"ips"`
|
|
}
|