Skip to content
This repository has been archived by the owner on Feb 26, 2023. It is now read-only.

ilyaglow/go-cortex

Repository files navigation

GoDoc Build Status Codacy Badge Coverage Status

Cortex client library

Usage example

Get the latest library version:

go get -u github.com/ilyaglow/go-cortex

Simply run analyzer for an observable

package main

import (
	"context"
	"fmt"
	"log"
	"time"

	"github.com/ilyaglow/go-cortex"
)

func main() {
	crtx, err := cortex.NewClient("http://127.0.0.1:9001/", &cortex.ClientOpts{
		Auth: &cortex.APIAuth{
			APIKey: "YOUR-API-KEY",
		},
	})
	if err != nil {
		log.Fatal(err)
	}

	rep, err := crtx.Analyzers.Run(context.Background(), "MaxMind_GeoIP_3_0", &cortex.Task{
		Data:     "1.1.1.1",
		DataType: "ip",
		TLP:      &cortex.TLPGreen,
		PAP:      &cortex.PAPGreen,
	}, time.Minute*5)
	if err != nil {
		log.Fatal(err)
	}

	fmt.Printf("%v\n", rep)
}

Aggregated analysis of an observable

Could be used to analyze an observable by all analyzers that can process it's data type at once.

You should use callback functions to set an action for each analyzer, when one returns a report or an error. Take a look at the following example:

package main

import (
	"context"
	"log"
	"os"
	"time"

	"github.com/ilyaglow/go-cortex"
)

func main() {
	crtx, err := cortex.NewClient("http://127.0.0.1:9001/", &cortex.ClientOpts{
		Auth: &cortex.APIAuth{
			APIKey: "YOUR-API-KEY",
		},
	})
	if err != nil {
		log.Fatal(err)
	}

	task := &cortex.Task{
		Data: "1.1.1.1",
		DataType: "ip",
		TLP: &cortex.TLPWhite,
		PAP: &cortex.PAPWhite,
	}

	// Create a new MultiRun struct with at most 5 minute timeout for the run
	mul := crtx.Analyzers.NewMultiRun(context.Background(), 5*time.Minute)

	// Handle each analyzer's report
	mul.OnReport = func(r *cortex.Report) {
		log.Println(r)
	}
	// Log each analyzer's error
	mul.OnError = func(e error, o cortex.Observable, a *cortex.Analyzer) {
		log.Printf("Cortex analyzer %s failed on data %s with an error: %s", a.Name, o.Description(), e.Error())
	}

	// Actually run the analysis
	err = mul.Do(task)
	if err != nil {
		log.Fatal(err)
	}
}

About

🔮 Cortex API client written in Go https://github.com/TheHive-Project/Cortex

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages