-
Notifications
You must be signed in to change notification settings - Fork 4
/
retention.go
140 lines (124 loc) · 4.03 KB
/
retention.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
package limacharlie
import (
"fmt"
"net/http"
)
type Stats struct {
Totals map[string]uint `json:"totals"`
}
type DetStats struct {
Totals map[string]map[string]int `json:"totals"`
}
type EventContainer struct {
Event Event `json:"event"`
}
type Event struct {
Event interface{} `json:"event"`
Routing Routing `json:"routing"`
TimeStamp string `json:"ts"`
}
type Routing struct {
Arch int `json:"arch"`
DID string `json:"did"`
EventID string `json:"event_id"`
EventTime int64 `json:"event_time"`
EventType string `json:"event_type"`
ExtIP string `json:"ext_ip"`
Hostname string `json:"hostname"`
IID string `json:"iid"`
IntIP string `json:"int_ip"`
ModuleID int `json:"moduleid"`
OID string `json:"oid"`
Parent string `json:"parent"`
Plat int `json:"plat"`
SID string `json:"sid"`
Tags []string `json:"tags"`
This string `json:"this"`
}
type Detect struct {
Author string `json:"author"`
Cat string `json:"cat"`
Detect Dict `json:"detect"`
DetectID string `json:"detect_id"`
DetectMtd Dict `json:"detect_mtd"`
Link string `json:"link"`
Namespace string `json:"namespace"`
Routing Routing `json:"routing"`
Source string `json:"source"`
Ts int64 `json:"ts"`
}
type HistoricalDetectionsResponse struct {
Detects []Detect `json:"detects"`
NextCursor string `json:"next_cursor"`
}
func (org *Organization) OnlineStats(start int64, end int64) (Stats, error) {
stats := Stats{}
q := makeDefaultRequest(&stats)
q = q.withQueryData(Dict{
"start": start,
"end": end,
})
if err := org.client.reliableRequest(http.MethodGet, fmt.Sprintf("insight/%s/online/stats", org.client.options.OID), q); err != nil {
return stats, err
}
return stats, nil
}
func (org *Organization) TrafficStats(start int64, end int64) (Stats, error) {
stats := Stats{}
q := makeDefaultRequest(&stats)
q = q.withQueryData(Dict{
"start": start,
"end": end,
})
if err := org.client.reliableRequest(http.MethodGet, fmt.Sprintf("insight/%s/traffic/stats", org.client.options.OID), q); err != nil {
return stats, err
}
return stats, nil
}
func (org *Organization) DetectionStats(start int64, end int64) (DetStats, error) {
stats := DetStats{}
q := makeDefaultRequest(&stats)
q = q.withQueryData(Dict{
"start": start,
"end": end,
})
if err := org.client.reliableRequest(http.MethodGet, fmt.Sprintf("insight/%s/detections/stats", org.client.options.OID), q); err != nil {
return stats, err
}
return stats, nil
}
func (org *Organization) GenericGETRequest(path string, query Dict, response interface{}) error {
q := makeDefaultRequest(response)
q = q.withQueryData(query)
return org.client.reliableRequest(http.MethodGet, path, q)
}
func (org *Organization) EventByAtom(sensorID, atom string) (EventContainer, error) {
event := EventContainer{}
q := makeDefaultRequest(&event)
err := org.client.reliableRequest(http.MethodGet, fmt.Sprintf("insight/%s/%s/%s", org.client.options.OID, sensorID, atom), q)
return event, err
}
type HistoricalDetectionsRequest struct {
// Cat is the category of the detections to fetch
Cat string `json:"cat"`
// Cursor is optional for paginated access, set to '-' for first query
Cursor string `json:"cursor"`
// Start is the required timestamp in seconds where to stop fetching detections
Start int `json:"start"`
// End is the required timestamp in seconds where to stop fetching detections
End int `json:"end"`
// Limit maximum number of detections to return
Limit int `json:"limit"`
}
func (org Organization) HistoricalDetections(detectionReq HistoricalDetectionsRequest) (HistoricalDetectionsResponse, error) {
var results HistoricalDetectionsResponse
if detectionReq.Cursor == "" {
detectionReq.Cursor = "-"
}
q := makeDefaultRequest(&results)
q = q.withQueryData(detectionReq)
if err := org.client.reliableRequest(http.MethodGet, fmt.Sprintf("insight/%s/detections", org.client.options.OID), q); err != nil {
return results, err
}
return results, nil
}