github.com/crowdsecurity/crowdsec@v1.6.1/pkg/cticlient/types.go (about) 1 package cticlient 2 3 import ( 4 "time" 5 ) 6 7 type CTIScores struct { 8 Overall CTIScore `json:"overall"` 9 LastDay CTIScore `json:"last_day"` 10 LastWeek CTIScore `json:"last_week"` 11 LastMonth CTIScore `json:"last_month"` 12 } 13 14 type CTIScore struct { 15 Aggressiveness int `json:"aggressiveness"` 16 Threat int `json:"threat"` 17 Trust int `json:"trust"` 18 Anomaly int `json:"anomaly"` 19 Total int `json:"total"` 20 } 21 22 type CTIAttackDetails struct { 23 Name string `json:"name"` 24 Label string `json:"label"` 25 Description string `json:"description"` 26 References []string `json:"references"` 27 } 28 29 type CTIClassifications struct { 30 FalsePositives []CTIClassification `json:"false_positives"` 31 Classifications []CTIClassification `json:"classifications"` 32 } 33 34 type CTIClassification struct { 35 Name string `json:"name"` 36 Label string `json:"label"` 37 Description string `json:"description"` 38 } 39 type CTIHistory struct { 40 FirstSeen *string `json:"first_seen"` 41 LastSeen *string `json:"last_seen"` 42 FullAge int `json:"full_age"` 43 DaysAge int `json:"days_age"` 44 } 45 46 type CTIBehavior struct { 47 Name string `json:"name"` 48 Label string `json:"label"` 49 Description string `json:"description"` 50 } 51 type CTILocationInfo struct { 52 Country *string `json:"country"` 53 City *string `json:"city"` 54 Latitude *float64 `json:"latitude"` 55 Longitude *float64 `json:"longitude"` 56 } 57 58 type CTIReferences struct { 59 Name string `json:"name"` 60 Label string `json:"label"` 61 Description string `json:"description"` 62 } 63 64 type SmokeItem struct { 65 IpRangeScore int `json:"ip_range_score"` 66 Ip string `json:"ip"` 67 IpRange *string `json:"ip_range"` 68 AsName *string `json:"as_name"` 69 AsNum *int `json:"as_num"` 70 Location CTILocationInfo `json:"location"` 71 ReverseDNS *string `json:"reverse_dns"` 72 Behaviors []*CTIBehavior `json:"behaviors"` 73 History CTIHistory `json:"history"` 74 Classifications CTIClassifications `json:"classifications"` 75 AttackDetails []*CTIAttackDetails `json:"attack_details"` 76 TargetCountries map[string]int `json:"target_countries"` 77 BackgroundNoiseScore *int `json:"background_noise_score"` 78 Scores CTIScores `json:"scores"` 79 References []CTIReferences `json:"references"` 80 IsOk bool `json:"-"` 81 } 82 83 type SearchIPResponse struct { 84 Total int `json:"total"` 85 NotFound int `json:"not_found"` 86 Items []SmokeItem `json:"items"` 87 } 88 89 type CustomTime struct { 90 time.Time 91 } 92 93 func (ct *CustomTime) UnmarshalJSON(b []byte) error { 94 if string(b) == "null" { 95 return nil 96 } 97 98 t, err := time.Parse(`"2006-01-02T15:04:05.999999999"`, string(b)) 99 if err != nil { 100 return err 101 } 102 103 ct.Time = t 104 return nil 105 } 106 107 type FireItem struct { 108 IpRangeScore int `json:"ip_range_score"` 109 Ip string `json:"ip"` 110 IpRange *string `json:"ip_range"` 111 AsName *string `json:"as_name"` 112 AsNum *int `json:"as_num"` 113 Location CTILocationInfo `json:"location"` 114 ReverseDNS *string `json:"reverse_dns"` 115 Behaviors []*CTIBehavior `json:"behaviors"` 116 History CTIHistory `json:"history"` 117 Classifications CTIClassifications `json:"classifications"` 118 AttackDetails []*CTIAttackDetails `json:"attack_details"` 119 TargetCountries map[string]int `json:"target_countries"` 120 BackgroundNoiseScore *int `json:"background_noise_score"` 121 Scores CTIScores `json:"scores"` 122 References []CTIReferences `json:"references"` 123 State string `json:"state"` 124 Expiration CustomTime `json:"expiration"` 125 } 126 127 type FireParams struct { 128 Since *string `json:"since"` 129 Page *int `json:"page"` 130 Limit *int `json:"limit"` 131 } 132 133 type Href struct { 134 Href string `json:"href"` 135 } 136 137 type Links struct { 138 First *Href `json:"first"` 139 Self *Href `json:"self"` 140 Prev *Href `json:"prev"` 141 Next *Href `json:"next"` 142 } 143 144 type FireResponse struct { 145 Links Links `json:"_links"` 146 Items []FireItem `json:"items"` 147 } 148 149 func (c *SmokeItem) GetAttackDetails() []string { 150 ret := make([]string, 0) 151 152 if c.AttackDetails != nil { 153 for _, b := range c.AttackDetails { 154 ret = append(ret, b.Name) 155 } 156 } 157 return ret 158 } 159 160 func (c *SmokeItem) GetBehaviors() []string { 161 ret := make([]string, 0) 162 163 if c.Behaviors != nil { 164 for _, b := range c.Behaviors { 165 ret = append(ret, b.Name) 166 } 167 } 168 return ret 169 } 170 171 // Provide the likelihood of the IP being bad 172 func (c *SmokeItem) GetMaliciousnessScore() float32 { 173 if c.IsPartOfCommunityBlocklist() { 174 return 1.0 175 } 176 if c.Scores.LastDay.Total > 0 { 177 return float32(c.Scores.LastDay.Total) / 10.0 178 } 179 return 0.0 180 } 181 182 func (c *SmokeItem) IsPartOfCommunityBlocklist() bool { 183 if c.Classifications.Classifications != nil { 184 for _, v := range c.Classifications.Classifications { 185 if v.Name == "community-blocklist" { 186 return true 187 } 188 } 189 } 190 191 return false 192 } 193 194 func (c *SmokeItem) GetBackgroundNoiseScore() int { 195 if c.BackgroundNoiseScore != nil { 196 return *c.BackgroundNoiseScore 197 } 198 return 0 199 } 200 201 func (c *SmokeItem) GetFalsePositives() []string { 202 ret := make([]string, 0) 203 204 if c.Classifications.FalsePositives != nil { 205 for _, b := range c.Classifications.FalsePositives { 206 ret = append(ret, b.Name) 207 } 208 } 209 return ret 210 } 211 212 func (c *SmokeItem) IsFalsePositive() bool { 213 214 if c.Classifications.FalsePositives != nil { 215 if len(c.Classifications.FalsePositives) > 0 { 216 return true 217 } 218 } 219 220 return false 221 } 222 223 func (c *FireItem) GetAttackDetails() []string { 224 ret := make([]string, 0) 225 226 if c.AttackDetails != nil { 227 for _, b := range c.AttackDetails { 228 ret = append(ret, b.Name) 229 } 230 } 231 return ret 232 } 233 234 func (c *FireItem) GetBehaviors() []string { 235 ret := make([]string, 0) 236 237 if c.Behaviors != nil { 238 for _, b := range c.Behaviors { 239 ret = append(ret, b.Name) 240 } 241 } 242 return ret 243 } 244 245 // Provide the likelihood of the IP being bad 246 func (c *FireItem) GetMaliciousnessScore() float32 { 247 if c.IsPartOfCommunityBlocklist() { 248 return 1.0 249 } 250 if c.Scores.LastDay.Total > 0 { 251 return float32(c.Scores.LastDay.Total) / 10.0 252 } 253 return 0.0 254 } 255 256 func (c *FireItem) IsPartOfCommunityBlocklist() bool { 257 if c.Classifications.Classifications != nil { 258 for _, v := range c.Classifications.Classifications { 259 if v.Name == "community-blocklist" { 260 return true 261 } 262 } 263 } 264 265 return false 266 } 267 268 func (c *FireItem) GetBackgroundNoiseScore() int { 269 if c.BackgroundNoiseScore != nil { 270 return *c.BackgroundNoiseScore 271 } 272 return 0 273 } 274 275 func (c *FireItem) GetFalsePositives() []string { 276 ret := make([]string, 0) 277 278 if c.Classifications.FalsePositives != nil { 279 for _, b := range c.Classifications.FalsePositives { 280 ret = append(ret, b.Name) 281 } 282 } 283 return ret 284 } 285 286 func (c *FireItem) IsFalsePositive() bool { 287 288 if c.Classifications.FalsePositives != nil { 289 if len(c.Classifications.FalsePositives) > 0 { 290 return true 291 } 292 } 293 294 return false 295 }