Skip to content
This repository has been archived by the owner on Feb 26, 2023. It is now read-only.

Latest commit

 

History

History
110 lines (89 loc) · 2.57 KB

README.md

File metadata and controls

110 lines (89 loc) · 2.57 KB

GoDoc Build Status Codacy Badge Coverage Status

Cortex client library

Usage example

Get the latest library version:

go get -u github.com/ilyaglow/go-cortex

Simply run analyzer for an observable

package main

import (
	"context"
	"fmt"
	"log"
	"time"

	"github.com/ilyaglow/go-cortex"
)

func main() {
	crtx, err := cortex.NewClient("http://127.0.0.1:9001/", &cortex.ClientOpts{
		Auth: &cortex.APIAuth{
			APIKey: "YOUR-API-KEY",
		},
	})
	if err != nil {
		log.Fatal(err)
	}

	rep, err := crtx.Analyzers.Run(context.Background(), "MaxMind_GeoIP_3_0", &cortex.Task{
		Data:     "1.1.1.1",
		DataType: "ip",
		TLP:      &cortex.TLPGreen,
		PAP:      &cortex.PAPGreen,
	}, time.Minute*5)
	if err != nil {
		log.Fatal(err)
	}

	fmt.Printf("%v\n", rep)
}

Aggregated analysis of an observable

Could be used to analyze an observable by all analyzers that can process it's data type at once.

You should use callback functions to set an action for each analyzer, when one returns a report or an error. Take a look at the following example:

package main

import (
	"context"
	"log"
	"os"
	"time"

	"github.com/ilyaglow/go-cortex"
)

func main() {
	crtx, err := cortex.NewClient("http://127.0.0.1:9001/", &cortex.ClientOpts{
		Auth: &cortex.APIAuth{
			APIKey: "YOUR-API-KEY",
		},
	})
	if err != nil {
		log.Fatal(err)
	}

	task := &cortex.Task{
		Data: "1.1.1.1",
		DataType: "ip",
		TLP: &cortex.TLPWhite,
		PAP: &cortex.PAPWhite,
	}

	// Create a new MultiRun struct with at most 5 minute timeout for the run
	mul := crtx.Analyzers.NewMultiRun(context.Background(), 5*time.Minute)

	// Handle each analyzer's report
	mul.OnReport = func(r *cortex.Report) {
		log.Println(r)
	}
	// Log each analyzer's error
	mul.OnError = func(e error, o cortex.Observable, a *cortex.Analyzer) {
		log.Printf("Cortex analyzer %s failed on data %s with an error: %s", a.Name, o.Description(), e.Error())
	}

	// Actually run the analysis
	err = mul.Do(task)
	if err != nil {
		log.Fatal(err)
	}
}