https://github.com/dcso/gotie

Go bindings for the DCSO TIE
https://github.com/dcso/gotie

Last synced: 4 months ago
JSON representation

Go bindings for the DCSO TIE

• Host: GitHub
• URL: https://github.com/dcso/gotie
• Owner: DCSO
• License: other
• Created: 2016-06-20T16:48:18.000Z (almost 9 years ago)
• Default Branch: master
• Last Pushed: 2021-07-26T14:22:53.000Z (almost 4 years ago)
• Last Synced: 2024-12-02T09:18:39.469Z (6 months ago)
• Language: Go
• Size: 48.8 KB
• Stars: 3
• Watchers: 4
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: Readme.md
  • Changelog: CHANGELOG.md
  • License: LICENSE

Awesome Lists containing this project

README

        
GOTIE [![Build Status](https://travis-ci.org/DCSO/gotie.svg?branch=master)](https://travis-ci.org/DCSO/gotie)

=====

Go bindings and simple command line client for the

[DCSO Threat Intelligence Engine API (TIE)](https://tie.dcso.de/).

## Install

To use the Go binding you will have to install a golang environment and

configure a $GOPATH for your user/system. Most modern distributions include a

recent version of Go. To install the bindings and the command line client into

your configured $GOPATH you can use the following command:

```bash

$ go get -u github.com/DCSO/gotie/...

```

The command line client expects a configuration file in your home directory

(~/.gotie) containing the following two variables:

```toml

tie_token = ""

pingback_token = ""

```

The `tie_token` is mandatory.

The `pingback_token` is optional.

**NOTE:**

You can always set an alternative path for the configuration file using the

*-c / --config* command line flag.

## Command-line Client

The example command-line client can be used to query the TIE API for IOCs and

feeds.

```bash

$ gotie iocs -q 

```

Run `gotie -h` to see all options.

### Output formats

Depending on your use case, you can choose between the output formats

CSV (default), JSON and Bloom filter. The latter integrates well with the

[DCSO Bloom filter CLI and lib](https://github.com/DCSO/bloom).

Retrieve IOCs of type DomainName created today in JSON format:

```bash

gotie iocs -t domainname -f json --created-since $(date +%F)

```

Print only value field using jq:

```bash

gotie iocs -f json --created-since $(date +%F) | jq '.iocs[] | .value'

```

Build a Bloom filter with capacity of 2000 entries and a false-positive probability of 0.01%:

```bash

gotie iocs -f bloom --bloom-p 0.0001 --bloom-n 2000 --created-since $(date +%F) > test.bloom

```

The default Bloom filter format (`bloom`) is TIE's 64-bit Bloom filter (v2). Gotie also supports the old Bloom filter format (v1) by specifying `bloomv1`.

Perform a check with the bloom CLI tool:

```bash

echo www.example.com | bloom check test.bloom

```

The value will be echoed for a match, otherwise the tool stays silent. Read

the [Bloom CLI Readme](https://github.com/DCSO/bloom) for further details.

## Tests

To run the included tests you have to set an environment variable containing

your API token:

```bash

TIE_TOKEN= make test

```

## License

This software is released under a BSD 3-Clause license.

Please have a look at the LICENSE file included in the repository.

Copyright (c) 2016-2018, DCSO Deutsche Cyber-Sicherheitsorganisation GmbH