-
Notifications
You must be signed in to change notification settings - Fork 4
/
reference_sets.go
109 lines (96 loc) · 3.22 KB
/
reference_sets.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
package qradar
import (
"context"
"net/http"
)
// ReferenceSetService handles methods related to Reference sets of the QRadar API.
type ReferenceSetService service
const (
referenceSetsServiceAPIPrefix = "api/reference_data/sets"
)
// ReferenceSet represents QRadar's Reference sets.
type ReferenceSet struct {
Name *string `json:"name,omitempty"`
CreationTime *int `json:"creation_time,omitempty"`
ElementType *string `json:"element_type,omitempty"`
NumberOfElements *int `json:"number_of_elements,omitempty"`
TimeToLive *string `json:"time_to_live,omitempty"`
TimeoutType *string `json:"timeout_type,omitempty"`
Data []ReferenceData `json:"data,omitempty"`
}
// ReferenceData represents entry of Reference Object
type ReferenceData struct {
FirstSeen *int `json:"first_seen,omitempty"`
LastSeen *int `json:"last_seen,omitempty"`
Source *string `json:"source,omitempty"`
Value *string `json:"value,omitempty"`
}
// Get returns Reference sets of the current QRadar installation.
func (c *ReferenceSetService) Get(ctx context.Context, fields, filter string, from, to int) ([]ReferenceSet, error) {
req, err := c.client.requestHelp(http.MethodGet, referenceSetsServiceAPIPrefix, fields, filter, from, to, nil, nil)
if err != nil {
return nil, err
}
var result []ReferenceSet
_, err = c.client.Do(ctx, req, &result)
if err != nil {
return nil, err
}
return result, nil
}
// Create creates Reference set in QRadar installation.
// expects pointer on a ReferenceSet
func (c *ReferenceSetService) Create(ctx context.Context, fields string, data *ReferenceSet) (*ReferenceSet, error) {
req, err := c.client.requestHelp(http.MethodPost, referenceSetsServiceAPIPrefix, fields, "", 0, 0, nil, nil)
if err != nil {
return nil, err
}
q := req.URL.Query()
if data != nil {
if data.Name != nil {
q.Add("name", *data.Name)
}
if data.ElementType != nil {
q.Add("element_type", *data.ElementType)
}
if data.TimeToLive != nil {
q.Add("time_to_live", *data.TimeToLive)
}
if data.TimeoutType != nil {
q.Add("timeout_type", *data.TimeoutType)
}
}
req.URL.RawQuery = q.Encode()
var result ReferenceSet
_, err = c.client.Do(ctx, req, &result)
if err != nil {
return nil, err
}
return &result, nil
}
// GetWithData returns Reference set with data of the current QRadar installation.
func (c *ReferenceSetService) GetWithData(ctx context.Context, fields, filter, name string, from, to int) (*ReferenceSet, error) {
req, err := c.client.requestHelp(http.MethodGet, referenceSetsServiceAPIPrefix+"/"+name, fields, filter, from, to, nil, nil)
if err != nil {
return nil, err
}
var result ReferenceSet
_, err = c.client.Do(ctx, req, &result)
if err != nil {
return nil, err
}
return &result, nil
}
// BulkLoad uploads many values in QRadar's Reference Set
func (c *ReferenceSetService) BulkLoad(ctx context.Context, fields, name string, data interface{}) (*ReferenceSet, error) {
req, err := c.client.requestHelp(http.MethodPost, referenceSetsServiceAPIPrefix+"/bulk_load/"+name, fields, "", 0, 0, nil, data)
if err != nil {
return nil, err
}
var result ReferenceSet
_, err = c.client.Do(ctx, req, &result)
if err != nil {
return nil, err
}
return &result, nil
}