chris/styx
chris/styx
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
styx/graph/main.go
Christopher Talib 3961e79062 Matcher logic and IOCs 
This work starts to build the matcher logic into styx. For the moment,
the goal is to define IOCs and load them when the Matcher plugin is
activated.

To implement: Then, the matcher will run periodic queries to different
types of nodes and index them to its one Matcher Dgraph Node. So be
targetting a specific IOCs, the user will be able to list the
observation that have been made to it.
2020-05-29 11:32:55 +02:00

206 lines
3 KiB
Go
Raw Blame History

package graph
import (
"context"
"fmt"
"github.com/dgraph-io/dgo/v2"
"github.com/dgraph-io/dgo/v2/protos/api"
"google.golang.org/grpc"
)
func ConnectToDgraph() (*dgo.Dgraph, error) {
conn, err := grpc.Dial("localhost:9080", grpc.WithInsecure())
if err != nil {
return nil, err
}
dgraphClient := dgo.NewDgraphClient(api.NewDgraphClient(conn))
err = setupDgraphSchema(dgraphClient)
if err != nil {
return nil, err
}
return dgraphClient, nil
}
func setupDgraphSchema(c *dgo.Dgraph) error {
err := c.Alter(context.Background(), &api.Operation{
DropAll: true,
})
if err != nil {
return err
}
err = c.Alter(context.Background(), &api.Operation{
Schema: `
id: string @index(term) .
type: string @index(term) .
ndata: string .
nodeOne: uid .
nodeTwo: uid .
subNode: uid .
sourceName: string @index(term) .
timestamp: string .
created: string .
modified: string .
certNode: uid .
shodanNode: uid .
pasteNode: uid .
type Node {
id: string
type: string
ndata: string
created: string
modified: string
certNode: CertNode
shodanNode: ShodanNode
pasteNode: PasteNode
}
nodes: [uid] .
target: string @index(term) .
type Match {
id: string
nodes: Node
timestamp: string
target: string
}
type Edge {
id: string
nodeOne: uid
nodeTwo: uid
timestamp: string
sourceName: string
}
fingerprint: string @index(exact, term) .
notBefore: string .
notAfter: string .
cn: string @index(term) .
sourceName: string @index(term) .
serialNumber: string @index(term) .
basicConstraints: string .
chain: [uid].
raw: uid .
type CertNode {
id: string
fingerprint: string
notBefore: string
notAfter: string
cn: string
sourceName: string
serialNumber: string
basicConstraints: string
raw: CertRaw
chain: CertNode
}
type CertRaw {
id: string
type: string
created: string
modified: string
}
hostData: uid .
type ShodanNode {
id: string
type: string
created: string
modified: string
hostData: uid
}
product: string @index(term) .
hostnames: [string] @index(term) .
version: string .
title: string @index(term) .
ip: string @index(term) .
os: string .
organization: string @index(term) .
isp: string .
cpe: [string] .
asn: string .
port: int .
html: string .
banner: string .
transport: string .
domains: [string] .
timestamp: string .
type Hostdata {
product: string
hostnames: [string]
version: string
title: string
ip: string
os: string
organization: string
isp: string
cpe: [string]
asn: string
port: int
html: string
banner: string
transport: string
domains: [string]
timestamp: string
}
fullPaste: uid .
meta: uid .
full: string @index(term) .
scrape_url: string .
full_url: string .
date: string .
key: string .
size: string .
expire: string .
title: string @index(term) .
syntax: string .
user: string @index(term) .
type PasteMeta {
scrape_url: string
full_url: string
date: string
key: string
size: string
expire: string
title: string
syntax: string
user: string
}
type FullPaste {
meta: PasteMeta
full: string
type: string
}
type PasteNode {
id: string
type: string
created: string
modified: string
fullPaste: FullPaste
}
`})
fmt.Println("hello")
if err != nil {
return err
}
return nil
}
Reference in a new issue View git blame Copy permalink