3961e79062
This work starts to build the matcher logic into styx. For the moment, the goal is to define IOCs and load them when the Matcher plugin is activated. To implement: Then, the matcher will run periodic queries to different types of nodes and index them to its one Matcher Dgraph Node. So be targetting a specific IOCs, the user will be able to list the observation that have been made to it.
206 lines
3 KiB
Go
206 lines
3 KiB
Go
package graph
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
|
|
"github.com/dgraph-io/dgo/v2"
|
|
"github.com/dgraph-io/dgo/v2/protos/api"
|
|
"google.golang.org/grpc"
|
|
)
|
|
|
|
func ConnectToDgraph() (*dgo.Dgraph, error) {
|
|
conn, err := grpc.Dial("localhost:9080", grpc.WithInsecure())
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
dgraphClient := dgo.NewDgraphClient(api.NewDgraphClient(conn))
|
|
|
|
err = setupDgraphSchema(dgraphClient)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return dgraphClient, nil
|
|
}
|
|
|
|
func setupDgraphSchema(c *dgo.Dgraph) error {
|
|
err := c.Alter(context.Background(), &api.Operation{
|
|
DropAll: true,
|
|
})
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
err = c.Alter(context.Background(), &api.Operation{
|
|
Schema: `
|
|
id: string @index(term) .
|
|
type: string @index(term) .
|
|
ndata: string .
|
|
nodeOne: uid .
|
|
nodeTwo: uid .
|
|
subNode: uid .
|
|
sourceName: string @index(term) .
|
|
timestamp: string .
|
|
created: string .
|
|
modified: string .
|
|
certNode: uid .
|
|
shodanNode: uid .
|
|
pasteNode: uid .
|
|
|
|
type Node {
|
|
id: string
|
|
type: string
|
|
ndata: string
|
|
created: string
|
|
modified: string
|
|
certNode: CertNode
|
|
shodanNode: ShodanNode
|
|
pasteNode: PasteNode
|
|
}
|
|
|
|
nodes: [uid] .
|
|
target: string @index(term) .
|
|
|
|
type Match {
|
|
id: string
|
|
nodes: Node
|
|
timestamp: string
|
|
target: string
|
|
}
|
|
|
|
type Edge {
|
|
id: string
|
|
nodeOne: uid
|
|
nodeTwo: uid
|
|
timestamp: string
|
|
sourceName: string
|
|
}
|
|
|
|
|
|
fingerprint: string @index(exact, term) .
|
|
notBefore: string .
|
|
notAfter: string .
|
|
cn: string @index(term) .
|
|
sourceName: string @index(term) .
|
|
serialNumber: string @index(term) .
|
|
basicConstraints: string .
|
|
chain: [uid].
|
|
raw: uid .
|
|
|
|
type CertNode {
|
|
id: string
|
|
fingerprint: string
|
|
notBefore: string
|
|
notAfter: string
|
|
cn: string
|
|
sourceName: string
|
|
serialNumber: string
|
|
basicConstraints: string
|
|
raw: CertRaw
|
|
chain: CertNode
|
|
}
|
|
|
|
type CertRaw {
|
|
id: string
|
|
type: string
|
|
created: string
|
|
modified: string
|
|
}
|
|
|
|
hostData: uid .
|
|
|
|
type ShodanNode {
|
|
id: string
|
|
type: string
|
|
created: string
|
|
modified: string
|
|
hostData: uid
|
|
}
|
|
|
|
product: string @index(term) .
|
|
hostnames: [string] @index(term) .
|
|
version: string .
|
|
title: string @index(term) .
|
|
ip: string @index(term) .
|
|
os: string .
|
|
organization: string @index(term) .
|
|
isp: string .
|
|
cpe: [string] .
|
|
asn: string .
|
|
port: int .
|
|
html: string .
|
|
banner: string .
|
|
transport: string .
|
|
domains: [string] .
|
|
timestamp: string .
|
|
|
|
type Hostdata {
|
|
product: string
|
|
hostnames: [string]
|
|
version: string
|
|
title: string
|
|
ip: string
|
|
os: string
|
|
organization: string
|
|
isp: string
|
|
cpe: [string]
|
|
asn: string
|
|
port: int
|
|
html: string
|
|
banner: string
|
|
transport: string
|
|
domains: [string]
|
|
timestamp: string
|
|
}
|
|
|
|
fullPaste: uid .
|
|
meta: uid .
|
|
|
|
full: string @index(term) .
|
|
scrape_url: string .
|
|
full_url: string .
|
|
date: string .
|
|
key: string .
|
|
size: string .
|
|
expire: string .
|
|
title: string @index(term) .
|
|
syntax: string .
|
|
user: string @index(term) .
|
|
|
|
type PasteMeta {
|
|
scrape_url: string
|
|
full_url: string
|
|
date: string
|
|
key: string
|
|
size: string
|
|
expire: string
|
|
title: string
|
|
syntax: string
|
|
user: string
|
|
}
|
|
|
|
type FullPaste {
|
|
meta: PasteMeta
|
|
full: string
|
|
type: string
|
|
}
|
|
|
|
type PasteNode {
|
|
id: string
|
|
type: string
|
|
created: string
|
|
modified: string
|
|
fullPaste: FullPaste
|
|
}
|
|
|
|
`})
|
|
fmt.Println("hello")
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
}
|