Lib.rs

Web programming
#datalake #csv #orange #bulk #api #search #cyberdefense

ocd_datalake_rs

Library wrapper around Orange Cyberdefense's Datalake API

Owned by CERT Orange Cyberdefense, mrtnhwtt, ClaireOrange, BFachon.

9 releases

new 0.3.0-pre.3 Mar 6, 2025
0.3.0-pre.2 Feb 18, 2025
0.2.2 Mar 6, 2025
0.2.1 Jun 5, 2023
0.1.0 Aug 29, 2022

#663 in Web programming

Download history 1/week @ 2024-12-11 95/week @ 2025-01-29 34/week @ 2025-02-05 75/week @ 2025-02-12 46/week @ 2025-02-19 5/week @ 2025-02-26

202 downloads per month

MIT license

37KB
681 lines

OCD_DATALAKE_RS

ocd_datalake_rs is a Rust library to interact with Orange Cyberdefense's Datalake.

Functionalities implemented

  • Bulk lookup
  • Bulk search

Note Only CSV format is returned as of now

Check open issues to see what is planned

Installation

put in Cargo.toml:

[dependencies]
ocd_datalake_rs = "0.3.0-pre.3"

Usage

Example: Lookup IOCs

    let mut dtl = Datalake::new(
        username,
        password,
        None,
        DatalakeSetting::prod(),
    ).unwrap();

    let atom_values: Vec<String> = vec![
        "620c28ece75af2ea227f195fc45afe109ff9f5c876f2e4da9e0d4f4aad68ee8e".to_string(),
        "ef3363dfe2515b826584ab53c4bb7812".to_string(),
        "jeithe7eijeefohch3qu.probes.site".to_string(),
        "8.8.8.8".to_string(),
    ];
    let csv_result = dtl.bulk_lookup(atom_values, "file");
    println!("{csv_result:#?}");

Note: Defining the longterm_token parameter overwrites the username and password parameters

check all the examples to see the full list of functionality in action.

Setting environment variables

Environment variables are all optional, but can add functionalities or make authentication easier. To set environment variables, you can rename the .env.default file to .env and change their values accordingly. All environment variables are listed and unset by default. You can freely add or remove any variables as needed.

Use a Proxy

To use a http or https proxy, simply define OCD_DTL_RS_HTTP_PROXY env variable to be your proxy url. If you ever stop using the proxy, don't forget to unset the env variable.

Using custom CA Certificates

By default, this library uses rustls-tls-native-roots, which enables reqwest to trust the system's native certificate store. However, if you need to specify a custom CA file, you can set the SSL_CERT_FILE or SSL_CERT_DIR environment variables in the .env file

SSL_CERT_FILE=/path/to/custom-ca.pem
SSL_CERT_DIR=/path/to/certs/

This allows the reqwest client to properly validate HTTPS connections using your organization's trusted certificates.

Contribute

All contributions and/or feedbacks are welcome to improve the code and the package.
Please open an issue to start the discussion.

Dependencies

~7–25MB
~455K SLoC