cortex-client 0.1.1

API for Cortex, a powerful observable analysis and active response engine.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146

//! # Cortex AbuseIPDB Analyzer Example
//!
//! This example demonstrates how to use the Rust client for the Cortex API
//! to submit an IP address for analysis using a specific analyzer instance,
//! in this case, an AbuseIPDB analyzer.
//!
//! ## Functionality
//!
//! 1.  **Configuration**: Sets up the API client configuration using `common::setup_configuration()`,
//!     which reads the Cortex endpoint and API key from environment variables.
//! 2.  **Analyzer Selection**: Specifies the name of the analyzer to run (e.g., "AbuseIPDB_1_0").
//! 3.  **Analyzer ID Retrieval**: Uses `common::get_analyzer_id_by_name()` to find the
//!     actual instance ID of the specified analyzer. This is crucial because Cortex
//!     jobs are run against specific analyzer *instances*.
//! 4.  **Job Creation**: Constructs a `JobCreateRequest` with the IP address to analyze,
//!     data type ("ip"), TLP/PAP levels, and a descriptive message/label.
//! 5.  **Job Submission**: Calls `job_api::create_analyzer_job()` to submit the analysis job.
//! 6.  **Report Fetching**: If the job is submitted successfully and a job ID is returned,
//!     it attempts to fetch the job report using `job_api::get_job_report()`.
//!
//! ## Prerequisites
//!
//! -   A running Cortex instance accessible via the network.
//! -   The "AbuseIPDB" analyzer (or the one specified in `analyzer_name_to_run`)
//!     must be enabled and configured in your Cortex instance.
//! -   Environment variables `CORTEX_ENDPOINT` and `CORTEX_API_KEY` must be set.
//!
//! ## Usage
//!
//! ```sh
//! # Set your Cortex API endpoint and key
//! export CORTEX_ENDPOINT="http://your-cortex-host:9000/api"
//! export CORTEX_API_KEY="your_cortex_api_key"
//!
//! # Run the example
//! cargo run --example abuseipdb_example
use cortex_client::apis::job_api;
use cortex_client::models::JobCreateRequest;

mod common;

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    let config = match common::setup_configuration() {
        Ok(cfg) => cfg,
        Err(e) => {
            eprintln!("Configuration error: {}", e);
            eprintln!(
                "Please ensure CORTEX_ENDPOINT and CORTEX_API_KEY environment variables are set."
            );
            eprintln!("Example usage:");
            eprintln!("  export CORTEX_ENDPOINT=\"http://localhost:9000/api\"");
            eprintln!("  export CORTEX_API_KEY=\"your_api_key_here\"");
            eprintln!("  cargo run --example abuseipdb_example");
            return Err(e.into());
        }
    };

    let analyzer_name_to_run = "AbuseIPDB_1_0"; 

    let ip_to_analyze = "8.8.8.8"; 
    let data_type = "ip";

    let analyzer_worker_id = match common::get_analyzer_id_by_name(&config, analyzer_name_to_run)
        .await
    {
        Ok(Some(id)) => id,
        Ok(None) => {
            eprintln!("Could not find an analyzer instance named '{}'. Please check the name and ensure the analyzer is enabled in Cortex.", analyzer_name_to_run);
            eprintln!("You can use the 'list_analyzers' example to see available analyzer names and their instance IDs.");
            return Ok(()); // Or return an error
        }
        Err(e) => {
            eprintln!(
                "Error trying to get analyzer ID for '{}': {}",
                analyzer_name_to_run, e
            );
            return Err(e);
        }
    };

    println!(
        "Attempting to run analyzer instance ID '{}' (resolved from name '{}') on IP: {}",
        analyzer_worker_id, analyzer_name_to_run, ip_to_analyze
    );

    let job_request = JobCreateRequest {
        data: Some(ip_to_analyze.to_string()),
        data_type: Some(data_type.to_string()),
        tlp: Some(2), // Traffic Light Protocol: AMBER (suitable for sharing with trusted partners)
        pap: Some(2), // Permissible Actions Protocol: AMBER
        message: Some(Some(format!(
            "Running {} (instance ID {}) scan from example for IP {}",
            analyzer_name_to_run, analyzer_worker_id, ip_to_analyze
        ))),
        parameters: None, // Add specific analyzer parameters here if needed (e.g., threshold for AbuseIPDB)
        label: Some(Some("abuseipdb_example_scan".to_string())),
        force: Some(false), // Set to true to bypass cache and force a new analysis
        attributes: None,   // Legacy field, prefer direct fields like data, dataType, tlp, etc.
    };

    match job_api::create_analyzer_job(&config, &analyzer_worker_id, job_request).await {
        Ok(job_response) => {
            println!("\nSuccessfully created analyzer job:");
            println!("{:#?}", job_response); 

            if let Some(job_id) = job_response._id {
                println!("\nJob status is Success. Attempting to fetch report directly using get_job_report for job ID: {}", job_id);

                match job_api::get_job_report(&config, &job_id).await {
                    Ok(report_response) => {
                        println!("\nSuccessfully fetched job report:");
                        match report_response {
                            cortex_client::models::JobReportResponse::Object(json_report) => {
                                println!("Report (JSON): {:#?}", json_report);
                            }
                            cortex_client::models::JobReportResponse::JobReportResponseOneOf(
                                status_enum,
                            ) => {
                                println!("Job status from get_job_report: {:?}", status_enum);
                                println!("This is unexpected if the job was marked 'Success' previously.");
                            }
                        }
                    }
                    Err(e) => {
                        eprintln!("\nError fetching job report with get_job_report: {:?}", e);
                    }
                }
            } else {
                eprintln!("\nJob created, but no job ID was returned in the response. Cannot fetch report.");
            }
        }
        Err(e) => {
            eprintln!("\nError creating analyzer job: {:?}", e);
            eprintln!("Please check:");
            eprintln!(
                "  1. The analyzer ID '{}' is correct and the analyzer is enabled in Cortex.",
                analyzer_worker_id
            );
            eprintln!("  2. Cortex is running and accessible at the configured CORTEX_ENDPOINT.");
            eprintln!("  3. Your CORTEX_API_KEY has the necessary permissions.");
        }
    }

    Ok(())
}