From 8f99f2d470d4e49f4d812743d0e81bc4836396e2 Mon Sep 17 00:00:00 2001
From: Thomas Legris <thomas@deepfence.io>
Date: Fri, 17 Jan 2025 17:52:24 +0900
Subject: [PATCH] add communication messages

---
 deepfence_agent/plugins/yara-rules  |  2 +-
 deepfence_utils/threatintel/coms.go | 47 +++++++++++++++++++++++++++++
 2 files changed, 48 insertions(+), 1 deletion(-)
 create mode 100644 deepfence_utils/threatintel/coms.go

diff --git a/deepfence_agent/plugins/yara-rules b/deepfence_agent/plugins/yara-rules
index 52b862610d..c1afa63ddf 160000
--- a/deepfence_agent/plugins/yara-rules
+++ b/deepfence_agent/plugins/yara-rules
@@ -1 +1 @@
-Subproject commit 52b862610dd547de4588567ecf4fde0199b07f72
+Subproject commit c1afa63ddf1e9bb1717432309cdf37195171ef9f
diff --git a/deepfence_utils/threatintel/coms.go b/deepfence_utils/threatintel/coms.go
new file mode 100644
index 0000000000..0c0e425222
--- /dev/null
+++ b/deepfence_utils/threatintel/coms.go
@@ -0,0 +1,47 @@
+package threatintel
+
+import (
+	"encoding/json"
+	"errors"
+	"io"
+	"net/http"
+)
+
+type Message struct {
+	ID        int    `json:"id"`
+	Content   string `json:"content"`
+	UpdatedAt int64  `json:"updated_at"`
+}
+
+type Coms struct {
+	UpdatedAt int64     `json:"updated_at"`
+	Messages  []Message `json:"messages"`
+}
+
+const comsURL = "https://deepfence-coms.s3.us-east-2.amazonaws.com/ThreatMapper/coms.json"
+
+func GetCommunicationMessages() (Coms, error) {
+
+	resp, err := http.Get(comsURL)
+	if err != nil {
+		return Coms{}, err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		return Coms{}, errors.New("Failed reaching data")
+	}
+
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return Coms{}, err
+	}
+
+	var data Coms
+	err = json.Unmarshal(body, &data)
+	if err != nil {
+		return Coms{}, err
+	}
+
+	return data, nil
+}