@cyvest/cyvest-js 2.0.1

package/dist/index.js

@@ -0,0 +1,1768 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  LEVEL_COLORS: () => LEVEL_COLORS,
+  LEVEL_ORDER: () => LEVEL_ORDER,
+  LEVEL_VALUES: () => LEVEL_VALUES,
+  areConnected: () => areConnected,
+  compareLevels: () => compareLevels,
+  countRelationshipsByType: () => countRelationshipsByType,
+  findChecksAtLeast: () => findChecksAtLeast,
+  findChecksByCheckId: () => findChecksByCheckId,
+  findChecksByLevel: () => findChecksByLevel,
+  findChecksByScope: () => findChecksByScope,
+  findContainersAtLeast: () => findContainersAtLeast,
+  findContainersByLevel: () => findContainersByLevel,
+  findExternalObservables: () => findExternalObservables,
+  findInternalObservables: () => findInternalObservables,
+  findLeafObservables: () => findLeafObservables,
+  findManuallyScored: () => findManuallyScored,
+  findObservablesAtLeast: () => findObservablesAtLeast,
+  findObservablesByLevel: () => findObservablesByLevel,
+  findObservablesByType: () => findObservablesByType,
+  findObservablesByValue: () => findObservablesByValue,
+  findObservablesContaining: () => findObservablesContaining,
+  findObservablesMatching: () => findObservablesMatching,
+  findObservablesWithThreatIntel: () => findObservablesWithThreatIntel,
+  findOrphanObservables: () => findOrphanObservables,
+  findPath: () => findPath,
+  findRootObservables: () => findRootObservables,
+  findThreatIntelAtLeast: () => findThreatIntelAtLeast,
+  findThreatIntelByLevel: () => findThreatIntelByLevel,
+  findThreatIntelBySource: () => findThreatIntelBySource,
+  findWhitelistedObservables: () => findWhitelistedObservables,
+  generateCheckKey: () => generateCheckKey,
+  generateContainerKey: () => generateContainerKey,
+  generateEnrichmentKey: () => generateEnrichmentKey,
+  generateObservableKey: () => generateObservableKey,
+  generateThreatIntelKey: () => generateThreatIntelKey,
+  getAllChecks: () => getAllChecks,
+  getAllContainers: () => getAllContainers,
+  getAllEnrichments: () => getAllEnrichments,
+  getAllObservableTypes: () => getAllObservableTypes,
+  getAllObservables: () => getAllObservables,
+  getAllRelationshipTypes: () => getAllRelationshipTypes,
+  getAllScopes: () => getAllScopes,
+  getAllThreatIntelSources: () => getAllThreatIntelSources,
+  getAllThreatIntels: () => getAllThreatIntels,
+  getCheck: () => getCheck,
+  getCheckByIdScope: () => getCheckByIdScope,
+  getChecksForContainer: () => getChecksForContainer,
+  getChecksForObservable: () => getChecksForObservable,
+  getColorForLevel: () => getColorForLevel,
+  getColorForScore: () => getColorForScore,
+  getContainer: () => getContainer,
+  getContainerByPath: () => getContainerByPath,
+  getCounts: () => getCounts,
+  getDataExtraction: () => getDataExtraction,
+  getEnrichment: () => getEnrichment,
+  getEnrichmentByName: () => getEnrichmentByName,
+  getEntityLevel: () => getEntityLevel,
+  getHighestScoringChecks: () => getHighestScoringChecks,
+  getHighestScoringObservables: () => getHighestScoringObservables,
+  getLevelFromScore: () => getLevelFromScore,
+  getMaliciousChecks: () => getMaliciousChecks,
+  getMaliciousObservables: () => getMaliciousObservables,
+  getObservable: () => getObservable,
+  getObservableByTypeValue: () => getObservableByTypeValue,
+  getObservableChildren: () => getObservableChildren,
+  getObservableGraph: () => getObservableGraph,
+  getObservableParents: () => getObservableParents,
+  getObservablesForCheck: () => getObservablesForCheck,
+  getReachableObservables: () => getReachableObservables,
+  getRelatedObservables: () => getRelatedObservables,
+  getRelatedObservablesByDirection: () => getRelatedObservablesByDirection,
+  getRelatedObservablesByType: () => getRelatedObservablesByType,
+  getRelationshipsForObservable: () => getRelationshipsForObservable,
+  getStats: () => getStats,
+  getStatsChecks: () => getStatsChecks,
+  getSuspiciousChecks: () => getSuspiciousChecks,
+  getSuspiciousObservables: () => getSuspiciousObservables,
+  getThreatIntel: () => getThreatIntel,
+  getThreatIntelBySourceObservable: () => getThreatIntelBySourceObservable,
+  getThreatIntelsForObservable: () => getThreatIntelsForObservable,
+  getWhitelists: () => getWhitelists,
+  hasLevel: () => hasLevel,
+  isCyvest: () => isCyvest,
+  isLevelAtLeast: () => isLevelAtLeast,
+  isLevelHigherThan: () => isLevelHigherThan,
+  isLevelLowerThan: () => isLevelLowerThan,
+  isValidLevel: () => isValidLevel,
+  maxLevel: () => maxLevel,
+  minLevel: () => minLevel,
+  normalizeLevel: () => normalizeLevel,
+  parseCheckKey: () => parseCheckKey,
+  parseCyvest: () => parseCyvest,
+  parseKeyType: () => parseKeyType,
+  parseObservableKey: () => parseObservableKey,
+  parseThreatIntelKey: () => parseThreatIntelKey,
+  sortChecksByLevel: () => sortChecksByLevel,
+  sortChecksByScore: () => sortChecksByScore,
+  sortObservablesByLevel: () => sortObservablesByLevel,
+  sortObservablesByScore: () => sortObservablesByScore,
+  validateKey: () => validateKey
+});
+module.exports = __toCommonJS(index_exports);
+
+// src/helpers.ts
+var import__ = __toESM(require("ajv/dist/2020"));
+var import_ajv_formats = __toESM(require("ajv-formats"));
+
+// ../../../schema/cyvest.schema.json
+var cyvest_schema_default = {
+  $schema: "https://json-schema.org/draft/2020-12/schema",
+  $id: "https://cyvest.io/schema/investigation.json",
+  title: "Cyvest Investigation",
+  type: "object",
+  additionalProperties: false,
+  required: [
+    "score",
+    "level",
+    "whitelisted",
+    "whitelists",
+    "observables",
+    "checks",
+    "checks_by_level",
+    "threat_intels",
+    "enrichments",
+    "containers",
+    "stats",
+    "stats_checks",
+    "data_extraction"
+  ],
+  properties: {
+    score: {
+      type: "number"
+    },
+    level: {
+      $ref: "#/$defs/level"
+    },
+    whitelisted: {
+      type: "boolean"
+    },
+    whitelists: {
+      type: "array",
+      items: {
+        $ref: "#/$defs/whitelist"
+      },
+      default: []
+    },
+    observables: {
+      type: "object",
+      additionalProperties: {
+        $ref: "#/$defs/observable"
+      },
+      default: {}
+    },
+    checks: {
+      type: "object",
+      additionalProperties: {
+        type: "array",
+        items: {
+          $ref: "#/$defs/check"
+        },
+        default: []
+      },
+      default: {}
+    },
+    checks_by_level: {
+      type: "object",
+      additionalProperties: {
+        type: "array",
+        items: {
+          type: "string"
+        },
+        default: []
+      },
+      default: {}
+    },
+    threat_intels: {
+      type: "object",
+      additionalProperties: {
+        $ref: "#/$defs/threat_intel"
+      },
+      default: {}
+    },
+    enrichments: {
+      type: "object",
+      additionalProperties: {
+        $ref: "#/$defs/enrichment"
+      },
+      default: {}
+    },
+    containers: {
+      type: "object",
+      additionalProperties: {
+        $ref: "#/$defs/container"
+      },
+      default: {}
+    },
+    stats: {
+      $ref: "#/$defs/statistics"
+    },
+    stats_checks: {
+      $ref: "#/$defs/stats_checks"
+    },
+    data_extraction: {
+      $ref: "#/$defs/data_extraction"
+    }
+  },
+  $defs: {
+    level: {
+      type: "string",
+      enum: [
+        "NONE",
+        "TRUSTED",
+        "INFO",
+        "SAFE",
+        "NOTABLE",
+        "SUSPICIOUS",
+        "MALICIOUS"
+      ],
+      description: "Security level classification from NONE (lowest) to MALICIOUS (highest)."
+    },
+    relationship_direction: {
+      type: "string",
+      enum: [
+        "outbound",
+        "inbound",
+        "bidirectional"
+      ],
+      description: "Direction of a relationship between observables."
+    },
+    score_policy: {
+      type: "string",
+      enum: [
+        "auto",
+        "manual"
+      ],
+      description: "Score computation policy: 'auto' calculates from level, 'manual' uses explicit score."
+    },
+    score_mode: {
+      type: "string",
+      enum: [
+        "max",
+        "sum"
+      ],
+      description: "Score aggregation mode: 'max' takes highest score, 'sum' adds all scores."
+    },
+    whitelist: {
+      type: "object",
+      required: [
+        "identifier",
+        "name"
+      ],
+      properties: {
+        identifier: {
+          type: "string"
+        },
+        name: {
+          type: "string"
+        },
+        justification: {
+          type: [
+            "string",
+            "null"
+          ]
+        }
+      },
+      additionalProperties: false
+    },
+    relationship: {
+      type: "object",
+      required: [
+        "target_key",
+        "relationship_type",
+        "direction"
+      ],
+      properties: {
+        target_key: {
+          type: "string"
+        },
+        relationship_type: {
+          type: "string",
+          description: "Relationship label; defaults to related-to.",
+          examples: [
+            "related-to"
+          ]
+        },
+        direction: {
+          $ref: "#/$defs/relationship_direction"
+        }
+      },
+      additionalProperties: false
+    },
+    observable: {
+      type: "object",
+      required: [
+        "key",
+        "type",
+        "value",
+        "internal",
+        "whitelisted",
+        "comment",
+        "extra",
+        "score",
+        "level",
+        "relationships",
+        "threat_intels",
+        "generated_by_checks"
+      ],
+      properties: {
+        key: {
+          type: "string"
+        },
+        type: {
+          type: "string",
+          description: "Observable type (e.g., ipv4-addr, url). Custom values are allowed.",
+          examples: [
+            "ipv4-addr",
+            "ipv6-addr",
+            "domain-name",
+            "url",
+            "network-traffic",
+            "mac-addr",
+            "file",
+            "directory",
+            "email-addr",
+            "email-message",
+            "email-mime-part",
+            "user-account",
+            "process",
+            "software",
+            "windows-registry-key",
+            "artifact",
+            "autonomous-system",
+            "mutex",
+            "x509-certificate"
+          ]
+        },
+        value: {
+          type: "string"
+        },
+        internal: {
+          type: "boolean"
+        },
+        whitelisted: {
+          type: "boolean"
+        },
+        comment: {
+          type: "string"
+        },
+        extra: {
+          type: [
+            "object",
+            "null"
+          ],
+          default: {}
+        },
+        score: {
+          type: "number"
+        },
+        level: {
+          $ref: "#/$defs/level"
+        },
+        relationships: {
+          type: "array",
+          items: {
+            $ref: "#/$defs/relationship"
+          },
+          default: []
+        },
+        threat_intels: {
+          type: "array",
+          items: {
+            type: "string"
+          },
+          default: []
+        },
+        generated_by_checks: {
+          type: "array",
+          items: {
+            type: "string"
+          },
+          default: []
+        }
+      },
+      additionalProperties: false
+    },
+    check: {
+      type: "object",
+      required: [
+        "key",
+        "check_id",
+        "scope",
+        "description",
+        "comment",
+        "extra",
+        "score",
+        "level",
+        "score_policy",
+        "observables"
+      ],
+      properties: {
+        key: {
+          type: "string"
+        },
+        check_id: {
+          type: "string"
+        },
+        scope: {
+          type: "string"
+        },
+        description: {
+          type: "string"
+        },
+        comment: {
+          type: "string"
+        },
+        extra: {
+          type: [
+            "object",
+            "null"
+          ],
+          default: {}
+        },
+        score: {
+          type: "number"
+        },
+        level: {
+          $ref: "#/$defs/level"
+        },
+        score_policy: {
+          $ref: "#/$defs/score_policy"
+        },
+        observables: {
+          type: "array",
+          items: {
+            type: "string"
+          },
+          default: []
+        }
+      },
+      additionalProperties: false
+    },
+    threat_intel: {
+      type: "object",
+      required: [
+        "key",
+        "source",
+        "observable_key",
+        "comment",
+        "extra",
+        "score",
+        "level",
+        "taxonomies"
+      ],
+      properties: {
+        key: {
+          type: "string"
+        },
+        source: {
+          type: "string"
+        },
+        observable_key: {
+          type: "string"
+        },
+        comment: {
+          type: "string"
+        },
+        extra: {
+          type: [
+            "object",
+            "null"
+          ],
+          default: {}
+        },
+        score: {
+          type: "number"
+        },
+        level: {
+          $ref: "#/$defs/level"
+        },
+        taxonomies: {
+          type: "array",
+          items: {
+            type: "object"
+          },
+          default: []
+        }
+      },
+      additionalProperties: false
+    },
+    enrichment: {
+      type: "object",
+      required: [
+        "key",
+        "name",
+        "data",
+        "context"
+      ],
+      properties: {
+        key: {
+          type: "string"
+        },
+        name: {
+          type: "string"
+        },
+        data: {
+          type: "object"
+        },
+        context: {
+          type: "string"
+        }
+      },
+      additionalProperties: false
+    },
+    container: {
+      type: "object",
+      required: [
+        "key",
+        "path",
+        "description",
+        "checks",
+        "sub_containers",
+        "aggregated_score",
+        "aggregated_level"
+      ],
+      properties: {
+        key: {
+          type: "string"
+        },
+        path: {
+          type: "string"
+        },
+        description: {
+          type: "string"
+        },
+        checks: {
+          type: "array",
+          items: {
+            type: "string"
+          },
+          default: []
+        },
+        sub_containers: {
+          type: "object",
+          additionalProperties: {
+            $ref: "#/$defs/container"
+          },
+          default: {}
+        },
+        aggregated_score: {
+          type: "number"
+        },
+        aggregated_level: {
+          $ref: "#/$defs/level"
+        }
+      },
+      additionalProperties: false
+    },
+    statistics: {
+      type: "object",
+      required: [
+        "total_observables",
+        "internal_observables",
+        "external_observables",
+        "whitelisted_observables",
+        "observables_by_type",
+        "observables_by_level",
+        "observables_by_type_and_level",
+        "total_checks",
+        "applied_checks",
+        "checks_by_scope",
+        "checks_by_level",
+        "total_threat_intel",
+        "threat_intel_by_source",
+        "threat_intel_by_level",
+        "total_containers"
+      ],
+      properties: {
+        total_observables: {
+          type: "integer",
+          minimum: 0
+        },
+        internal_observables: {
+          type: "integer",
+          minimum: 0
+        },
+        external_observables: {
+          type: "integer",
+          minimum: 0
+        },
+        whitelisted_observables: {
+          type: "integer",
+          minimum: 0
+        },
+        observables_by_type: {
+          type: "object",
+          additionalProperties: {
+            type: "integer",
+            minimum: 0
+          },
+          default: {}
+        },
+        observables_by_level: {
+          type: "object",
+          additionalProperties: {
+            type: "integer",
+            minimum: 0
+          },
+          default: {}
+        },
+        observables_by_type_and_level: {
+          type: "object",
+          additionalProperties: {
+            type: "object",
+            additionalProperties: {
+              type: "integer",
+              minimum: 0
+            },
+            default: {}
+          },
+          default: {}
+        },
+        total_checks: {
+          type: "integer",
+          minimum: 0
+        },
+        applied_checks: {
+          type: "integer",
+          minimum: 0
+        },
+        checks_by_scope: {
+          type: "object",
+          additionalProperties: {
+            type: "integer",
+            minimum: 0
+          },
+          default: {}
+        },
+        checks_by_level: {
+          type: "object",
+          additionalProperties: {
+            type: "integer",
+            minimum: 0
+          },
+          default: {}
+        },
+        total_threat_intel: {
+          type: "integer",
+          minimum: 0
+        },
+        threat_intel_by_source: {
+          type: "object",
+          additionalProperties: {
+            type: "integer",
+            minimum: 0
+          },
+          default: {}
+        },
+        threat_intel_by_level: {
+          type: "object",
+          additionalProperties: {
+            type: "integer",
+            minimum: 0
+          },
+          default: {}
+        },
+        total_containers: {
+          type: "integer",
+          minimum: 0
+        }
+      },
+      additionalProperties: false
+    },
+    stats_checks: {
+      type: "object",
+      required: [
+        "checks",
+        "applied"
+      ],
+      properties: {
+        checks: {
+          type: "integer",
+          minimum: 0
+        },
+        applied: {
+          type: "integer",
+          minimum: 0
+        }
+      },
+      additionalProperties: false
+    },
+    data_extraction: {
+      type: "object",
+      required: [
+        "root_type",
+        "score_mode"
+      ],
+      properties: {
+        root_type: {
+          type: [
+            "string",
+            "null"
+          ],
+          description: "Root observable type used during data extraction.",
+          examples: [
+            "ipv4-addr",
+            "ipv6-addr",
+            "domain-name",
+            "url",
+            "network-traffic",
+            "mac-addr",
+            "file",
+            "directory",
+            "email-addr",
+            "email-message",
+            "email-mime-part",
+            "user-account",
+            "process",
+            "software",
+            "windows-registry-key",
+            "artifact",
+            "autonomous-system",
+            "mutex",
+            "x509-certificate"
+          ]
+        },
+        score_mode: {
+          $ref: "#/$defs/score_mode"
+        }
+      },
+      additionalProperties: false
+    }
+  }
+};
+
+// src/helpers.ts
+var ajv = new import__.default({ allErrors: true });
+(0, import_ajv_formats.default)(ajv);
+var validateFn = null;
+function getValidator() {
+  if (!validateFn) {
+    validateFn = ajv.compile(cyvest_schema_default);
+  }
+  return validateFn;
+}
+function parseCyvest(json) {
+  const validate = getValidator();
+  if (!validate(json)) {
+    const msg = ajv.errorsText(validate.errors || []);
+    throw new Error(`Invalid Cyvest payload: ${msg}`);
+  }
+  return json;
+}
+function isCyvest(json) {
+  const validate = getValidator();
+  return !!validate(json);
+}
+
+// src/keys.ts
+function normalizeValue(value) {
+  return value.trim().toLowerCase();
+}
+function hashString(content, length = 16) {
+  let hash = 0;
+  for (let i = 0; i < content.length; i++) {
+    const char = content.charCodeAt(i);
+    hash = (hash << 5) - hash + char | 0;
+  }
+  const hex = Math.abs(hash).toString(16).padStart(8, "0");
+  return hex.slice(0, length);
+}
+function generateObservableKey(obsType, value) {
+  const normalizedType = normalizeValue(obsType);
+  const normalizedValue = normalizeValue(value);
+  return `obs:${normalizedType}:${normalizedValue}`;
+}
+function generateCheckKey(checkId, scope) {
+  const normalizedId = normalizeValue(checkId);
+  const normalizedScope = normalizeValue(scope);
+  return `chk:${normalizedId}:${normalizedScope}`;
+}
+function generateThreatIntelKey(source, observableKey) {
+  const normalizedSource = normalizeValue(source);
+  return `ti:${normalizedSource}:${observableKey}`;
+}
+function generateEnrichmentKey(name, context) {
+  const normalizedName = normalizeValue(name);
+  if (context) {
+    const contextHash = hashString(context, 8);
+    return `enr:${normalizedName}:${contextHash}`;
+  }
+  return `enr:${normalizedName}`;
+}
+function generateContainerKey(path) {
+  let normalizedPath = path.replace(/\\/g, "/").replace(/^\/+|\/+$/g, "");
+  normalizedPath = normalizeValue(normalizedPath);
+  return `ctr:${normalizedPath}`;
+}
+function parseKeyType(key) {
+  if (key.includes(":")) {
+    const prefix = key.split(":", 1)[0];
+    if (["obs", "chk", "ti", "enr", "ctr"].includes(prefix)) {
+      return prefix;
+    }
+  }
+  return null;
+}
+function validateKey(key, expectedType) {
+  if (!key || !key.includes(":")) {
+    return false;
+  }
+  const keyType = parseKeyType(key);
+  if (!keyType) {
+    return false;
+  }
+  if (expectedType && keyType !== expectedType) {
+    return false;
+  }
+  return true;
+}
+function parseObservableKey(key) {
+  if (!validateKey(key, "obs")) {
+    return null;
+  }
+  const parts = key.split(":");
+  if (parts.length >= 3) {
+    return {
+      type: parts[1],
+      value: parts.slice(2).join(":")
+      // Handle values with colons
+    };
+  }
+  return null;
+}
+function parseCheckKey(key) {
+  if (!validateKey(key, "chk")) {
+    return null;
+  }
+  const parts = key.split(":");
+  if (parts.length >= 3) {
+    return {
+      checkId: parts[1],
+      scope: parts.slice(2).join(":")
+    };
+  }
+  return null;
+}
+function parseThreatIntelKey(key) {
+  if (!validateKey(key, "ti")) {
+    return null;
+  }
+  const parts = key.split(":");
+  if (parts.length >= 3) {
+    return {
+      source: parts[1],
+      observableKey: parts.slice(2).join(":")
+    };
+  }
+  return null;
+}
+
+// src/levels.ts
+var LEVEL_ORDER = [
+  "NONE",
+  "TRUSTED",
+  "INFO",
+  "SAFE",
+  "NOTABLE",
+  "SUSPICIOUS",
+  "MALICIOUS"
+];
+var LEVEL_VALUES = {
+  NONE: 0,
+  TRUSTED: 1,
+  INFO: 2,
+  SAFE: 3,
+  NOTABLE: 4,
+  SUSPICIOUS: 5,
+  MALICIOUS: 6
+};
+var LEVEL_COLORS = {
+  NONE: "#808080",
+  // gray
+  TRUSTED: "#22c55e",
+  // green
+  INFO: "#06b6d4",
+  // cyan
+  SAFE: "#4ade80",
+  // bright green
+  NOTABLE: "#eab308",
+  // yellow
+  SUSPICIOUS: "#f97316",
+  // orange
+  MALICIOUS: "#ef4444"
+  // red
+};
+function normalizeLevel(level) {
+  const upper = level.toUpperCase();
+  if (LEVEL_ORDER.includes(upper)) {
+    return upper;
+  }
+  throw new Error(`Invalid level name: ${level}`);
+}
+function isValidLevel(level) {
+  return LEVEL_ORDER.includes(level.toUpperCase());
+}
+function getLevelFromScore(score) {
+  if (score < 0) {
+    return "TRUSTED";
+  }
+  if (score === 0) {
+    return "INFO";
+  }
+  if (score < 3) {
+    return "NOTABLE";
+  }
+  if (score < 5) {
+    return "SUSPICIOUS";
+  }
+  return "MALICIOUS";
+}
+function compareLevels(a, b) {
+  const valueA = LEVEL_VALUES[a];
+  const valueB = LEVEL_VALUES[b];
+  if (valueA < valueB) return -1;
+  if (valueA > valueB) return 1;
+  return 0;
+}
+function isLevelHigherThan(a, b) {
+  return LEVEL_VALUES[a] > LEVEL_VALUES[b];
+}
+function isLevelLowerThan(a, b) {
+  return LEVEL_VALUES[a] < LEVEL_VALUES[b];
+}
+function isLevelAtLeast(a, minLevel2) {
+  return LEVEL_VALUES[a] >= LEVEL_VALUES[minLevel2];
+}
+function maxLevel(levels) {
+  if (levels.length === 0) return "NONE";
+  return levels.reduce(
+    (max, level) => isLevelHigherThan(level, max) ? level : max
+  );
+}
+function minLevel(levels) {
+  if (levels.length === 0) return "MALICIOUS";
+  return levels.reduce(
+    (min, level) => isLevelLowerThan(level, min) ? level : min
+  );
+}
+function getColorForLevel(level) {
+  return LEVEL_COLORS[level];
+}
+function getColorForScore(score) {
+  return getColorForLevel(getLevelFromScore(score));
+}
+function hasLevel(obj) {
+  return typeof obj === "object" && obj !== null && "level" in obj && typeof obj.level === "string" && isValidLevel(obj.level);
+}
+function getEntityLevel(entity) {
+  if ("aggregated_level" in entity) {
+    return entity.aggregated_level;
+  }
+  return entity.level;
+}
+
+// src/getters.ts
+function getObservable(inv, key) {
+  return inv.observables[key];
+}
+function getObservableByTypeValue(inv, type, value) {
+  const normalizedType = type.trim().toLowerCase();
+  const normalizedValue = value.trim().toLowerCase();
+  for (const obs of Object.values(inv.observables)) {
+    if (obs.type.toLowerCase() === normalizedType && obs.value.toLowerCase() === normalizedValue) {
+      return obs;
+    }
+  }
+  return void 0;
+}
+function getCheck(inv, key) {
+  for (const checks of Object.values(inv.checks)) {
+    for (const check of checks) {
+      if (check.key === key) {
+        return check;
+      }
+    }
+  }
+  return void 0;
+}
+function getCheckByIdScope(inv, checkId, scope) {
+  const normalizedId = checkId.trim().toLowerCase();
+  const normalizedScope = scope.trim().toLowerCase();
+  const scopeChecks = inv.checks[normalizedScope] || inv.checks[scope];
+  if (scopeChecks) {
+    return scopeChecks.find(
+      (c) => c.check_id.toLowerCase() === normalizedId
+    );
+  }
+  for (const checks of Object.values(inv.checks)) {
+    for (const check of checks) {
+      if (check.check_id.toLowerCase() === normalizedId && check.scope.toLowerCase() === normalizedScope) {
+        return check;
+      }
+    }
+  }
+  return void 0;
+}
+function getAllChecks(inv) {
+  const result = [];
+  for (const checks of Object.values(inv.checks)) {
+    result.push(...checks);
+  }
+  return result;
+}
+function getThreatIntel(inv, key) {
+  return inv.threat_intels[key];
+}
+function getThreatIntelBySourceObservable(inv, source, observableKey) {
+  const normalizedSource = source.trim().toLowerCase();
+  for (const ti of Object.values(inv.threat_intels)) {
+    if (ti.source.toLowerCase() === normalizedSource && ti.observable_key === observableKey) {
+      return ti;
+    }
+  }
+  return void 0;
+}
+function getAllThreatIntels(inv) {
+  return Object.values(inv.threat_intels);
+}
+function getEnrichment(inv, key) {
+  return inv.enrichments[key];
+}
+function getEnrichmentByName(inv, name) {
+  const normalizedName = name.trim().toLowerCase();
+  for (const enr of Object.values(inv.enrichments)) {
+    if (enr.name.toLowerCase() === normalizedName) {
+      return enr;
+    }
+  }
+  return void 0;
+}
+function getAllEnrichments(inv) {
+  return Object.values(inv.enrichments);
+}
+function getContainer(inv, key) {
+  if (inv.containers[key]) {
+    return inv.containers[key];
+  }
+  function searchSubContainers(containers) {
+    for (const container of Object.values(containers)) {
+      if (container.key === key) {
+        return container;
+      }
+      const found = searchSubContainers(container.sub_containers);
+      if (found) return found;
+    }
+    return void 0;
+  }
+  return searchSubContainers(inv.containers);
+}
+function getContainerByPath(inv, path) {
+  const normalizedPath = path.replace(/\\/g, "/").replace(/^\/+|\/+$/g, "").toLowerCase();
+  function searchContainers(containers) {
+    for (const container of Object.values(containers)) {
+      if (container.path.toLowerCase() === normalizedPath) {
+        return container;
+      }
+      const found = searchContainers(container.sub_containers);
+      if (found) return found;
+    }
+    return void 0;
+  }
+  return searchContainers(inv.containers);
+}
+function getAllContainers(inv) {
+  const result = [];
+  function collectContainers(containers) {
+    for (const container of Object.values(containers)) {
+      result.push(container);
+      collectContainers(container.sub_containers);
+    }
+  }
+  collectContainers(inv.containers);
+  return result;
+}
+function getAllObservables(inv) {
+  return Object.values(inv.observables);
+}
+function getWhitelists(inv) {
+  return inv.whitelists;
+}
+function getStats(inv) {
+  return inv.stats;
+}
+function getStatsChecks(inv) {
+  return inv.stats_checks;
+}
+function getDataExtraction(inv) {
+  return inv.data_extraction;
+}
+function getCounts(inv) {
+  return {
+    observables: Object.keys(inv.observables).length,
+    checks: getAllChecks(inv).length,
+    threatIntels: Object.keys(inv.threat_intels).length,
+    enrichments: Object.keys(inv.enrichments).length,
+    containers: getAllContainers(inv).length,
+    whitelists: inv.whitelists.length
+  };
+}
+
+// src/finders.ts
+function findObservablesByType(inv, type) {
+  const normalizedType = type.trim().toLowerCase();
+  return Object.values(inv.observables).filter(
+    (obs) => obs.type.toLowerCase() === normalizedType
+  );
+}
+function findObservablesByLevel(inv, level) {
+  return Object.values(inv.observables).filter((obs) => obs.level === level);
+}
+function findObservablesAtLeast(inv, minLevel2) {
+  return Object.values(inv.observables).filter(
+    (obs) => isLevelAtLeast(obs.level, minLevel2)
+  );
+}
+function findObservablesByValue(inv, value, caseSensitive = false) {
+  const searchValue = caseSensitive ? value : value.toLowerCase();
+  return Object.values(inv.observables).filter((obs) => {
+    const obsValue = caseSensitive ? obs.value : obs.value.toLowerCase();
+    return obsValue === searchValue;
+  });
+}
+function findObservablesContaining(inv, substring, caseSensitive = false) {
+  const searchStr = caseSensitive ? substring : substring.toLowerCase();
+  return Object.values(inv.observables).filter((obs) => {
+    const obsValue = caseSensitive ? obs.value : obs.value.toLowerCase();
+    return obsValue.includes(searchStr);
+  });
+}
+function findObservablesMatching(inv, pattern) {
+  return Object.values(inv.observables).filter((obs) => pattern.test(obs.value));
+}
+function findInternalObservables(inv) {
+  return Object.values(inv.observables).filter((obs) => obs.internal);
+}
+function findExternalObservables(inv) {
+  return Object.values(inv.observables).filter((obs) => !obs.internal);
+}
+function findWhitelistedObservables(inv) {
+  return Object.values(inv.observables).filter((obs) => obs.whitelisted);
+}
+function findObservablesWithThreatIntel(inv) {
+  return Object.values(inv.observables).filter(
+    (obs) => obs.threat_intels.length > 0
+  );
+}
+function findChecksByScope(inv, scope) {
+  const normalizedScope = scope.trim().toLowerCase();
+  if (inv.checks[scope]) {
+    return inv.checks[scope];
+  }
+  for (const [key, checks] of Object.entries(inv.checks)) {
+    if (key.toLowerCase() === normalizedScope) {
+      return checks;
+    }
+  }
+  return [];
+}
+function findChecksByLevel(inv, level) {
+  const result = [];
+  for (const checks of Object.values(inv.checks)) {
+    for (const check of checks) {
+      if (check.level === level) {
+        result.push(check);
+      }
+    }
+  }
+  return result;
+}
+function findChecksAtLeast(inv, minLevel2) {
+  const result = [];
+  for (const checks of Object.values(inv.checks)) {
+    for (const check of checks) {
+      if (isLevelAtLeast(check.level, minLevel2)) {
+        result.push(check);
+      }
+    }
+  }
+  return result;
+}
+function findChecksByCheckId(inv, checkId) {
+  const normalizedId = checkId.trim().toLowerCase();
+  const result = [];
+  for (const checks of Object.values(inv.checks)) {
+    for (const check of checks) {
+      if (check.check_id.toLowerCase() === normalizedId) {
+        result.push(check);
+      }
+    }
+  }
+  return result;
+}
+function findManuallyScored(inv) {
+  const result = [];
+  for (const checks of Object.values(inv.checks)) {
+    for (const check of checks) {
+      if (check.score_policy === "manual") {
+        result.push(check);
+      }
+    }
+  }
+  return result;
+}
+function findThreatIntelBySource(inv, source) {
+  const normalizedSource = source.trim().toLowerCase();
+  return Object.values(inv.threat_intels).filter(
+    (ti) => ti.source.toLowerCase() === normalizedSource
+  );
+}
+function findThreatIntelByLevel(inv, level) {
+  return Object.values(inv.threat_intels).filter((ti) => ti.level === level);
+}
+function findThreatIntelAtLeast(inv, minLevel2) {
+  return Object.values(inv.threat_intels).filter(
+    (ti) => isLevelAtLeast(ti.level, minLevel2)
+  );
+}
+function findContainersByLevel(inv, level) {
+  const result = [];
+  function searchContainers(containers) {
+    for (const container of Object.values(containers)) {
+      if (container.aggregated_level === level) {
+        result.push(container);
+      }
+      searchContainers(container.sub_containers);
+    }
+  }
+  searchContainers(inv.containers);
+  return result;
+}
+function findContainersAtLeast(inv, minLevel2) {
+  const result = [];
+  function searchContainers(containers) {
+    for (const container of Object.values(containers)) {
+      if (isLevelAtLeast(container.aggregated_level, minLevel2)) {
+        result.push(container);
+      }
+      searchContainers(container.sub_containers);
+    }
+  }
+  searchContainers(inv.containers);
+  return result;
+}
+function getChecksForObservable(inv, observableKey) {
+  const result = [];
+  for (const checks of Object.values(inv.checks)) {
+    for (const check of checks) {
+      if (check.observables.includes(observableKey)) {
+        result.push(check);
+      }
+    }
+  }
+  return result;
+}
+function getThreatIntelsForObservable(inv, observableKey) {
+  const observable = inv.observables[observableKey];
+  if (observable) {
+    return observable.threat_intels.map((tiKey) => inv.threat_intels[tiKey]).filter((ti) => ti !== void 0);
+  }
+  return Object.values(inv.threat_intels).filter(
+    (ti) => ti.observable_key === observableKey
+  );
+}
+function getObservablesForCheck(inv, checkKey) {
+  for (const checks of Object.values(inv.checks)) {
+    for (const check of checks) {
+      if (check.key === checkKey) {
+        return check.observables.map((obsKey) => inv.observables[obsKey]).filter((obs) => obs !== void 0);
+      }
+    }
+  }
+  return [];
+}
+function getChecksForContainer(inv, containerKey, recursive = false) {
+  const result = [];
+  function findContainer(containers) {
+    for (const container2 of Object.values(containers)) {
+      if (container2.key === containerKey) {
+        return container2;
+      }
+      const found = findContainer(container2.sub_containers);
+      if (found) return found;
+    }
+    return void 0;
+  }
+  function collectChecks(container2) {
+    for (const checkKey of container2.checks) {
+      for (const checks of Object.values(inv.checks)) {
+        for (const check of checks) {
+          if (check.key === checkKey) {
+            result.push(check);
+          }
+        }
+      }
+    }
+    if (recursive) {
+      for (const subContainer of Object.values(container2.sub_containers)) {
+        collectChecks(subContainer);
+      }
+    }
+  }
+  const container = findContainer(inv.containers);
+  if (container) {
+    collectChecks(container);
+  }
+  return result;
+}
+function sortObservablesByScore(observables) {
+  return [...observables].sort((a, b) => b.score - a.score);
+}
+function sortChecksByScore(checks) {
+  return [...checks].sort((a, b) => b.score - a.score);
+}
+function sortObservablesByLevel(observables) {
+  return [...observables].sort(
+    (a, b) => LEVEL_VALUES[b.level] - LEVEL_VALUES[a.level]
+  );
+}
+function sortChecksByLevel(checks) {
+  return [...checks].sort(
+    (a, b) => LEVEL_VALUES[b.level] - LEVEL_VALUES[a.level]
+  );
+}
+function getHighestScoringObservables(inv, n = 10) {
+  return sortObservablesByScore(Object.values(inv.observables)).slice(0, n);
+}
+function getHighestScoringChecks(inv, n = 10) {
+  const allChecks = [];
+  for (const checks of Object.values(inv.checks)) {
+    allChecks.push(...checks);
+  }
+  return sortChecksByScore(allChecks).slice(0, n);
+}
+function getMaliciousObservables(inv) {
+  return findObservablesByLevel(inv, "MALICIOUS");
+}
+function getSuspiciousObservables(inv) {
+  return findObservablesByLevel(inv, "SUSPICIOUS");
+}
+function getMaliciousChecks(inv) {
+  return findChecksByLevel(inv, "MALICIOUS");
+}
+function getSuspiciousChecks(inv) {
+  return findChecksByLevel(inv, "SUSPICIOUS");
+}
+function getAllScopes(inv) {
+  return Object.keys(inv.checks);
+}
+function getAllObservableTypes(inv) {
+  const types = /* @__PURE__ */ new Set();
+  for (const obs of Object.values(inv.observables)) {
+    types.add(obs.type);
+  }
+  return Array.from(types);
+}
+function getAllThreatIntelSources(inv) {
+  const sources = /* @__PURE__ */ new Set();
+  for (const ti of Object.values(inv.threat_intels)) {
+    sources.add(ti.source);
+  }
+  return Array.from(sources);
+}
+
+// src/graph.ts
+function getRelatedObservables(inv, observableKey) {
+  const observable = inv.observables[observableKey];
+  if (!observable) {
+    return [];
+  }
+  const relatedKeys = /* @__PURE__ */ new Set();
+  for (const rel of observable.relationships) {
+    relatedKeys.add(rel.target_key);
+  }
+  for (const [key, obs] of Object.entries(inv.observables)) {
+    if (key === observableKey) continue;
+    for (const rel of obs.relationships) {
+      if (rel.target_key === observableKey) {
+        relatedKeys.add(key);
+        break;
+      }
+    }
+  }
+  return Array.from(relatedKeys).map((key) => inv.observables[key]).filter((obs) => obs !== void 0);
+}
+function getObservableChildren(inv, observableKey) {
+  const observable = inv.observables[observableKey];
+  if (!observable) {
+    return [];
+  }
+  return observable.relationships.filter((rel) => rel.direction === "outbound" || rel.direction === "bidirectional").map((rel) => inv.observables[rel.target_key]).filter((obs) => obs !== void 0);
+}
+function getObservableParents(inv, observableKey) {
+  const parents = [];
+  for (const [key, obs] of Object.entries(inv.observables)) {
+    if (key === observableKey) continue;
+    for (const rel of obs.relationships) {
+      if (rel.target_key === observableKey && (rel.direction === "outbound" || rel.direction === "bidirectional")) {
+        parents.push(obs);
+        break;
+      }
+    }
+  }
+  return parents;
+}
+function getRelatedObservablesByType(inv, observableKey, relationshipType) {
+  const observable = inv.observables[observableKey];
+  if (!observable) {
+    return [];
+  }
+  const normalizedType = relationshipType.toLowerCase();
+  const relatedKeys = /* @__PURE__ */ new Set();
+  for (const rel of observable.relationships) {
+    if (rel.relationship_type.toLowerCase() === normalizedType) {
+      relatedKeys.add(rel.target_key);
+    }
+  }
+  for (const [key, obs] of Object.entries(inv.observables)) {
+    if (key === observableKey) continue;
+    for (const rel of obs.relationships) {
+      if (rel.target_key === observableKey && rel.relationship_type.toLowerCase() === normalizedType) {
+        relatedKeys.add(key);
+        break;
+      }
+    }
+  }
+  return Array.from(relatedKeys).map((key) => inv.observables[key]).filter((obs) => obs !== void 0);
+}
+function getRelatedObservablesByDirection(inv, observableKey, direction) {
+  const observable = inv.observables[observableKey];
+  if (!observable) {
+    return [];
+  }
+  const relatedKeys = /* @__PURE__ */ new Set();
+  if (direction === "outbound" || direction === "bidirectional") {
+    for (const rel of observable.relationships) {
+      if (rel.direction === direction || rel.direction === "bidirectional") {
+        relatedKeys.add(rel.target_key);
+      }
+    }
+  }
+  if (direction === "inbound" || direction === "bidirectional") {
+    for (const [key, obs] of Object.entries(inv.observables)) {
+      if (key === observableKey) continue;
+      for (const rel of obs.relationships) {
+        if (rel.target_key === observableKey && (rel.direction === "outbound" || rel.direction === "bidirectional")) {
+          relatedKeys.add(key);
+          break;
+        }
+      }
+    }
+  }
+  return Array.from(relatedKeys).map((key) => inv.observables[key]).filter((obs) => obs !== void 0);
+}
+function getObservableGraph(inv) {
+  const nodes = [];
+  const edges = [];
+  const seenEdges = /* @__PURE__ */ new Set();
+  for (const [key, obs] of Object.entries(inv.observables)) {
+    nodes.push({
+      id: key,
+      type: obs.type,
+      value: obs.value,
+      level: obs.level,
+      score: obs.score,
+      internal: obs.internal,
+      whitelisted: obs.whitelisted
+    });
+    for (const rel of obs.relationships) {
+      const edgeKey = rel.direction === "bidirectional" ? [key, rel.target_key].sort().join("--") : `${key}--${rel.target_key}`;
+      if (!seenEdges.has(edgeKey)) {
+        seenEdges.add(edgeKey);
+        edges.push({
+          source: key,
+          target: rel.target_key,
+          type: rel.relationship_type,
+          direction: rel.direction
+        });
+      }
+    }
+  }
+  return { nodes, edges };
+}
+function findRootObservables(inv) {
+  const targetKeys = /* @__PURE__ */ new Set();
+  for (const obs of Object.values(inv.observables)) {
+    for (const rel of obs.relationships) {
+      if (rel.direction === "outbound" || rel.direction === "bidirectional") {
+        targetKeys.add(rel.target_key);
+      }
+    }
+  }
+  return Object.values(inv.observables).filter(
+    (obs) => !targetKeys.has(obs.key)
+  );
+}
+function findOrphanObservables(inv) {
+  const connectedKeys = /* @__PURE__ */ new Set();
+  for (const obs of Object.values(inv.observables)) {
+    if (obs.relationships.length > 0) {
+      connectedKeys.add(obs.key);
+      for (const rel of obs.relationships) {
+        connectedKeys.add(rel.target_key);
+      }
+    }
+  }
+  return Object.values(inv.observables).filter(
+    (obs) => !connectedKeys.has(obs.key)
+  );
+}
+function findLeafObservables(inv) {
+  const hasOutbound = /* @__PURE__ */ new Set();
+  const isTarget = /* @__PURE__ */ new Set();
+  for (const obs of Object.values(inv.observables)) {
+    for (const rel of obs.relationships) {
+      if (rel.direction === "outbound" || rel.direction === "bidirectional") {
+        hasOutbound.add(obs.key);
+        isTarget.add(rel.target_key);
+      }
+    }
+  }
+  return Object.values(inv.observables).filter(
+    (obs) => isTarget.has(obs.key) && !hasOutbound.has(obs.key)
+  );
+}
+function areConnected(inv, sourceKey, targetKey) {
+  if (sourceKey === targetKey) return true;
+  const visited = /* @__PURE__ */ new Set();
+  const queue = [sourceKey];
+  while (queue.length > 0) {
+    const current = queue.shift();
+    if (visited.has(current)) continue;
+    visited.add(current);
+    const obs = inv.observables[current];
+    if (!obs) continue;
+    for (const rel of obs.relationships) {
+      if (rel.target_key === targetKey) {
+        return true;
+      }
+      if (!visited.has(rel.target_key)) {
+        queue.push(rel.target_key);
+      }
+    }
+  }
+  return false;
+}
+function findPath(inv, sourceKey, targetKey) {
+  if (sourceKey === targetKey) return [sourceKey];
+  const visited = /* @__PURE__ */ new Set();
+  const queue = [
+    { key: sourceKey, path: [sourceKey] }
+  ];
+  while (queue.length > 0) {
+    const { key: current, path } = queue.shift();
+    if (visited.has(current)) continue;
+    visited.add(current);
+    const obs = inv.observables[current];
+    if (!obs) continue;
+    for (const rel of obs.relationships) {
+      if (rel.target_key === targetKey) {
+        return [...path, targetKey];
+      }
+      if (!visited.has(rel.target_key)) {
+        queue.push({ key: rel.target_key, path: [...path, rel.target_key] });
+      }
+    }
+  }
+  return null;
+}
+function getReachableObservables(inv, startKey, maxDepth = Infinity) {
+  const visited = /* @__PURE__ */ new Set();
+  const result = [];
+  function traverse(key, depth) {
+    if (depth > maxDepth || visited.has(key)) return;
+    visited.add(key);
+    const obs = inv.observables[key];
+    if (!obs) return;
+    result.push(obs);
+    for (const rel of obs.relationships) {
+      traverse(rel.target_key, depth + 1);
+    }
+  }
+  traverse(startKey, 0);
+  return result;
+}
+function getAllRelationshipTypes(inv) {
+  const types = /* @__PURE__ */ new Set();
+  for (const obs of Object.values(inv.observables)) {
+    for (const rel of obs.relationships) {
+      types.add(rel.relationship_type);
+    }
+  }
+  return Array.from(types);
+}
+function countRelationshipsByType(inv) {
+  const counts = {};
+  for (const obs of Object.values(inv.observables)) {
+    for (const rel of obs.relationships) {
+      counts[rel.relationship_type] = (counts[rel.relationship_type] || 0) + 1;
+    }
+  }
+  return counts;
+}
+function getRelationshipsForObservable(inv, observableKey) {
+  const observable = inv.observables[observableKey];
+  const outbound = observable?.relationships || [];
+  const inbound = [];
+  for (const [key, obs] of Object.entries(inv.observables)) {
+    if (key === observableKey) continue;
+    for (const rel of obs.relationships) {
+      if (rel.target_key === observableKey) {
+        inbound.push({ ...rel, source_key: key });
+      }
+    }
+  }
+  return {
+    outbound,
+    inbound,
+    all: [
+      ...outbound,
+      ...inbound
+    ]
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  LEVEL_COLORS,
+  LEVEL_ORDER,
+  LEVEL_VALUES,
+  areConnected,
+  compareLevels,
+  countRelationshipsByType,
+  findChecksAtLeast,
+  findChecksByCheckId,
+  findChecksByLevel,
+  findChecksByScope,
+  findContainersAtLeast,
+  findContainersByLevel,
+  findExternalObservables,
+  findInternalObservables,
+  findLeafObservables,
+  findManuallyScored,
+  findObservablesAtLeast,
+  findObservablesByLevel,
+  findObservablesByType,
+  findObservablesByValue,
+  findObservablesContaining,
+  findObservablesMatching,
+  findObservablesWithThreatIntel,
+  findOrphanObservables,
+  findPath,
+  findRootObservables,
+  findThreatIntelAtLeast,
+  findThreatIntelByLevel,
+  findThreatIntelBySource,
+  findWhitelistedObservables,
+  generateCheckKey,
+  generateContainerKey,
+  generateEnrichmentKey,
+  generateObservableKey,
+  generateThreatIntelKey,
+  getAllChecks,
+  getAllContainers,
+  getAllEnrichments,
+  getAllObservableTypes,
+  getAllObservables,
+  getAllRelationshipTypes,
+  getAllScopes,
+  getAllThreatIntelSources,
+  getAllThreatIntels,
+  getCheck,
+  getCheckByIdScope,
+  getChecksForContainer,
+  getChecksForObservable,
+  getColorForLevel,
+  getColorForScore,
+  getContainer,
+  getContainerByPath,
+  getCounts,
+  getDataExtraction,
+  getEnrichment,
+  getEnrichmentByName,
+  getEntityLevel,
+  getHighestScoringChecks,
+  getHighestScoringObservables,
+  getLevelFromScore,
+  getMaliciousChecks,
+  getMaliciousObservables,
+  getObservable,
+  getObservableByTypeValue,
+  getObservableChildren,
+  getObservableGraph,
+  getObservableParents,
+  getObservablesForCheck,
+  getReachableObservables,
+  getRelatedObservables,
+  getRelatedObservablesByDirection,
+  getRelatedObservablesByType,
+  getRelationshipsForObservable,
+  getStats,
+  getStatsChecks,
+  getSuspiciousChecks,
+  getSuspiciousObservables,
+  getThreatIntel,
+  getThreatIntelBySourceObservable,
+  getThreatIntelsForObservable,
+  getWhitelists,
+  hasLevel,
+  isCyvest,
+  isLevelAtLeast,
+  isLevelHigherThan,
+  isLevelLowerThan,
+  isValidLevel,
+  maxLevel,
+  minLevel,
+  normalizeLevel,
+  parseCheckKey,
+  parseCyvest,
+  parseKeyType,
+  parseObservableKey,
+  parseThreatIntelKey,
+  sortChecksByLevel,
+  sortChecksByScore,
+  sortObservablesByLevel,
+  sortObservablesByScore,
+  validateKey
+});