@cyvest/cyvest-js 3.1.0 → 4.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.mts +113 -111
- package/dist/index.d.ts +113 -111
- package/dist/index.js +212 -39
- package/dist/index.mjs +212 -38
- package/package.json +5 -5
- package/src/finders.ts +29 -20
- package/src/types.generated.ts +108 -99
- package/tests/getters-finders.test.ts +38 -18
- package/tests/graph.test.ts +19 -10
- package/vitest.config.ts +8 -0
package/dist/index.d.mts
CHANGED
|
@@ -1,84 +1,46 @@
|
|
|
1
1
|
/**
|
|
2
|
-
*
|
|
2
|
+
* Optional human-readable investigation name.
|
|
3
3
|
*/
|
|
4
|
-
type
|
|
5
|
-
/**
|
|
6
|
-
* Global investigation score.
|
|
7
|
-
*/
|
|
8
|
-
type Score = number;
|
|
4
|
+
type InvestigationName = string | null;
|
|
9
5
|
/**
|
|
10
6
|
* Security level classification for checks, observables, and threat intelligence.
|
|
11
7
|
*
|
|
12
8
|
* Levels are ordered from lowest (NONE) to highest (MALICIOUS) severity.
|
|
13
9
|
*/
|
|
14
10
|
type Level = "NONE" | "TRUSTED" | "INFO" | "SAFE" | "NOTABLE" | "SUSPICIOUS" | "MALICIOUS";
|
|
15
|
-
/**
|
|
16
|
-
* Whether the investigation is whitelisted.
|
|
17
|
-
*/
|
|
18
|
-
type Whitelisted = boolean;
|
|
19
|
-
type Identifier = string;
|
|
20
|
-
type Name = string;
|
|
21
11
|
type Justification = string | null;
|
|
22
12
|
/**
|
|
23
13
|
* List of whitelist entries applied to this investigation.
|
|
24
14
|
*/
|
|
25
15
|
type Whitelists = InvestigationWhitelist[];
|
|
26
|
-
type
|
|
27
|
-
type
|
|
28
|
-
type
|
|
29
|
-
type
|
|
30
|
-
type
|
|
31
|
-
|
|
16
|
+
type Actor = string | null;
|
|
17
|
+
type Reason = string | null;
|
|
18
|
+
type Tool = string | null;
|
|
19
|
+
type ObjectType = string | null;
|
|
20
|
+
type ObjectKey = string | null;
|
|
21
|
+
/**
|
|
22
|
+
* Append-only investigation audit log.
|
|
23
|
+
*/
|
|
24
|
+
type EventLog = AuditEvent[];
|
|
32
25
|
type ThreatIntels = string[];
|
|
33
|
-
type TargetKey = string;
|
|
34
|
-
type RelationshipType = string;
|
|
35
26
|
/**
|
|
36
27
|
* Direction of a relationship between observables.
|
|
37
28
|
*/
|
|
38
29
|
type RelationshipDirection = "outbound" | "inbound" | "bidirectional";
|
|
39
30
|
type Relationships = Relationship[];
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
type
|
|
48
|
-
type
|
|
49
|
-
type Score2 = number;
|
|
50
|
-
type Observables1 = string[];
|
|
51
|
-
/**
|
|
52
|
-
* Controls how a check reacts to linked observables.
|
|
53
|
-
*/
|
|
54
|
-
type CheckScorePolicy = "auto" | "manual";
|
|
55
|
-
type Key1 = string;
|
|
56
|
-
type Source = string;
|
|
57
|
-
type ObservableKey = string;
|
|
58
|
-
type Comment2 = string;
|
|
59
|
-
type Score3 = number;
|
|
31
|
+
/**
|
|
32
|
+
* Checks that currently link to this observable (navigation-only).
|
|
33
|
+
*/
|
|
34
|
+
type CheckLinks = string[];
|
|
35
|
+
/**
|
|
36
|
+
* Controls how a Check↔Observable link propagates across merged investigations.
|
|
37
|
+
*/
|
|
38
|
+
type PropagationMode = "LOCAL_ONLY" | "GLOBAL";
|
|
39
|
+
type ObservableLinks = ObservableLink[];
|
|
60
40
|
type Taxonomies = {
|
|
61
41
|
[k: string]: unknown;
|
|
62
42
|
}[];
|
|
63
|
-
type Key2 = string;
|
|
64
|
-
type Name1 = string;
|
|
65
|
-
type Context = string;
|
|
66
|
-
type Key3 = string;
|
|
67
|
-
type Path = string;
|
|
68
|
-
type Description1 = string;
|
|
69
43
|
type Checks1 = string[];
|
|
70
|
-
type Key4 = string;
|
|
71
|
-
type AggregatedScore = number;
|
|
72
|
-
type TotalObservables = number;
|
|
73
|
-
type InternalObservables = number;
|
|
74
|
-
type ExternalObservables = number;
|
|
75
|
-
type WhitelistedObservables = number;
|
|
76
|
-
type TotalChecks = number;
|
|
77
|
-
type AppliedChecks = number;
|
|
78
|
-
type TotalThreatIntel = number;
|
|
79
|
-
type TotalContainers = number;
|
|
80
|
-
type Checks2 = number;
|
|
81
|
-
type Applied = number;
|
|
82
44
|
/**
|
|
83
45
|
* Root observable type used during data extraction.
|
|
84
46
|
*/
|
|
@@ -98,11 +60,26 @@ type ScoreMode = "max" | "sum";
|
|
|
98
60
|
* schemas matching the actual model_dump() output.
|
|
99
61
|
*/
|
|
100
62
|
interface CyvestInvestigation {
|
|
101
|
-
|
|
102
|
-
|
|
63
|
+
/**
|
|
64
|
+
* Stable investigation identity (ULID).
|
|
65
|
+
*/
|
|
66
|
+
investigation_id: string;
|
|
67
|
+
investigation_name?: InvestigationName;
|
|
68
|
+
/**
|
|
69
|
+
* Investigation start time (UTC).
|
|
70
|
+
*/
|
|
71
|
+
started_at: string;
|
|
72
|
+
/**
|
|
73
|
+
* Global investigation score.
|
|
74
|
+
*/
|
|
75
|
+
score: number;
|
|
103
76
|
level: Level;
|
|
104
|
-
|
|
77
|
+
/**
|
|
78
|
+
* Whether the investigation is whitelisted.
|
|
79
|
+
*/
|
|
80
|
+
whitelisted: boolean;
|
|
105
81
|
whitelists: Whitelists;
|
|
82
|
+
event_log?: EventLog;
|
|
106
83
|
observables: Observables;
|
|
107
84
|
checks: Checks;
|
|
108
85
|
checks_by_level: ChecksByLevel;
|
|
@@ -112,16 +89,38 @@ interface CyvestInvestigation {
|
|
|
112
89
|
stats: StatisticsSchema;
|
|
113
90
|
stats_checks: StatsChecksSchema;
|
|
114
91
|
data_extraction: DataExtractionSchema;
|
|
92
|
+
/**
|
|
93
|
+
* Global investigation score formatted as fixed-point x.xx.
|
|
94
|
+
*/
|
|
95
|
+
score_display: string;
|
|
115
96
|
}
|
|
116
97
|
/**
|
|
117
98
|
* Represents a whitelist entry on an investigation.
|
|
118
99
|
*/
|
|
119
100
|
interface InvestigationWhitelist {
|
|
120
|
-
identifier:
|
|
121
|
-
name:
|
|
101
|
+
identifier: string;
|
|
102
|
+
name: string;
|
|
122
103
|
justification?: Justification;
|
|
123
104
|
[k: string]: unknown;
|
|
124
105
|
}
|
|
106
|
+
/**
|
|
107
|
+
* Centralized audit event for investigation-level changes.
|
|
108
|
+
*/
|
|
109
|
+
interface AuditEvent {
|
|
110
|
+
event_id: string;
|
|
111
|
+
timestamp: string;
|
|
112
|
+
event_type: string;
|
|
113
|
+
actor?: Actor;
|
|
114
|
+
reason?: Reason;
|
|
115
|
+
tool?: Tool;
|
|
116
|
+
object_type?: ObjectType;
|
|
117
|
+
object_key?: ObjectKey;
|
|
118
|
+
details?: Details;
|
|
119
|
+
[k: string]: unknown;
|
|
120
|
+
}
|
|
121
|
+
interface Details {
|
|
122
|
+
[k: string]: unknown;
|
|
123
|
+
}
|
|
125
124
|
/**
|
|
126
125
|
* Observables keyed by their unique key.
|
|
127
126
|
*/
|
|
@@ -135,18 +134,19 @@ interface Observables {
|
|
|
135
134
|
* through relationships.
|
|
136
135
|
*/
|
|
137
136
|
interface Observable {
|
|
138
|
-
type:
|
|
139
|
-
value:
|
|
140
|
-
internal:
|
|
141
|
-
whitelisted:
|
|
142
|
-
comment:
|
|
137
|
+
type: string;
|
|
138
|
+
value: string;
|
|
139
|
+
internal: boolean;
|
|
140
|
+
whitelisted: boolean;
|
|
141
|
+
comment: string;
|
|
143
142
|
extra: Extra;
|
|
144
|
-
score:
|
|
143
|
+
score: number;
|
|
145
144
|
level: Level;
|
|
146
145
|
threat_intels: ThreatIntels;
|
|
147
146
|
relationships: Relationships;
|
|
148
|
-
key:
|
|
149
|
-
|
|
147
|
+
key: string;
|
|
148
|
+
check_links: CheckLinks;
|
|
149
|
+
score_display: string;
|
|
150
150
|
[k: string]: unknown;
|
|
151
151
|
}
|
|
152
152
|
interface Extra {
|
|
@@ -156,8 +156,8 @@ interface Extra {
|
|
|
156
156
|
* Represents a relationship between observables.
|
|
157
157
|
*/
|
|
158
158
|
interface Relationship {
|
|
159
|
-
target_key:
|
|
160
|
-
relationship_type:
|
|
159
|
+
target_key: string;
|
|
160
|
+
relationship_type: string;
|
|
161
161
|
direction: RelationshipDirection;
|
|
162
162
|
[k: string]: unknown;
|
|
163
163
|
}
|
|
@@ -174,21 +174,29 @@ interface Checks {
|
|
|
174
174
|
* and contributes to the overall investigation score.
|
|
175
175
|
*/
|
|
176
176
|
interface Check {
|
|
177
|
-
check_id:
|
|
178
|
-
scope:
|
|
179
|
-
description:
|
|
180
|
-
comment:
|
|
177
|
+
check_id: string;
|
|
178
|
+
scope: string;
|
|
179
|
+
description: string;
|
|
180
|
+
comment: string;
|
|
181
181
|
extra: Extra1;
|
|
182
|
-
score:
|
|
182
|
+
score: number;
|
|
183
183
|
level: Level;
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
key:
|
|
184
|
+
origin_investigation_id: string;
|
|
185
|
+
observable_links: ObservableLinks;
|
|
186
|
+
key: string;
|
|
187
|
+
score_display: string;
|
|
187
188
|
[k: string]: unknown;
|
|
188
189
|
}
|
|
189
190
|
interface Extra1 {
|
|
190
191
|
[k: string]: unknown;
|
|
191
192
|
}
|
|
193
|
+
/**
|
|
194
|
+
* Edge metadata for a Check↔Observable association.
|
|
195
|
+
*/
|
|
196
|
+
interface ObservableLink {
|
|
197
|
+
observable_key: string;
|
|
198
|
+
propagation_mode?: PropagationMode;
|
|
199
|
+
}
|
|
192
200
|
/**
|
|
193
201
|
* Check keys organized by level name.
|
|
194
202
|
*/
|
|
@@ -208,14 +216,15 @@ interface ThreatIntels1 {
|
|
|
208
216
|
* like VirusTotal, URLScan.io, etc.
|
|
209
217
|
*/
|
|
210
218
|
interface ThreatIntel {
|
|
211
|
-
source:
|
|
212
|
-
observable_key:
|
|
213
|
-
comment:
|
|
219
|
+
source: string;
|
|
220
|
+
observable_key: string;
|
|
221
|
+
comment: string;
|
|
214
222
|
extra: Extra2;
|
|
215
|
-
score:
|
|
223
|
+
score: number;
|
|
216
224
|
level: Level;
|
|
217
225
|
taxonomies: Taxonomies;
|
|
218
|
-
key:
|
|
226
|
+
key: string;
|
|
227
|
+
score_display: string;
|
|
219
228
|
[k: string]: unknown;
|
|
220
229
|
}
|
|
221
230
|
interface Extra2 {
|
|
@@ -234,10 +243,10 @@ interface Enrichments {
|
|
|
234
243
|
* context but doesn't directly contribute to scoring.
|
|
235
244
|
*/
|
|
236
245
|
interface Enrichment {
|
|
237
|
-
name:
|
|
246
|
+
name: string;
|
|
238
247
|
data: Data;
|
|
239
|
-
context:
|
|
240
|
-
key:
|
|
248
|
+
context: string;
|
|
249
|
+
key: string;
|
|
241
250
|
[k: string]: unknown;
|
|
242
251
|
}
|
|
243
252
|
interface Data {
|
|
@@ -256,12 +265,12 @@ interface Containers {
|
|
|
256
265
|
* with aggregated scores and levels.
|
|
257
266
|
*/
|
|
258
267
|
interface Container {
|
|
259
|
-
path:
|
|
260
|
-
description?:
|
|
268
|
+
path: string;
|
|
269
|
+
description?: string;
|
|
261
270
|
checks: Checks1;
|
|
262
271
|
sub_containers: SubContainers;
|
|
263
|
-
key:
|
|
264
|
-
aggregated_score:
|
|
272
|
+
key: string;
|
|
273
|
+
aggregated_score: number;
|
|
265
274
|
aggregated_level: Level;
|
|
266
275
|
}
|
|
267
276
|
interface SubContainers {
|
|
@@ -273,21 +282,21 @@ interface SubContainers {
|
|
|
273
282
|
* Mirrors the output of `InvestigationStats.get_summary()`.
|
|
274
283
|
*/
|
|
275
284
|
interface StatisticsSchema {
|
|
276
|
-
total_observables:
|
|
277
|
-
internal_observables:
|
|
278
|
-
external_observables:
|
|
279
|
-
whitelisted_observables:
|
|
285
|
+
total_observables: number;
|
|
286
|
+
internal_observables: number;
|
|
287
|
+
external_observables: number;
|
|
288
|
+
whitelisted_observables: number;
|
|
280
289
|
observables_by_type?: ObservablesByType;
|
|
281
290
|
observables_by_level?: ObservablesByLevel;
|
|
282
291
|
observables_by_type_and_level?: ObservablesByTypeAndLevel;
|
|
283
|
-
total_checks:
|
|
284
|
-
applied_checks:
|
|
292
|
+
total_checks: number;
|
|
293
|
+
applied_checks: number;
|
|
285
294
|
checks_by_scope?: ChecksByScope;
|
|
286
295
|
checks_by_level?: ChecksByLevel1;
|
|
287
|
-
total_threat_intel:
|
|
296
|
+
total_threat_intel: number;
|
|
288
297
|
threat_intel_by_source?: ThreatIntelBySource;
|
|
289
298
|
threat_intel_by_level?: ThreatIntelByLevel;
|
|
290
|
-
total_containers:
|
|
299
|
+
total_containers: number;
|
|
291
300
|
}
|
|
292
301
|
interface ObservablesByType {
|
|
293
302
|
[k: string]: number;
|
|
@@ -316,8 +325,8 @@ interface ThreatIntelByLevel {
|
|
|
316
325
|
* Schema for check statistics summary.
|
|
317
326
|
*/
|
|
318
327
|
interface StatsChecksSchema {
|
|
319
|
-
checks:
|
|
320
|
-
applied:
|
|
328
|
+
checks: number;
|
|
329
|
+
applied: number;
|
|
321
330
|
}
|
|
322
331
|
/**
|
|
323
332
|
* Schema for data extraction metadata.
|
|
@@ -989,13 +998,6 @@ declare function findChecksAtLeast(inv: CyvestInvestigation, minLevel: Level): C
|
|
|
989
998
|
* @returns Array of matching checks
|
|
990
999
|
*/
|
|
991
1000
|
declare function findChecksByCheckId(inv: CyvestInvestigation, checkId: string): Check[];
|
|
992
|
-
/**
|
|
993
|
-
* Find checks with score policy set to manual.
|
|
994
|
-
*
|
|
995
|
-
* @param inv - The investigation to search
|
|
996
|
-
* @returns Array of manually scored checks
|
|
997
|
-
*/
|
|
998
|
-
declare function findManuallyScored(inv: CyvestInvestigation): Check[];
|
|
999
1001
|
/**
|
|
1000
1002
|
* Find all threat intel from a specific source.
|
|
1001
1003
|
*
|
|
@@ -1369,4 +1371,4 @@ declare function getRelationshipsForObservable(inv: CyvestInvestigation, observa
|
|
|
1369
1371
|
}>;
|
|
1370
1372
|
};
|
|
1371
1373
|
|
|
1372
|
-
export { type
|
|
1374
|
+
export { type Actor, type AuditEvent, type Check, type CheckLinks, type Checks, type Checks1, type ChecksByLevel, type ChecksByLevel1, type ChecksByScope, type Container, type Containers, type CyvestInvestigation, type Data, type DataExtractionSchema, type Details, type Enrichment, type Enrichments, type EventLog, type Extra, type Extra1, type Extra2, type GraphEdge, type GraphNode, type InvestigationCounts, type InvestigationGraph, type InvestigationName, type InvestigationWhitelist, type Justification, type KeyType, LEVEL_COLORS, LEVEL_ORDER, LEVEL_VALUES, type Level, type ObjectKey, type ObjectType, type Observable, type ObservableLink, type ObservableLinks, type Observables, type ObservablesByLevel, type ObservablesByType, type ObservablesByTypeAndLevel, type PropagationMode, type Reason, type Relationship, type RelationshipDirection, type Relationships, type RootType, type ScoreMode, type StatisticsSchema, type StatsChecksSchema, type SubContainers, type Taxonomies, type ThreatIntel, type ThreatIntelByLevel, type ThreatIntelBySource, type ThreatIntels, type ThreatIntels1, type Tool, type Whitelists, areConnected, compareLevels, countRelationshipsByType, findChecksAtLeast, findChecksByCheckId, findChecksByLevel, findChecksByScope, findContainersAtLeast, findContainersByLevel, findExternalObservables, findInternalObservables, findLeafObservables, findObservablesAtLeast, findObservablesByLevel, findObservablesByType, findObservablesByValue, findObservablesContaining, findObservablesMatching, findObservablesWithThreatIntel, findOrphanObservables, findPath, findRootObservables, findThreatIntelAtLeast, findThreatIntelByLevel, findThreatIntelBySource, findWhitelistedObservables, generateCheckKey, generateContainerKey, generateEnrichmentKey, generateObservableKey, generateThreatIntelKey, getAllChecks, getAllContainers, getAllEnrichments, getAllObservableTypes, getAllObservables, getAllRelationshipTypes, getAllScopes, getAllThreatIntelSources, getAllThreatIntels, getCheck, getCheckByIdScope, getChecksForContainer, getChecksForObservable, getColorForLevel, getColorForScore, getContainer, getContainerByPath, getCounts, getDataExtraction, getEnrichment, getEnrichmentByName, getEntityLevel, getHighestScoringChecks, getHighestScoringObservables, getLevelFromScore, getMaliciousChecks, getMaliciousObservables, getObservable, getObservableByTypeValue, getObservableChildren, getObservableGraph, getObservableParents, getObservablesForCheck, getReachableObservables, getRelatedObservables, getRelatedObservablesByDirection, getRelatedObservablesByType, getRelationshipsForObservable, getStats, getStatsChecks, getSuspiciousChecks, getSuspiciousObservables, getThreatIntel, getThreatIntelBySourceObservable, getThreatIntelsForObservable, getWhitelists, hasLevel, isCyvest, isLevelAtLeast, isLevelHigherThan, isLevelLowerThan, isValidLevel, maxLevel, minLevel, normalizeLevel, parseCheckKey, parseCyvest, parseKeyType, parseObservableKey, parseThreatIntelKey, sortChecksByLevel, sortChecksByScore, sortObservablesByLevel, sortObservablesByScore, validateKey };
|