@cyvest/cyvest-js 3.2.0 → 4.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.mts +55 -33
- package/dist/index.d.ts +55 -33
- package/dist/index.js +191 -71
- package/dist/index.mjs +191 -69
- package/package.json +5 -5
- package/src/finders.ts +29 -20
- package/src/getters.ts +0 -10
- package/src/types.generated.ts +54 -18
- package/tests/getters-finders.test.ts +40 -24
- package/tests/graph.test.ts +21 -16
- package/vitest.config.ts +8 -0
package/dist/index.d.mts
CHANGED
|
@@ -1,3 +1,7 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Optional human-readable investigation name.
|
|
3
|
+
*/
|
|
4
|
+
type InvestigationName = string | null;
|
|
1
5
|
/**
|
|
2
6
|
* Security level classification for checks, observables, and threat intelligence.
|
|
3
7
|
*
|
|
@@ -9,6 +13,15 @@ type Justification = string | null;
|
|
|
9
13
|
* List of whitelist entries applied to this investigation.
|
|
10
14
|
*/
|
|
11
15
|
type Whitelists = InvestigationWhitelist[];
|
|
16
|
+
type Actor = string | null;
|
|
17
|
+
type Reason = string | null;
|
|
18
|
+
type Tool = string | null;
|
|
19
|
+
type ObjectType = string | null;
|
|
20
|
+
type ObjectKey = string | null;
|
|
21
|
+
/**
|
|
22
|
+
* Append-only investigation audit log.
|
|
23
|
+
*/
|
|
24
|
+
type EventLog = AuditEvent[];
|
|
12
25
|
type ThreatIntels = string[];
|
|
13
26
|
/**
|
|
14
27
|
* Direction of a relationship between observables.
|
|
@@ -16,14 +29,14 @@ type ThreatIntels = string[];
|
|
|
16
29
|
type RelationshipDirection = "outbound" | "inbound" | "bidirectional";
|
|
17
30
|
type Relationships = Relationship[];
|
|
18
31
|
/**
|
|
19
|
-
* Checks that
|
|
32
|
+
* Checks that currently link to this observable (navigation-only).
|
|
20
33
|
*/
|
|
21
|
-
type
|
|
22
|
-
type Observables1 = string[];
|
|
34
|
+
type CheckLinks = string[];
|
|
23
35
|
/**
|
|
24
|
-
* Controls how a
|
|
36
|
+
* Controls how a Check↔Observable link propagates across merged investigations.
|
|
25
37
|
*/
|
|
26
|
-
type
|
|
38
|
+
type PropagationMode = "LOCAL_ONLY" | "GLOBAL";
|
|
39
|
+
type ObservableLinks = ObservableLink[];
|
|
27
40
|
type Taxonomies = {
|
|
28
41
|
[k: string]: unknown;
|
|
29
42
|
}[];
|
|
@@ -31,7 +44,7 @@ type Checks1 = string[];
|
|
|
31
44
|
/**
|
|
32
45
|
* Root observable type used during data extraction.
|
|
33
46
|
*/
|
|
34
|
-
type RootType =
|
|
47
|
+
type RootType = ("file" | "artifact") | null;
|
|
35
48
|
/**
|
|
36
49
|
* Score calculation mode for observables.
|
|
37
50
|
*/
|
|
@@ -47,6 +60,11 @@ type ScoreMode = "max" | "sum";
|
|
|
47
60
|
* schemas matching the actual model_dump() output.
|
|
48
61
|
*/
|
|
49
62
|
interface CyvestInvestigation {
|
|
63
|
+
/**
|
|
64
|
+
* Stable investigation identity (ULID).
|
|
65
|
+
*/
|
|
66
|
+
investigation_id: string;
|
|
67
|
+
investigation_name?: InvestigationName;
|
|
50
68
|
/**
|
|
51
69
|
* Investigation start time (UTC).
|
|
52
70
|
*/
|
|
@@ -61,6 +79,7 @@ interface CyvestInvestigation {
|
|
|
61
79
|
*/
|
|
62
80
|
whitelisted: boolean;
|
|
63
81
|
whitelists: Whitelists;
|
|
82
|
+
event_log?: EventLog;
|
|
64
83
|
observables: Observables;
|
|
65
84
|
checks: Checks;
|
|
66
85
|
checks_by_level: ChecksByLevel;
|
|
@@ -68,7 +87,6 @@ interface CyvestInvestigation {
|
|
|
68
87
|
enrichments: Enrichments;
|
|
69
88
|
containers: Containers;
|
|
70
89
|
stats: StatisticsSchema;
|
|
71
|
-
stats_checks: StatsChecksSchema;
|
|
72
90
|
data_extraction: DataExtractionSchema;
|
|
73
91
|
/**
|
|
74
92
|
* Global investigation score formatted as fixed-point x.xx.
|
|
@@ -84,6 +102,24 @@ interface InvestigationWhitelist {
|
|
|
84
102
|
justification?: Justification;
|
|
85
103
|
[k: string]: unknown;
|
|
86
104
|
}
|
|
105
|
+
/**
|
|
106
|
+
* Centralized audit event for investigation-level changes.
|
|
107
|
+
*/
|
|
108
|
+
interface AuditEvent {
|
|
109
|
+
event_id: string;
|
|
110
|
+
timestamp: string;
|
|
111
|
+
event_type: string;
|
|
112
|
+
actor?: Actor;
|
|
113
|
+
reason?: Reason;
|
|
114
|
+
tool?: Tool;
|
|
115
|
+
object_type?: ObjectType;
|
|
116
|
+
object_key?: ObjectKey;
|
|
117
|
+
details?: Details;
|
|
118
|
+
[k: string]: unknown;
|
|
119
|
+
}
|
|
120
|
+
interface Details {
|
|
121
|
+
[k: string]: unknown;
|
|
122
|
+
}
|
|
87
123
|
/**
|
|
88
124
|
* Observables keyed by their unique key.
|
|
89
125
|
*/
|
|
@@ -108,7 +144,7 @@ interface Observable {
|
|
|
108
144
|
threat_intels: ThreatIntels;
|
|
109
145
|
relationships: Relationships;
|
|
110
146
|
key: string;
|
|
111
|
-
|
|
147
|
+
check_links: CheckLinks;
|
|
112
148
|
score_display: string;
|
|
113
149
|
[k: string]: unknown;
|
|
114
150
|
}
|
|
@@ -144,8 +180,8 @@ interface Check {
|
|
|
144
180
|
extra: Extra1;
|
|
145
181
|
score: number;
|
|
146
182
|
level: Level;
|
|
147
|
-
|
|
148
|
-
|
|
183
|
+
origin_investigation_id: string;
|
|
184
|
+
observable_links: ObservableLinks;
|
|
149
185
|
key: string;
|
|
150
186
|
score_display: string;
|
|
151
187
|
[k: string]: unknown;
|
|
@@ -153,6 +189,13 @@ interface Check {
|
|
|
153
189
|
interface Extra1 {
|
|
154
190
|
[k: string]: unknown;
|
|
155
191
|
}
|
|
192
|
+
/**
|
|
193
|
+
* Edge metadata for a Check↔Observable association.
|
|
194
|
+
*/
|
|
195
|
+
interface ObservableLink {
|
|
196
|
+
observable_key: string;
|
|
197
|
+
propagation_mode?: PropagationMode;
|
|
198
|
+
}
|
|
156
199
|
/**
|
|
157
200
|
* Check keys organized by level name.
|
|
158
201
|
*/
|
|
@@ -277,19 +320,12 @@ interface ThreatIntelBySource {
|
|
|
277
320
|
interface ThreatIntelByLevel {
|
|
278
321
|
[k: string]: number;
|
|
279
322
|
}
|
|
280
|
-
/**
|
|
281
|
-
* Schema for check statistics summary.
|
|
282
|
-
*/
|
|
283
|
-
interface StatsChecksSchema {
|
|
284
|
-
checks: number;
|
|
285
|
-
applied: number;
|
|
286
|
-
}
|
|
287
323
|
/**
|
|
288
324
|
* Schema for data extraction metadata.
|
|
289
325
|
*/
|
|
290
326
|
interface DataExtractionSchema {
|
|
291
327
|
root_type?: RootType;
|
|
292
|
-
|
|
328
|
+
score_mode_obs: ScoreMode;
|
|
293
329
|
}
|
|
294
330
|
|
|
295
331
|
declare function parseCyvest(json: unknown): CyvestInvestigation;
|
|
@@ -782,13 +818,6 @@ declare function getWhitelists(inv: CyvestInvestigation): Whitelists;
|
|
|
782
818
|
* @returns Statistics object
|
|
783
819
|
*/
|
|
784
820
|
declare function getStats(inv: CyvestInvestigation): StatisticsSchema;
|
|
785
|
-
/**
|
|
786
|
-
* Get the investigation check statistics.
|
|
787
|
-
*
|
|
788
|
-
* @param inv - The investigation
|
|
789
|
-
* @returns Check statistics object
|
|
790
|
-
*/
|
|
791
|
-
declare function getStatsChecks(inv: CyvestInvestigation): StatsChecksSchema;
|
|
792
821
|
/**
|
|
793
822
|
* Get the data extraction configuration.
|
|
794
823
|
*
|
|
@@ -954,13 +983,6 @@ declare function findChecksAtLeast(inv: CyvestInvestigation, minLevel: Level): C
|
|
|
954
983
|
* @returns Array of matching checks
|
|
955
984
|
*/
|
|
956
985
|
declare function findChecksByCheckId(inv: CyvestInvestigation, checkId: string): Check[];
|
|
957
|
-
/**
|
|
958
|
-
* Find checks with score policy set to manual.
|
|
959
|
-
*
|
|
960
|
-
* @param inv - The investigation to search
|
|
961
|
-
* @returns Array of manually scored checks
|
|
962
|
-
*/
|
|
963
|
-
declare function findManuallyScored(inv: CyvestInvestigation): Check[];
|
|
964
986
|
/**
|
|
965
987
|
* Find all threat intel from a specific source.
|
|
966
988
|
*
|
|
@@ -1334,4 +1356,4 @@ declare function getRelationshipsForObservable(inv: CyvestInvestigation, observa
|
|
|
1334
1356
|
}>;
|
|
1335
1357
|
};
|
|
1336
1358
|
|
|
1337
|
-
export { type Check, type
|
|
1359
|
+
export { type Actor, type AuditEvent, type Check, type CheckLinks, type Checks, type Checks1, type ChecksByLevel, type ChecksByLevel1, type ChecksByScope, type Container, type Containers, type CyvestInvestigation, type Data, type DataExtractionSchema, type Details, type Enrichment, type Enrichments, type EventLog, type Extra, type Extra1, type Extra2, type GraphEdge, type GraphNode, type InvestigationCounts, type InvestigationGraph, type InvestigationName, type InvestigationWhitelist, type Justification, type KeyType, LEVEL_COLORS, LEVEL_ORDER, LEVEL_VALUES, type Level, type ObjectKey, type ObjectType, type Observable, type ObservableLink, type ObservableLinks, type Observables, type ObservablesByLevel, type ObservablesByType, type ObservablesByTypeAndLevel, type PropagationMode, type Reason, type Relationship, type RelationshipDirection, type Relationships, type RootType, type ScoreMode, type StatisticsSchema, type SubContainers, type Taxonomies, type ThreatIntel, type ThreatIntelByLevel, type ThreatIntelBySource, type ThreatIntels, type ThreatIntels1, type Tool, type Whitelists, areConnected, compareLevels, countRelationshipsByType, findChecksAtLeast, findChecksByCheckId, findChecksByLevel, findChecksByScope, findContainersAtLeast, findContainersByLevel, findExternalObservables, findInternalObservables, findLeafObservables, findObservablesAtLeast, findObservablesByLevel, findObservablesByType, findObservablesByValue, findObservablesContaining, findObservablesMatching, findObservablesWithThreatIntel, findOrphanObservables, findPath, findRootObservables, findThreatIntelAtLeast, findThreatIntelByLevel, findThreatIntelBySource, findWhitelistedObservables, generateCheckKey, generateContainerKey, generateEnrichmentKey, generateObservableKey, generateThreatIntelKey, getAllChecks, getAllContainers, getAllEnrichments, getAllObservableTypes, getAllObservables, getAllRelationshipTypes, getAllScopes, getAllThreatIntelSources, getAllThreatIntels, getCheck, getCheckByIdScope, getChecksForContainer, getChecksForObservable, getColorForLevel, getColorForScore, getContainer, getContainerByPath, getCounts, getDataExtraction, getEnrichment, getEnrichmentByName, getEntityLevel, getHighestScoringChecks, getHighestScoringObservables, getLevelFromScore, getMaliciousChecks, getMaliciousObservables, getObservable, getObservableByTypeValue, getObservableChildren, getObservableGraph, getObservableParents, getObservablesForCheck, getReachableObservables, getRelatedObservables, getRelatedObservablesByDirection, getRelatedObservablesByType, getRelationshipsForObservable, getStats, getSuspiciousChecks, getSuspiciousObservables, getThreatIntel, getThreatIntelBySourceObservable, getThreatIntelsForObservable, getWhitelists, hasLevel, isCyvest, isLevelAtLeast, isLevelHigherThan, isLevelLowerThan, isValidLevel, maxLevel, minLevel, normalizeLevel, parseCheckKey, parseCyvest, parseKeyType, parseObservableKey, parseThreatIntelKey, sortChecksByLevel, sortChecksByScore, sortObservablesByLevel, sortObservablesByScore, validateKey };
|
package/dist/index.d.ts
CHANGED
|
@@ -1,3 +1,7 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Optional human-readable investigation name.
|
|
3
|
+
*/
|
|
4
|
+
type InvestigationName = string | null;
|
|
1
5
|
/**
|
|
2
6
|
* Security level classification for checks, observables, and threat intelligence.
|
|
3
7
|
*
|
|
@@ -9,6 +13,15 @@ type Justification = string | null;
|
|
|
9
13
|
* List of whitelist entries applied to this investigation.
|
|
10
14
|
*/
|
|
11
15
|
type Whitelists = InvestigationWhitelist[];
|
|
16
|
+
type Actor = string | null;
|
|
17
|
+
type Reason = string | null;
|
|
18
|
+
type Tool = string | null;
|
|
19
|
+
type ObjectType = string | null;
|
|
20
|
+
type ObjectKey = string | null;
|
|
21
|
+
/**
|
|
22
|
+
* Append-only investigation audit log.
|
|
23
|
+
*/
|
|
24
|
+
type EventLog = AuditEvent[];
|
|
12
25
|
type ThreatIntels = string[];
|
|
13
26
|
/**
|
|
14
27
|
* Direction of a relationship between observables.
|
|
@@ -16,14 +29,14 @@ type ThreatIntels = string[];
|
|
|
16
29
|
type RelationshipDirection = "outbound" | "inbound" | "bidirectional";
|
|
17
30
|
type Relationships = Relationship[];
|
|
18
31
|
/**
|
|
19
|
-
* Checks that
|
|
32
|
+
* Checks that currently link to this observable (navigation-only).
|
|
20
33
|
*/
|
|
21
|
-
type
|
|
22
|
-
type Observables1 = string[];
|
|
34
|
+
type CheckLinks = string[];
|
|
23
35
|
/**
|
|
24
|
-
* Controls how a
|
|
36
|
+
* Controls how a Check↔Observable link propagates across merged investigations.
|
|
25
37
|
*/
|
|
26
|
-
type
|
|
38
|
+
type PropagationMode = "LOCAL_ONLY" | "GLOBAL";
|
|
39
|
+
type ObservableLinks = ObservableLink[];
|
|
27
40
|
type Taxonomies = {
|
|
28
41
|
[k: string]: unknown;
|
|
29
42
|
}[];
|
|
@@ -31,7 +44,7 @@ type Checks1 = string[];
|
|
|
31
44
|
/**
|
|
32
45
|
* Root observable type used during data extraction.
|
|
33
46
|
*/
|
|
34
|
-
type RootType =
|
|
47
|
+
type RootType = ("file" | "artifact") | null;
|
|
35
48
|
/**
|
|
36
49
|
* Score calculation mode for observables.
|
|
37
50
|
*/
|
|
@@ -47,6 +60,11 @@ type ScoreMode = "max" | "sum";
|
|
|
47
60
|
* schemas matching the actual model_dump() output.
|
|
48
61
|
*/
|
|
49
62
|
interface CyvestInvestigation {
|
|
63
|
+
/**
|
|
64
|
+
* Stable investigation identity (ULID).
|
|
65
|
+
*/
|
|
66
|
+
investigation_id: string;
|
|
67
|
+
investigation_name?: InvestigationName;
|
|
50
68
|
/**
|
|
51
69
|
* Investigation start time (UTC).
|
|
52
70
|
*/
|
|
@@ -61,6 +79,7 @@ interface CyvestInvestigation {
|
|
|
61
79
|
*/
|
|
62
80
|
whitelisted: boolean;
|
|
63
81
|
whitelists: Whitelists;
|
|
82
|
+
event_log?: EventLog;
|
|
64
83
|
observables: Observables;
|
|
65
84
|
checks: Checks;
|
|
66
85
|
checks_by_level: ChecksByLevel;
|
|
@@ -68,7 +87,6 @@ interface CyvestInvestigation {
|
|
|
68
87
|
enrichments: Enrichments;
|
|
69
88
|
containers: Containers;
|
|
70
89
|
stats: StatisticsSchema;
|
|
71
|
-
stats_checks: StatsChecksSchema;
|
|
72
90
|
data_extraction: DataExtractionSchema;
|
|
73
91
|
/**
|
|
74
92
|
* Global investigation score formatted as fixed-point x.xx.
|
|
@@ -84,6 +102,24 @@ interface InvestigationWhitelist {
|
|
|
84
102
|
justification?: Justification;
|
|
85
103
|
[k: string]: unknown;
|
|
86
104
|
}
|
|
105
|
+
/**
|
|
106
|
+
* Centralized audit event for investigation-level changes.
|
|
107
|
+
*/
|
|
108
|
+
interface AuditEvent {
|
|
109
|
+
event_id: string;
|
|
110
|
+
timestamp: string;
|
|
111
|
+
event_type: string;
|
|
112
|
+
actor?: Actor;
|
|
113
|
+
reason?: Reason;
|
|
114
|
+
tool?: Tool;
|
|
115
|
+
object_type?: ObjectType;
|
|
116
|
+
object_key?: ObjectKey;
|
|
117
|
+
details?: Details;
|
|
118
|
+
[k: string]: unknown;
|
|
119
|
+
}
|
|
120
|
+
interface Details {
|
|
121
|
+
[k: string]: unknown;
|
|
122
|
+
}
|
|
87
123
|
/**
|
|
88
124
|
* Observables keyed by their unique key.
|
|
89
125
|
*/
|
|
@@ -108,7 +144,7 @@ interface Observable {
|
|
|
108
144
|
threat_intels: ThreatIntels;
|
|
109
145
|
relationships: Relationships;
|
|
110
146
|
key: string;
|
|
111
|
-
|
|
147
|
+
check_links: CheckLinks;
|
|
112
148
|
score_display: string;
|
|
113
149
|
[k: string]: unknown;
|
|
114
150
|
}
|
|
@@ -144,8 +180,8 @@ interface Check {
|
|
|
144
180
|
extra: Extra1;
|
|
145
181
|
score: number;
|
|
146
182
|
level: Level;
|
|
147
|
-
|
|
148
|
-
|
|
183
|
+
origin_investigation_id: string;
|
|
184
|
+
observable_links: ObservableLinks;
|
|
149
185
|
key: string;
|
|
150
186
|
score_display: string;
|
|
151
187
|
[k: string]: unknown;
|
|
@@ -153,6 +189,13 @@ interface Check {
|
|
|
153
189
|
interface Extra1 {
|
|
154
190
|
[k: string]: unknown;
|
|
155
191
|
}
|
|
192
|
+
/**
|
|
193
|
+
* Edge metadata for a Check↔Observable association.
|
|
194
|
+
*/
|
|
195
|
+
interface ObservableLink {
|
|
196
|
+
observable_key: string;
|
|
197
|
+
propagation_mode?: PropagationMode;
|
|
198
|
+
}
|
|
156
199
|
/**
|
|
157
200
|
* Check keys organized by level name.
|
|
158
201
|
*/
|
|
@@ -277,19 +320,12 @@ interface ThreatIntelBySource {
|
|
|
277
320
|
interface ThreatIntelByLevel {
|
|
278
321
|
[k: string]: number;
|
|
279
322
|
}
|
|
280
|
-
/**
|
|
281
|
-
* Schema for check statistics summary.
|
|
282
|
-
*/
|
|
283
|
-
interface StatsChecksSchema {
|
|
284
|
-
checks: number;
|
|
285
|
-
applied: number;
|
|
286
|
-
}
|
|
287
323
|
/**
|
|
288
324
|
* Schema for data extraction metadata.
|
|
289
325
|
*/
|
|
290
326
|
interface DataExtractionSchema {
|
|
291
327
|
root_type?: RootType;
|
|
292
|
-
|
|
328
|
+
score_mode_obs: ScoreMode;
|
|
293
329
|
}
|
|
294
330
|
|
|
295
331
|
declare function parseCyvest(json: unknown): CyvestInvestigation;
|
|
@@ -782,13 +818,6 @@ declare function getWhitelists(inv: CyvestInvestigation): Whitelists;
|
|
|
782
818
|
* @returns Statistics object
|
|
783
819
|
*/
|
|
784
820
|
declare function getStats(inv: CyvestInvestigation): StatisticsSchema;
|
|
785
|
-
/**
|
|
786
|
-
* Get the investigation check statistics.
|
|
787
|
-
*
|
|
788
|
-
* @param inv - The investigation
|
|
789
|
-
* @returns Check statistics object
|
|
790
|
-
*/
|
|
791
|
-
declare function getStatsChecks(inv: CyvestInvestigation): StatsChecksSchema;
|
|
792
821
|
/**
|
|
793
822
|
* Get the data extraction configuration.
|
|
794
823
|
*
|
|
@@ -954,13 +983,6 @@ declare function findChecksAtLeast(inv: CyvestInvestigation, minLevel: Level): C
|
|
|
954
983
|
* @returns Array of matching checks
|
|
955
984
|
*/
|
|
956
985
|
declare function findChecksByCheckId(inv: CyvestInvestigation, checkId: string): Check[];
|
|
957
|
-
/**
|
|
958
|
-
* Find checks with score policy set to manual.
|
|
959
|
-
*
|
|
960
|
-
* @param inv - The investigation to search
|
|
961
|
-
* @returns Array of manually scored checks
|
|
962
|
-
*/
|
|
963
|
-
declare function findManuallyScored(inv: CyvestInvestigation): Check[];
|
|
964
986
|
/**
|
|
965
987
|
* Find all threat intel from a specific source.
|
|
966
988
|
*
|
|
@@ -1334,4 +1356,4 @@ declare function getRelationshipsForObservable(inv: CyvestInvestigation, observa
|
|
|
1334
1356
|
}>;
|
|
1335
1357
|
};
|
|
1336
1358
|
|
|
1337
|
-
export { type Check, type
|
|
1359
|
+
export { type Actor, type AuditEvent, type Check, type CheckLinks, type Checks, type Checks1, type ChecksByLevel, type ChecksByLevel1, type ChecksByScope, type Container, type Containers, type CyvestInvestigation, type Data, type DataExtractionSchema, type Details, type Enrichment, type Enrichments, type EventLog, type Extra, type Extra1, type Extra2, type GraphEdge, type GraphNode, type InvestigationCounts, type InvestigationGraph, type InvestigationName, type InvestigationWhitelist, type Justification, type KeyType, LEVEL_COLORS, LEVEL_ORDER, LEVEL_VALUES, type Level, type ObjectKey, type ObjectType, type Observable, type ObservableLink, type ObservableLinks, type Observables, type ObservablesByLevel, type ObservablesByType, type ObservablesByTypeAndLevel, type PropagationMode, type Reason, type Relationship, type RelationshipDirection, type Relationships, type RootType, type ScoreMode, type StatisticsSchema, type SubContainers, type Taxonomies, type ThreatIntel, type ThreatIntelByLevel, type ThreatIntelBySource, type ThreatIntels, type ThreatIntels1, type Tool, type Whitelists, areConnected, compareLevels, countRelationshipsByType, findChecksAtLeast, findChecksByCheckId, findChecksByLevel, findChecksByScope, findContainersAtLeast, findContainersByLevel, findExternalObservables, findInternalObservables, findLeafObservables, findObservablesAtLeast, findObservablesByLevel, findObservablesByType, findObservablesByValue, findObservablesContaining, findObservablesMatching, findObservablesWithThreatIntel, findOrphanObservables, findPath, findRootObservables, findThreatIntelAtLeast, findThreatIntelByLevel, findThreatIntelBySource, findWhitelistedObservables, generateCheckKey, generateContainerKey, generateEnrichmentKey, generateObservableKey, generateThreatIntelKey, getAllChecks, getAllContainers, getAllEnrichments, getAllObservableTypes, getAllObservables, getAllRelationshipTypes, getAllScopes, getAllThreatIntelSources, getAllThreatIntels, getCheck, getCheckByIdScope, getChecksForContainer, getChecksForObservable, getColorForLevel, getColorForScore, getContainer, getContainerByPath, getCounts, getDataExtraction, getEnrichment, getEnrichmentByName, getEntityLevel, getHighestScoringChecks, getHighestScoringObservables, getLevelFromScore, getMaliciousChecks, getMaliciousObservables, getObservable, getObservableByTypeValue, getObservableChildren, getObservableGraph, getObservableParents, getObservablesForCheck, getReachableObservables, getRelatedObservables, getRelatedObservablesByDirection, getRelatedObservablesByType, getRelationshipsForObservable, getStats, getSuspiciousChecks, getSuspiciousObservables, getThreatIntel, getThreatIntelBySourceObservable, getThreatIntelsForObservable, getWhitelists, hasLevel, isCyvest, isLevelAtLeast, isLevelHigherThan, isLevelLowerThan, isValidLevel, maxLevel, minLevel, normalizeLevel, parseCheckKey, parseCyvest, parseKeyType, parseObservableKey, parseThreatIntelKey, sortChecksByLevel, sortChecksByScore, sortObservablesByLevel, sortObservablesByScore, validateKey };
|