@cyvest/cyvest-js 4.0.0 → 4.2.0

package/dist/index.d.mts

@@ -37,14 +37,12 @@ type CheckLinks = string[];
  */
 type PropagationMode = "LOCAL_ONLY" | "GLOBAL";
 type ObservableLinks = ObservableLink[];
-type Taxonomies = {
-    [k: string]: unknown;
-}[];
+type Taxonomies = Taxonomy[];
 type Checks1 = string[];
 /**
  * Root observable type used during data extraction.
  */
-type RootType = string | null;
+type RootType = ("file" | "artifact") | null;
 /**
  * Score calculation mode for observables.
  */
@@ -87,7 +85,6 @@ interface CyvestInvestigation {
     enrichments: Enrichments;
     containers: Containers;
     stats: StatisticsSchema;
-    stats_checks: StatsChecksSchema;
     data_extraction: DataExtractionSchema;
     /**
      * Global investigation score formatted as fixed-point x.xx.
@@ -230,6 +227,14 @@ interface ThreatIntel {
 interface Extra2 {
     [k: string]: unknown;
 }
+/**
+ * Represents a structured taxonomy entry for threat intelligence.
+ */
+interface Taxonomy {
+    level: Level;
+    name: string;
+    value: string;
+}
 /**
  * Enrichment entries keyed by their unique key.
  */
@@ -321,19 +326,12 @@ interface ThreatIntelBySource {
 interface ThreatIntelByLevel {
     [k: string]: number;
 }
-/**
- * Schema for check statistics summary.
- */
-interface StatsChecksSchema {
-    checks: number;
-    applied: number;
-}
 /**
  * Schema for data extraction metadata.
  */
 interface DataExtractionSchema {
     root_type?: RootType;
-    score_mode: ScoreMode;
+    score_mode_obs: ScoreMode;
 }
 
 declare function parseCyvest(json: unknown): CyvestInvestigation;
@@ -826,13 +824,6 @@ declare function getWhitelists(inv: CyvestInvestigation): Whitelists;
  * @returns Statistics object
  */
 declare function getStats(inv: CyvestInvestigation): StatisticsSchema;
-/**
- * Get the investigation check statistics.
- *
- * @param inv - The investigation
- * @returns Check statistics object
- */
-declare function getStatsChecks(inv: CyvestInvestigation): StatsChecksSchema;
 /**
  * Get the data extraction configuration.
  *
@@ -1371,4 +1362,4 @@ declare function getRelationshipsForObservable(inv: CyvestInvestigation, observa
     }>;
 };
 
-export { type Actor, type AuditEvent, type Check, type CheckLinks, type Checks, type Checks1, type ChecksByLevel, type ChecksByLevel1, type ChecksByScope, type Container, type Containers, type CyvestInvestigation, type Data, type DataExtractionSchema, type Details, type Enrichment, type Enrichments, type EventLog, type Extra, type Extra1, type Extra2, type GraphEdge, type GraphNode, type InvestigationCounts, type InvestigationGraph, type InvestigationName, type InvestigationWhitelist, type Justification, type KeyType, LEVEL_COLORS, LEVEL_ORDER, LEVEL_VALUES, type Level, type ObjectKey, type ObjectType, type Observable, type ObservableLink, type ObservableLinks, type Observables, type ObservablesByLevel, type ObservablesByType, type ObservablesByTypeAndLevel, type PropagationMode, type Reason, type Relationship, type RelationshipDirection, type Relationships, type RootType, type ScoreMode, type StatisticsSchema, type StatsChecksSchema, type SubContainers, type Taxonomies, type ThreatIntel, type ThreatIntelByLevel, type ThreatIntelBySource, type ThreatIntels, type ThreatIntels1, type Tool, type Whitelists, areConnected, compareLevels, countRelationshipsByType, findChecksAtLeast, findChecksByCheckId, findChecksByLevel, findChecksByScope, findContainersAtLeast, findContainersByLevel, findExternalObservables, findInternalObservables, findLeafObservables, findObservablesAtLeast, findObservablesByLevel, findObservablesByType, findObservablesByValue, findObservablesContaining, findObservablesMatching, findObservablesWithThreatIntel, findOrphanObservables, findPath, findRootObservables, findThreatIntelAtLeast, findThreatIntelByLevel, findThreatIntelBySource, findWhitelistedObservables, generateCheckKey, generateContainerKey, generateEnrichmentKey, generateObservableKey, generateThreatIntelKey, getAllChecks, getAllContainers, getAllEnrichments, getAllObservableTypes, getAllObservables, getAllRelationshipTypes, getAllScopes, getAllThreatIntelSources, getAllThreatIntels, getCheck, getCheckByIdScope, getChecksForContainer, getChecksForObservable, getColorForLevel, getColorForScore, getContainer, getContainerByPath, getCounts, getDataExtraction, getEnrichment, getEnrichmentByName, getEntityLevel, getHighestScoringChecks, getHighestScoringObservables, getLevelFromScore, getMaliciousChecks, getMaliciousObservables, getObservable, getObservableByTypeValue, getObservableChildren, getObservableGraph, getObservableParents, getObservablesForCheck, getReachableObservables, getRelatedObservables, getRelatedObservablesByDirection, getRelatedObservablesByType, getRelationshipsForObservable, getStats, getStatsChecks, getSuspiciousChecks, getSuspiciousObservables, getThreatIntel, getThreatIntelBySourceObservable, getThreatIntelsForObservable, getWhitelists, hasLevel, isCyvest, isLevelAtLeast, isLevelHigherThan, isLevelLowerThan, isValidLevel, maxLevel, minLevel, normalizeLevel, parseCheckKey, parseCyvest, parseKeyType, parseObservableKey, parseThreatIntelKey, sortChecksByLevel, sortChecksByScore, sortObservablesByLevel, sortObservablesByScore, validateKey };
+export { type Actor, type AuditEvent, type Check, type CheckLinks, type Checks, type Checks1, type ChecksByLevel, type ChecksByLevel1, type ChecksByScope, type Container, type Containers, type CyvestInvestigation, type Data, type DataExtractionSchema, type Details, type Enrichment, type Enrichments, type EventLog, type Extra, type Extra1, type Extra2, type GraphEdge, type GraphNode, type InvestigationCounts, type InvestigationGraph, type InvestigationName, type InvestigationWhitelist, type Justification, type KeyType, LEVEL_COLORS, LEVEL_ORDER, LEVEL_VALUES, type Level, type ObjectKey, type ObjectType, type Observable, type ObservableLink, type ObservableLinks, type Observables, type ObservablesByLevel, type ObservablesByType, type ObservablesByTypeAndLevel, type PropagationMode, type Reason, type Relationship, type RelationshipDirection, type Relationships, type RootType, type ScoreMode, type StatisticsSchema, type SubContainers, type Taxonomies, type Taxonomy, type ThreatIntel, type ThreatIntelByLevel, type ThreatIntelBySource, type ThreatIntels, type ThreatIntels1, type Tool, type Whitelists, areConnected, compareLevels, countRelationshipsByType, findChecksAtLeast, findChecksByCheckId, findChecksByLevel, findChecksByScope, findContainersAtLeast, findContainersByLevel, findExternalObservables, findInternalObservables, findLeafObservables, findObservablesAtLeast, findObservablesByLevel, findObservablesByType, findObservablesByValue, findObservablesContaining, findObservablesMatching, findObservablesWithThreatIntel, findOrphanObservables, findPath, findRootObservables, findThreatIntelAtLeast, findThreatIntelByLevel, findThreatIntelBySource, findWhitelistedObservables, generateCheckKey, generateContainerKey, generateEnrichmentKey, generateObservableKey, generateThreatIntelKey, getAllChecks, getAllContainers, getAllEnrichments, getAllObservableTypes, getAllObservables, getAllRelationshipTypes, getAllScopes, getAllThreatIntelSources, getAllThreatIntels, getCheck, getCheckByIdScope, getChecksForContainer, getChecksForObservable, getColorForLevel, getColorForScore, getContainer, getContainerByPath, getCounts, getDataExtraction, getEnrichment, getEnrichmentByName, getEntityLevel, getHighestScoringChecks, getHighestScoringObservables, getLevelFromScore, getMaliciousChecks, getMaliciousObservables, getObservable, getObservableByTypeValue, getObservableChildren, getObservableGraph, getObservableParents, getObservablesForCheck, getReachableObservables, getRelatedObservables, getRelatedObservablesByDirection, getRelatedObservablesByType, getRelationshipsForObservable, getStats, getSuspiciousChecks, getSuspiciousObservables, getThreatIntel, getThreatIntelBySourceObservable, getThreatIntelsForObservable, getWhitelists, hasLevel, isCyvest, isLevelAtLeast, isLevelHigherThan, isLevelLowerThan, isValidLevel, maxLevel, minLevel, normalizeLevel, parseCheckKey, parseCyvest, parseKeyType, parseObservableKey, parseThreatIntelKey, sortChecksByLevel, sortChecksByScore, sortObservablesByLevel, sortObservablesByScore, validateKey };

package/dist/index.d.ts

@@ -37,14 +37,12 @@ type CheckLinks = string[];
  */
 type PropagationMode = "LOCAL_ONLY" | "GLOBAL";
 type ObservableLinks = ObservableLink[];
-type Taxonomies = {
-    [k: string]: unknown;
-}[];
+type Taxonomies = Taxonomy[];
 type Checks1 = string[];
 /**
  * Root observable type used during data extraction.
  */
-type RootType = string | null;
+type RootType = ("file" | "artifact") | null;
 /**
  * Score calculation mode for observables.
  */
@@ -87,7 +85,6 @@ interface CyvestInvestigation {
     enrichments: Enrichments;
     containers: Containers;
     stats: StatisticsSchema;
-    stats_checks: StatsChecksSchema;
     data_extraction: DataExtractionSchema;
     /**
      * Global investigation score formatted as fixed-point x.xx.
@@ -230,6 +227,14 @@ interface ThreatIntel {
 interface Extra2 {
     [k: string]: unknown;
 }
+/**
+ * Represents a structured taxonomy entry for threat intelligence.
+ */
+interface Taxonomy {
+    level: Level;
+    name: string;
+    value: string;
+}
 /**
  * Enrichment entries keyed by their unique key.
  */
@@ -321,19 +326,12 @@ interface ThreatIntelBySource {
 interface ThreatIntelByLevel {
     [k: string]: number;
 }
-/**
- * Schema for check statistics summary.
- */
-interface StatsChecksSchema {
-    checks: number;
-    applied: number;
-}
 /**
  * Schema for data extraction metadata.
  */
 interface DataExtractionSchema {
     root_type?: RootType;
-    score_mode: ScoreMode;
+    score_mode_obs: ScoreMode;
 }
 
 declare function parseCyvest(json: unknown): CyvestInvestigation;
@@ -826,13 +824,6 @@ declare function getWhitelists(inv: CyvestInvestigation): Whitelists;
  * @returns Statistics object
  */
 declare function getStats(inv: CyvestInvestigation): StatisticsSchema;
-/**
- * Get the investigation check statistics.
- *
- * @param inv - The investigation
- * @returns Check statistics object
- */
-declare function getStatsChecks(inv: CyvestInvestigation): StatsChecksSchema;
 /**
  * Get the data extraction configuration.
  *
@@ -1371,4 +1362,4 @@ declare function getRelationshipsForObservable(inv: CyvestInvestigation, observa
     }>;
 };
 
-export { type Actor, type AuditEvent, type Check, type CheckLinks, type Checks, type Checks1, type ChecksByLevel, type ChecksByLevel1, type ChecksByScope, type Container, type Containers, type CyvestInvestigation, type Data, type DataExtractionSchema, type Details, type Enrichment, type Enrichments, type EventLog, type Extra, type Extra1, type Extra2, type GraphEdge, type GraphNode, type InvestigationCounts, type InvestigationGraph, type InvestigationName, type InvestigationWhitelist, type Justification, type KeyType, LEVEL_COLORS, LEVEL_ORDER, LEVEL_VALUES, type Level, type ObjectKey, type ObjectType, type Observable, type ObservableLink, type ObservableLinks, type Observables, type ObservablesByLevel, type ObservablesByType, type ObservablesByTypeAndLevel, type PropagationMode, type Reason, type Relationship, type RelationshipDirection, type Relationships, type RootType, type ScoreMode, type StatisticsSchema, type StatsChecksSchema, type SubContainers, type Taxonomies, type ThreatIntel, type ThreatIntelByLevel, type ThreatIntelBySource, type ThreatIntels, type ThreatIntels1, type Tool, type Whitelists, areConnected, compareLevels, countRelationshipsByType, findChecksAtLeast, findChecksByCheckId, findChecksByLevel, findChecksByScope, findContainersAtLeast, findContainersByLevel, findExternalObservables, findInternalObservables, findLeafObservables, findObservablesAtLeast, findObservablesByLevel, findObservablesByType, findObservablesByValue, findObservablesContaining, findObservablesMatching, findObservablesWithThreatIntel, findOrphanObservables, findPath, findRootObservables, findThreatIntelAtLeast, findThreatIntelByLevel, findThreatIntelBySource, findWhitelistedObservables, generateCheckKey, generateContainerKey, generateEnrichmentKey, generateObservableKey, generateThreatIntelKey, getAllChecks, getAllContainers, getAllEnrichments, getAllObservableTypes, getAllObservables, getAllRelationshipTypes, getAllScopes, getAllThreatIntelSources, getAllThreatIntels, getCheck, getCheckByIdScope, getChecksForContainer, getChecksForObservable, getColorForLevel, getColorForScore, getContainer, getContainerByPath, getCounts, getDataExtraction, getEnrichment, getEnrichmentByName, getEntityLevel, getHighestScoringChecks, getHighestScoringObservables, getLevelFromScore, getMaliciousChecks, getMaliciousObservables, getObservable, getObservableByTypeValue, getObservableChildren, getObservableGraph, getObservableParents, getObservablesForCheck, getReachableObservables, getRelatedObservables, getRelatedObservablesByDirection, getRelatedObservablesByType, getRelationshipsForObservable, getStats, getStatsChecks, getSuspiciousChecks, getSuspiciousObservables, getThreatIntel, getThreatIntelBySourceObservable, getThreatIntelsForObservable, getWhitelists, hasLevel, isCyvest, isLevelAtLeast, isLevelHigherThan, isLevelLowerThan, isValidLevel, maxLevel, minLevel, normalizeLevel, parseCheckKey, parseCyvest, parseKeyType, parseObservableKey, parseThreatIntelKey, sortChecksByLevel, sortChecksByScore, sortObservablesByLevel, sortObservablesByScore, validateKey };
+export { type Actor, type AuditEvent, type Check, type CheckLinks, type Checks, type Checks1, type ChecksByLevel, type ChecksByLevel1, type ChecksByScope, type Container, type Containers, type CyvestInvestigation, type Data, type DataExtractionSchema, type Details, type Enrichment, type Enrichments, type EventLog, type Extra, type Extra1, type Extra2, type GraphEdge, type GraphNode, type InvestigationCounts, type InvestigationGraph, type InvestigationName, type InvestigationWhitelist, type Justification, type KeyType, LEVEL_COLORS, LEVEL_ORDER, LEVEL_VALUES, type Level, type ObjectKey, type ObjectType, type Observable, type ObservableLink, type ObservableLinks, type Observables, type ObservablesByLevel, type ObservablesByType, type ObservablesByTypeAndLevel, type PropagationMode, type Reason, type Relationship, type RelationshipDirection, type Relationships, type RootType, type ScoreMode, type StatisticsSchema, type SubContainers, type Taxonomies, type Taxonomy, type ThreatIntel, type ThreatIntelByLevel, type ThreatIntelBySource, type ThreatIntels, type ThreatIntels1, type Tool, type Whitelists, areConnected, compareLevels, countRelationshipsByType, findChecksAtLeast, findChecksByCheckId, findChecksByLevel, findChecksByScope, findContainersAtLeast, findContainersByLevel, findExternalObservables, findInternalObservables, findLeafObservables, findObservablesAtLeast, findObservablesByLevel, findObservablesByType, findObservablesByValue, findObservablesContaining, findObservablesMatching, findObservablesWithThreatIntel, findOrphanObservables, findPath, findRootObservables, findThreatIntelAtLeast, findThreatIntelByLevel, findThreatIntelBySource, findWhitelistedObservables, generateCheckKey, generateContainerKey, generateEnrichmentKey, generateObservableKey, generateThreatIntelKey, getAllChecks, getAllContainers, getAllEnrichments, getAllObservableTypes, getAllObservables, getAllRelationshipTypes, getAllScopes, getAllThreatIntelSources, getAllThreatIntels, getCheck, getCheckByIdScope, getChecksForContainer, getChecksForObservable, getColorForLevel, getColorForScore, getContainer, getContainerByPath, getCounts, getDataExtraction, getEnrichment, getEnrichmentByName, getEntityLevel, getHighestScoringChecks, getHighestScoringObservables, getLevelFromScore, getMaliciousChecks, getMaliciousObservables, getObservable, getObservableByTypeValue, getObservableChildren, getObservableGraph, getObservableParents, getObservablesForCheck, getReachableObservables, getRelatedObservables, getRelatedObservablesByDirection, getRelatedObservablesByType, getRelationshipsForObservable, getStats, getSuspiciousChecks, getSuspiciousObservables, getThreatIntel, getThreatIntelBySourceObservable, getThreatIntelsForObservable, getWhitelists, hasLevel, isCyvest, isLevelAtLeast, isLevelHigherThan, isLevelLowerThan, isValidLevel, maxLevel, minLevel, normalizeLevel, parseCheckKey, parseCyvest, parseKeyType, parseObservableKey, parseThreatIntelKey, sortChecksByLevel, sortChecksByScore, sortObservablesByLevel, sortObservablesByScore, validateKey };

package/dist/index.js

@@ -103,7 +103,6 @@ __export(index_exports, {
   getRelatedObservablesByType: () => getRelatedObservablesByType,
   getRelationshipsForObservable: () => getRelationshipsForObservable,
   getStats: () => getStats,
-  getStatsChecks: () => getStatsChecks,
   getSuspiciousChecks: () => getSuspiciousChecks,
   getSuspiciousObservables: () => getSuspiciousObservables,
   getThreatIntel: () => getThreatIntel,
@@ -358,6 +357,10 @@ var cyvest_schema_default = {
         root_type: {
           anyOf: [
             {
+              enum: [
+                "file",
+                "artifact"
+              ],
               type: "string"
             },
             {
@@ -368,13 +371,13 @@ var cyvest_schema_default = {
           description: "Root observable type used during data extraction.",
           title: "Root Type"
         },
-        score_mode: {
+        score_mode_obs: {
           $ref: "#/$defs/ScoreMode",
-          description: "Score aggregation mode: 'max' takes highest score, 'sum' adds all scores."
+          description: "Observable score aggregation mode: 'max' takes highest score, 'sum' adds all scores."
         }
       },
       required: [
-        "score_mode"
+        "score_mode_obs"
       ],
       title: "DataExtractionSchema",
       type: "object"
@@ -727,26 +730,28 @@ var cyvest_schema_default = {
       title: "StatisticsSchema",
       type: "object"
     },
-    StatsChecksSchema: {
+    Taxonomy: {
       additionalProperties: false,
-      description: "Schema for check statistics summary.",
+      description: "Represents a structured taxonomy entry for threat intelligence.",
       properties: {
-        checks: {
-          minimum: 0,
-          title: "Checks",
-          type: "integer"
+        level: {
+          $ref: "#/$defs/Level"
         },
-        applied: {
-          minimum: 0,
-          title: "Applied",
-          type: "integer"
+        name: {
+          title: "Name",
+          type: "string"
+        },
+        value: {
+          title: "Value",
+          type: "string"
         }
       },
       required: [
-        "checks",
-        "applied"
+        "level",
+        "name",
+        "value"
       ],
-      title: "StatsChecksSchema",
+      title: "Taxonomy",
       type: "object"
     },
     ThreatIntel: {
@@ -778,8 +783,7 @@ var cyvest_schema_default = {
         },
         taxonomies: {
           items: {
-            additionalProperties: true,
-            type: "object"
+            $ref: "#/$defs/Taxonomy"
           },
           title: "Taxonomies",
           type: "array"
@@ -926,10 +930,6 @@ var cyvest_schema_default = {
       $ref: "#/$defs/StatisticsSchema",
       description: "Investigation statistics summary."
     },
-    stats_checks: {
-      $ref: "#/$defs/StatsChecksSchema",
-      description: "Check statistics summary."
-    },
     data_extraction: {
       $ref: "#/$defs/DataExtractionSchema",
       description: "Data extraction metadata."
@@ -955,7 +955,6 @@ var cyvest_schema_default = {
     "enrichments",
     "containers",
     "stats",
-    "stats_checks",
     "data_extraction",
     "score_display"
   ],
@@ -1328,9 +1327,6 @@ function getWhitelists(inv) {
 function getStats(inv) {
   return inv.stats;
 }
-function getStatsChecks(inv) {
-  return inv.stats_checks;
-}
 function getDataExtraction(inv) {
   return inv.data_extraction;
 }
@@ -1955,7 +1951,6 @@ function getRelationshipsForObservable(inv, observableKey) {
   getRelatedObservablesByType,
   getRelationshipsForObservable,
   getStats,
-  getStatsChecks,
   getSuspiciousChecks,
   getSuspiciousObservables,
   getThreatIntel,

package/dist/index.mjs

@@ -224,6 +224,10 @@ var cyvest_schema_default = {
         root_type: {
           anyOf: [
             {
+              enum: [
+                "file",
+                "artifact"
+              ],
               type: "string"
             },
             {
@@ -234,13 +238,13 @@ var cyvest_schema_default = {
           description: "Root observable type used during data extraction.",
           title: "Root Type"
         },
-        score_mode: {
+        score_mode_obs: {
           $ref: "#/$defs/ScoreMode",
-          description: "Score aggregation mode: 'max' takes highest score, 'sum' adds all scores."
+          description: "Observable score aggregation mode: 'max' takes highest score, 'sum' adds all scores."
         }
       },
       required: [
-        "score_mode"
+        "score_mode_obs"
       ],
       title: "DataExtractionSchema",
       type: "object"
@@ -593,26 +597,28 @@ var cyvest_schema_default = {
       title: "StatisticsSchema",
       type: "object"
     },
-    StatsChecksSchema: {
+    Taxonomy: {
       additionalProperties: false,
-      description: "Schema for check statistics summary.",
+      description: "Represents a structured taxonomy entry for threat intelligence.",
       properties: {
-        checks: {
-          minimum: 0,
-          title: "Checks",
-          type: "integer"
+        level: {
+          $ref: "#/$defs/Level"
         },
-        applied: {
-          minimum: 0,
-          title: "Applied",
-          type: "integer"
+        name: {
+          title: "Name",
+          type: "string"
+        },
+        value: {
+          title: "Value",
+          type: "string"
         }
       },
       required: [
-        "checks",
-        "applied"
+        "level",
+        "name",
+        "value"
       ],
-      title: "StatsChecksSchema",
+      title: "Taxonomy",
       type: "object"
     },
     ThreatIntel: {
@@ -644,8 +650,7 @@ var cyvest_schema_default = {
         },
         taxonomies: {
           items: {
-            additionalProperties: true,
-            type: "object"
+            $ref: "#/$defs/Taxonomy"
           },
           title: "Taxonomies",
           type: "array"
@@ -792,10 +797,6 @@ var cyvest_schema_default = {
       $ref: "#/$defs/StatisticsSchema",
       description: "Investigation statistics summary."
     },
-    stats_checks: {
-      $ref: "#/$defs/StatsChecksSchema",
-      description: "Check statistics summary."
-    },
     data_extraction: {
       $ref: "#/$defs/DataExtractionSchema",
       description: "Data extraction metadata."
@@ -821,7 +822,6 @@ var cyvest_schema_default = {
     "enrichments",
     "containers",
     "stats",
-    "stats_checks",
     "data_extraction",
     "score_display"
   ],
@@ -1194,9 +1194,6 @@ function getWhitelists(inv) {
 function getStats(inv) {
   return inv.stats;
 }
-function getStatsChecks(inv) {
-  return inv.stats_checks;
-}
 function getDataExtraction(inv) {
   return inv.data_extraction;
 }
@@ -1820,7 +1817,6 @@ export {
   getRelatedObservablesByType,
   getRelationshipsForObservable,
   getStats,
-  getStatsChecks,
   getSuspiciousChecks,
   getSuspiciousObservables,
   getThreatIntel,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cyvest/cyvest-js",
-  "version": "4.0.0",
+  "version": "4.2.0",
   "main": "dist/index.cjs",
   "module": "dist/index.mjs",
   "types": "dist/index.d.ts",

package/src/getters.ts

@@ -359,16 +359,6 @@ export function getStats(inv: CyvestInvestigation) {
   return inv.stats;
 }
 
-/**
- * Get the investigation check statistics.
- *
- * @param inv - The investigation
- * @returns Check statistics object
- */
-export function getStatsChecks(inv: CyvestInvestigation) {
-  return inv.stats_checks;
-}
-
 /**
  * Get the data extraction configuration.
  *

package/src/types.generated.ts

@@ -39,14 +39,12 @@ export type CheckLinks = string[];
  */
 export type PropagationMode = "LOCAL_ONLY" | "GLOBAL";
 export type ObservableLinks = ObservableLink[];
-export type Taxonomies = {
-  [k: string]: unknown;
-}[];
+export type Taxonomies = Taxonomy[];
 export type Checks1 = string[];
 /**
  * Root observable type used during data extraction.
  */
-export type RootType = string | null;
+export type RootType = ("file" | "artifact") | null;
 /**
  * Score calculation mode for observables.
  */
@@ -90,7 +88,6 @@ export interface CyvestInvestigation {
   enrichments: Enrichments;
   containers: Containers;
   stats: StatisticsSchema;
-  stats_checks: StatsChecksSchema;
   data_extraction: DataExtractionSchema;
   /**
    * Global investigation score formatted as fixed-point x.xx.
@@ -233,6 +230,14 @@ export interface ThreatIntel {
 export interface Extra2 {
   [k: string]: unknown;
 }
+/**
+ * Represents a structured taxonomy entry for threat intelligence.
+ */
+export interface Taxonomy {
+  level: Level;
+  name: string;
+  value: string;
+}
 /**
  * Enrichment entries keyed by their unique key.
  */
@@ -324,17 +329,10 @@ export interface ThreatIntelBySource {
 export interface ThreatIntelByLevel {
   [k: string]: number;
 }
-/**
- * Schema for check statistics summary.
- */
-export interface StatsChecksSchema {
-  checks: number;
-  applied: number;
-}
 /**
  * Schema for data extraction metadata.
  */
 export interface DataExtractionSchema {
   root_type?: RootType;
-  score_mode: ScoreMode;
+  score_mode_obs: ScoreMode;
 }

package/tests/getters-finders.test.ts

@@ -190,7 +190,7 @@ function createTestInvestigation(): CyvestInvestigation {
         score: 5,
         score_display: "5.00",
         level: "MALICIOUS",
-        taxonomies: [{ verdict: "malicious" }],
+        taxonomies: [{ level: "MALICIOUS", name: "verdict", value: "malicious" }],
       },
     },
     enrichments: {
@@ -239,13 +239,9 @@ function createTestInvestigation(): CyvestInvestigation {
       threat_intel_by_level: { MALICIOUS: 1 },
       total_containers: 2,
     },
-    stats_checks: {
-      checks: 3,
-      applied: 2,
-    },
     data_extraction: {
-      root_type: "email-message",
-      score_mode: "max",
+      root_type: "file",
+      score_mode_obs: "max",
     },
   };
 }

package/tests/graph.test.ts

@@ -144,13 +144,9 @@ function createGraphTestInvestigation(): CyvestInvestigation {
       threat_intel_by_level: {},
       total_containers: 0,
     },
-    stats_checks: {
-      checks: 0,
-      applied: 0,
-    },
     data_extraction: {
-      root_type: "email-message",
-      score_mode: "max",
+      root_type: "file",
+      score_mode_obs: "max",
     },
   };
 }