npm - @cyvest/cyvest-js - Versions diffs - 4.4.0 → 5.0.0 - Mend

@cyvest/cyvest-js 4.4.0 → 5.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/README.md +5 -4
package/dist/{index.mjs → index.cjs} +368 -318
package/dist/{index.d.mts → index.d.cts} +255 -121
package/dist/index.d.ts +255 -121
package/dist/index.js +225 -453
package/package.json +15 -2
package/src/finders.ts +101 -186
package/src/getters.ts +176 -104
package/src/graph.ts +4 -4
package/src/keys.ts +84 -30
package/src/levels.ts +7 -7
package/src/types.generated.ts +25 -24
package/tests/getters-finders.test.ts +225 -126
package/tests/graph.test.ts +6 -7
package/tests/keys-levels.test.ts +14 -15

package/dist/index.d.ts CHANGED Viewed

@@ -78,7 +78,7 @@ interface CyvestInvestigation {
     checks: Checks;
     threat_intels: ThreatIntels1;
     enrichments: Enrichments;
-    containers: Containers;
+    tags: Tags;
     stats: StatisticsSchema;
     data_extraction: DataExtractionSchema;
     /**
@@ -154,10 +154,10 @@ interface Relationship {
     [k: string]: unknown;
 }
 /**
- * Checks organized by scope.
+ * Checks keyed by their unique key.
  */
 interface Checks {
-    [k: string]: Check[];
+    [k: string]: Check;
 }
 /**
  * Represents a verification step in the investigation.
@@ -166,8 +166,7 @@ interface Checks {
  * and contributes to the overall investigation score.
  */
 interface Check {
-    check_id: string;
-    scope: string;
+    check_name: string;
     description: string;
     comment: string;
     extra: Extra1;
@@ -247,28 +246,34 @@ interface Data {
     [k: string]: unknown;
 }
 /**
- * Containers keyed by their unique key.
+ * Tags keyed by their unique key.
  */
-interface Containers {
-    [k: string]: Container;
+interface Tags {
+    [k: string]: Tag;
 }
 /**
- * Groups checks and sub-containers for hierarchical organization.
+ * Groups checks for categorical organization.
  *
- * Containers allow structuring the investigation into logical sections
- * with aggregated scores and levels.
+ * Tags allow structuring the investigation into logical sections
+ * with aggregated scores and levels. Hierarchy is automatic based on
+ * the ":" delimiter in tag names (e.g., "header:auth:dkim").
  */
-interface Container {
-    path: string;
+interface Tag {
+    name: string;
     description?: string;
     checks: Checks1;
-    sub_containers: SubContainers;
     key: string;
-    aggregated_score: number;
-    aggregated_level: Level;
-}
-interface SubContainers {
-    [k: string]: Container;
+    /**
+     * Calculate the score from direct checks only (no hierarchy).
+     *
+     * For hierarchical aggregation (including descendant tags), use
+     * Investigation.get_tag_aggregated_score() or TagProxy.get_aggregated_score().
+     *
+     * Returns:
+     *     Total score from direct checks
+     */
+    direct_score: number;
+    direct_level: Level;
 }
 /**
  * Schema for investigation statistics.
@@ -285,12 +290,11 @@ interface StatisticsSchema {
     observables_by_type_and_level?: ObservablesByTypeAndLevel;
     total_checks: number;
     applied_checks: number;
-    checks_by_scope?: ChecksByScope;
     checks_by_level?: ChecksByLevel;
     total_threat_intel: number;
     threat_intel_by_source?: ThreatIntelBySource;
     threat_intel_by_level?: ThreatIntelByLevel;
-    total_containers: number;
+    total_tags: number;
 }
 interface ObservablesByType {
     [k: string]: number;
@@ -303,9 +307,6 @@ interface ObservablesByTypeAndLevel {
         [k: string]: number;
     };
 }
-interface ChecksByScope {
-    [k: string]: string[];
-}
 interface ChecksByLevel {
     [k: string]: string[];
 }
@@ -335,7 +336,7 @@ declare function isCyvest(json: unknown): json is CyvestInvestigation;
 /**
  * Key type prefixes used in Cyvest.
  */
-type KeyType = "obs" | "chk" | "ti" | "enr" | "ctr";
+type KeyType = "obs" | "chk" | "ti" | "enr" | "tag";
 /**
  * Generate a unique key for an observable.
  *
@@ -355,19 +356,18 @@ declare function generateObservableKey(obsType: string, value: string): string;
 /**
  * Generate a unique key for a check.
  *
- * Format: chk:{check_id}:{scope}
+ * Format: chk:{check_name}
  *
- * @param checkId - Identifier of the check
- * @param scope - Scope of the check
+ * @param checkName - Name of the check
  * @returns Unique check key
  *
  * @example
  * ```ts
- * generateCheckKey("sender_verification", "email_headers")
- * // => "chk:sender_verification:email_headers"
+ * generateCheckKey("sender_verification")
+ * // => "chk:sender_verification"
  * ```
  */
-declare function generateCheckKey(checkId: string, scope: string): string;
+declare function generateCheckKey(checkName: string): string;
 /**
  * Generate a unique key for threat intelligence.
  *
@@ -404,25 +404,66 @@ declare function generateThreatIntelKey(source: string, observableKey: string):
  */
 declare function generateEnrichmentKey(name: string, context?: string): string;
 /**
- * Generate a unique key for a container.
+ * Generate a unique key for a tag.
+ *
+ * Format: tag:{normalized_name}
  *
- * Format: ctr:{normalized_path}
+ * @param name - Name of the tag (can use : as hierarchy delimiter)
+ * @returns Unique tag key
+ *
+ * @example
+ * ```ts
+ * generateTagKey("header:auth:dkim")
+ * // => "tag:header:auth:dkim"
+ * ```
+ */
+declare function generateTagKey(name: string): string;
+/**
+ * Get all ancestor tag names from a hierarchical tag name.
  *
- * @param path - Path of the container (can use / or . as separator)
- * @returns Unique container key
+ * @param name - Tag name with : delimiter
+ * @returns Array of ancestor tag names
  *
  * @example
  * ```ts
- * generateContainerKey("email/headers")
- * // => "ctr:email/headers"
+ * getTagAncestors("header:auth:dkim")
+ * // => ["header", "header:auth"]
  * ```
  */
-declare function generateContainerKey(path: string): string;
+declare function getTagAncestors(name: string): string[];
+/**
+ * Check if a tag is a direct child of another tag.
+ *
+ * @param childName - Potential child tag name
+ * @param parentName - Potential parent tag name
+ * @returns True if childName is a direct child of parentName
+ *
+ * @example
+ * ```ts
+ * isTagChildOf("header:auth", "header") // => true
+ * isTagChildOf("header:auth:dkim", "header") // => false (grandchild)
+ * ```
+ */
+declare function isTagChildOf(childName: string, parentName: string): boolean;
+/**
+ * Check if a tag is a descendant of another tag (any depth).
+ *
+ * @param descendantName - Potential descendant tag name
+ * @param ancestorName - Potential ancestor tag name
+ * @returns True if descendantName is a descendant of ancestorName
+ *
+ * @example
+ * ```ts
+ * isTagDescendantOf("header:auth:dkim", "header") // => true
+ * isTagDescendantOf("header", "header") // => false (same)
+ * ```
+ */
+declare function isTagDescendantOf(descendantName: string, ancestorName: string): boolean;
 /**
  * Extract the type prefix from a key.
  *
  * @param key - The key to parse
- * @returns Type prefix (obs, chk, ti, enr, ctr) or null if invalid
+ * @returns Type prefix (obs, chk, ti, enr, tag) or null if invalid
  *
  * @example
  * ```ts
@@ -467,17 +508,16 @@ declare function parseObservableKey(key: string): {
  * Extract components from a check key.
  *
  * @param key - Check key to parse
- * @returns Object with checkId and scope, or null if invalid
+ * @returns Object with checkName, or null if invalid
  *
  * @example
  * ```ts
- * parseCheckKey("chk:sender_verification:email_headers")
- * // => { checkId: "sender_verification", scope: "email_headers" }
+ * parseCheckKey("chk:sender_verification")
+ * // => { checkName: "sender_verification" }
  * ```
  */
 declare function parseCheckKey(key: string): {
-    checkId: string;
-    scope: string;
+    checkName: string;
 } | null;
 /**
  * Extract components from a threat intel key.
@@ -648,9 +688,9 @@ declare function hasLevel(obj: unknown): obj is {
     level: Level;
 };
 /**
- * Extract level from an entity (Observable, Check, ThreatIntel, Container).
+ * Extract level from an entity (Observable, Check, ThreatIntel, Tag).
  */
-declare function getEntityLevel(entity: Observable | Check | ThreatIntel | Container): Level;
+declare function getEntityLevel(entity: Observable | Check | ThreatIntel | Tag): Level;
 /**
  * Get an observable by its key.
@@ -682,6 +722,24 @@ declare function getObservable(inv: CyvestInvestigation, key: string): Observabl
  * ```
  */
 declare function getObservableByTypeValue(inv: CyvestInvestigation, type: string, value: string): Observable | undefined;
+/**
+ * Get the root observable of the investigation.
+ *
+ * The root observable is identified using the `root_type` from data extraction
+ * metadata combined with value="root".
+ *
+ * @param inv - The investigation
+ * @returns The root observable, or undefined if not found
+ *
+ * @example
+ * ```ts
+ * const root = getRootObservable(investigation);
+ * if (root) {
+ *   console.log(`Root: ${root.type} = ${root.value}`);
+ * }
+ * ```
+ */
+declare function getRootObservable(inv: CyvestInvestigation): Observable | undefined;
 /**
  * Get a check by its key.
  *
@@ -696,21 +754,20 @@ declare function getObservableByTypeValue(inv: CyvestInvestigation, type: string
  */
 declare function getCheck(inv: CyvestInvestigation, key: string): Check | undefined;
 /**
- * Get a check by its ID and scope.
+ * Get a check by its name.
  *
  * @param inv - The investigation to search
- * @param checkId - Check identifier
- * @param scope - Check scope
+ * @param checkName - Check name
  * @returns The check or undefined if not found
  *
  * @example
  * ```ts
- * const check = getCheckByIdScope(investigation, "sender_verification", "email_headers");
+ * const check = getCheckByName(investigation, "sender_verification");
  * ```
  */
-declare function getCheckByIdScope(inv: CyvestInvestigation, checkId: string, scope: string): Check | undefined;
+declare function getCheckByName(inv: CyvestInvestigation, checkName: string): Check | undefined;
 /**
- * Get all checks as a flat array (not grouped by scope).
+ * Get all checks as an array.
  *
  * @param inv - The investigation
  * @returns Array of all checks
@@ -770,28 +827,47 @@ declare function getEnrichmentByName(inv: CyvestInvestigation, name: string): En
  */
 declare function getAllEnrichments(inv: CyvestInvestigation): Enrichment[];
 /**
- * Get a container by its key.
+ * Get a tag by its key.
  *
  * @param inv - The investigation to search
- * @param key - Container key (e.g., "ctr:email/headers")
- * @returns The container or undefined if not found
+ * @param key - Tag key (e.g., "tag:header:auth")
+ * @returns The tag or undefined if not found
+ *
+ * @example
+ * ```ts
+ * const tag = getTag(investigation, "tag:header:auth");
+ * if (tag) {
+ *   console.log(tag.name, tag.direct_level);
+ * }
+ * ```
  */
-declare function getContainer(inv: CyvestInvestigation, key: string): Container | undefined;
+declare function getTag(inv: CyvestInvestigation, key: string): Tag | undefined;
 /**
- * Get a container by its path.
+ * Get a tag by its name.
  *
  * @param inv - The investigation to search
- * @param path - Container path
- * @returns The container or undefined if not found
+ * @param name - Tag name (e.g., "header:auth:dkim")
+ * @returns The tag or undefined if not found
+ *
+ * @example
+ * ```ts
+ * const tag = getTagByName(investigation, "header:auth:dkim");
+ * ```
  */
-declare function getContainerByPath(inv: CyvestInvestigation, path: string): Container | undefined;
+declare function getTagByName(inv: CyvestInvestigation, name: string): Tag | undefined;
 /**
- * Get all containers as a flat array (including sub-containers).
+ * Get all tags as an array.
  *
  * @param inv - The investigation
- * @returns Array of all containers
+ * @returns Array of all tags
+ *
+ * @example
+ * ```ts
+ * const allTags = getAllTags(investigation);
+ * console.log(`Total tags: ${allTags.length}`);
+ * ```
  */
-declare function getAllContainers(inv: CyvestInvestigation): Container[];
+declare function getAllTags(inv: CyvestInvestigation): Tag[];
 /**
  * Get all observables as an array.
  *
@@ -828,7 +904,7 @@ interface InvestigationCounts {
     checks: number;
     threatIntels: number;
     enrichments: number;
-    containers: number;
+    tags: number;
     whitelists: number;
 }
 /**
@@ -855,6 +931,69 @@ declare function getCounts(inv: CyvestInvestigation): InvestigationCounts;
  * ```
  */
 declare function getStartedAt(inv: CyvestInvestigation): string | undefined;
+/**
+ * Get direct child tags of a given tag.
+ *
+ * @param inv - The investigation
+ * @param tagName - Parent tag name
+ * @returns Array of direct child tags
+ *
+ * @example
+ * ```ts
+ * const children = getTagChildren(investigation, "bodies");
+ * // Returns tags like "bodies:urls", "bodies:domains" (but not "bodies:urls:something")
+ * ```
+ */
+declare function getTagChildren(inv: CyvestInvestigation, tagName: string): Tag[];
+/**
+ * Get all descendant tags of a given tag (any depth).
+ *
+ * @param inv - The investigation
+ * @param tagName - Ancestor tag name
+ * @returns Array of all descendant tags
+ *
+ * @example
+ * ```ts
+ * const descendants = getTagDescendants(investigation, "bodies");
+ * // Returns all tags starting with "bodies:"
+ * ```
+ */
+declare function getTagDescendants(inv: CyvestInvestigation, tagName: string): Tag[];
+/**
+ * Get the aggregated score for a tag including all descendant tags.
+ *
+ * The aggregated score includes:
+ * - The tag's direct_score (from its direct checks)
+ * - Recursively, the aggregated scores of all child tags
+ *
+ * @param inv - The investigation
+ * @param tagName - Name of the tag
+ * @returns Total aggregated score, or 0 if tag not found
+ *
+ * @example
+ * ```ts
+ * const score = getTagAggregatedScore(investigation, "bodies");
+ * // Includes scores from bodies, bodies:urls, bodies:domains, etc.
+ * ```
+ */
+declare function getTagAggregatedScore(inv: CyvestInvestigation, tagName: string): number;
+/**
+ * Get the aggregated level for a tag including all descendant tags.
+ *
+ * The level is calculated from the aggregated score using the standard
+ * score-to-level mapping.
+ *
+ * @param inv - The investigation
+ * @param tagName - Name of the tag
+ * @returns Level based on aggregated score
+ *
+ * @example
+ * ```ts
+ * const level = getTagAggregatedLevel(investigation, "bodies");
+ * // Returns "MALICIOUS" if aggregated score >= 5, etc.
+ * ```
+ */
+declare function getTagAggregatedLevel(inv: CyvestInvestigation, tagName: string): Level;
 /**
  * Finder utilities for querying and filtering Cyvest Investigation data.
@@ -958,19 +1097,6 @@ declare function findWhitelistedObservables(inv: CyvestInvestigation): Observabl
  * @returns Array of observables that have associated threat intel
  */
 declare function findObservablesWithThreatIntel(inv: CyvestInvestigation): Observable[];
-/**
- * Find all checks in a specific scope.
- *
- * @param inv - The investigation to search
- * @param scope - Check scope
- * @returns Array of checks in the scope
- *
- * @example
- * ```ts
- * const emailChecks = findChecksByScope(investigation, "email_headers");
- * ```
- */
-declare function findChecksByScope(inv: CyvestInvestigation, scope: string): Check[];
 /**
  * Find all checks at a specific level.
  *
@@ -988,13 +1114,13 @@ declare function findChecksByLevel(inv: CyvestInvestigation, level: Level): Chec
  */
 declare function findChecksAtLeast(inv: CyvestInvestigation, minLevel: Level): Check[];
 /**
- * Find checks by check ID (across all scopes).
+ * Find checks by check name.
  *
  * @param inv - The investigation to search
- * @param checkId - Check identifier to search for
- * @returns Array of matching checks
+ * @param checkName - Check name to search for
+ * @returns The matching check or undefined
  */
-declare function findChecksByCheckId(inv: CyvestInvestigation, checkId: string): Check[];
+declare function findCheckByName(inv: CyvestInvestigation, checkName: string): Check | undefined;
 /**
  * Find all threat intel from a specific source.
  *
@@ -1020,23 +1146,31 @@ declare function findThreatIntelByLevel(inv: CyvestInvestigation, level: Level):
  */
 declare function findThreatIntelAtLeast(inv: CyvestInvestigation, minLevel: Level): ThreatIntel[];
 /**
- * Find containers at a specific aggregated level.
+ * Find tags at a specific direct level.
+ *
+ * @param inv - The investigation to search
+ * @param level - Direct level to filter by
+ * @returns Array of matching tags
+ */
+declare function findTagsByLevel(inv: CyvestInvestigation, level: Level): Tag[];
+/**
+ * Find tags at or above a minimum direct level.
  *
  * @param inv - The investigation to search
- * @param level - Aggregated level to filter by
- * @returns Array of matching containers
+ * @param minLevel - Minimum direct level
+ * @returns Array of matching tags
  */
-declare function findContainersByLevel(inv: CyvestInvestigation, level: Level): Container[];
+declare function findTagsAtLeast(inv: CyvestInvestigation, minLevel: Level): Tag[];
 /**
- * Find containers at or above a minimum aggregated level.
+ * Find tags by name pattern.
  *
  * @param inv - The investigation to search
- * @param minLevel - Minimum aggregated level
- * @returns Array of matching containers
+ * @param pattern - Pattern to match against tag names
+ * @returns Array of matching tags
  */
-declare function findContainersAtLeast(inv: CyvestInvestigation, minLevel: Level): Container[];
+declare function findTagsByNamePattern(inv: CyvestInvestigation, pattern: RegExp): Tag[];
 /**
- * Get all checks that generated or reference a specific observable.
+ * Find all checks that generated or reference a specific observable.
  *
  * @param inv - The investigation to search
  * @param observableKey - Key of the observable
@@ -1044,35 +1178,35 @@ declare function findContainersAtLeast(inv: CyvestInvestigation, minLevel: Level
  *
  * @example
  * ```ts
- * const checks = getChecksForObservable(investigation, "obs:ipv4-addr:192.168.1.1");
+ * const checks = findChecksForObservable(investigation, "obs:ipv4-addr:192.168.1.1");
  * ```
  */
-declare function getChecksForObservable(inv: CyvestInvestigation, observableKey: string): Check[];
+declare function findChecksForObservable(inv: CyvestInvestigation, observableKey: string): Check[];
 /**
- * Get all threat intel entries for a specific observable.
+ * Find all threat intel entries for a specific observable.
  *
  * @param inv - The investigation to search
  * @param observableKey - Key of the observable
  * @returns Array of threat intel for this observable
  */
-declare function getThreatIntelsForObservable(inv: CyvestInvestigation, observableKey: string): ThreatIntel[];
+declare function findThreatIntelsForObservable(inv: CyvestInvestigation, observableKey: string): ThreatIntel[];
 /**
- * Get all observables referenced by a specific check.
+ * Find all observables referenced by a specific check.
  *
  * @param inv - The investigation to search
  * @param checkKey - Key of the check
  * @returns Array of observables referenced by this check
  */
-declare function getObservablesForCheck(inv: CyvestInvestigation, checkKey: string): Observable[];
+declare function findObservablesForCheck(inv: CyvestInvestigation, checkKey: string): Observable[];
 /**
- * Get all checks for a specific container.
+ * Find all checks for a specific tag.
  *
  * @param inv - The investigation to search
- * @param containerKey - Key of the container
- * @param recursive - Include checks from sub-containers (default: false)
- * @returns Array of checks in the container
+ * @param tagKey - Key of the tag
+ * @param recursive - Include checks from descendant tags (default: false)
+ * @returns Array of checks in the tag
  */
-declare function getChecksForContainer(inv: CyvestInvestigation, containerKey: string, recursive?: boolean): Check[];
+declare function findChecksForTag(inv: CyvestInvestigation, tagKey: string, recursive?: boolean): Check[];
 /**
  * Sort observables by score (descending - highest first).
  *
@@ -1102,56 +1236,56 @@ declare function sortObservablesByLevel(observables: Observable[]): Observable[]
  */
 declare function sortChecksByLevel(checks: Check[]): Check[];
 /**
- * Get the highest scoring observables.
+ * Find the highest scoring observables.
  *
  * @param inv - The investigation to search
  * @param n - Number of results to return (default: 10)
  * @returns Array of highest scoring observables
  */
-declare function getHighestScoringObservables(inv: CyvestInvestigation, n?: number): Observable[];
+declare function findHighestScoringObservables(inv: CyvestInvestigation, n?: number): Observable[];
 /**
- * Get the highest scoring checks.
+ * Find the highest scoring checks.
  *
  * @param inv - The investigation to search
  * @param n - Number of results to return (default: 10)
  * @returns Array of highest scoring checks
  */
-declare function getHighestScoringChecks(inv: CyvestInvestigation, n?: number): Check[];
+declare function findHighestScoringChecks(inv: CyvestInvestigation, n?: number): Check[];
 /**
- * Get all malicious observables (convenience function).
+ * Find all malicious observables (convenience function).
  *
  * @param inv - The investigation to search
  * @returns Array of malicious observables
  */
-declare function getMaliciousObservables(inv: CyvestInvestigation): Observable[];
+declare function findMaliciousObservables(inv: CyvestInvestigation): Observable[];
 /**
- * Get all suspicious observables (convenience function).
+ * Find all suspicious observables (convenience function).
  *
  * @param inv - The investigation to search
  * @returns Array of suspicious observables
  */
-declare function getSuspiciousObservables(inv: CyvestInvestigation): Observable[];
+declare function findSuspiciousObservables(inv: CyvestInvestigation): Observable[];
 /**
- * Get all malicious checks (convenience function).
+ * Find all malicious checks (convenience function).
  *
  * @param inv - The investigation to search
  * @returns Array of malicious checks
  */
-declare function getMaliciousChecks(inv: CyvestInvestigation): Check[];
+declare function findMaliciousChecks(inv: CyvestInvestigation): Check[];
 /**
- * Get all suspicious checks (convenience function).
+ * Find all suspicious checks (convenience function).
  *
  * @param inv - The investigation to search
  * @returns Array of suspicious checks
  */
-declare function getSuspiciousChecks(inv: CyvestInvestigation): Check[];
+declare function findSuspiciousChecks(inv: CyvestInvestigation): Check[];
 /**
- * Get all scopes that have checks.
+ * Get all check keys in the investigation.
  *
  * @param inv - The investigation
- * @returns Array of scope names
+ * @returns Array of check keys
  */
-declare function getAllScopes(inv: CyvestInvestigation): string[];
+declare function getAllCheckKeys(inv: CyvestInvestigation): string[];
 /**
  * Get all observable types present in the investigation.
  *
@@ -1287,15 +1421,15 @@ declare function getRelatedObservablesByDirection(inv: CyvestInvestigation, obse
  */
 declare function getObservableGraph(inv: CyvestInvestigation): InvestigationGraph;
 /**
- * Find the root observable(s) of the investigation.
+ * Find source observables in the investigation graph.
  *
- * Root observables are those that have no incoming relationships
+ * Source observables are those that have no incoming relationships
  * (nothing points to them as a target).
  *
  * @param inv - The investigation
- * @returns Array of root observables
+ * @returns Array of source observables
  */
-declare function findRootObservables(inv: CyvestInvestigation): Observable[];
+declare function findSourceObservables(inv: CyvestInvestigation): Observable[];
 /**
  * Find orphan observables (not connected to any other observable).
  *
@@ -1368,4 +1502,4 @@ declare function getRelationshipsForObservable(inv: CyvestInvestigation, observa
     }>;
 };
-export { type Actor, type AuditEvent, type AuditLog, type Check, type CheckLinks, type Checks, type Checks1, type ChecksByLevel, type ChecksByScope, type Container, type Containers, type CyvestInvestigation, type Data, type DataExtractionSchema, type Details, type Enrichment, type Enrichments, type Extra, type Extra1, type Extra2, type GraphEdge, type GraphNode, type InvestigationCounts, type InvestigationGraph, type InvestigationName, type InvestigationWhitelist, type Justification, type KeyType, LEVEL_COLORS, LEVEL_ORDER, LEVEL_VALUES, type Level, type ObjectKey, type ObjectType, type Observable, type ObservableLink, type ObservableLinks, type Observables, type ObservablesByLevel, type ObservablesByType, type ObservablesByTypeAndLevel, type PropagationMode, type Reason, type Relationship, type RelationshipDirection, type Relationships, type RootType, type ScoreMode, type StatisticsSchema, type SubContainers, type Taxonomies, type Taxonomy, type ThreatIntel, type ThreatIntelByLevel, type ThreatIntelBySource, type ThreatIntels, type ThreatIntels1, type Tool, type Whitelists, areConnected, compareLevels, countRelationshipsByType, findChecksAtLeast, findChecksByCheckId, findChecksByLevel, findChecksByScope, findContainersAtLeast, findContainersByLevel, findExternalObservables, findInternalObservables, findLeafObservables, findObservablesAtLeast, findObservablesByLevel, findObservablesByType, findObservablesByValue, findObservablesContaining, findObservablesMatching, findObservablesWithThreatIntel, findOrphanObservables, findPath, findRootObservables, findThreatIntelAtLeast, findThreatIntelByLevel, findThreatIntelBySource, findWhitelistedObservables, generateCheckKey, generateContainerKey, generateEnrichmentKey, generateObservableKey, generateThreatIntelKey, getAllChecks, getAllContainers, getAllEnrichments, getAllObservableTypes, getAllObservables, getAllRelationshipTypes, getAllScopes, getAllThreatIntelSources, getAllThreatIntels, getCheck, getCheckByIdScope, getChecksForContainer, getChecksForObservable, getColorForLevel, getColorForScore, getContainer, getContainerByPath, getCounts, getDataExtraction, getEnrichment, getEnrichmentByName, getEntityLevel, getHighestScoringChecks, getHighestScoringObservables, getLevelFromScore, getMaliciousChecks, getMaliciousObservables, getObservable, getObservableByTypeValue, getObservableChildren, getObservableGraph, getObservableParents, getObservablesForCheck, getReachableObservables, getRelatedObservables, getRelatedObservablesByDirection, getRelatedObservablesByType, getRelationshipsForObservable, getStartedAt, getStats, getSuspiciousChecks, getSuspiciousObservables, getThreatIntel, getThreatIntelBySourceObservable, getThreatIntelsForObservable, getWhitelists, hasLevel, isCyvest, isLevelAtLeast, isLevelHigherThan, isLevelLowerThan, isValidLevel, maxLevel, minLevel, normalizeLevel, parseCheckKey, parseCyvest, parseKeyType, parseObservableKey, parseThreatIntelKey, sortChecksByLevel, sortChecksByScore, sortObservablesByLevel, sortObservablesByScore, validateKey };
+export { type Actor, type AuditEvent, type AuditLog, type Check, type CheckLinks, type Checks, type Checks1, type ChecksByLevel, type CyvestInvestigation, type Data, type DataExtractionSchema, type Details, type Enrichment, type Enrichments, type Extra, type Extra1, type Extra2, type GraphEdge, type GraphNode, type InvestigationCounts, type InvestigationGraph, type InvestigationName, type InvestigationWhitelist, type Justification, type KeyType, LEVEL_COLORS, LEVEL_ORDER, LEVEL_VALUES, type Level, type ObjectKey, type ObjectType, type Observable, type ObservableLink, type ObservableLinks, type Observables, type ObservablesByLevel, type ObservablesByType, type ObservablesByTypeAndLevel, type PropagationMode, type Reason, type Relationship, type RelationshipDirection, type Relationships, type RootType, type ScoreMode, type StatisticsSchema, type Tag, type Tags, type Taxonomies, type Taxonomy, type ThreatIntel, type ThreatIntelByLevel, type ThreatIntelBySource, type ThreatIntels, type ThreatIntels1, type Tool, type Whitelists, areConnected, compareLevels, countRelationshipsByType, findCheckByName, findChecksAtLeast, findChecksByLevel, findChecksForObservable, findChecksForTag, findExternalObservables, findHighestScoringChecks, findHighestScoringObservables, findInternalObservables, findLeafObservables, findMaliciousChecks, findMaliciousObservables, findObservablesAtLeast, findObservablesByLevel, findObservablesByType, findObservablesByValue, findObservablesContaining, findObservablesForCheck, findObservablesMatching, findObservablesWithThreatIntel, findOrphanObservables, findPath, findSourceObservables, findSuspiciousChecks, findSuspiciousObservables, findTagsAtLeast, findTagsByLevel, findTagsByNamePattern, findThreatIntelAtLeast, findThreatIntelByLevel, findThreatIntelBySource, findThreatIntelsForObservable, findWhitelistedObservables, generateCheckKey, generateEnrichmentKey, generateObservableKey, generateTagKey, generateThreatIntelKey, getAllCheckKeys, getAllChecks, getAllEnrichments, getAllObservableTypes, getAllObservables, getAllRelationshipTypes, getAllTags, getAllThreatIntelSources, getAllThreatIntels, getCheck, getCheckByName, getColorForLevel, getColorForScore, getCounts, getDataExtraction, getEnrichment, getEnrichmentByName, getEntityLevel, getLevelFromScore, getObservable, getObservableByTypeValue, getObservableChildren, getObservableGraph, getObservableParents, getReachableObservables, getRelatedObservables, getRelatedObservablesByDirection, getRelatedObservablesByType, getRelationshipsForObservable, getRootObservable, getStartedAt, getStats, getTag, getTagAggregatedLevel, getTagAggregatedScore, getTagAncestors, getTagByName, getTagChildren, getTagDescendants, getThreatIntel, getThreatIntelBySourceObservable, getWhitelists, hasLevel, isCyvest, isLevelAtLeast, isLevelHigherThan, isLevelLowerThan, isTagChildOf, isTagDescendantOf, isValidLevel, maxLevel, minLevel, normalizeLevel, parseCheckKey, parseCyvest, parseKeyType, parseObservableKey, parseThreatIntelKey, sortChecksByLevel, sortChecksByScore, sortObservablesByLevel, sortObservablesByScore, validateKey };