npm - @cyvest/cyvest-js - Versions diffs - 4.4.1 → 5.0.0 - Mend

@cyvest/cyvest-js 4.4.1 → 5.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/README.md +5 -4
package/dist/index.cjs +248 -333
package/dist/index.d.cts +255 -121
package/dist/index.d.ts +255 -121
package/dist/index.js +219 -312
package/package.json +1 -1
package/src/finders.ts +101 -186
package/src/getters.ts +176 -104
package/src/graph.ts +4 -4
package/src/keys.ts +84 -30
package/src/levels.ts +7 -7
package/src/types.generated.ts +25 -24
package/tests/getters-finders.test.ts +225 -126
package/tests/graph.test.ts +6 -7
package/tests/keys-levels.test.ts +14 -15

package/dist/index.js CHANGED Viewed

@@ -99,12 +99,8 @@ var cyvest_schema_default = {
     Check: {
       description: "Represents a verification step in the investigation.\n\nA check validates a specific aspect of the data under investigation\nand contributes to the overall investigation score.",
       properties: {
-        check_id: {
-          title: "Check Id",
-          type: "string"
-        },
-        scope: {
-          title: "Scope",
+        check_name: {
+          title: "Check Name",
           type: "string"
         },
         description: {
@@ -149,8 +145,7 @@ var cyvest_schema_default = {
         }
       },
       required: [
-        "check_id",
-        "scope",
+        "check_name",
         "description",
         "comment",
         "extra",
@@ -164,59 +159,6 @@ var cyvest_schema_default = {
       title: "Check",
       type: "object"
     },
-    Container: {
-      additionalProperties: false,
-      description: "Groups checks and sub-containers for hierarchical organization.\n\nContainers allow structuring the investigation into logical sections\nwith aggregated scores and levels.",
-      properties: {
-        path: {
-          title: "Path",
-          type: "string"
-        },
-        description: {
-          default: "",
-          title: "Description",
-          type: "string"
-        },
-        checks: {
-          items: {
-            type: "string"
-          },
-          title: "Checks",
-          type: "array"
-        },
-        sub_containers: {
-          additionalProperties: {
-            $ref: "#/$defs/Container"
-          },
-          title: "Sub Containers",
-          type: "object"
-        },
-        key: {
-          title: "Key",
-          type: "string"
-        },
-        aggregated_score: {
-          readOnly: true,
-          title: "Aggregated Score",
-          type: "number"
-        },
-        aggregated_level: {
-          $ref: "#/$defs/Level",
-          description: "Calculate the aggregated level from the aggregated score.\n\nReturns:\n    Level based on aggregated score",
-          readOnly: true
-        }
-      },
-      required: [
-        "path",
-        "checks",
-        "sub_containers",
-        "key",
-        "aggregated_score",
-        "aggregated_level"
-      ],
-      title: "Container",
-      type: "object"
-    },
     DataExtractionSchema: {
       additionalProperties: false,
       description: "Schema for data extraction metadata.",
@@ -541,16 +483,6 @@ var cyvest_schema_default = {
           title: "Applied Checks",
           type: "integer"
         },
-        checks_by_scope: {
-          additionalProperties: {
-            items: {
-              type: "string"
-            },
-            type: "array"
-          },
-          title: "Checks By Scope",
-          type: "object"
-        },
         checks_by_level: {
           additionalProperties: {
             items: {
@@ -582,9 +514,9 @@ var cyvest_schema_default = {
           title: "Threat Intel By Level",
           type: "object"
         },
-        total_containers: {
+        total_tags: {
           minimum: 0,
-          title: "Total Containers",
+          title: "Total Tags",
           type: "integer"
         }
       },
@@ -596,11 +528,57 @@ var cyvest_schema_default = {
         "total_checks",
         "applied_checks",
         "total_threat_intel",
-        "total_containers"
+        "total_tags"
       ],
       title: "StatisticsSchema",
       type: "object"
     },
+    Tag: {
+      additionalProperties: false,
+      description: 'Groups checks for categorical organization.\n\nTags allow structuring the investigation into logical sections\nwith aggregated scores and levels. Hierarchy is automatic based on\nthe ":" delimiter in tag names (e.g., "header:auth:dkim").',
+      properties: {
+        name: {
+          title: "Name",
+          type: "string"
+        },
+        description: {
+          default: "",
+          title: "Description",
+          type: "string"
+        },
+        checks: {
+          items: {
+            type: "string"
+          },
+          title: "Checks",
+          type: "array"
+        },
+        key: {
+          title: "Key",
+          type: "string"
+        },
+        direct_score: {
+          description: "Calculate the score from direct checks only (no hierarchy).\n\nFor hierarchical aggregation (including descendant tags), use\nInvestigation.get_tag_aggregated_score() or TagProxy.get_aggregated_score().\n\nReturns:\n    Total score from direct checks",
+          readOnly: true,
+          title: "Direct Score",
+          type: "number"
+        },
+        direct_level: {
+          $ref: "#/$defs/Level",
+          description: "Calculate the level from direct checks only (no hierarchy).\n\nFor hierarchical aggregation (including descendant tags), use\nInvestigation.get_tag_aggregated_level() or TagProxy.get_aggregated_level().\n\nReturns:\n    Level based on direct score",
+          readOnly: true
+        }
+      },
+      required: [
+        "name",
+        "checks",
+        "key",
+        "direct_score",
+        "direct_level"
+      ],
+      title: "Tag",
+      type: "object"
+    },
     Taxonomy: {
       additionalProperties: false,
       description: "Represents a structured taxonomy entry for threat intelligence.",
@@ -754,12 +732,9 @@ var cyvest_schema_default = {
     },
     checks: {
       additionalProperties: {
-        items: {
-          $ref: "#/$defs/Check"
-        },
-        type: "array"
+        $ref: "#/$defs/Check"
       },
-      description: "Checks organized by scope.",
+      description: "Checks keyed by their unique key.",
       title: "Checks",
       type: "object"
     },
@@ -779,12 +754,12 @@ var cyvest_schema_default = {
       title: "Enrichments",
       type: "object"
     },
-    containers: {
+    tags: {
       additionalProperties: {
-        $ref: "#/$defs/Container"
+        $ref: "#/$defs/Tag"
       },
-      description: "Containers keyed by their unique key.",
-      title: "Containers",
+      description: "Tags keyed by their unique key.",
+      title: "Tags",
       type: "object"
     },
     stats: {
@@ -812,7 +787,7 @@ var cyvest_schema_default = {
     "checks",
     "threat_intels",
     "enrichments",
-    "containers",
+    "tags",
     "stats",
     "data_extraction",
     "score_display"
@@ -862,10 +837,9 @@ function generateObservableKey(obsType, value) {
   const normalizedValue = normalizeValue(value);
   return `obs:${normalizedType}:${normalizedValue}`;
 }
-function generateCheckKey(checkId, scope) {
-  const normalizedId = normalizeValue(checkId);
-  const normalizedScope = normalizeValue(scope);
-  return `chk:${normalizedId}:${normalizedScope}`;
+function generateCheckKey(checkName) {
+  const normalizedName = normalizeValue(checkName);
+  return `chk:${normalizedName}`;
 }
 function generateThreatIntelKey(source, observableKey) {
   const normalizedSource = normalizeValue(source);
@@ -879,15 +853,32 @@ function generateEnrichmentKey(name, context) {
   }
   return `enr:${normalizedName}`;
 }
-function generateContainerKey(path) {
-  let normalizedPath = path.replace(/\\/g, "/").replace(/^\/+|\/+$/g, "");
-  normalizedPath = normalizeValue(normalizedPath);
-  return `ctr:${normalizedPath}`;
+function generateTagKey(name) {
+  const normalizedName = normalizeValue(name);
+  return `tag:${normalizedName}`;
+}
+function getTagAncestors(name) {
+  const parts = name.split(":");
+  const ancestors = [];
+  for (let i = 0; i < parts.length - 1; i++) {
+    ancestors.push(parts.slice(0, i + 1).join(":"));
+  }
+  return ancestors;
+}
+function isTagChildOf(childName, parentName) {
+  if (!childName.startsWith(parentName + ":")) {
+    return false;
+  }
+  const remaining = childName.slice(parentName.length + 1);
+  return !remaining.includes(":");
+}
+function isTagDescendantOf(descendantName, ancestorName) {
+  return descendantName.startsWith(ancestorName + ":");
 }
 function parseKeyType(key) {
   if (key.includes(":")) {
     const prefix = key.split(":", 1)[0];
-    if (["obs", "chk", "ti", "enr", "ctr"].includes(prefix)) {
+    if (["obs", "chk", "ti", "enr", "tag"].includes(prefix)) {
       return prefix;
     }
   }
@@ -925,10 +916,9 @@ function parseCheckKey(key) {
     return null;
   }
   const parts = key.split(":");
-  if (parts.length >= 3) {
+  if (parts.length >= 2) {
     return {
-      checkId: parts[1],
-      scope: parts.slice(2).join(":")
+      checkName: parts.slice(1).join(":")
     };
   }
   return null;
@@ -1045,10 +1035,10 @@ function hasLevel(obj) {
   return typeof obj === "object" && obj !== null && "level" in obj && typeof obj.level === "string" && isValidLevel(obj.level);
 }
 function getEntityLevel(entity) {
-  if ("aggregated_level" in entity) {
-    const aggregatedLevel = entity.aggregated_level;
-    if (typeof aggregatedLevel === "string" && isValidLevel(aggregatedLevel)) {
-      return aggregatedLevel;
+  if ("direct_level" in entity) {
+    const directLevel = entity.direct_level;
+    if (typeof directLevel === "string" && isValidLevel(directLevel)) {
+      return directLevel;
     }
   }
   if ("level" in entity && isValidLevel(entity.level)) {
@@ -1071,40 +1061,24 @@ function getObservableByTypeValue(inv, type, value) {
   }
   return void 0;
 }
-function getCheck(inv, key) {
-  for (const checks of Object.values(inv.checks)) {
-    for (const check of checks) {
-      if (check.key === key) {
-        return check;
-      }
-    }
+function getRootObservable(inv) {
+  const rootType = inv.data_extraction.root_type;
+  if (!rootType) {
+    return void 0;
   }
-  return void 0;
+  const rootKey = generateObservableKey(rootType, "root");
+  return inv.observables[rootKey];
 }
-function getCheckByIdScope(inv, checkId, scope) {
-  const normalizedId = checkId.trim().toLowerCase();
-  const normalizedScope = scope.trim().toLowerCase();
-  const scopeChecks = inv.checks[normalizedScope] || inv.checks[scope];
-  if (scopeChecks) {
-    return scopeChecks.find(
-      (c) => c.check_id.toLowerCase() === normalizedId
-    );
-  }
-  for (const checks of Object.values(inv.checks)) {
-    for (const check of checks) {
-      if (check.check_id.toLowerCase() === normalizedId && check.scope.toLowerCase() === normalizedScope) {
-        return check;
-      }
-    }
-  }
-  return void 0;
+function getCheck(inv, key) {
+  return inv.checks[key];
+}
+function getCheckByName(inv, checkName) {
+  const normalizedName = checkName.trim().toLowerCase();
+  const key = `chk:${normalizedName}`;
+  return inv.checks[key];
 }
 function getAllChecks(inv) {
-  const result = [];
-  for (const checks of Object.values(inv.checks)) {
-    result.push(...checks);
-  }
-  return result;
+  return Object.values(inv.checks);
 }
 function getThreatIntel(inv, key) {
   return inv.threat_intels[key];
@@ -1136,46 +1110,16 @@ function getEnrichmentByName(inv, name) {
 function getAllEnrichments(inv) {
   return Object.values(inv.enrichments);
 }
-function getContainer(inv, key) {
-  if (inv.containers[key]) {
-    return inv.containers[key];
-  }
-  function searchSubContainers(containers) {
-    for (const container of Object.values(containers)) {
-      if (container.key === key) {
-        return container;
-      }
-      const found = searchSubContainers(container.sub_containers);
-      if (found) return found;
-    }
-    return void 0;
-  }
-  return searchSubContainers(inv.containers);
-}
-function getContainerByPath(inv, path) {
-  const normalizedPath = path.replace(/\\/g, "/").replace(/^\/+|\/+$/g, "").toLowerCase();
-  function searchContainers(containers) {
-    for (const container of Object.values(containers)) {
-      if (container.path.toLowerCase() === normalizedPath) {
-        return container;
-      }
-      const found = searchContainers(container.sub_containers);
-      if (found) return found;
-    }
-    return void 0;
-  }
-  return searchContainers(inv.containers);
+function getTag(inv, key) {
+  return inv.tags[key];
 }
-function getAllContainers(inv) {
-  const result = [];
-  function collectContainers(containers) {
-    for (const container of Object.values(containers)) {
-      result.push(container);
-      collectContainers(container.sub_containers);
-    }
-  }
-  collectContainers(inv.containers);
-  return result;
+function getTagByName(inv, name) {
+  const normalizedName = name.trim().toLowerCase();
+  const key = `tag:${normalizedName}`;
+  return inv.tags[key];
+}
+function getAllTags(inv) {
+  return Object.values(inv.tags);
 }
 function getAllObservables(inv) {
   return Object.values(inv.observables);
@@ -1195,7 +1139,7 @@ function getCounts(inv) {
     checks: getAllChecks(inv).length,
     threatIntels: Object.keys(inv.threat_intels).length,
     enrichments: Object.keys(inv.enrichments).length,
-    containers: getAllContainers(inv).length,
+    tags: getAllTags(inv).length,
     whitelists: inv.whitelists.length
   };
 }
@@ -1205,6 +1149,28 @@ function getStartedAt(inv) {
   );
   return event?.timestamp;
 }
+function getTagChildren(inv, tagName) {
+  return Object.values(inv.tags).filter((tag) => isTagChildOf(tag.name, tagName));
+}
+function getTagDescendants(inv, tagName) {
+  const prefix = tagName + ":";
+  return Object.values(inv.tags).filter((tag) => tag.name.startsWith(prefix));
+}
+function getTagAggregatedScore(inv, tagName) {
+  const tag = getTagByName(inv, tagName);
+  if (!tag) {
+    return 0;
+  }
+  let total = tag.direct_score;
+  const children = getTagChildren(inv, tagName);
+  for (const child of children) {
+    total += getTagAggregatedScore(inv, child.name);
+  }
+  return total;
+}
+function getTagAggregatedLevel(inv, tagName) {
+  return getLevelFromScore(getTagAggregatedScore(inv, tagName));
+}
 // src/finders.ts
 function findObservablesByType(inv, type) {
@@ -1252,51 +1218,19 @@ function findObservablesWithThreatIntel(inv) {
     (obs) => obs.threat_intels.length > 0
   );
 }
-function findChecksByScope(inv, scope) {
-  const normalizedScope = scope.trim().toLowerCase();
-  if (inv.checks[scope]) {
-    return inv.checks[scope];
-  }
-  for (const [key, checks] of Object.entries(inv.checks)) {
-    if (key.toLowerCase() === normalizedScope) {
-      return checks;
-    }
-  }
-  return [];
-}
 function findChecksByLevel(inv, level) {
-  const result = [];
-  for (const checks of Object.values(inv.checks)) {
-    for (const check of checks) {
-      if (check.level === level) {
-        result.push(check);
-      }
-    }
-  }
-  return result;
+  return Object.values(inv.checks).filter((check) => check.level === level);
 }
 function findChecksAtLeast(inv, minLevel2) {
-  const result = [];
-  for (const checks of Object.values(inv.checks)) {
-    for (const check of checks) {
-      if (isLevelAtLeast(check.level, minLevel2)) {
-        result.push(check);
-      }
-    }
-  }
-  return result;
+  return Object.values(inv.checks).filter(
+    (check) => isLevelAtLeast(check.level, minLevel2)
+  );
 }
-function findChecksByCheckId(inv, checkId) {
-  const normalizedId = checkId.trim().toLowerCase();
-  const result = [];
-  for (const checks of Object.values(inv.checks)) {
-    for (const check of checks) {
-      if (check.check_id.toLowerCase() === normalizedId) {
-        result.push(check);
-      }
-    }
-  }
-  return result;
+function findCheckByName(inv, checkName) {
+  const normalizedName = checkName.trim().toLowerCase();
+  return Object.values(inv.checks).find(
+    (check) => check.check_name.toLowerCase() === normalizedName
+  );
 }
 function findThreatIntelBySource(inv, source) {
   const normalizedSource = source.trim().toLowerCase();
@@ -1312,52 +1246,31 @@ function findThreatIntelAtLeast(inv, minLevel2) {
     (ti) => isLevelAtLeast(ti.level, minLevel2)
   );
 }
-function findContainersByLevel(inv, level) {
-  const result = [];
-  function searchContainers(containers) {
-    for (const container of Object.values(containers)) {
-      if (container.aggregated_level === level) {
-        result.push(container);
-      }
-      searchContainers(container.sub_containers);
-    }
-  }
-  searchContainers(inv.containers);
-  return result;
+function findTagsByLevel(inv, level) {
+  return Object.values(inv.tags).filter((tag) => tag.direct_level === level);
 }
-function findContainersAtLeast(inv, minLevel2) {
-  const result = [];
-  function searchContainers(containers) {
-    for (const container of Object.values(containers)) {
-      if (isLevelAtLeast(container.aggregated_level, minLevel2)) {
-        result.push(container);
-      }
-      searchContainers(container.sub_containers);
-    }
-  }
-  searchContainers(inv.containers);
-  return result;
+function findTagsAtLeast(inv, minLevel2) {
+  return Object.values(inv.tags).filter(
+    (tag) => isLevelAtLeast(tag.direct_level, minLevel2)
+  );
 }
-function getChecksForObservable(inv, observableKey) {
+function findTagsByNamePattern(inv, pattern) {
+  return Object.values(inv.tags).filter((tag) => pattern.test(tag.name));
+}
+function findChecksForObservable(inv, observableKey) {
   const result = [];
   const seen = /* @__PURE__ */ new Set();
-  const checkLookup = /* @__PURE__ */ new Map();
-  for (const checks of Object.values(inv.checks)) {
-    for (const check of checks) {
-      checkLookup.set(check.key, check);
-    }
-  }
   const observable = inv.observables[observableKey];
   if (observable) {
     for (const checkKey of observable.check_links) {
-      const check = checkLookup.get(checkKey);
+      const check = inv.checks[checkKey];
       if (check && !seen.has(check.key)) {
         result.push(check);
         seen.add(check.key);
       }
     }
   }
-  for (const check of checkLookup.values()) {
+  for (const check of Object.values(inv.checks)) {
     if (seen.has(check.key)) {
       continue;
     }
@@ -1368,7 +1281,7 @@ function getChecksForObservable(inv, observableKey) {
   }
   return result;
 }
-function getThreatIntelsForObservable(inv, observableKey) {
+function findThreatIntelsForObservable(inv, observableKey) {
   const observable = inv.observables[observableKey];
   if (observable) {
     return observable.threat_intels.map((tiKey) => inv.threat_intels[tiKey]).filter((ti) => ti !== void 0);
@@ -1377,51 +1290,41 @@ function getThreatIntelsForObservable(inv, observableKey) {
     (ti) => ti.observable_key === observableKey
   );
 }
-function getObservablesForCheck(inv, checkKey) {
-  for (const checks of Object.values(inv.checks)) {
-    for (const check of checks) {
-      if (check.key === checkKey) {
-        const keys = /* @__PURE__ */ new Set();
-        for (const link of check.observable_links) {
-          keys.add(link.observable_key);
-        }
-        return Array.from(keys).map((obsKey) => inv.observables[obsKey]).filter((obs) => obs !== void 0);
-      }
+function findObservablesForCheck(inv, checkKey) {
+  const check = inv.checks[checkKey];
+  if (check) {
+    const keys = /* @__PURE__ */ new Set();
+    for (const link of check.observable_links) {
+      keys.add(link.observable_key);
     }
+    return Array.from(keys).map((obsKey) => inv.observables[obsKey]).filter((obs) => obs !== void 0);
   }
   return [];
 }
-function getChecksForContainer(inv, containerKey, recursive = false) {
+function findChecksForTag(inv, tagKey, recursive = false) {
   const result = [];
-  function findContainer(containers) {
-    for (const container2 of Object.values(containers)) {
-      if (container2.key === containerKey) {
-        return container2;
-      }
-      const found = findContainer(container2.sub_containers);
-      if (found) return found;
+  const tag = inv.tags[tagKey];
+  if (!tag) {
+    return result;
+  }
+  for (const checkKey of tag.checks) {
+    const check = inv.checks[checkKey];
+    if (check) {
+      result.push(check);
     }
-    return void 0;
   }
-  function collectChecks(container2) {
-    for (const checkKey of container2.checks) {
-      for (const checks of Object.values(inv.checks)) {
-        for (const check of checks) {
-          if (check.key === checkKey) {
+  if (recursive) {
+    const prefix = tag.name + ":";
+    for (const otherTag of Object.values(inv.tags)) {
+      if (otherTag.name.startsWith(prefix)) {
+        for (const checkKey of otherTag.checks) {
+          const check = inv.checks[checkKey];
+          if (check) {
             result.push(check);
           }
         }
       }
     }
-    if (recursive) {
-      for (const subContainer of Object.values(container2.sub_containers)) {
-        collectChecks(subContainer);
-      }
-    }
-  }
-  const container = findContainer(inv.containers);
-  if (container) {
-    collectChecks(container);
   }
   return result;
 }
@@ -1441,29 +1344,25 @@ function sortChecksByLevel(checks) {
     (a, b) => LEVEL_VALUES[b.level] - LEVEL_VALUES[a.level]
   );
 }
-function getHighestScoringObservables(inv, n = 10) {
+function findHighestScoringObservables(inv, n = 10) {
   return sortObservablesByScore(Object.values(inv.observables)).slice(0, n);
 }
-function getHighestScoringChecks(inv, n = 10) {
-  const allChecks = [];
-  for (const checks of Object.values(inv.checks)) {
-    allChecks.push(...checks);
-  }
-  return sortChecksByScore(allChecks).slice(0, n);
+function findHighestScoringChecks(inv, n = 10) {
+  return sortChecksByScore(Object.values(inv.checks)).slice(0, n);
 }
-function getMaliciousObservables(inv) {
+function findMaliciousObservables(inv) {
   return findObservablesByLevel(inv, "MALICIOUS");
 }
-function getSuspiciousObservables(inv) {
+function findSuspiciousObservables(inv) {
   return findObservablesByLevel(inv, "SUSPICIOUS");
 }
-function getMaliciousChecks(inv) {
+function findMaliciousChecks(inv) {
   return findChecksByLevel(inv, "MALICIOUS");
 }
-function getSuspiciousChecks(inv) {
+function findSuspiciousChecks(inv) {
   return findChecksByLevel(inv, "SUSPICIOUS");
 }
-function getAllScopes(inv) {
+function getAllCheckKeys(inv) {
   return Object.keys(inv.checks);
 }
 function getAllObservableTypes(inv) {
@@ -1600,7 +1499,7 @@ function getObservableGraph(inv) {
   }
   return { nodes, edges };
 }
-function findRootObservables(inv) {
+function findSourceObservables(inv) {
   const targetKeys = /* @__PURE__ */ new Set();
   for (const obs of Object.values(inv.observables)) {
     for (const rel of obs.relationships) {
@@ -1748,85 +1647,93 @@ export {
   areConnected,
   compareLevels,
   countRelationshipsByType,
+  findCheckByName,
   findChecksAtLeast,
-  findChecksByCheckId,
   findChecksByLevel,
-  findChecksByScope,
-  findContainersAtLeast,
-  findContainersByLevel,
+  findChecksForObservable,
+  findChecksForTag,
   findExternalObservables,
+  findHighestScoringChecks,
+  findHighestScoringObservables,
   findInternalObservables,
   findLeafObservables,
+  findMaliciousChecks,
+  findMaliciousObservables,
   findObservablesAtLeast,
   findObservablesByLevel,
   findObservablesByType,
   findObservablesByValue,
   findObservablesContaining,
+  findObservablesForCheck,
   findObservablesMatching,
   findObservablesWithThreatIntel,
   findOrphanObservables,
   findPath,
-  findRootObservables,
+  findSourceObservables,
+  findSuspiciousChecks,
+  findSuspiciousObservables,
+  findTagsAtLeast,
+  findTagsByLevel,
+  findTagsByNamePattern,
   findThreatIntelAtLeast,
   findThreatIntelByLevel,
   findThreatIntelBySource,
+  findThreatIntelsForObservable,
   findWhitelistedObservables,
   generateCheckKey,
-  generateContainerKey,
   generateEnrichmentKey,
   generateObservableKey,
+  generateTagKey,
   generateThreatIntelKey,
+  getAllCheckKeys,
   getAllChecks,
-  getAllContainers,
   getAllEnrichments,
   getAllObservableTypes,
   getAllObservables,
   getAllRelationshipTypes,
-  getAllScopes,
+  getAllTags,
   getAllThreatIntelSources,
   getAllThreatIntels,
   getCheck,
-  getCheckByIdScope,
-  getChecksForContainer,
-  getChecksForObservable,
+  getCheckByName,
   getColorForLevel,
   getColorForScore,
-  getContainer,
-  getContainerByPath,
   getCounts,
   getDataExtraction,
   getEnrichment,
   getEnrichmentByName,
   getEntityLevel,
-  getHighestScoringChecks,
-  getHighestScoringObservables,
   getLevelFromScore,
-  getMaliciousChecks,
-  getMaliciousObservables,
   getObservable,
   getObservableByTypeValue,
   getObservableChildren,
   getObservableGraph,
   getObservableParents,
-  getObservablesForCheck,
   getReachableObservables,
   getRelatedObservables,
   getRelatedObservablesByDirection,
   getRelatedObservablesByType,
   getRelationshipsForObservable,
+  getRootObservable,
   getStartedAt,
   getStats,
-  getSuspiciousChecks,
-  getSuspiciousObservables,
+  getTag,
+  getTagAggregatedLevel,
+  getTagAggregatedScore,
+  getTagAncestors,
+  getTagByName,
+  getTagChildren,
+  getTagDescendants,
   getThreatIntel,
   getThreatIntelBySourceObservable,
-  getThreatIntelsForObservable,
   getWhitelists,
   hasLevel,
   isCyvest,
   isLevelAtLeast,
   isLevelHigherThan,
   isLevelLowerThan,
+  isTagChildOf,
+  isTagDescendantOf,
   isValidLevel,
   maxLevel,
   minLevel,