@cyvest/cyvest-js 5.1.1 → 5.1.3

package/dist/index.cjs

@@ -141,7 +141,7 @@ __export(index_exports, {
 module.exports = __toCommonJS(index_exports);
 
 // src/helpers.ts
-var import__ = __toESM(require("ajv/dist/2020"), 1);
+var import__ = __toESM(require("ajv/dist/2020.js"), 1);
 var import_ajv_formats = __toESM(require("ajv-formats"), 1);
 
 // ../../../schema/cyvest.schema.json

package/dist/index.d.cts

@@ -348,8 +348,8 @@ type KeyType = "obs" | "chk" | "ti" | "enr" | "tag";
  *
  * @example
  * ```ts
- * generateObservableKey("ipv4-addr", "192.168.1.1")
- * // => "obs:ipv4-addr:192.168.1.1"
+ * generateObservableKey("ipv4", "192.168.1.1")
+ * // => "obs:ipv4:192.168.1.1"
  * ```
  */
 declare function generateObservableKey(obsType: string, value: string): string;
@@ -379,8 +379,8 @@ declare function generateCheckKey(checkName: string): string;
  *
  * @example
  * ```ts
- * generateThreatIntelKey("virustotal", "obs:ipv4-addr:192.168.1.1")
- * // => "ti:virustotal:obs:ipv4-addr:192.168.1.1"
+ * generateThreatIntelKey("virustotal", "obs:ipv4:192.168.1.1")
+ * // => "ti:virustotal:obs:ipv4:192.168.1.1"
  * ```
  */
 declare function generateThreatIntelKey(source: string, observableKey: string): string;
@@ -467,7 +467,7 @@ declare function isTagDescendantOf(descendantName: string, ancestorName: string)
  *
  * @example
  * ```ts
- * parseKeyType("obs:ipv4-addr:192.168.1.1") // => "obs"
+ * parseKeyType("obs:ipv4:192.168.1.1") // => "obs"
  * parseKeyType("invalid") // => null
  * ```
  */
@@ -481,9 +481,9 @@ declare function parseKeyType(key: string): KeyType | null;
  *
  * @example
  * ```ts
- * validateKey("obs:ipv4-addr:192.168.1.1") // => true
- * validateKey("obs:ipv4-addr:192.168.1.1", "obs") // => true
- * validateKey("obs:ipv4-addr:192.168.1.1", "chk") // => false
+ * validateKey("obs:ipv4:192.168.1.1") // => true
+ * validateKey("obs:ipv4:192.168.1.1", "obs") // => true
+ * validateKey("obs:ipv4:192.168.1.1", "chk") // => false
  * validateKey("invalid") // => false
  * ```
  */
@@ -496,8 +496,8 @@ declare function validateKey(key: string, expectedType?: KeyType): boolean;
  *
  * @example
  * ```ts
- * parseObservableKey("obs:ipv4-addr:192.168.1.1")
- * // => { type: "ipv4-addr", value: "192.168.1.1" }
+ * parseObservableKey("obs:ipv4:192.168.1.1")
+ * // => { type: "ipv4", value: "192.168.1.1" }
  * ```
  */
 declare function parseObservableKey(key: string): {
@@ -527,8 +527,8 @@ declare function parseCheckKey(key: string): {
  *
  * @example
  * ```ts
- * parseThreatIntelKey("ti:virustotal:obs:ipv4-addr:192.168.1.1")
- * // => { source: "virustotal", observableKey: "obs:ipv4-addr:192.168.1.1" }
+ * parseThreatIntelKey("ti:virustotal:obs:ipv4:192.168.1.1")
+ * // => { source: "virustotal", observableKey: "obs:ipv4:192.168.1.1" }
  * ```
  */
 declare function parseThreatIntelKey(key: string): {
@@ -696,12 +696,12 @@ declare function getEntityLevel(entity: Observable | Check | ThreatIntel | Tag):
  * Get an observable by its key.
  *
  * @param inv - The investigation to search
- * @param key - Observable key (e.g., "obs:ipv4-addr:192.168.1.1")
+ * @param key - Observable key (e.g., "obs:ipv4:192.168.1.1")
  * @returns The observable or undefined if not found
  *
  * @example
  * ```ts
- * const obs = getObservable(investigation, "obs:ipv4-addr:192.168.1.1");
+ * const obs = getObservable(investigation, "obs:ipv4:192.168.1.1");
  * if (obs) {
  *   console.log(obs.value, obs.level);
  * }
@@ -712,13 +712,13 @@ declare function getObservable(inv: CyvestInvestigation, key: string): Observabl
  * Get an observable by type and value.
  *
  * @param inv - The investigation to search
- * @param type - Observable type (e.g., "ipv4-addr", "url")
+ * @param type - Observable type (e.g., "ipv4", "url")
  * @param value - Observable value
  * @returns The observable or undefined if not found
  *
  * @example
  * ```ts
- * const obs = getObservableByTypeValue(investigation, "ipv4-addr", "192.168.1.1");
+ * const obs = getObservableByTypeValue(investigation, "ipv4", "192.168.1.1");
  * ```
  */
 declare function getObservableByTypeValue(inv: CyvestInvestigation, type: string, value: string): Observable | undefined;
@@ -783,7 +783,7 @@ declare function getAllChecks(inv: CyvestInvestigation): Check[];
  * Get a threat intel entry by its key.
  *
  * @param inv - The investigation to search
- * @param key - Threat intel key (e.g., "ti:virustotal:obs:ipv4-addr:192.168.1.1")
+ * @param key - Threat intel key (e.g., "ti:virustotal:obs:ipv4:192.168.1.1")
  * @returns The threat intel or undefined if not found
  */
 declare function getThreatIntel(inv: CyvestInvestigation, key: string): ThreatIntel | undefined;
@@ -1006,12 +1006,12 @@ declare function getTagAggregatedLevel(inv: CyvestInvestigation, tagName: string
  * Find all observables of a specific type.
  *
  * @param inv - The investigation to search
- * @param type - Observable type (e.g., "ipv4-addr", "url", "domain-name")
+ * @param type - Observable type (e.g., "ipv4", "url", "domain")
  * @returns Array of matching observables
  *
  * @example
  * ```ts
- * const ips = findObservablesByType(investigation, "ipv4-addr");
+ * const ips = findObservablesByType(investigation, "ipv4");
  * const urls = findObservablesByType(investigation, "url");
  * ```
  */
@@ -1178,7 +1178,7 @@ declare function findTagsByNamePattern(inv: CyvestInvestigation, pattern: RegExp
  *
  * @example
  * ```ts
- * const checks = findChecksForObservable(investigation, "obs:ipv4-addr:192.168.1.1");
+ * const checks = findChecksForObservable(investigation, "obs:ipv4:192.168.1.1");
  * ```
  */
 declare function findChecksForObservable(inv: CyvestInvestigation, observableKey: string): Check[];
@@ -1361,7 +1361,7 @@ interface InvestigationGraph {
  *
  * @example
  * ```ts
- * const related = getRelatedObservables(investigation, "obs:email-addr:test@example.com");
+ * const related = getRelatedObservables(investigation, "obs:email:test@example.com");
  * ```
  */
 declare function getRelatedObservables(inv: CyvestInvestigation, observableKey: string): Observable[];

package/dist/index.d.ts

@@ -348,8 +348,8 @@ type KeyType = "obs" | "chk" | "ti" | "enr" | "tag";
  *
  * @example
  * ```ts
- * generateObservableKey("ipv4-addr", "192.168.1.1")
- * // => "obs:ipv4-addr:192.168.1.1"
+ * generateObservableKey("ipv4", "192.168.1.1")
+ * // => "obs:ipv4:192.168.1.1"
  * ```
  */
 declare function generateObservableKey(obsType: string, value: string): string;
@@ -379,8 +379,8 @@ declare function generateCheckKey(checkName: string): string;
  *
  * @example
  * ```ts
- * generateThreatIntelKey("virustotal", "obs:ipv4-addr:192.168.1.1")
- * // => "ti:virustotal:obs:ipv4-addr:192.168.1.1"
+ * generateThreatIntelKey("virustotal", "obs:ipv4:192.168.1.1")
+ * // => "ti:virustotal:obs:ipv4:192.168.1.1"
  * ```
  */
 declare function generateThreatIntelKey(source: string, observableKey: string): string;
@@ -467,7 +467,7 @@ declare function isTagDescendantOf(descendantName: string, ancestorName: string)
  *
  * @example
  * ```ts
- * parseKeyType("obs:ipv4-addr:192.168.1.1") // => "obs"
+ * parseKeyType("obs:ipv4:192.168.1.1") // => "obs"
  * parseKeyType("invalid") // => null
  * ```
  */
@@ -481,9 +481,9 @@ declare function parseKeyType(key: string): KeyType | null;
  *
  * @example
  * ```ts
- * validateKey("obs:ipv4-addr:192.168.1.1") // => true
- * validateKey("obs:ipv4-addr:192.168.1.1", "obs") // => true
- * validateKey("obs:ipv4-addr:192.168.1.1", "chk") // => false
+ * validateKey("obs:ipv4:192.168.1.1") // => true
+ * validateKey("obs:ipv4:192.168.1.1", "obs") // => true
+ * validateKey("obs:ipv4:192.168.1.1", "chk") // => false
  * validateKey("invalid") // => false
  * ```
  */
@@ -496,8 +496,8 @@ declare function validateKey(key: string, expectedType?: KeyType): boolean;
  *
  * @example
  * ```ts
- * parseObservableKey("obs:ipv4-addr:192.168.1.1")
- * // => { type: "ipv4-addr", value: "192.168.1.1" }
+ * parseObservableKey("obs:ipv4:192.168.1.1")
+ * // => { type: "ipv4", value: "192.168.1.1" }
  * ```
  */
 declare function parseObservableKey(key: string): {
@@ -527,8 +527,8 @@ declare function parseCheckKey(key: string): {
  *
  * @example
  * ```ts
- * parseThreatIntelKey("ti:virustotal:obs:ipv4-addr:192.168.1.1")
- * // => { source: "virustotal", observableKey: "obs:ipv4-addr:192.168.1.1" }
+ * parseThreatIntelKey("ti:virustotal:obs:ipv4:192.168.1.1")
+ * // => { source: "virustotal", observableKey: "obs:ipv4:192.168.1.1" }
  * ```
  */
 declare function parseThreatIntelKey(key: string): {
@@ -696,12 +696,12 @@ declare function getEntityLevel(entity: Observable | Check | ThreatIntel | Tag):
  * Get an observable by its key.
  *
  * @param inv - The investigation to search
- * @param key - Observable key (e.g., "obs:ipv4-addr:192.168.1.1")
+ * @param key - Observable key (e.g., "obs:ipv4:192.168.1.1")
  * @returns The observable or undefined if not found
  *
  * @example
  * ```ts
- * const obs = getObservable(investigation, "obs:ipv4-addr:192.168.1.1");
+ * const obs = getObservable(investigation, "obs:ipv4:192.168.1.1");
  * if (obs) {
  *   console.log(obs.value, obs.level);
  * }
@@ -712,13 +712,13 @@ declare function getObservable(inv: CyvestInvestigation, key: string): Observabl
  * Get an observable by type and value.
  *
  * @param inv - The investigation to search
- * @param type - Observable type (e.g., "ipv4-addr", "url")
+ * @param type - Observable type (e.g., "ipv4", "url")
  * @param value - Observable value
  * @returns The observable or undefined if not found
  *
  * @example
  * ```ts
- * const obs = getObservableByTypeValue(investigation, "ipv4-addr", "192.168.1.1");
+ * const obs = getObservableByTypeValue(investigation, "ipv4", "192.168.1.1");
  * ```
  */
 declare function getObservableByTypeValue(inv: CyvestInvestigation, type: string, value: string): Observable | undefined;
@@ -783,7 +783,7 @@ declare function getAllChecks(inv: CyvestInvestigation): Check[];
  * Get a threat intel entry by its key.
  *
  * @param inv - The investigation to search
- * @param key - Threat intel key (e.g., "ti:virustotal:obs:ipv4-addr:192.168.1.1")
+ * @param key - Threat intel key (e.g., "ti:virustotal:obs:ipv4:192.168.1.1")
  * @returns The threat intel or undefined if not found
  */
 declare function getThreatIntel(inv: CyvestInvestigation, key: string): ThreatIntel | undefined;
@@ -1006,12 +1006,12 @@ declare function getTagAggregatedLevel(inv: CyvestInvestigation, tagName: string
  * Find all observables of a specific type.
  *
  * @param inv - The investigation to search
- * @param type - Observable type (e.g., "ipv4-addr", "url", "domain-name")
+ * @param type - Observable type (e.g., "ipv4", "url", "domain")
  * @returns Array of matching observables
  *
  * @example
  * ```ts
- * const ips = findObservablesByType(investigation, "ipv4-addr");
+ * const ips = findObservablesByType(investigation, "ipv4");
  * const urls = findObservablesByType(investigation, "url");
  * ```
  */
@@ -1178,7 +1178,7 @@ declare function findTagsByNamePattern(inv: CyvestInvestigation, pattern: RegExp
  *
  * @example
  * ```ts
- * const checks = findChecksForObservable(investigation, "obs:ipv4-addr:192.168.1.1");
+ * const checks = findChecksForObservable(investigation, "obs:ipv4:192.168.1.1");
  * ```
  */
 declare function findChecksForObservable(inv: CyvestInvestigation, observableKey: string): Check[];
@@ -1361,7 +1361,7 @@ interface InvestigationGraph {
  *
  * @example
  * ```ts
- * const related = getRelatedObservables(investigation, "obs:email-addr:test@example.com");
+ * const related = getRelatedObservables(investigation, "obs:email:test@example.com");
  * ```
  */
 declare function getRelatedObservables(inv: CyvestInvestigation, observableKey: string): Observable[];

package/dist/index.js

@@ -1,5 +1,5 @@
 // src/helpers.ts
-import Ajv2020 from "ajv/dist/2020";
+import Ajv2020 from "ajv/dist/2020.js";
 import addFormats from "ajv-formats";
 
 // ../../../schema/cyvest.schema.json

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cyvest/cyvest-js",
-  "version": "5.1.1",
+  "version": "5.1.3",
   "type": "module",
   "main": "dist/index.cjs",
   "module": "dist/index.js",

package/src/finders.ts

@@ -23,12 +23,12 @@ import { isLevelAtLeast, isLevelHigherThan, LEVEL_VALUES } from "./levels";
  * Find all observables of a specific type.
  *
  * @param inv - The investigation to search
- * @param type - Observable type (e.g., "ipv4-addr", "url", "domain-name")
+ * @param type - Observable type (e.g., "ipv4", "url", "domain")
  * @returns Array of matching observables
  *
  * @example
  * ```ts
- * const ips = findObservablesByType(investigation, "ipv4-addr");
+ * const ips = findObservablesByType(investigation, "ipv4");
  * const urls = findObservablesByType(investigation, "url");
  * ```
  */
@@ -346,7 +346,7 @@ export function findTagsByNamePattern(
  *
  * @example
  * ```ts
- * const checks = findChecksForObservable(investigation, "obs:ipv4-addr:192.168.1.1");
+ * const checks = findChecksForObservable(investigation, "obs:ipv4:192.168.1.1");
  * ```
  */
 export function findChecksForObservable(

package/src/getters.ts

@@ -21,12 +21,12 @@ import { getLevelFromScore } from "./levels";
  * Get an observable by its key.
  *
  * @param inv - The investigation to search
- * @param key - Observable key (e.g., "obs:ipv4-addr:192.168.1.1")
+ * @param key - Observable key (e.g., "obs:ipv4:192.168.1.1")
  * @returns The observable or undefined if not found
  *
  * @example
  * ```ts
- * const obs = getObservable(investigation, "obs:ipv4-addr:192.168.1.1");
+ * const obs = getObservable(investigation, "obs:ipv4:192.168.1.1");
  * if (obs) {
  *   console.log(obs.value, obs.level);
  * }
@@ -43,13 +43,13 @@ export function getObservable(
  * Get an observable by type and value.
  *
  * @param inv - The investigation to search
- * @param type - Observable type (e.g., "ipv4-addr", "url")
+ * @param type - Observable type (e.g., "ipv4", "url")
  * @param value - Observable value
  * @returns The observable or undefined if not found
  *
  * @example
  * ```ts
- * const obs = getObservableByTypeValue(investigation, "ipv4-addr", "192.168.1.1");
+ * const obs = getObservableByTypeValue(investigation, "ipv4", "192.168.1.1");
  * ```
  */
 export function getObservableByTypeValue(
@@ -156,7 +156,7 @@ export function getAllChecks(inv: CyvestInvestigation): Check[] {
  * Get a threat intel entry by its key.
  *
  * @param inv - The investigation to search
- * @param key - Threat intel key (e.g., "ti:virustotal:obs:ipv4-addr:192.168.1.1")
+ * @param key - Threat intel key (e.g., "ti:virustotal:obs:ipv4:192.168.1.1")
  * @returns The threat intel or undefined if not found
  */
 export function getThreatIntel(

package/src/graph.ts

@@ -73,7 +73,7 @@ export interface InvestigationGraph {
  *
  * @example
  * ```ts
- * const related = getRelatedObservables(investigation, "obs:email-addr:test@example.com");
+ * const related = getRelatedObservables(investigation, "obs:email:test@example.com");
  * ```
  */
 export function getRelatedObservables(

package/src/helpers.ts

@@ -1,4 +1,4 @@
-import Ajv2020, { type ValidateFunction } from "ajv/dist/2020";
+import Ajv2020, { type ValidateFunction } from "ajv/dist/2020.js";
 import addFormats from "ajv-formats";
 import schema from "../../../../schema/cyvest.schema.json" assert { type: "json" };
 import type { CyvestInvestigation } from "./types.generated";

package/src/keys.ts

@@ -45,8 +45,8 @@ function hashString(content: string, length: number = 16): string {
  *
  * @example
  * ```ts
- * generateObservableKey("ipv4-addr", "192.168.1.1")
- * // => "obs:ipv4-addr:192.168.1.1"
+ * generateObservableKey("ipv4", "192.168.1.1")
+ * // => "obs:ipv4:192.168.1.1"
  * ```
  */
 export function generateObservableKey(obsType: string, value: string): string {
@@ -85,8 +85,8 @@ export function generateCheckKey(checkName: string): string {
  *
  * @example
  * ```ts
- * generateThreatIntelKey("virustotal", "obs:ipv4-addr:192.168.1.1")
- * // => "ti:virustotal:obs:ipv4-addr:192.168.1.1"
+ * generateThreatIntelKey("virustotal", "obs:ipv4:192.168.1.1")
+ * // => "ti:virustotal:obs:ipv4:192.168.1.1"
  * ```
  */
 export function generateThreatIntelKey(
@@ -210,7 +210,7 @@ export function isTagDescendantOf(descendantName: string, ancestorName: string):
  *
  * @example
  * ```ts
- * parseKeyType("obs:ipv4-addr:192.168.1.1") // => "obs"
+ * parseKeyType("obs:ipv4:192.168.1.1") // => "obs"
  * parseKeyType("invalid") // => null
  * ```
  */
@@ -233,9 +233,9 @@ export function parseKeyType(key: string): KeyType | null {
  *
  * @example
  * ```ts
- * validateKey("obs:ipv4-addr:192.168.1.1") // => true
- * validateKey("obs:ipv4-addr:192.168.1.1", "obs") // => true
- * validateKey("obs:ipv4-addr:192.168.1.1", "chk") // => false
+ * validateKey("obs:ipv4:192.168.1.1") // => true
+ * validateKey("obs:ipv4:192.168.1.1", "obs") // => true
+ * validateKey("obs:ipv4:192.168.1.1", "chk") // => false
  * validateKey("invalid") // => false
  * ```
  */
@@ -264,8 +264,8 @@ export function validateKey(key: string, expectedType?: KeyType): boolean {
  *
  * @example
  * ```ts
- * parseObservableKey("obs:ipv4-addr:192.168.1.1")
- * // => { type: "ipv4-addr", value: "192.168.1.1" }
+ * parseObservableKey("obs:ipv4:192.168.1.1")
+ * // => { type: "ipv4", value: "192.168.1.1" }
  * ```
  */
 export function parseObservableKey(
@@ -319,8 +319,8 @@ export function parseCheckKey(
  *
  * @example
  * ```ts
- * parseThreatIntelKey("ti:virustotal:obs:ipv4-addr:192.168.1.1")
- * // => { source: "virustotal", observableKey: "obs:ipv4-addr:192.168.1.1" }
+ * parseThreatIntelKey("ti:virustotal:obs:ipv4:192.168.1.1")
+ * // => { source: "virustotal", observableKey: "obs:ipv4:192.168.1.1" }
  * ```
  */
 export function parseThreatIntelKey(

package/tests/getters-finders.test.ts

@@ -68,9 +68,9 @@ function createTestInvestigation(): CyvestInvestigation {
       },
     ],
     observables: {
-      "obs:ipv4-addr:192.168.1.1": {
-        key: "obs:ipv4-addr:192.168.1.1",
-        type: "ipv4-addr",
+      "obs:ipv4:192.168.1.1": {
+        key: "obs:ipv4:192.168.1.1",
+        type: "ipv4",
         value: "192.168.1.1",
         internal: true,
         whitelisted: false,
@@ -81,7 +81,7 @@ function createTestInvestigation(): CyvestInvestigation {
         level: "INFO",
         relationships: [
           {
-            target_key: "obs:domain-name:example.com",
+            target_key: "obs:domain:example.com",
             relationship_type: "related-to",
             direction: "outbound",
           },
@@ -89,9 +89,9 @@ function createTestInvestigation(): CyvestInvestigation {
         threat_intels: [],
         check_links: ["chk:ip_check:network"],
       },
-      "obs:ipv4-addr:8.8.8.8": {
-        key: "obs:ipv4-addr:8.8.8.8",
-        type: "ipv4-addr",
+      "obs:ipv4:8.8.8.8": {
+        key: "obs:ipv4:8.8.8.8",
+        type: "ipv4",
         value: "8.8.8.8",
         internal: false,
         whitelisted: true,
@@ -104,9 +104,9 @@ function createTestInvestigation(): CyvestInvestigation {
         threat_intels: [],
         check_links: [],
       },
-      "obs:domain-name:example.com": {
-        key: "obs:domain-name:example.com",
-        type: "domain-name",
+      "obs:domain:example.com": {
+        key: "obs:domain:example.com",
+        type: "domain",
         value: "example.com",
         internal: false,
         whitelisted: false,
@@ -116,7 +116,7 @@ function createTestInvestigation(): CyvestInvestigation {
         score_display: "5.00",
         level: "MALICIOUS",
         relationships: [],
-        threat_intels: ["ti:virustotal:obs:domain-name:example.com"],
+        threat_intels: ["ti:virustotal:obs:domain:example.com"],
         check_links: ["chk:domain_check:dns"],
       },
       "obs:url:http://malware.com/bad": {
@@ -148,7 +148,7 @@ function createTestInvestigation(): CyvestInvestigation {
         origin_investigation_id: "01HXYZTESTINVESTIGATION",
         observable_links: [
           {
-            observable_key: "obs:ipv4-addr:192.168.1.1",
+            observable_key: "obs:ipv4:192.168.1.1",
           },
         ],
       },
@@ -164,7 +164,7 @@ function createTestInvestigation(): CyvestInvestigation {
         origin_investigation_id: "01HXYZTESTINVESTIGATION",
         observable_links: [
           {
-            observable_key: "obs:domain-name:example.com",
+            observable_key: "obs:domain:example.com",
           },
         ],
       },
@@ -182,10 +182,10 @@ function createTestInvestigation(): CyvestInvestigation {
       },
     },
     threat_intels: {
-      "ti:virustotal:obs:domain-name:example.com": {
-        key: "ti:virustotal:obs:domain-name:example.com",
+      "ti:virustotal:obs:domain:example.com": {
+        key: "ti:virustotal:obs:domain:example.com",
         source: "virustotal",
-        observable_key: "obs:domain-name:example.com",
+        observable_key: "obs:domain:example.com",
         comment: "",
         extra: {},
         score: 5,
@@ -241,7 +241,7 @@ function createTestInvestigation(): CyvestInvestigation {
       internal_observables: 1,
       external_observables: 3,
       whitelisted_observables: 1,
-      observables_by_type: { "ipv4-addr": 2, "domain-name": 1, url: 1 },
+      observables_by_type: { "ipv4": 2, "domain": 1, url: 1 },
       observables_by_level: { INFO: 1, TRUSTED: 1, MALICIOUS: 2 },
       observables_by_type_and_level: {},
       total_checks: 3,
@@ -268,7 +268,7 @@ describe("Getters", () => {
 
   describe("getObservable", () => {
     it("returns observable by key", () => {
-      const obs = getObservable(inv, "obs:ipv4-addr:192.168.1.1");
+      const obs = getObservable(inv, "obs:ipv4:192.168.1.1");
       expect(obs).toBeDefined();
       expect(obs?.value).toBe("192.168.1.1");
     });
@@ -280,13 +280,13 @@ describe("Getters", () => {
 
   describe("getObservableByTypeValue", () => {
     it("finds observable by type and value", () => {
-      const obs = getObservableByTypeValue(inv, "ipv4-addr", "192.168.1.1");
+      const obs = getObservableByTypeValue(inv, "ipv4", "192.168.1.1");
       expect(obs).toBeDefined();
-      expect(obs?.key).toBe("obs:ipv4-addr:192.168.1.1");
+      expect(obs?.key).toBe("obs:ipv4:192.168.1.1");
     });
 
     it("is case insensitive", () => {
-      const obs = getObservableByTypeValue(inv, "IPV4-ADDR", "192.168.1.1");
+      const obs = getObservableByTypeValue(inv, "IPV4", "192.168.1.1");
       expect(obs).toBeDefined();
     });
   });
@@ -318,7 +318,7 @@ describe("Getters", () => {
     it("returns threat intel by key", () => {
       const ti = getThreatIntel(
         inv,
-        "ti:virustotal:obs:domain-name:example.com"
+        "ti:virustotal:obs:domain:example.com"
       );
       expect(ti).toBeDefined();
       expect(ti?.source).toBe("virustotal");
@@ -387,12 +387,12 @@ describe("Finders", () => {
 
   describe("findObservablesByType", () => {
     it("finds observables of specific type", () => {
-      const ips = findObservablesByType(inv, "ipv4-addr");
+      const ips = findObservablesByType(inv, "ipv4");
       expect(ips).toHaveLength(2);
     });
 
     it("is case insensitive", () => {
-      const ips = findObservablesByType(inv, "IPV4-ADDR");
+      const ips = findObservablesByType(inv, "IPV4");
       expect(ips).toHaveLength(2);
     });
   });
@@ -443,7 +443,7 @@ describe("Finders", () => {
 
   describe("findChecksForObservable", () => {
     it("finds checks that reference observable", () => {
-      const checks = findChecksForObservable(inv, "obs:ipv4-addr:192.168.1.1");
+      const checks = findChecksForObservable(inv, "obs:ipv4:192.168.1.1");
       expect(checks).toHaveLength(1);
       expect(checks[0].check_name).toBe("ip_check");
     });
@@ -453,7 +453,7 @@ describe("Finders", () => {
     it("finds threat intel for observable", () => {
       const tis = findThreatIntelsForObservable(
         inv,
-        "obs:domain-name:example.com"
+        "obs:domain:example.com"
       );
       expect(tis).toHaveLength(1);
       expect(tis[0].source).toBe("virustotal");
@@ -494,8 +494,8 @@ describe("Finders", () => {
   describe("getAllObservableTypes", () => {
     it("returns all observable types", () => {
       const types = getAllObservableTypes(inv);
-      expect(types).toContain("ipv4-addr");
-      expect(types).toContain("domain-name");
+      expect(types).toContain("ipv4");
+      expect(types).toContain("domain");
       expect(types).toContain("url");
     });
   });

package/tests/graph.test.ts

@@ -37,9 +37,9 @@ function createGraphTestInvestigation(): CyvestInvestigation {
     ],
     whitelists: [],
     observables: {
-      "obs:email-message:msg1": {
-        key: "obs:email-message:msg1",
-        type: "email-message",
+      "obs:file:msg1": {
+        key: "obs:file:msg1",
+        type: "file",
         value: "msg1",
         internal: false,
         whitelisted: false,
@@ -50,12 +50,12 @@ function createGraphTestInvestigation(): CyvestInvestigation {
         level: "INFO",
         relationships: [
           {
-            target_key: "obs:email-addr:sender@example.com",
+            target_key: "obs:email:sender@example.com",
             relationship_type: "from",
             direction: "outbound",
           },
           {
-            target_key: "obs:ipv4-addr:192.168.1.1",
+            target_key: "obs:ipv4:192.168.1.1",
             relationship_type: "originated-from",
             direction: "outbound",
           },
@@ -63,9 +63,9 @@ function createGraphTestInvestigation(): CyvestInvestigation {
         threat_intels: [],
         check_links: [],
       },
-      "obs:email-addr:sender@example.com": {
-        key: "obs:email-addr:sender@example.com",
-        type: "email-addr",
+      "obs:email:sender@example.com": {
+        key: "obs:email:sender@example.com",
+        type: "email",
         value: "sender@example.com",
         internal: false,
         whitelisted: false,
@@ -76,7 +76,7 @@ function createGraphTestInvestigation(): CyvestInvestigation {
         level: "INFO",
         relationships: [
           {
-            target_key: "obs:domain-name:example.com",
+            target_key: "obs:domain:example.com",
             relationship_type: "related-to",
             direction: "outbound",
           },
@@ -84,9 +84,9 @@ function createGraphTestInvestigation(): CyvestInvestigation {
         threat_intels: [],
         check_links: [],
       },
-      "obs:ipv4-addr:192.168.1.1": {
-        key: "obs:ipv4-addr:192.168.1.1",
-        type: "ipv4-addr",
+      "obs:ipv4:192.168.1.1": {
+        key: "obs:ipv4:192.168.1.1",
+        type: "ipv4",
         value: "192.168.1.1",
         internal: true,
         whitelisted: false,
@@ -99,9 +99,9 @@ function createGraphTestInvestigation(): CyvestInvestigation {
         threat_intels: [],
         check_links: [],
       },
-      "obs:domain-name:example.com": {
-        key: "obs:domain-name:example.com",
-        type: "domain-name",
+      "obs:domain:example.com": {
+        key: "obs:domain:example.com",
+        type: "domain",
         value: "example.com",
         internal: false,
         whitelisted: false,
@@ -114,9 +114,9 @@ function createGraphTestInvestigation(): CyvestInvestigation {
         threat_intels: [],
         check_links: [],
       },
-      "obs:file-hash:abc123": {
-        key: "obs:file-hash:abc123",
-        type: "file-hash",
+      "obs:hash:abc123": {
+        key: "obs:hash:abc123",
+        type: "hash",
         value: "abc123",
         internal: false,
         whitelisted: false,
@@ -166,7 +166,7 @@ describe("Graph Traversal", () => {
 
   describe("getRelatedObservables", () => {
     it("returns all directly connected observables", () => {
-      const related = getRelatedObservables(inv, "obs:email-message:msg1");
+      const related = getRelatedObservables(inv, "obs:file:msg1");
       expect(related).toHaveLength(2);
       const values = related.map((o) => o.value);
       expect(values).toContain("sender@example.com");
@@ -180,7 +180,7 @@ describe("Graph Traversal", () => {
     it("includes inbound relationships", () => {
       const related = getRelatedObservables(
         inv,
-        "obs:email-addr:sender@example.com"
+        "obs:email:sender@example.com"
       );
       // Has outbound to domain and inbound from email message
       expect(related.length).toBeGreaterThanOrEqual(2);
@@ -189,12 +189,12 @@ describe("Graph Traversal", () => {
 
   describe("getObservableChildren", () => {
     it("returns outbound related observables", () => {
-      const children = getObservableChildren(inv, "obs:email-message:msg1");
+      const children = getObservableChildren(inv, "obs:file:msg1");
       expect(children).toHaveLength(2);
     });
 
     it("returns empty for leaf nodes", () => {
-      const children = getObservableChildren(inv, "obs:ipv4-addr:192.168.1.1");
+      const children = getObservableChildren(inv, "obs:ipv4:192.168.1.1");
       expect(children).toHaveLength(0);
     });
   });
@@ -203,14 +203,14 @@ describe("Graph Traversal", () => {
     it("returns observables pointing to this one", () => {
       const parents = getObservableParents(
         inv,
-        "obs:email-addr:sender@example.com"
+        "obs:email:sender@example.com"
       );
       expect(parents).toHaveLength(1);
       expect(parents[0].value).toBe("msg1");
     });
 
     it("returns empty for root nodes", () => {
-      const parents = getObservableParents(inv, "obs:email-message:msg1");
+      const parents = getObservableParents(inv, "obs:file:msg1");
       expect(parents).toHaveLength(0);
     });
   });
@@ -219,7 +219,7 @@ describe("Graph Traversal", () => {
     it("filters by relationship type", () => {
       const fromRelated = getRelatedObservablesByType(
         inv,
-        "obs:email-message:msg1",
+        "obs:file:msg1",
         "from"
       );
       expect(fromRelated).toHaveLength(1);
@@ -241,10 +241,10 @@ describe("Graph Traversal", () => {
     it("nodes have correct structure", () => {
       const graph = getObservableGraph(inv);
       const emailNode = graph.nodes.find(
-        (n) => n.id === "obs:email-message:msg1"
+        (n) => n.id === "obs:file:msg1"
       );
       expect(emailNode).toBeDefined();
-      expect(emailNode?.type).toBe("email-message");
+      expect(emailNode?.type).toBe("file");
       expect(emailNode?.value).toBe("msg1");
       expect(emailNode?.level).toBe("INFO");
     });
@@ -253,15 +253,15 @@ describe("Graph Traversal", () => {
       const graph = getObservableGraph(inv);
       const fromEdge = graph.edges.find((e) => e.type === "from");
       expect(fromEdge).toBeDefined();
-      expect(fromEdge?.source).toBe("obs:email-message:msg1");
-      expect(fromEdge?.target).toBe("obs:email-addr:sender@example.com");
+      expect(fromEdge?.source).toBe("obs:file:msg1");
+      expect(fromEdge?.target).toBe("obs:email:sender@example.com");
     });
   });
 
   describe("findSourceObservables", () => {
     it("finds observables with no incoming relationships", () => {
       const sources = findSourceObservables(inv);
-      // email-message and file-hash are sources
+      // file and hash are sources
       expect(sources.length).toBeGreaterThanOrEqual(2);
       const values = sources.map((o) => o.value);
       expect(values).toContain("msg1");
@@ -272,7 +272,7 @@ describe("Graph Traversal", () => {
   describe("findOrphanObservables", () => {
     it("finds observables with no relationships", () => {
       const orphans = findOrphanObservables(inv);
-      // file-hash has no relationships
+      // hash has no relationships
       expect(orphans).toHaveLength(1);
       expect(orphans[0].value).toBe("abc123");
     });
@@ -290,7 +290,7 @@ describe("Graph Traversal", () => {
   describe("areConnected", () => {
     it("returns true for directly connected", () => {
       expect(
-        areConnected(inv, "obs:email-message:msg1", "obs:ipv4-addr:192.168.1.1")
+        areConnected(inv, "obs:file:msg1", "obs:ipv4:192.168.1.1")
       ).toBe(true);
     });
 
@@ -298,21 +298,21 @@ describe("Graph Traversal", () => {
       expect(
         areConnected(
           inv,
-          "obs:email-message:msg1",
-          "obs:domain-name:example.com"
+          "obs:file:msg1",
+          "obs:domain:example.com"
         )
       ).toBe(true);
     });
 
     it("returns false for disconnected", () => {
       expect(
-        areConnected(inv, "obs:file-hash:abc123", "obs:email-message:msg1")
+        areConnected(inv, "obs:hash:abc123", "obs:file:msg1")
       ).toBe(false);
     });
 
     it("returns true for same node", () => {
       expect(
-        areConnected(inv, "obs:email-message:msg1", "obs:email-message:msg1")
+        areConnected(inv, "obs:file:msg1", "obs:file:msg1")
       ).toBe(true);
     });
   });
@@ -321,32 +321,32 @@ describe("Graph Traversal", () => {
     it("finds direct path", () => {
       const path = findPath(
         inv,
-        "obs:email-message:msg1",
-        "obs:ipv4-addr:192.168.1.1"
+        "obs:file:msg1",
+        "obs:ipv4:192.168.1.1"
       );
       expect(path).toEqual([
-        "obs:email-message:msg1",
-        "obs:ipv4-addr:192.168.1.1",
+        "obs:file:msg1",
+        "obs:ipv4:192.168.1.1",
       ]);
     });
 
     it("finds transitive path", () => {
       const path = findPath(
         inv,
-        "obs:email-message:msg1",
-        "obs:domain-name:example.com"
+        "obs:file:msg1",
+        "obs:domain:example.com"
       );
       expect(path).not.toBeNull();
       expect(path?.length).toBe(3);
-      expect(path?.[0]).toBe("obs:email-message:msg1");
-      expect(path?.[path.length - 1]).toBe("obs:domain-name:example.com");
+      expect(path?.[0]).toBe("obs:file:msg1");
+      expect(path?.[path.length - 1]).toBe("obs:domain:example.com");
     });
 
     it("returns null for no path", () => {
       const path = findPath(
         inv,
-        "obs:file-hash:abc123",
-        "obs:email-message:msg1"
+        "obs:hash:abc123",
+        "obs:file:msg1"
       );
       expect(path).toBeNull();
     });
@@ -354,23 +354,23 @@ describe("Graph Traversal", () => {
     it("returns single node for same source/target", () => {
       const path = findPath(
         inv,
-        "obs:email-message:msg1",
-        "obs:email-message:msg1"
+        "obs:file:msg1",
+        "obs:file:msg1"
       );
-      expect(path).toEqual(["obs:email-message:msg1"]);
+      expect(path).toEqual(["obs:file:msg1"]);
     });
   });
 
   describe("getReachableObservables", () => {
     it("returns all reachable from start", () => {
-      const reachable = getReachableObservables(inv, "obs:email-message:msg1");
+      const reachable = getReachableObservables(inv, "obs:file:msg1");
       expect(reachable).toHaveLength(4); // msg1 + sender + ip + domain
     });
 
     it("respects max depth", () => {
       const reachable = getReachableObservables(
         inv,
-        "obs:email-message:msg1",
+        "obs:file:msg1",
         1
       );
       expect(reachable).toHaveLength(3); // msg1 + sender + ip (depth 1)
@@ -399,7 +399,7 @@ describe("Graph Traversal", () => {
     it("returns outbound and inbound relationships", () => {
       const rels = getRelationshipsForObservable(
         inv,
-        "obs:email-addr:sender@example.com"
+        "obs:email:sender@example.com"
       );
       expect(rels.outbound).toHaveLength(1);
       expect(rels.inbound).toHaveLength(1);

package/tests/keys-levels.test.ts

@@ -27,20 +27,20 @@ import {
 describe("Key Generation", () => {
   describe("generateObservableKey", () => {
     it("generates correct observable key", () => {
-      expect(generateObservableKey("ipv4-addr", "192.168.1.1")).toBe(
-        "obs:ipv4-addr:192.168.1.1"
+      expect(generateObservableKey("ipv4", "192.168.1.1")).toBe(
+        "obs:ipv4:192.168.1.1"
       );
     });
 
     it("normalizes to lowercase", () => {
-      expect(generateObservableKey("IPV4-ADDR", "192.168.1.1")).toBe(
-        "obs:ipv4-addr:192.168.1.1"
+      expect(generateObservableKey("IPV4", "192.168.1.1")).toBe(
+        "obs:ipv4:192.168.1.1"
       );
     });
 
     it("trims whitespace", () => {
-      expect(generateObservableKey("  ipv4-addr  ", "  192.168.1.1  ")).toBe(
-        "obs:ipv4-addr:192.168.1.1"
+      expect(generateObservableKey("  ipv4  ", "  192.168.1.1  ")).toBe(
+        "obs:ipv4:192.168.1.1"
       );
     });
   });
@@ -56,8 +56,8 @@ describe("Key Generation", () => {
   describe("generateThreatIntelKey", () => {
     it("generates correct threat intel key", () => {
       expect(
-        generateThreatIntelKey("virustotal", "obs:ipv4-addr:192.168.1.1")
-      ).toBe("ti:virustotal:obs:ipv4-addr:192.168.1.1");
+        generateThreatIntelKey("virustotal", "obs:ipv4:192.168.1.1")
+      ).toBe("ti:virustotal:obs:ipv4:192.168.1.1");
     });
   });
 
@@ -88,7 +88,7 @@ describe("Key Generation", () => {
 
   describe("parseKeyType", () => {
     it("parses observable key type", () => {
-      expect(parseKeyType("obs:ipv4-addr:192.168.1.1")).toBe("obs");
+      expect(parseKeyType("obs:ipv4:192.168.1.1")).toBe("obs");
     });
 
     it("parses check key type", () => {
@@ -115,13 +115,13 @@ describe("Key Generation", () => {
 
   describe("validateKey", () => {
     it("validates correct keys", () => {
-      expect(validateKey("obs:ipv4-addr:192.168.1.1")).toBe(true);
+      expect(validateKey("obs:ipv4:192.168.1.1")).toBe(true);
       expect(validateKey("chk:sender:email")).toBe(true);
     });
 
     it("validates key type", () => {
-      expect(validateKey("obs:ipv4-addr:192.168.1.1", "obs")).toBe(true);
-      expect(validateKey("obs:ipv4-addr:192.168.1.1", "chk")).toBe(false);
+      expect(validateKey("obs:ipv4:192.168.1.1", "obs")).toBe(true);
+      expect(validateKey("obs:ipv4:192.168.1.1", "chk")).toBe(false);
     });
 
     it("rejects invalid keys", () => {
@@ -133,8 +133,8 @@ describe("Key Generation", () => {
 
   describe("parseObservableKey", () => {
     it("parses observable key components", () => {
-      expect(parseObservableKey("obs:ipv4-addr:192.168.1.1")).toEqual({
-        type: "ipv4-addr",
+      expect(parseObservableKey("obs:ipv4:192.168.1.1")).toEqual({
+        type: "ipv4",
         value: "192.168.1.1",
       });
     });
@@ -162,10 +162,10 @@ describe("Key Generation", () => {
   describe("parseThreatIntelKey", () => {
     it("parses threat intel key components", () => {
       expect(
-        parseThreatIntelKey("ti:virustotal:obs:ipv4-addr:192.168.1.1")
+        parseThreatIntelKey("ti:virustotal:obs:ipv4:192.168.1.1")
       ).toEqual({
         source: "virustotal",
-        observableKey: "obs:ipv4-addr:192.168.1.1",
+        observableKey: "obs:ipv4:192.168.1.1",
       });
     });
   });