@panguard-ai/core 0.1.0

package/dist/discovery/risk-scorer.d.ts

@@ -0,0 +1,66 @@
+/**
+ * Risk scoring algorithm
+ * 風險評分演算法
+ *
+ * Calculates an overall risk score (0-100) based on discovered environment
+ * factors including firewall status, admin accounts, open ports, update status,
+ * security tools presence, and service count.
+ * 根據已發現的環境因素計算總體風險評分（0-100），包括防火牆狀態、管理員帳號、
+ * 開放埠、更新狀態、安全工具存在狀況和服務數量。
+ *
+ * @module @panguard-ai/core/discovery/risk-scorer
+ */
+import type { DiscoveryResult, RiskFactor } from './types.js';
+import type { Severity } from '../types.js';
+/**
+ * Calculate the overall risk score and identify risk factors
+ * 計算總體風險評分並識別風險因素
+ *
+ * Evaluates multiple security dimensions:
+ * - Firewall status (max 25 points)
+ * - Admin account count (max 15 points)
+ * - Dangerous open ports (max 20 points)
+ * - Update status (max 15 points)
+ * - Security tool presence (max 25 points)
+ * - Password hygiene (max 10 points)
+ * - Service count (max 5 points)
+ *
+ * 評估多個安全面向：
+ * - 防火牆狀態（最高 25 分）
+ * - 管理員帳號數量（最高 15 分）
+ * - 危險開放埠（最高 20 分）
+ * - 更新狀態（最高 15 分）
+ * - 安全工具存在狀況（最高 25 分）
+ * - 密碼衛生（最高 10 分）
+ * - 服務數量（最高 5 分）
+ *
+ * @param result - Partial discovery result to evaluate / 要評估的部分偵察結果
+ * @returns Risk score (0-100) and identified risk factors / 風險評分（0-100）和已識別的風險因素
+ */
+export declare function calculateRiskScore(result: Partial<DiscoveryResult>): {
+    riskScore: number;
+    factors: RiskFactor[];
+};
+/**
+ * Map a numeric risk score to a severity level
+ * 將數值風險評分映射到嚴重性等級
+ *
+ * Score ranges:
+ * - 0-20:  info     (minimal risk / 最小風險)
+ * - 21-40: low      (some concerns / 有一些問題)
+ * - 41-60: medium   (moderate risk / 中等風險)
+ * - 61-80: high     (significant risk / 重大風險)
+ * - 81-100: critical (severe risk / 嚴重風險)
+ *
+ * 評分範圍：
+ * - 0-20：info（最小風險）
+ * - 21-40：low（有一些問題）
+ * - 41-60：medium（中等風險）
+ * - 61-80：high（重大風險）
+ * - 81-100：critical（嚴重風險）
+ *
+ * @param score - Numeric risk score (0-100) / 數值風險評分（0-100）
+ * @returns Corresponding severity level / 對應的嚴重性等級
+ */
+export declare function getRiskLevel(score: number): Severity;
+//# sourceMappingURL=risk-scorer.d.ts.map

package/dist/discovery/risk-scorer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"risk-scorer.d.ts","sourceRoot":"","sources":["../../src/discovery/risk-scorer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAGH,OAAO,KAAK,EAAE,eAAe,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAC9D,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAuO5C;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,OAAO,CAAC,eAAe,CAAC,GAAG;IACpE,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,UAAU,EAAE,CAAC;CACvB,CAiCA;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,QAAQ,CAQpD"}

package/dist/discovery/risk-scorer.js

@@ -0,0 +1,294 @@
+/**
+ * Risk scoring algorithm
+ * 風險評分演算法
+ *
+ * Calculates an overall risk score (0-100) based on discovered environment
+ * factors including firewall status, admin accounts, open ports, update status,
+ * security tools presence, and service count.
+ * 根據已發現的環境因素計算總體風險評分（0-100），包括防火牆狀態、管理員帳號、
+ * 開放埠、更新狀態、安全工具存在狀況和服務數量。
+ *
+ * @module @panguard-ai/core/discovery/risk-scorer
+ */
+import { createLogger } from '../utils/logger.js';
+const logger = createLogger('discovery:risk-scorer');
+/**
+ * Dangerous ports that indicate potential security risks when open
+ * 開放時表示潛在安全風險的危險埠
+ */
+const DANGEROUS_PORTS = new Set([
+    22, // SSH - can be brute-forced / SSH - 可能被暴力破解
+    23, // Telnet - unencrypted / Telnet - 未加密
+    445, // SMB - common attack vector / SMB - 常見攻擊向量
+    3389, // RDP - remote desktop / RDP - 遠端桌面
+    135, // MSRPC - Windows RPC / MSRPC - Windows RPC
+    139, // NetBIOS - legacy protocol / NetBIOS - 舊版協定
+    1433, // MSSQL - database / MSSQL - 資料庫
+    3306, // MySQL - database / MySQL - 資料庫
+    5432, // PostgreSQL - database / PostgreSQL - 資料庫
+    6379, // Redis - often unprotected / Redis - 通常無保護
+    27017, // MongoDB - often unprotected / MongoDB - 通常無保護
+    5900, // VNC - remote access / VNC - 遠端存取
+]);
+/**
+ * Check for missing firewall and return a risk factor if applicable
+ * 檢查防火牆是否缺失，如適用則回傳風險因素
+ *
+ * @param result - Partial discovery result / 部分偵察結果
+ * @returns Risk factor if firewall is disabled, or null / 如果防火牆停用則回傳風險因素，否則為 null
+ */
+function checkFirewallRisk(result) {
+    if (!result.security?.firewall)
+        return null;
+    if (!result.security.firewall.enabled) {
+        return {
+            category: 'noFirewall',
+            description: 'Firewall is disabled - system is exposed to network attacks / 防火牆已停用 - 系統暴露於網路攻擊',
+            score: 25,
+            severity: 'high',
+            details: `Firewall product: ${result.security.firewall.product || 'unknown'}`,
+        };
+    }
+    return null;
+}
+/**
+ * Check for excessive administrator accounts
+ * 檢查過多的管理員帳號
+ *
+ * @param result - Partial discovery result / 部分偵察結果
+ * @returns Risk factor if too many admins, or null / 如果管理員過多則回傳風險因素，否則為 null
+ */
+function checkAdminRisk(result) {
+    if (!result.security?.users)
+        return null;
+    const adminCount = result.security.users.filter((u) => u.isAdmin).length;
+    if (adminCount > 2) {
+        return {
+            category: 'tooManyAdmins',
+            description: 'Too many administrator accounts increase attack surface / 過多的管理員帳號增加攻擊面',
+            score: 15,
+            severity: 'medium',
+            details: `Found ${adminCount} admin accounts (recommended: 2 or fewer). Admin users: ${result.security.users
+                .filter((u) => u.isAdmin)
+                .map((u) => u.username)
+                .join(', ')}`,
+        };
+    }
+    return null;
+}
+/**
+ * Check for dangerous open ports
+ * 檢查危險的開放埠
+ *
+ * @param result - Partial discovery result / 部分偵察結果
+ * @returns Risk factor if dangerous ports are open, or null / 如果危險埠開放則回傳風險因素，否則為 null
+ */
+function checkDangerousPortsRisk(result) {
+    const ports = result.openPorts || result.network?.openPorts;
+    if (!ports || ports.length === 0)
+        return null;
+    const dangerousOpen = ports.filter((p) => DANGEROUS_PORTS.has(p.port));
+    if (dangerousOpen.length > 0) {
+        return {
+            category: 'dangerousPorts',
+            description: 'Dangerous ports are open and may be exploitable / 危險埠已開放，可能被利用',
+            score: 20,
+            severity: 'high',
+            details: `Open dangerous ports: ${dangerousOpen
+                .map((p) => `${p.port}/${p.protocol} (${p.service || 'unknown'})`)
+                .join(', ')}`,
+        };
+    }
+    return null;
+}
+/**
+ * Check for missing or outdated system updates
+ * 檢查缺失或過時的系統更新
+ *
+ * @param result - Partial discovery result / 部分偵察結果
+ * @returns Risk factor if updates are needed, or null / 如果需要更新則回傳風險因素，否則為 null
+ */
+function checkUpdateRisk(result) {
+    if (!result.security?.updates)
+        return null;
+    const updates = result.security.updates;
+    const issues = [];
+    if (updates.pendingUpdates > 0) {
+        issues.push(`${updates.pendingUpdates} pending updates`);
+    }
+    if (updates.lastCheck) {
+        const lastCheckDate = new Date(updates.lastCheck);
+        const daysSinceCheck = Math.floor((Date.now() - lastCheckDate.getTime()) / (1000 * 60 * 60 * 24));
+        if (daysSinceCheck > 30) {
+            issues.push(`last update check was ${daysSinceCheck} days ago`);
+        }
+    }
+    if (!updates.autoUpdateEnabled) {
+        issues.push('automatic updates are disabled');
+    }
+    if (issues.length > 0) {
+        return {
+            category: 'noUpdates',
+            description: 'System updates are missing or not configured properly / 系統更新缺失或配置不當',
+            score: 15,
+            severity: 'medium',
+            details: issues.join('; '),
+        };
+    }
+    return null;
+}
+/**
+ * Check for absence of security tools
+ * 檢查安全工具是否缺失
+ *
+ * @param result - Partial discovery result / 部分偵察結果
+ * @returns Risk factor if no security tools detected, or null / 如果未偵測到安全工具則回傳風險因素，否則為 null
+ */
+function checkSecurityToolsRisk(result) {
+    if (!result.security?.existingTools)
+        return null;
+    const runningTools = result.security.existingTools.filter((t) => t.running);
+    if (runningTools.length === 0) {
+        return {
+            category: 'noSecurityTools',
+            description: 'No active security tools detected - system lacks protection / 未偵測到啟用中的安全工具 - 系統缺乏保護',
+            score: 25,
+            severity: 'high',
+            details: result.security.existingTools.length > 0
+                ? `Found ${result.security.existingTools.length} tool(s) installed but none are running`
+                : 'No security tools (antivirus, EDR, IDS) were found on this system',
+        };
+    }
+    return null;
+}
+/**
+ * Check for default or weak password indicators
+ * 檢查預設或弱密碼指標
+ *
+ * @param result - Partial discovery result / 部分偵察結果
+ * @returns Risk factor if default passwords suspected, or null / 如果懷疑使用預設密碼則回傳風險因素，否則為 null
+ */
+function checkDefaultPasswordRisk(result) {
+    if (!result.security?.users)
+        return null;
+    const usersWithOldPasswords = result.security.users.filter((u) => u.passwordAge !== undefined && u.passwordAge > 365);
+    if (usersWithOldPasswords.length > 0) {
+        return {
+            category: 'defaultPasswords',
+            description: 'User accounts have very old passwords that may be weak or default / 使用者帳號的密碼非常舊，可能很弱或為預設值',
+            score: 10,
+            severity: 'medium',
+            details: `${usersWithOldPasswords.length} user(s) have passwords older than 365 days: ${usersWithOldPasswords.map((u) => u.username).join(', ')}`,
+        };
+    }
+    return null;
+}
+/**
+ * Check for excessive running services
+ * 檢查過多的執行中服務
+ *
+ * @param result - Partial discovery result / 部分偵察結果
+ * @returns Risk factor if too many services, or null / 如果服務過多則回傳風險因素，否則為 null
+ */
+function checkExcessiveServicesRisk(result) {
+    if (!result.services)
+        return null;
+    const runningServices = result.services.filter((s) => s.status === 'running');
+    if (runningServices.length > 50) {
+        return {
+            category: 'excessiveServices',
+            description: 'Excessive number of running services increases attack surface / 過多的執行中服務增加攻擊面',
+            score: 5,
+            severity: 'low',
+            details: `${runningServices.length} services are running (recommended: review and disable unnecessary services)`,
+        };
+    }
+    return null;
+}
+/**
+ * Calculate the overall risk score and identify risk factors
+ * 計算總體風險評分並識別風險因素
+ *
+ * Evaluates multiple security dimensions:
+ * - Firewall status (max 25 points)
+ * - Admin account count (max 15 points)
+ * - Dangerous open ports (max 20 points)
+ * - Update status (max 15 points)
+ * - Security tool presence (max 25 points)
+ * - Password hygiene (max 10 points)
+ * - Service count (max 5 points)
+ *
+ * 評估多個安全面向：
+ * - 防火牆狀態（最高 25 分）
+ * - 管理員帳號數量（最高 15 分）
+ * - 危險開放埠（最高 20 分）
+ * - 更新狀態（最高 15 分）
+ * - 安全工具存在狀況（最高 25 分）
+ * - 密碼衛生（最高 10 分）
+ * - 服務數量（最高 5 分）
+ *
+ * @param result - Partial discovery result to evaluate / 要評估的部分偵察結果
+ * @returns Risk score (0-100) and identified risk factors / 風險評分（0-100）和已識別的風險因素
+ */
+export function calculateRiskScore(result) {
+    const factors = [];
+    logger.info('Calculating risk score');
+    // Run all risk checks
+    // 執行所有風險檢查
+    const checks = [
+        checkFirewallRisk(result),
+        checkAdminRisk(result),
+        checkDangerousPortsRisk(result),
+        checkUpdateRisk(result),
+        checkSecurityToolsRisk(result),
+        checkDefaultPasswordRisk(result),
+        checkExcessiveServicesRisk(result),
+    ];
+    for (const check of checks) {
+        if (check !== null) {
+            factors.push(check);
+        }
+    }
+    // Sum up all factor scores, capped at 100
+    // 加總所有因素分數，上限為 100
+    const rawScore = factors.reduce((sum, f) => sum + f.score, 0);
+    const riskScore = Math.min(100, Math.max(0, rawScore));
+    logger.info(`Risk score calculated: ${riskScore}/100 with ${factors.length} risk factors`, {
+        factors: factors.map((f) => ({ category: f.category, score: f.score, severity: f.severity })),
+    });
+    return { riskScore, factors };
+}
+/**
+ * Map a numeric risk score to a severity level
+ * 將數值風險評分映射到嚴重性等級
+ *
+ * Score ranges:
+ * - 0-20:  info     (minimal risk / 最小風險)
+ * - 21-40: low      (some concerns / 有一些問題)
+ * - 41-60: medium   (moderate risk / 中等風險)
+ * - 61-80: high     (significant risk / 重大風險)
+ * - 81-100: critical (severe risk / 嚴重風險)
+ *
+ * 評分範圍：
+ * - 0-20：info（最小風險）
+ * - 21-40：low（有一些問題）
+ * - 41-60：medium（中等風險）
+ * - 61-80：high（重大風險）
+ * - 81-100：critical（嚴重風險）
+ *
+ * @param score - Numeric risk score (0-100) / 數值風險評分（0-100）
+ * @returns Corresponding severity level / 對應的嚴重性等級
+ */
+export function getRiskLevel(score) {
+    const clampedScore = Math.min(100, Math.max(0, score));
+    if (clampedScore <= 20)
+        return 'info';
+    if (clampedScore <= 40)
+        return 'low';
+    if (clampedScore <= 60)
+        return 'medium';
+    if (clampedScore <= 80)
+        return 'high';
+    return 'critical';
+}
+//# sourceMappingURL=risk-scorer.js.map

package/dist/discovery/risk-scorer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"risk-scorer.js","sourceRoot":"","sources":["../../src/discovery/risk-scorer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAIlD,MAAM,MAAM,GAAG,YAAY,CAAC,uBAAuB,CAAC,CAAC;AAErD;;;GAGG;AACH,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC;IAC9B,EAAE,EAAE,4CAA4C;IAChD,EAAE,EAAE,sCAAsC;IAC1C,GAAG,EAAE,4CAA4C;IACjD,IAAI,EAAE,oCAAoC;IAC1C,GAAG,EAAE,4CAA4C;IACjD,GAAG,EAAE,6CAA6C;IAClD,IAAI,EAAE,iCAAiC;IACvC,IAAI,EAAE,iCAAiC;IACvC,IAAI,EAAE,2CAA2C;IACjD,IAAI,EAAE,4CAA4C;IAClD,KAAK,EAAE,gDAAgD;IACvD,IAAI,EAAE,mCAAmC;CAC1C,CAAC,CAAC;AAEH;;;;;;GAMG;AACH,SAAS,iBAAiB,CAAC,MAAgC;IACzD,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,QAAQ;QAAE,OAAO,IAAI,CAAC;IAE5C,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;QACtC,OAAO;YACL,QAAQ,EAAE,YAAY;YACtB,WAAW,EACT,kFAAkF;YACpF,KAAK,EAAE,EAAE;YACT,QAAQ,EAAE,MAAM;YAChB,OAAO,EAAE,qBAAqB,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,IAAI,SAAS,EAAE;SAC9E,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;GAMG;AACH,SAAS,cAAc,CAAC,MAAgC;IACtD,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,KAAK;QAAE,OAAO,IAAI,CAAC;IAEzC,MAAM,UAAU,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC;IAEzE,IAAI,UAAU,GAAG,CAAC,EAAE,CAAC;QACnB,OAAO;YACL,QAAQ,EAAE,eAAe;YACzB,WAAW,EACT,yEAAyE;YAC3E,KAAK,EAAE,EAAE;YACT,QAAQ,EAAE,QAAQ;YAClB,OAAO,EAAE,SAAS,UAAU,2DAA2D,MAAM,CAAC,QAAQ,CAAC,KAAK;iBACzG,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC;iBACxB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC;iBACtB,IAAI,CAAC,IAAI,CAAC,EAAE;SAChB,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;GAMG;AACH,SAAS,uBAAuB,CAAC,MAAgC;IAC/D,MAAM,KAAK,GAAG,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC;IAC5D,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAE9C,MAAM,aAAa,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IAEvE,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,OAAO;YACL,QAAQ,EAAE,gBAAgB;YAC1B,WAAW,EAAE,gEAAgE;YAC7E,KAAK,EAAE,EAAE;YACT,QAAQ,EAAE,MAAM;YAChB,OAAO,EAAE,yBAAyB,aAAa;iBAC5C,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,OAAO,IAAI,SAAS,GAAG,CAAC;iBACjE,IAAI,CAAC,IAAI,CAAC,EAAE;SAChB,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;GAMG;AACH,SAAS,eAAe,CAAC,MAAgC;IACvD,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,OAAO;QAAE,OAAO,IAAI,CAAC;IAE3C,MAAM,OAAO,GAAG,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC;IACxC,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,IAAI,OAAO,CAAC,cAAc,GAAG,CAAC,EAAE,CAAC;QAC/B,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,cAAc,kBAAkB,CAAC,CAAC;IAC3D,CAAC;IAED,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;QACtB,MAAM,aAAa,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAClD,MAAM,cAAc,GAAG,IAAI,CAAC,KAAK,CAC/B,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,aAAa,CAAC,OAAO,EAAE,CAAC,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAC/D,CAAC;QACF,IAAI,cAAc,GAAG,EAAE,EAAE,CAAC;YACxB,MAAM,CAAC,IAAI,CAAC,yBAAyB,cAAc,WAAW,CAAC,CAAC;QAClE,CAAC;IACH,CAAC;IAED,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE,CAAC;QAC/B,MAAM,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;IAChD,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,OAAO;YACL,QAAQ,EAAE,WAAW;YACrB,WAAW,EAAE,qEAAqE;YAClF,KAAK,EAAE,EAAE;YACT,QAAQ,EAAE,QAAQ;YAClB,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC;SAC3B,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;GAMG;AACH,SAAS,sBAAsB,CAAC,MAAgC;IAC9D,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,aAAa;QAAE,OAAO,IAAI,CAAC;IAEjD,MAAM,YAAY,GAAG,MAAM,CAAC,QAAQ,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IAE5E,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC9B,OAAO;YACL,QAAQ,EAAE,iBAAiB;YAC3B,WAAW,EACT,qFAAqF;YACvF,KAAK,EAAE,EAAE;YACT,QAAQ,EAAE,MAAM;YAChB,OAAO,EACL,MAAM,CAAC,QAAQ,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC;gBACtC,CAAC,CAAC,SAAS,MAAM,CAAC,QAAQ,CAAC,aAAa,CAAC,MAAM,yCAAyC;gBACxF,CAAC,CAAC,mEAAmE;SAC1E,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;GAMG;AACH,SAAS,wBAAwB,CAAC,MAAgC;IAChE,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,KAAK;QAAE,OAAO,IAAI,CAAC;IAEzC,MAAM,qBAAqB,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,MAAM,CACxD,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,KAAK,SAAS,IAAI,CAAC,CAAC,WAAW,GAAG,GAAG,CAC1D,CAAC;IAEF,IAAI,qBAAqB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACrC,OAAO;YACL,QAAQ,EAAE,kBAAkB;YAC5B,WAAW,EACT,2FAA2F;YAC7F,KAAK,EAAE,EAAE;YACT,QAAQ,EAAE,QAAQ;YAClB,OAAO,EAAE,GAAG,qBAAqB,CAAC,MAAM,gDAAgD,qBAAqB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;SAClJ,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;GAMG;AACH,SAAS,0BAA0B,CAAC,MAAgC;IAClE,IAAI,CAAC,MAAM,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAC;IAElC,MAAM,eAAe,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC;IAE9E,IAAI,eAAe,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QAChC,OAAO;YACL,QAAQ,EAAE,mBAAmB;YAC7B,WAAW,EACT,+EAA+E;YACjF,KAAK,EAAE,CAAC;YACR,QAAQ,EAAE,KAAK;YACf,OAAO,EAAE,GAAG,eAAe,CAAC,MAAM,8EAA8E;SACjH,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,UAAU,kBAAkB,CAAC,MAAgC;IAIjE,MAAM,OAAO,GAAiB,EAAE,CAAC;IAEjC,MAAM,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;IAEtC,sBAAsB;IACtB,WAAW;IACX,MAAM,MAAM,GAAG;QACb,iBAAiB,CAAC,MAAM,CAAC;QACzB,cAAc,CAAC,MAAM,CAAC;QACtB,uBAAuB,CAAC,MAAM,CAAC;QAC/B,eAAe,CAAC,MAAM,CAAC;QACvB,sBAAsB,CAAC,MAAM,CAAC;QAC9B,wBAAwB,CAAC,MAAM,CAAC;QAChC,0BAA0B,CAAC,MAAM,CAAC;KACnC,CAAC;IAEF,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;YACnB,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACtB,CAAC;IACH,CAAC;IAED,0CAA0C;IAC1C,mBAAmB;IACnB,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAC9D,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC;IAEvD,MAAM,CAAC,IAAI,CAAC,0BAA0B,SAAS,aAAa,OAAO,CAAC,MAAM,eAAe,EAAE;QACzF,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;KAC9F,CAAC,CAAC;IAEH,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC;AAChC,CAAC;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,UAAU,YAAY,CAAC,KAAa;IACxC,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC;IAEvD,IAAI,YAAY,IAAI,EAAE;QAAE,OAAO,MAAM,CAAC;IACtC,IAAI,YAAY,IAAI,EAAE;QAAE,OAAO,KAAK,CAAC;IACrC,IAAI,YAAY,IAAI,EAAE;QAAE,OAAO,QAAQ,CAAC;IACxC,IAAI,YAAY,IAAI,EAAE;QAAE,OAAO,MAAM,CAAC;IACtC,OAAO,UAAU,CAAC;AACpB,CAAC"}

package/dist/discovery/security-tools.d.ts

@@ -0,0 +1,31 @@
+/**
+ * Security tool detection
+ * 安全工具偵測
+ *
+ * Detects installed and running security tools (antivirus, EDR, firewall,
+ * IDS, SIEM) by checking running processes, known service names, and
+ * common installation paths.
+ * 透過檢查執行中的行程、已知服務名稱和常見安裝路徑，偵測已安裝和執行中的安全工具
+ * （防毒、EDR、防火牆、IDS、SIEM）。
+ *
+ * @module @panguard-ai/core/discovery/security-tools
+ */
+import type { SecurityTool, ServiceInfo } from './types.js';
+/**
+ * Detect installed and running security tools on the system
+ * 偵測系統上已安裝和執行中的安全工具
+ *
+ * Detection methods:
+ * 1. Check running processes against known process names
+ * 2. Check service list against known service names
+ * 3. Check common installation paths
+ * 偵測方法：
+ * 1. 比對執行中行程與已知行程名稱
+ * 2. 比對服務列表與已知服務名稱
+ * 3. 檢查常見安裝路徑
+ *
+ * @param services - Previously detected services list / 先前偵測到的服務列表
+ * @returns Array of detected security tools / 偵測到的安全工具陣列
+ */
+export declare function detectSecurityTools(services: ServiceInfo[]): Promise<SecurityTool[]>;
+//# sourceMappingURL=security-tools.d.ts.map

package/dist/discovery/security-tools.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"security-tools.d.ts","sourceRoot":"","sources":["../../src/discovery/security-tools.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAOH,OAAO,KAAK,EAAE,YAAY,EAAoB,WAAW,EAAE,MAAM,YAAY,CAAC;AAqR9E;;;;;;;;;;;;;;;GAeG;AACH,wBAAsB,mBAAmB,CAAC,QAAQ,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,CAgF1F"}