@panguard-ai/core 0.1.0

package/dist/adapters/base-adapter.js

@@ -0,0 +1,160 @@
+/**
+ * Abstract base class for security tool adapters
+ * 安全工具對接器抽象基底類別
+ *
+ * Provides shared functionality for all adapters including configuration
+ * management, logging, and standard alert-to-SecurityEvent conversion.
+ * 為所有對接器提供共用功能，包括配置管理、日誌記錄和標準
+ * 告警到 SecurityEvent 的轉換。
+ *
+ * @module @panguard-ai/core/adapters/base-adapter
+ */
+import { randomUUID } from 'node:crypto';
+import os from 'node:os';
+import { createLogger } from '../utils/logger.js';
+/**
+ * Map a severity string to the standard Severity type
+ * 將嚴重等級字串映射為標準 Severity 型別
+ *
+ * Handles common severity labels from various security tools and normalizes
+ * them into the five-level Severity scale used throughout Panguard.
+ * 處理來自各種安全工具的常見嚴重等級標籤，並將其正規化為
+ * Panguard 中使用的五級 Severity 量表。
+ *
+ * @param severity - Raw severity string from the adapter / 來自對接器的原始嚴重等級字串
+ * @returns Normalized Severity value / 正規化的 Severity 值
+ */
+export function mapSeverity(severity) {
+    const normalized = severity.toLowerCase().trim();
+    switch (normalized) {
+        case 'critical':
+        case 'fatal':
+        case 'emergency':
+        case '5':
+            return 'critical';
+        case 'high':
+        case 'severe':
+        case 'major':
+        case '4':
+            return 'high';
+        case 'medium':
+        case 'moderate':
+        case 'warning':
+        case 'warn':
+        case '3':
+            return 'medium';
+        case 'low':
+        case 'minor':
+        case '2':
+            return 'low';
+        case 'info':
+        case 'informational':
+        case 'notice':
+        case 'debug':
+        case '1':
+        case '0':
+            return 'info';
+        default:
+            return 'info';
+    }
+}
+/**
+ * Map an adapter source string to the standard EventSource type
+ * 將對接器來源字串映射為標準 EventSource 型別
+ *
+ * @param source - Raw source string from the adapter / 來自對接器的原始來源字串
+ * @returns Normalized EventSource value / 正規化的 EventSource 值
+ */
+export function mapEventSource(source) {
+    const normalized = source.toLowerCase().trim();
+    if (normalized.includes('falco')) {
+        return 'falco';
+    }
+    if (normalized.includes('suricata')) {
+        return 'suricata';
+    }
+    if (normalized.includes('syslog')) {
+        return 'syslog';
+    }
+    if (normalized.includes('network') || normalized.includes('wazuh')) {
+        return 'network';
+    }
+    if (normalized.includes('process')) {
+        return 'process';
+    }
+    if (normalized.includes('file')) {
+        return 'file';
+    }
+    // Default: Windows events for Defender, syslog for others
+    // 預設：Defender 使用 windows_event，其他使用 syslog
+    if (normalized.includes('defender') || normalized.includes('windows')) {
+        return 'windows_event';
+    }
+    return 'syslog';
+}
+/**
+ * Abstract base adapter providing shared implementation for security adapters
+ * 提供安全對接器共用實作的抽象基底對接器
+ *
+ * Subclasses must implement:
+ * - `isAvailable()`: Check if the underlying tool is reachable
+ * - `getAlerts(since?)`: Retrieve alerts from the underlying tool
+ *
+ * 子類別必須實作：
+ * - `isAvailable()`：檢查底層工具是否可連線
+ * - `getAlerts(since?)`：從底層工具取得告警
+ */
+export class BaseAdapter {
+    /**
+     * Logger instance scoped to this adapter
+     * 範圍限定於此對接器的日誌記錄器實例
+     */
+    logger;
+    /**
+     * Adapter configuration
+     * 對接器配置
+     */
+    config;
+    /**
+     * Create a new BaseAdapter instance
+     * 建立新的 BaseAdapter 實例
+     *
+     * @param moduleName - Logger module name / 日誌記錄器模組名稱
+     * @param config - Adapter configuration / 對接器配置
+     */
+    constructor(moduleName, config) {
+        this.logger = createLogger(moduleName);
+        this.config = config;
+    }
+    /**
+     * Convert adapter alerts to standardized SecurityEvent format
+     * 將對接器告警轉換為標準化的 SecurityEvent 格式
+     *
+     * Uses shared mapping logic for severity and event source normalization.
+     * The host field defaults to the current system hostname.
+     * 使用共用映射邏輯進行嚴重等級和事件來源正規化。
+     * host 欄位預設為目前系統主機名稱。
+     *
+     * @param alerts - Array of adapter alerts to convert / 要轉換的對接器告警陣列
+     * @returns Array of SecurityEvent instances / SecurityEvent 實例陣列
+     */
+    toSecurityEvents(alerts) {
+        return alerts.map((alert) => ({
+            id: alert.id || randomUUID(),
+            timestamp: new Date(alert.timestamp),
+            source: mapEventSource(alert.source),
+            severity: mapSeverity(alert.severity),
+            category: `adapter/${alert.source}`,
+            description: `[${alert.title}] ${alert.description}`,
+            raw: alert.raw ?? alert,
+            host: os.hostname(),
+            metadata: {
+                adapterName: this.name,
+                adapterType: this.type,
+                originalSeverity: alert.severity,
+                alertId: alert.id,
+            },
+        }));
+    }
+}
+//# sourceMappingURL=base-adapter.js.map

package/dist/adapters/base-adapter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"base-adapter.js","sourceRoot":"","sources":["../../src/adapters/base-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,MAAM,SAAS,CAAC;AAEzB,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAKlD;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,WAAW,CAAC,QAAgB;IAC1C,MAAM,UAAU,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC;IAEjD,QAAQ,UAAU,EAAE,CAAC;QACnB,KAAK,UAAU,CAAC;QAChB,KAAK,OAAO,CAAC;QACb,KAAK,WAAW,CAAC;QACjB,KAAK,GAAG;YACN,OAAO,UAAU,CAAC;QAEpB,KAAK,MAAM,CAAC;QACZ,KAAK,QAAQ,CAAC;QACd,KAAK,OAAO,CAAC;QACb,KAAK,GAAG;YACN,OAAO,MAAM,CAAC;QAEhB,KAAK,QAAQ,CAAC;QACd,KAAK,UAAU,CAAC;QAChB,KAAK,SAAS,CAAC;QACf,KAAK,MAAM,CAAC;QACZ,KAAK,GAAG;YACN,OAAO,QAAQ,CAAC;QAElB,KAAK,KAAK,CAAC;QACX,KAAK,OAAO,CAAC;QACb,KAAK,GAAG;YACN,OAAO,KAAK,CAAC;QAEf,KAAK,MAAM,CAAC;QACZ,KAAK,eAAe,CAAC;QACrB,KAAK,QAAQ,CAAC;QACd,KAAK,OAAO,CAAC;QACb,KAAK,GAAG,CAAC;QACT,KAAK,GAAG;YACN,OAAO,MAAM,CAAC;QAEhB;YACE,OAAO,MAAM,CAAC;IAClB,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,cAAc,CAAC,MAAc;IAC3C,MAAM,UAAU,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC;IAE/C,IAAI,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QACjC,OAAO,OAAO,CAAC;IACjB,CAAC;IACD,IAAI,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QACpC,OAAO,UAAU,CAAC;IACpB,CAAC;IACD,IAAI,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QAClC,OAAO,QAAQ,CAAC;IAClB,CAAC;IACD,IAAI,UAAU,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QACnE,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,IAAI,UAAU,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QACnC,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,IAAI,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QAChC,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,0DAA0D;IAC1D,2CAA2C;IAC3C,IAAI,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QACtE,OAAO,eAAe,CAAC;IACzB,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,OAAgB,WAAW;IAa/B;;;OAGG;IACgB,MAAM,CAAS;IAElC;;;OAGG;IACgB,MAAM,CAAgB;IAEzC;;;;;;OAMG;IACH,YAAY,UAAkB,EAAE,MAAqB;QACnD,IAAI,CAAC,MAAM,GAAG,YAAY,CAAC,UAAU,CAAC,CAAC;QACvC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAcD;;;;;;;;;;;OAWG;IACH,gBAAgB,CAAC,MAAsB;QACrC,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YAC5B,EAAE,EAAE,KAAK,CAAC,EAAE,IAAI,UAAU,EAAE;YAC5B,SAAS,EAAE,IAAI,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC;YACpC,MAAM,EAAE,cAAc,CAAC,KAAK,CAAC,MAAM,CAAC;YACpC,QAAQ,EAAE,WAAW,CAAC,KAAK,CAAC,QAAQ,CAAC;YACrC,QAAQ,EAAE,WAAW,KAAK,CAAC,MAAM,EAAE;YACnC,WAAW,EAAE,IAAI,KAAK,CAAC,KAAK,KAAK,KAAK,CAAC,WAAW,EAAE;YACpD,GAAG,EAAE,KAAK,CAAC,GAAG,IAAI,KAAK;YACvB,IAAI,EAAE,EAAE,CAAC,QAAQ,EAAE;YACnB,QAAQ,EAAE;gBACR,WAAW,EAAE,IAAI,CAAC,IAAI;gBACtB,WAAW,EAAE,IAAI,CAAC,IAAI;gBACtB,gBAAgB,EAAE,KAAK,CAAC,QAAQ;gBAChC,OAAO,EAAE,KAAK,CAAC,EAAE;aAClB;SACF,CAAC,CAAC,CAAC;IACN,CAAC;CACF"}

package/dist/adapters/defender-adapter.d.ts

@@ -0,0 +1,90 @@
+/**
+ * Windows Defender adapter
+ * Windows Defender 對接器
+ *
+ * Integrates with Microsoft Windows Defender / Microsoft Defender Antivirus
+ * via PowerShell commands and MpCmdRun.exe for threat detection and scanning.
+ * Gracefully handles non-Windows platforms by returning empty results.
+ * 透過 PowerShell 命令和 MpCmdRun.exe 與 Microsoft Windows Defender /
+ * Microsoft Defender Antivirus 整合，進行威脅偵測和掃描。
+ * 在非 Windows 平台上優雅地處理並回傳空結果。
+ *
+ * @module @panguard-ai/core/adapters/defender-adapter
+ */
+import type { AdapterConfig, AdapterAlert } from './types.js';
+import { BaseAdapter } from './base-adapter.js';
+/**
+ * Windows Defender security adapter
+ * Windows Defender 安全對接器
+ *
+ * Provides integration with Windows Defender through:
+ * - Threat detection retrieval via PowerShell `Get-MpThreatDetection`
+ * - Quick and full scans via `MpCmdRun.exe`
+ * - Graceful handling on non-Windows platforms
+ *
+ * 透過以下方式提供與 Windows Defender 的整合：
+ * - 透過 PowerShell `Get-MpThreatDetection` 取得威脅偵測
+ * - 透過 `MpCmdRun.exe` 進行快速和完整掃描
+ * - 在非 Windows 平台上優雅處理
+ *
+ * @example
+ * ```typescript
+ * const adapter = new DefenderAdapter({ enabled: true });
+ * if (await adapter.isAvailable()) {
+ *   const alerts = await adapter.getAlerts();
+ *   const events = adapter.toSecurityEvents(alerts);
+ * }
+ * ```
+ */
+export declare class DefenderAdapter extends BaseAdapter {
+    /** @inheritdoc */
+    readonly name = "Windows Defender";
+    /** @inheritdoc */
+    readonly type = "antivirus";
+    /**
+     * Create a new DefenderAdapter instance
+     * 建立新的 DefenderAdapter 實例
+     *
+     * @param config - Adapter configuration / 對接器配置
+     */
+    constructor(config?: AdapterConfig);
+    /**
+     * Check if Windows Defender is available on this system
+     * 檢查 Windows Defender 在此系統上是否可用
+     *
+     * Returns false immediately on non-Windows platforms.
+     * On Windows, attempts to run MpCmdRun.exe to verify availability.
+     * 在非 Windows 平台上立即回傳 false。
+     * 在 Windows 上，嘗試執行 MpCmdRun.exe 來驗證可用性。
+     *
+     * @returns True if Defender is available / 若 Defender 可用則回傳 true
+     */
+    isAvailable(): Promise<boolean>;
+    /**
+     * Retrieve threat detections from Windows Defender
+     * 從 Windows Defender 取得威脅偵測
+     *
+     * Uses PowerShell `Get-MpThreatDetection` to retrieve recent threats.
+     * Returns an empty array on non-Windows platforms or on failure.
+     * 使用 PowerShell `Get-MpThreatDetection` 取得最近的威脅。
+     * 在非 Windows 平台上或失敗時回傳空陣列。
+     *
+     * @param since - Optional cutoff date / 可選截止日期
+     * @returns Array of adapter alerts from Defender / 來自 Defender 的對接器告警陣列
+     */
+    getAlerts(since?: Date): Promise<AdapterAlert[]>;
+    /**
+     * Trigger a Windows Defender scan
+     * 觸發 Windows Defender 掃描
+     *
+     * Runs MpCmdRun.exe with the specified scan type.
+     * Returns false on non-Windows platforms or on failure.
+     * 以指定的掃描類型執行 MpCmdRun.exe。
+     * 在非 Windows 平台上或失敗時回傳 false。
+     *
+     * @param scanType - Scan type: 1 = Quick, 2 = Full (default: 1) / 掃描類型：1 = 快速，2 = 完整（預設：1）
+     * @returns True if scan started successfully / 若掃描成功啟動則回傳 true
+     */
+    triggerScan(scanType?: 1 | 2): Promise<boolean>;
+}
+//# sourceMappingURL=defender-adapter.d.ts.map

package/dist/adapters/defender-adapter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"defender-adapter.d.ts","sourceRoot":"","sources":["../../src/adapters/defender-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAKH,OAAO,KAAK,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAC9D,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AA0EhD;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,qBAAa,eAAgB,SAAQ,WAAW;IAC9C,kBAAkB;IAClB,QAAQ,CAAC,IAAI,sBAAsB;IAEnC,kBAAkB;IAClB,QAAQ,CAAC,IAAI,eAAe;IAE5B;;;;;OAKG;gBACS,MAAM,GAAE,aAAiC;IAIrD;;;;;;;;;;OAUG;IACG,WAAW,IAAI,OAAO,CAAC,OAAO,CAAC;IAkBrC;;;;;;;;;;;OAWG;IACG,SAAS,CAAC,KAAK,CAAC,EAAE,IAAI,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC;IAgEtD;;;;;;;;;;;OAWG;IACG,WAAW,CAAC,QAAQ,GAAE,CAAC,GAAG,CAAK,GAAG,OAAO,CAAC,OAAO,CAAC;CAoBzD"}

package/dist/adapters/defender-adapter.js

@@ -0,0 +1,227 @@
+/**
+ * Windows Defender adapter
+ * Windows Defender 對接器
+ *
+ * Integrates with Microsoft Windows Defender / Microsoft Defender Antivirus
+ * via PowerShell commands and MpCmdRun.exe for threat detection and scanning.
+ * Gracefully handles non-Windows platforms by returning empty results.
+ * 透過 PowerShell 命令和 MpCmdRun.exe 與 Microsoft Windows Defender /
+ * Microsoft Defender Antivirus 整合，進行威脅偵測和掃描。
+ * 在非 Windows 平台上優雅地處理並回傳空結果。
+ *
+ * @module @panguard-ai/core/adapters/defender-adapter
+ */
+import { execFile } from 'node:child_process';
+import { randomUUID } from 'node:crypto';
+import { BaseAdapter } from './base-adapter.js';
+/**
+ * Default path to the Windows Defender command-line utility
+ * Windows Defender 命令列工具的預設路徑
+ */
+const MPCMDRUN_PATH = 'C:\\Program Files\\Windows Defender\\MpCmdRun.exe';
+/**
+ * Promisified wrapper around execFile
+ * execFile 的 Promise 化包裝器
+ *
+ * @param cmd - Command to execute / 要執行的命令
+ * @param args - Command arguments / 命令參數
+ * @returns Promise resolving to stdout/stderr / 解析為 stdout/stderr 的 Promise
+ */
+function execFileAsync(cmd, args) {
+    return new Promise((resolve, reject) => {
+        execFile(cmd, args, { timeout: 60000 }, (error, stdout, stderr) => {
+            if (error) {
+                reject(error);
+                return;
+            }
+            resolve({ stdout: stdout ?? '', stderr: stderr ?? '' });
+        });
+    });
+}
+/**
+ * Map Windows Defender severity ID to severity string
+ * 將 Windows Defender 嚴重等級 ID 映射為嚴重等級字串
+ *
+ * @param severityId - Defender severity ID (1-5) / Defender 嚴重等級 ID (1-5)
+ * @returns Severity string for use in AdapterAlert / 用於 AdapterAlert 的嚴重等級字串
+ */
+function mapDefenderSeverity(severityId) {
+    switch (severityId) {
+        case '5':
+            return 'critical';
+        case '4':
+            return 'high';
+        case '3':
+            return 'medium';
+        case '2':
+            return 'low';
+        case '1':
+        default:
+            return 'info';
+    }
+}
+/**
+ * Windows Defender security adapter
+ * Windows Defender 安全對接器
+ *
+ * Provides integration with Windows Defender through:
+ * - Threat detection retrieval via PowerShell `Get-MpThreatDetection`
+ * - Quick and full scans via `MpCmdRun.exe`
+ * - Graceful handling on non-Windows platforms
+ *
+ * 透過以下方式提供與 Windows Defender 的整合：
+ * - 透過 PowerShell `Get-MpThreatDetection` 取得威脅偵測
+ * - 透過 `MpCmdRun.exe` 進行快速和完整掃描
+ * - 在非 Windows 平台上優雅處理
+ *
+ * @example
+ * ```typescript
+ * const adapter = new DefenderAdapter({ enabled: true });
+ * if (await adapter.isAvailable()) {
+ *   const alerts = await adapter.getAlerts();
+ *   const events = adapter.toSecurityEvents(alerts);
+ * }
+ * ```
+ */
+export class DefenderAdapter extends BaseAdapter {
+    /** @inheritdoc */
+    name = 'Windows Defender';
+    /** @inheritdoc */
+    type = 'antivirus';
+    /**
+     * Create a new DefenderAdapter instance
+     * 建立新的 DefenderAdapter 實例
+     *
+     * @param config - Adapter configuration / 對接器配置
+     */
+    constructor(config = { enabled: true }) {
+        super('adapter-defender', config);
+    }
+    /**
+     * Check if Windows Defender is available on this system
+     * 檢查 Windows Defender 在此系統上是否可用
+     *
+     * Returns false immediately on non-Windows platforms.
+     * On Windows, attempts to run MpCmdRun.exe to verify availability.
+     * 在非 Windows 平台上立即回傳 false。
+     * 在 Windows 上，嘗試執行 MpCmdRun.exe 來驗證可用性。
+     *
+     * @returns True if Defender is available / 若 Defender 可用則回傳 true
+     */
+    async isAvailable() {
+        if (process.platform !== 'win32') {
+            this.logger.debug('Not a Windows platform, Defender unavailable');
+            return false;
+        }
+        try {
+            await execFileAsync(MPCMDRUN_PATH, ['-h']);
+            this.logger.info('Windows Defender is available');
+            return true;
+        }
+        catch (err) {
+            this.logger.warn('Windows Defender MpCmdRun.exe not accessible', {
+                error: err instanceof Error ? err.message : String(err),
+            });
+            return false;
+        }
+    }
+    /**
+     * Retrieve threat detections from Windows Defender
+     * 從 Windows Defender 取得威脅偵測
+     *
+     * Uses PowerShell `Get-MpThreatDetection` to retrieve recent threats.
+     * Returns an empty array on non-Windows platforms or on failure.
+     * 使用 PowerShell `Get-MpThreatDetection` 取得最近的威脅。
+     * 在非 Windows 平台上或失敗時回傳空陣列。
+     *
+     * @param since - Optional cutoff date / 可選截止日期
+     * @returns Array of adapter alerts from Defender / 來自 Defender 的對接器告警陣列
+     */
+    async getAlerts(since) {
+        if (process.platform !== 'win32') {
+            return [];
+        }
+        try {
+            const psCommand = 'Get-MpThreatDetection | ConvertTo-Json -Depth 3';
+            const { stdout } = await execFileAsync('powershell', [
+                '-NoProfile',
+                '-NonInteractive',
+                '-Command',
+                psCommand,
+            ]);
+            if (!stdout.trim()) {
+                this.logger.debug('No threat detections returned from Defender');
+                return [];
+            }
+            const parsed = JSON.parse(stdout);
+            const threats = Array.isArray(parsed) ? parsed : [parsed];
+            const alerts = [];
+            for (const threat of threats) {
+                const detectionTime = threat.initialDetectionTime || new Date().toISOString();
+                // Filter by since date if provided / 若提供截止日期則過濾
+                if (since) {
+                    const detectionDate = new Date(detectionTime);
+                    if (detectionDate < since) {
+                        continue;
+                    }
+                }
+                alerts.push({
+                    id: threat.detectionId || randomUUID(),
+                    timestamp: detectionTime,
+                    severity: mapDefenderSeverity(threat.severityId || '1'),
+                    title: `Defender Threat: ${threat.threatName || 'Unknown'}`,
+                    description: [
+                        `Threat: ${threat.threatName || 'Unknown'}`,
+                        `Action: ${threat.actionSuccess || 'Unknown'}`,
+                        `Resources: ${threat.resources || 'N/A'}`,
+                    ].join(' | '),
+                    source: 'defender',
+                    raw: threat,
+                });
+            }
+            this.logger.info(`Retrieved ${alerts.length} alerts from Defender`, {
+                total: threats.length,
+                filtered: alerts.length,
+            });
+            return alerts;
+        }
+        catch (err) {
+            this.logger.warn('Failed to retrieve Defender threat detections', {
+                error: err instanceof Error ? err.message : String(err),
+            });
+            return [];
+        }
+    }
+    /**
+     * Trigger a Windows Defender scan
+     * 觸發 Windows Defender 掃描
+     *
+     * Runs MpCmdRun.exe with the specified scan type.
+     * Returns false on non-Windows platforms or on failure.
+     * 以指定的掃描類型執行 MpCmdRun.exe。
+     * 在非 Windows 平台上或失敗時回傳 false。
+     *
+     * @param scanType - Scan type: 1 = Quick, 2 = Full (default: 1) / 掃描類型：1 = 快速，2 = 完整（預設：1）
+     * @returns True if scan started successfully / 若掃描成功啟動則回傳 true
+     */
+    async triggerScan(scanType = 1) {
+        if (process.platform !== 'win32') {
+            this.logger.warn('Cannot trigger scan on non-Windows platform');
+            return false;
+        }
+        const scanTypeLabel = scanType === 1 ? 'Quick' : 'Full';
+        this.logger.info(`Triggering ${scanTypeLabel} scan`);
+        try {
+            await execFileAsync(MPCMDRUN_PATH, ['-Scan', '-ScanType', String(scanType)]);
+            this.logger.info(`${scanTypeLabel} scan completed successfully`);
+            return true;
+        }
+        catch (err) {
+            this.logger.error(`${scanTypeLabel} scan failed`, {
+                error: err instanceof Error ? err.message : String(err),
+            });
+            return false;
+        }
+    }
+}
+//# sourceMappingURL=defender-adapter.js.map

package/dist/adapters/defender-adapter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"defender-adapter.js","sourceRoot":"","sources":["../../src/adapters/defender-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAGzC,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEhD;;;GAGG;AACH,MAAM,aAAa,GAAG,mDAAmD,CAAC;AAE1E;;;;;;;GAOG;AACH,SAAS,aAAa,CAAC,GAAW,EAAE,IAAc;IAChD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,QAAQ,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE;YAChE,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,CAAC,KAAK,CAAC,CAAC;gBACd,OAAO;YACT,CAAC;YACD,OAAO,CAAC,EAAE,MAAM,EAAE,MAAM,IAAI,EAAE,EAAE,MAAM,EAAE,MAAM,IAAI,EAAE,EAAE,CAAC,CAAC;QAC1D,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAyBD;;;;;;GAMG;AACH,SAAS,mBAAmB,CAAC,UAAkB;IAC7C,QAAQ,UAAU,EAAE,CAAC;QACnB,KAAK,GAAG;YACN,OAAO,UAAU,CAAC;QACpB,KAAK,GAAG;YACN,OAAO,MAAM,CAAC;QAChB,KAAK,GAAG;YACN,OAAO,QAAQ,CAAC;QAClB,KAAK,GAAG;YACN,OAAO,KAAK,CAAC;QACf,KAAK,GAAG,CAAC;QACT;YACE,OAAO,MAAM,CAAC;IAClB,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,OAAO,eAAgB,SAAQ,WAAW;IAC9C,kBAAkB;IACT,IAAI,GAAG,kBAAkB,CAAC;IAEnC,kBAAkB;IACT,IAAI,GAAG,WAAW,CAAC;IAE5B;;;;;OAKG;IACH,YAAY,SAAwB,EAAE,OAAO,EAAE,IAAI,EAAE;QACnD,KAAK,CAAC,kBAAkB,EAAE,MAAM,CAAC,CAAC;IACpC,CAAC;IAED;;;;;;;;;;OAUG;IACH,KAAK,CAAC,WAAW;QACf,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;YACjC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,8CAA8C,CAAC,CAAC;YAClE,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,CAAC;YACH,MAAM,aAAa,CAAC,aAAa,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC;YAC3C,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;YAClD,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,8CAA8C,EAAE;gBAC/D,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;aACxD,CAAC,CAAC;YACH,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,SAAS,CAAC,KAAY;QAC1B,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;YACjC,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,iDAAiD,CAAC;YACpE,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CAAC,YAAY,EAAE;gBACnD,YAAY;gBACZ,iBAAiB;gBACjB,UAAU;gBACV,SAAS;aACV,CAAC,CAAC;YAEH,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC;gBACnB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,6CAA6C,CAAC,CAAC;gBACjE,OAAO,EAAE,CAAC;YACZ,CAAC;YAED,MAAM,MAAM,GAAsC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YACrE,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YAE1D,MAAM,MAAM,GAAmB,EAAE,CAAC;YAElC,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;gBAC7B,MAAM,aAAa,GAAG,MAAM,CAAC,oBAAoB,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;gBAE9E,gDAAgD;gBAChD,IAAI,KAAK,EAAE,CAAC;oBACV,MAAM,aAAa,GAAG,IAAI,IAAI,CAAC,aAAa,CAAC,CAAC;oBAC9C,IAAI,aAAa,GAAG,KAAK,EAAE,CAAC;wBAC1B,SAAS;oBACX,CAAC;gBACH,CAAC;gBAED,MAAM,CAAC,IAAI,CAAC;oBACV,EAAE,EAAE,MAAM,CAAC,WAAW,IAAI,UAAU,EAAE;oBACtC,SAAS,EAAE,aAAa;oBACxB,QAAQ,EAAE,mBAAmB,CAAC,MAAM,CAAC,UAAU,IAAI,GAAG,CAAC;oBACvD,KAAK,EAAE,oBAAoB,MAAM,CAAC,UAAU,IAAI,SAAS,EAAE;oBAC3D,WAAW,EAAE;wBACX,WAAW,MAAM,CAAC,UAAU,IAAI,SAAS,EAAE;wBAC3C,WAAW,MAAM,CAAC,aAAa,IAAI,SAAS,EAAE;wBAC9C,cAAc,MAAM,CAAC,SAAS,IAAI,KAAK,EAAE;qBAC1C,CAAC,IAAI,CAAC,KAAK,CAAC;oBACb,MAAM,EAAE,UAAU;oBAClB,GAAG,EAAE,MAAM;iBACZ,CAAC,CAAC;YACL,CAAC;YAED,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,MAAM,CAAC,MAAM,uBAAuB,EAAE;gBAClE,KAAK,EAAE,OAAO,CAAC,MAAM;gBACrB,QAAQ,EAAE,MAAM,CAAC,MAAM;aACxB,CAAC,CAAC;YAEH,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,+CAA+C,EAAE;gBAChE,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;aACxD,CAAC,CAAC;YACH,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,WAAW,CAAC,WAAkB,CAAC;QACnC,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;YACjC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,6CAA6C,CAAC,CAAC;YAChE,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,aAAa,GAAG,QAAQ,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC;QACxD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc,aAAa,OAAO,CAAC,CAAC;QAErD,IAAI,CAAC;YACH,MAAM,aAAa,CAAC,aAAa,EAAE,CAAC,OAAO,EAAE,WAAW,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;YAC7E,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,aAAa,8BAA8B,CAAC,CAAC;YACjE,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,aAAa,cAAc,EAAE;gBAChD,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;aACxD,CAAC,CAAC;YACH,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;CACF"}

package/dist/adapters/index.d.ts

@@ -0,0 +1,22 @@
+/**
+ * Security Tool Adapters
+ * 資安工具對接器
+ *
+ * Integrates with existing security tools such as Windows Defender,
+ * Wazuh, and syslog-based systems. Provides a unified adapter interface,
+ * an auto-detection registry, and standard alert-to-SecurityEvent conversion.
+ * 與現有資安工具整合，如 Windows Defender、Wazuh 和基於 syslog 的系統。
+ * 提供統一的對接器介面、自動偵測註冊表和標準告警到 SecurityEvent 的轉換。
+ *
+ * @module @panguard-ai/core/adapters
+ */
+/** Adapters module version / 對接器模組版本 */
+export declare const ADAPTERS_VERSION = "0.1.0";
+export type { AdapterConfig, AdapterAlert, SecurityAdapter } from './types.js';
+export { BaseAdapter, mapSeverity, mapEventSource } from './base-adapter.js';
+export { DefenderAdapter } from './defender-adapter.js';
+export { WazuhAdapter } from './wazuh-adapter.js';
+export { SyslogAdapter, parseSyslogMessage } from './syslog-adapter.js';
+export type { SyslogAlertCallback } from './syslog-adapter.js';
+export { AdapterRegistry } from './adapter-registry.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/adapters/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/adapters/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,wCAAwC;AACxC,eAAO,MAAM,gBAAgB,UAAU,CAAC;AAGxC,YAAY,EAAE,aAAa,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAG/E,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAG7E,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AACxE,YAAY,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAG/D,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC"}

package/dist/adapters/index.js

@@ -0,0 +1,23 @@
+/**
+ * Security Tool Adapters
+ * 資安工具對接器
+ *
+ * Integrates with existing security tools such as Windows Defender,
+ * Wazuh, and syslog-based systems. Provides a unified adapter interface,
+ * an auto-detection registry, and standard alert-to-SecurityEvent conversion.
+ * 與現有資安工具整合，如 Windows Defender、Wazuh 和基於 syslog 的系統。
+ * 提供統一的對接器介面、自動偵測註冊表和標準告警到 SecurityEvent 的轉換。
+ *
+ * @module @panguard-ai/core/adapters
+ */
+/** Adapters module version / 對接器模組版本 */
+export const ADAPTERS_VERSION = '0.1.0';
+// Base adapter / 基底對接器
+export { BaseAdapter, mapSeverity, mapEventSource } from './base-adapter.js';
+// Concrete adapters / 具體對接器
+export { DefenderAdapter } from './defender-adapter.js';
+export { WazuhAdapter } from './wazuh-adapter.js';
+export { SyslogAdapter, parseSyslogMessage } from './syslog-adapter.js';
+// Registry / 註冊表
+export { AdapterRegistry } from './adapter-registry.js';
+//# sourceMappingURL=index.js.map

package/dist/adapters/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/adapters/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,wCAAwC;AACxC,MAAM,CAAC,MAAM,gBAAgB,GAAG,OAAO,CAAC;AAKxC,uBAAuB;AACvB,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAE7E,4BAA4B;AAC5B,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AAGxE,iBAAiB;AACjB,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC"}