@panguard-ai/core 0.1.0

package/dist/monitor/process-monitor.js

@@ -0,0 +1,245 @@
+/**
+ * Process monitoring via polling
+ * 透過輪詢進行程序監控
+ *
+ * Periodically polls the system process list and emits events
+ * for newly started or stopped processes.
+ * 定期輪詢系統程序列表，並為新啟動或停止的程序發出事件。
+ *
+ * @module @panguard-ai/core/monitor/process-monitor
+ */
+import { EventEmitter } from 'node:events';
+import { execFile } from 'node:child_process';
+import { platform } from 'node:os';
+import { promisify } from 'node:util';
+import { createLogger } from '../utils/index.js';
+import { normalizeProcessEvent } from './event-normalizer.js';
+const execFileAsync = promisify(execFile);
+const logger = createLogger('process-monitor');
+/**
+ * ProcessMonitor - monitors system processes by polling the process list
+ * ProcessMonitor - 透過輪詢程序列表監控系統程序
+ *
+ * Events emitted:
+ * - 'process_started': SecurityEvent - when a new process is detected / 當偵測到新程序時
+ * - 'process_stopped': SecurityEvent - when a process disappears / 當程序消失時
+ * - 'error': Error - when polling encounters an error / 當輪詢遇到錯誤時
+ *
+ * @example
+ * ```typescript
+ * const monitor = new ProcessMonitor(15000);
+ * monitor.on('process_started', (event) => console.log('Started:', event));
+ * monitor.on('process_stopped', (event) => console.log('Stopped:', event));
+ * monitor.start();
+ * ```
+ */
+export class ProcessMonitor extends EventEmitter {
+    /** Whether the monitor is currently running / 監控器是否正在執行 */
+    running = false;
+    /** Polling timer / 輪詢計時器 */
+    timer;
+    /** Previous process snapshot for diff detection / 用於差異偵測的先前程序快照 */
+    previousProcesses = new Map();
+    /** Polling interval in milliseconds / 輪詢間隔（毫秒） */
+    pollInterval;
+    /**
+     * Create a new ProcessMonitor instance
+     * 建立新的 ProcessMonitor 實例
+     *
+     * @param pollInterval - Polling interval in ms (default 15000) / 輪詢間隔毫秒數（預設 15000）
+     */
+    constructor(pollInterval = 15000) {
+        super();
+        this.pollInterval = pollInterval;
+    }
+    /**
+     * Start polling for process changes
+     * 開始輪詢程序變更
+     */
+    start() {
+        if (this.running) {
+            logger.warn('ProcessMonitor is already running');
+            return;
+        }
+        this.running = true;
+        logger.info(`ProcessMonitor started (poll interval: ${this.pollInterval}ms)`);
+        // Run an initial poll immediately / 立即執行首次輪詢
+        void this.pollProcesses();
+        this.timer = setInterval(() => {
+            void this.pollProcesses();
+        }, this.pollInterval);
+    }
+    /**
+     * Stop polling and clean up
+     * 停止輪詢並清理
+     */
+    stop() {
+        if (!this.running) {
+            logger.warn('ProcessMonitor is not running');
+            return;
+        }
+        if (this.timer) {
+            clearInterval(this.timer);
+            this.timer = undefined;
+        }
+        this.running = false;
+        this.previousProcesses.clear();
+        logger.info('ProcessMonitor stopped');
+    }
+    /**
+     * Check if the monitor is currently running
+     * 檢查監控器是否正在執行
+     *
+     * @returns True if running / 如果正在執行則為 true
+     */
+    isRunning() {
+        return this.running;
+    }
+    /**
+     * Poll the process list and emit events for changes
+     * 輪詢程序列表並為變更發出事件
+     */
+    async pollProcesses() {
+        try {
+            const currentList = await this.getProcessList();
+            const currentMap = new Map();
+            for (const proc of currentList) {
+                currentMap.set(proc.pid, {
+                    pid: proc.pid,
+                    name: proc.name,
+                    command: proc.command,
+                });
+                // Emit event for new processes not in previous snapshot
+                // 為不在先前快照中的新程序發出事件
+                if (!this.previousProcesses.has(proc.pid)) {
+                    const event = normalizeProcessEvent({
+                        pid: proc.pid,
+                        name: proc.name,
+                        user: proc.user,
+                        command: proc.command,
+                    }, 'started');
+                    this.emit('process_started', event);
+                }
+            }
+            // Emit event for processes that no longer exist
+            // 為不再存在的程序發出事件
+            for (const [pid, proc] of this.previousProcesses) {
+                if (!currentMap.has(pid)) {
+                    const event = normalizeProcessEvent({
+                        pid,
+                        name: proc.name,
+                        command: proc.command,
+                    }, 'stopped');
+                    this.emit('process_stopped', event);
+                }
+            }
+            this.previousProcesses = currentMap;
+        }
+        catch (err) {
+            logger.error('Failed to poll processes', { error: String(err) });
+            this.emit('error', err instanceof Error ? err : new Error(String(err)));
+        }
+    }
+    /**
+     * Get the current system process list
+     * 取得目前系統程序列表
+     *
+     * Uses platform-specific tools:
+     * 使用平台特定工具：
+     * - macOS/Linux: `ps -eo pid,user,comm,args`
+     * - Windows: `tasklist /FO CSV`
+     *
+     * @returns Array of process entries / 程序條目陣列
+     */
+    async getProcessList() {
+        const os = platform();
+        try {
+            if (os === 'darwin' || os === 'linux') {
+                return await this.parsePs();
+            }
+            else if (os === 'win32') {
+                return await this.parseTasklist();
+            }
+            else {
+                logger.warn(`Unsupported platform for process monitoring: ${os}`);
+                return [];
+            }
+        }
+        catch (err) {
+            logger.error('Failed to get process list', { error: String(err) });
+            return [];
+        }
+    }
+    /**
+     * Parse Unix ps output into ProcessListEntry array
+     * 將 Unix ps 輸出解析為 ProcessListEntry 陣列
+     *
+     * @returns Parsed process entries / 解析後的程序條目
+     */
+    async parsePs() {
+        const { stdout } = await execFileAsync('ps', ['-eo', 'pid,user,comm,args'], {
+            timeout: 10000,
+        });
+        const processes = [];
+        const lines = stdout.split('\n');
+        // Skip header line / 跳過標頭行
+        for (let i = 1; i < lines.length; i++) {
+            const line = lines[i];
+            if (!line || line.trim().length === 0)
+                continue;
+            const trimmed = line.trimStart();
+            // Format: PID USER COMM ARGS (ARGS may contain spaces)
+            // 格式：PID USER COMM ARGS（ARGS 可能包含空格）
+            const match = trimmed.match(/^(\d+)\s+(\S+)\s+(\S+)\s+(.*)$/);
+            if (!match)
+                continue;
+            const pid = parseInt(match[1] ?? '0', 10);
+            const user = match[2];
+            const name = match[3] ?? '';
+            const command = match[4] ?? '';
+            if (isNaN(pid) || pid === 0)
+                continue;
+            processes.push({
+                pid,
+                name,
+                user,
+                command: command.trim() || undefined,
+            });
+        }
+        return processes;
+    }
+    /**
+     * Parse Windows tasklist CSV output into ProcessListEntry array
+     * 將 Windows tasklist CSV 輸出解析為 ProcessListEntry 陣列
+     *
+     * @returns Parsed process entries / 解析後的程序條目
+     */
+    async parseTasklist() {
+        const { stdout } = await execFileAsync('tasklist', ['/FO', 'CSV'], {
+            timeout: 10000,
+        });
+        const processes = [];
+        const lines = stdout.split('\n');
+        // Skip header line / 跳過標頭行
+        for (let i = 1; i < lines.length; i++) {
+            const line = lines[i];
+            if (!line || line.trim().length === 0)
+                continue;
+            // CSV format: "Image Name","PID","Session Name","Session#","Mem Usage"
+            // CSV 格式："Image Name","PID","Session Name","Session#","Mem Usage"
+            const csvMatch = line.match(/"([^"]+)","(\d+)"/);
+            if (!csvMatch)
+                continue;
+            const name = csvMatch[1] ?? '';
+            const pid = parseInt(csvMatch[2] ?? '0', 10);
+            if (isNaN(pid) || pid === 0)
+                continue;
+            processes.push({
+                pid,
+                name,
+            });
+        }
+        return processes;
+    }
+}
+//# sourceMappingURL=process-monitor.js.map

package/dist/monitor/process-monitor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"process-monitor.js","sourceRoot":"","sources":["../../src/monitor/process-monitor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACnC,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAEtC,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACjD,OAAO,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAC;AAE9D,MAAM,aAAa,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;AAC1C,MAAM,MAAM,GAAG,YAAY,CAAC,iBAAiB,CAAC,CAAC;AA8B/C;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,OAAO,cAAe,SAAQ,YAAY;IAC9C,2DAA2D;IACnD,OAAO,GAAG,KAAK,CAAC;IACxB,4BAA4B;IACpB,KAAK,CAAkC;IAC/C,mEAAmE;IAC3D,iBAAiB,GAA6B,IAAI,GAAG,EAAE,CAAC;IAChE,kDAAkD;IAC1C,YAAY,CAAS;IAE7B;;;;;OAKG;IACH,YAAY,YAAY,GAAG,KAAK;QAC9B,KAAK,EAAE,CAAC;QACR,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;IACnC,CAAC;IAED;;;OAGG;IACH,KAAK;QACH,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,MAAM,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;YACjD,OAAO;QACT,CAAC;QAED,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;QACpB,MAAM,CAAC,IAAI,CAAC,0CAA0C,IAAI,CAAC,YAAY,KAAK,CAAC,CAAC;QAE9E,6CAA6C;QAC7C,KAAK,IAAI,CAAC,aAAa,EAAE,CAAC;QAE1B,IAAI,CAAC,KAAK,GAAG,WAAW,CAAC,GAAG,EAAE;YAC5B,KAAK,IAAI,CAAC,aAAa,EAAE,CAAC;QAC5B,CAAC,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;IACxB,CAAC;IAED;;;OAGG;IACH,IAAI;QACF,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAClB,MAAM,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;YAC7C,OAAO;QACT,CAAC;QAED,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC1B,IAAI,CAAC,KAAK,GAAG,SAAS,CAAC;QACzB,CAAC;QAED,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC;QACrB,IAAI,CAAC,iBAAiB,CAAC,KAAK,EAAE,CAAC;QAC/B,MAAM,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;IACxC,CAAC;IAED;;;;;OAKG;IACH,SAAS;QACP,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,aAAa;QACzB,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;YAChD,MAAM,UAAU,GAAG,IAAI,GAAG,EAAuB,CAAC;YAElD,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;gBAC/B,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE;oBACvB,GAAG,EAAE,IAAI,CAAC,GAAG;oBACb,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,OAAO,EAAE,IAAI,CAAC,OAAO;iBACtB,CAAC,CAAC;gBAEH,wDAAwD;gBACxD,mBAAmB;gBACnB,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC1C,MAAM,KAAK,GAAG,qBAAqB,CACjC;wBACE,GAAG,EAAE,IAAI,CAAC,GAAG;wBACb,IAAI,EAAE,IAAI,CAAC,IAAI;wBACf,IAAI,EAAE,IAAI,CAAC,IAAI;wBACf,OAAO,EAAE,IAAI,CAAC,OAAO;qBACtB,EACD,SAAS,CACV,CAAC;oBACF,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,KAAK,CAAC,CAAC;gBACtC,CAAC;YACH,CAAC;YAED,gDAAgD;YAChD,eAAe;YACf,KAAK,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBACjD,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;oBACzB,MAAM,KAAK,GAAG,qBAAqB,CACjC;wBACE,GAAG;wBACH,IAAI,EAAE,IAAI,CAAC,IAAI;wBACf,OAAO,EAAE,IAAI,CAAC,OAAO;qBACtB,EACD,SAAS,CACV,CAAC;oBACF,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,KAAK,CAAC,CAAC;gBACtC,CAAC;YACH,CAAC;YAED,IAAI,CAAC,iBAAiB,GAAG,UAAU,CAAC;QACtC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,KAAK,CAAC,0BAA0B,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACjE,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QAC1E,CAAC;IACH,CAAC;IAED;;;;;;;;;;OAUG;IACH,KAAK,CAAC,cAAc;QAClB,MAAM,EAAE,GAAG,QAAQ,EAAE,CAAC;QAEtB,IAAI,CAAC;YACH,IAAI,EAAE,KAAK,QAAQ,IAAI,EAAE,KAAK,OAAO,EAAE,CAAC;gBACtC,OAAO,MAAM,IAAI,CAAC,OAAO,EAAE,CAAC;YAC9B,CAAC;iBAAM,IAAI,EAAE,KAAK,OAAO,EAAE,CAAC;gBAC1B,OAAO,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;YACpC,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,IAAI,CAAC,gDAAgD,EAAE,EAAE,CAAC,CAAC;gBAClE,OAAO,EAAE,CAAC;YACZ,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,KAAK,CAAC,4BAA4B,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACnE,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACK,KAAK,CAAC,OAAO;QACnB,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CAAC,IAAI,EAAE,CAAC,KAAK,EAAE,oBAAoB,CAAC,EAAE;YAC1E,OAAO,EAAE,KAAK;SACf,CAAC,CAAC;QAEH,MAAM,SAAS,GAAuB,EAAE,CAAC;QACzC,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAEjC,2BAA2B;QAC3B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACtB,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC;gBAAE,SAAS;YAEhD,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;YACjC,uDAAuD;YACvD,qCAAqC;YACrC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAC;YAC9D,IAAI,CAAC,KAAK;gBAAE,SAAS;YAErB,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,GAAG,EAAE,EAAE,CAAC,CAAC;YAC1C,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACtB,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC5B,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAE/B,IAAI,KAAK,CAAC,GAAG,CAAC,IAAI,GAAG,KAAK,CAAC;gBAAE,SAAS;YAEtC,SAAS,CAAC,IAAI,CAAC;gBACb,GAAG;gBACH,IAAI;gBACJ,IAAI;gBACJ,OAAO,EAAE,OAAO,CAAC,IAAI,EAAE,IAAI,SAAS;aACrC,CAAC,CAAC;QACL,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;;;;OAKG;IACK,KAAK,CAAC,aAAa;QACzB,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CAAC,UAAU,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,EAAE;YACjE,OAAO,EAAE,KAAK;SACf,CAAC,CAAC;QAEH,MAAM,SAAS,GAAuB,EAAE,CAAC;QACzC,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAEjC,2BAA2B;QAC3B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACtB,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC;gBAAE,SAAS;YAEhD,uEAAuE;YACvE,kEAAkE;YAClE,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC;YACjD,IAAI,CAAC,QAAQ;gBAAE,SAAS;YAExB,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC/B,MAAM,GAAG,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,GAAG,EAAE,EAAE,CAAC,CAAC;YAE7C,IAAI,KAAK,CAAC,GAAG,CAAC,IAAI,GAAG,KAAK,CAAC;gBAAE,SAAS;YAEtC,SAAS,CAAC,IAAI,CAAC;gBACb,GAAG;gBACH,IAAI;aACL,CAAC,CAAC;QACL,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;CACF"}

package/dist/monitor/threat-intel-feeds.d.ts

@@ -0,0 +1,141 @@
+/**
+ * Threat Intelligence Feed Manager - Real-time threat feeds integration
+ * 威脅情報饋送管理器 - 即時威脅情報整合
+ *
+ * Integrates with free, open-source threat intelligence feeds:
+ * - abuse.ch ThreatFox (malware IoCs)
+ * - abuse.ch URLhaus (malicious URLs)
+ * - abuse.ch Feodo Tracker (banking trojan C2)
+ * - GreyNoise Community API (internet scanners)
+ *
+ * All feeds are free and require no registration (except AbuseIPDB which is optional).
+ *
+ * @module @panguard-ai/core/monitor/threat-intel-feeds
+ */
+import type { ThreatIntelEntry } from './types.js';
+/** Feed source identifier / 情報源識別 */
+export type FeedSource = 'threatfox' | 'urlhaus' | 'feodotracker' | 'greynoise' | 'abuseipdb';
+/** Individual IoC (Indicator of Compromise) / 入侵指標 */
+export interface IoC {
+    type: 'ip' | 'url' | 'domain' | 'hash';
+    value: string;
+    threatType: string;
+    source: FeedSource;
+    confidence: number;
+    firstSeen?: string;
+    lastSeen?: string;
+    tags: string[];
+    reference?: string;
+}
+/** Feed update result / 情報更新結果 */
+export interface FeedUpdateResult {
+    source: FeedSource;
+    success: boolean;
+    iocCount: number;
+    durationMs: number;
+    error?: string;
+}
+/** Feed manager configuration / 情報管理器設定 */
+export interface FeedManagerConfig {
+    /** Update interval in ms (default 1 hour) / 更新間隔 */
+    updateIntervalMs: number;
+    /** Maximum IoCs to keep in memory / 記憶體中最大 IoC 數量 */
+    maxIoCs: number;
+    /** Optional AbuseIPDB API key / 可選的 AbuseIPDB API key */
+    abuseIPDBKey?: string;
+    /** Enable/disable specific feeds / 啟用/停用特定情報源 */
+    enabledFeeds: FeedSource[];
+    /** Request timeout in ms / 請求逾時 */
+    requestTimeoutMs: number;
+}
+/**
+ * Manages real-time threat intelligence feeds
+ * 管理即時威脅情報饋送
+ */
+export declare class ThreatIntelFeedManager {
+    private readonly config;
+    private iocs;
+    private ipIndex;
+    private updateTimer?;
+    private lastUpdate;
+    constructor(config?: Partial<FeedManagerConfig>);
+    /**
+     * Start periodic feed updates / 開始定期更新情報
+     */
+    start(): Promise<void>;
+    /** Stop periodic updates / 停止定期更新 */
+    stop(): void;
+    /**
+     * Update all enabled feeds / 更新所有啟用的情報源
+     */
+    updateAll(): Promise<FeedUpdateResult[]>;
+    /**
+     * Check if an IP is in threat intel / 檢查 IP 是否在威脅情報中
+     */
+    checkIP(ip: string): IoC | undefined;
+    /**
+     * Search IoCs by value / 以值搜尋 IoC
+     */
+    search(value: string): IoC | undefined;
+    /** Get total IoC count / 取得 IoC 總數 */
+    getIoCCount(): number;
+    /** Get IP index count / 取得 IP 索引數 */
+    getIPCount(): number;
+    /** Get last update times / 取得最後更新時間 */
+    getLastUpdateTimes(): Map<FeedSource, string>;
+    /**
+     * Convert IoC to ThreatIntelEntry for compatibility with existing system
+     * 轉換 IoC 為 ThreatIntelEntry 以相容現有系統
+     */
+    toThreatIntelEntry(ioc: IoC): ThreatIntelEntry | null;
+    /**
+     * Add external IPs to the threat intel index (e.g., from Threat Cloud blocklist).
+     * 將外部 IP 加入威脅情報索引（例如來自 Threat Cloud 封鎖清單）。
+     *
+     * @param ips - Array of IPs to add / 要加入的 IP 陣列
+     * @param threatType - Threat classification / 威脅分類
+     * @param confidence - Confidence score (0-100) / 信心分數
+     * @returns Number of IPs added / 新增的 IP 數量
+     */
+    addExternalIPs(ips: string[], threatType?: string, confidence?: number): number;
+    /** Get all IP-based IoCs as ThreatIntelEntry array / 取得所有 IP IoC 為 ThreatIntelEntry 陣列 */
+    getAllIPEntries(): ThreatIntelEntry[];
+    private updateFeed;
+    /**
+     * abuse.ch ThreatFox - Recent IoCs
+     * https://threatfox.abuse.ch/api/
+     */
+    private fetchThreatFox;
+    /**
+     * abuse.ch URLhaus - Recent malicious URLs (last 24h)
+     * https://urlhaus-api.abuse.ch/v1/
+     */
+    private fetchURLhaus;
+    /**
+     * abuse.ch Feodo Tracker - Banking trojan C2 servers
+     * https://feodotracker.abuse.ch/
+     */
+    private fetchFeodoTracker;
+    /**
+     * GreyNoise Community API - Internet background noise / scanners
+     * Free, no API key required for RIOT endpoint
+     */
+    private fetchGreyNoise;
+    /**
+     * Check a single IP against GreyNoise (free community API)
+     * 使用 GreyNoise 免費 API 檢查單一 IP
+     */
+    checkIPWithGreyNoise(ip: string): Promise<IoC | null>;
+    /**
+     * AbuseIPDB check (requires API key, optional)
+     */
+    private fetchAbuseIPDB;
+    /**
+     * Check a single IP against AbuseIPDB
+     * 使用 AbuseIPDB 檢查單一 IP
+     */
+    checkIPWithAbuseIPDB(ip: string): Promise<IoC | null>;
+    private addIoC;
+    private trimOldest;
+}
+//# sourceMappingURL=threat-intel-feeds.d.ts.map

package/dist/monitor/threat-intel-feeds.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"threat-intel-feeds.d.ts","sourceRoot":"","sources":["../../src/monitor/threat-intel-feeds.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAGH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAInD,qCAAqC;AACrC,MAAM,MAAM,UAAU,GAAG,WAAW,GAAG,SAAS,GAAG,cAAc,GAAG,WAAW,GAAG,WAAW,CAAC;AAE9F,sDAAsD;AACtD,MAAM,WAAW,GAAG;IAClB,IAAI,EAAE,IAAI,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;IACvC,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,UAAU,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,kCAAkC;AAClC,MAAM,WAAW,gBAAgB;IAC/B,MAAM,EAAE,UAAU,CAAC;IACnB,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,2CAA2C;AAC3C,MAAM,WAAW,iBAAiB;IAChC,oDAAoD;IACpD,gBAAgB,EAAE,MAAM,CAAC;IACzB,qDAAqD;IACrD,OAAO,EAAE,MAAM,CAAC;IAChB,yDAAyD;IACzD,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,iDAAiD;IACjD,YAAY,EAAE,UAAU,EAAE,CAAC;IAC3B,mCAAmC;IACnC,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AASD;;;GAGG;AACH,qBAAa,sBAAsB;IACjC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAoB;IAC3C,OAAO,CAAC,IAAI,CAA+B;IAC3C,OAAO,CAAC,OAAO,CAA+B;IAC9C,OAAO,CAAC,WAAW,CAAC,CAAiC;IACrD,OAAO,CAAC,UAAU,CAAsC;gBAE5C,MAAM,GAAE,OAAO,CAAC,iBAAiB,CAAM;IAOnD;;OAEG;IACG,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAW5B,qCAAqC;IACrC,IAAI,IAAI,IAAI;IAOZ;;OAEG;IACG,SAAS,IAAI,OAAO,CAAC,gBAAgB,EAAE,CAAC;IAmB9C;;OAEG;IACH,OAAO,CAAC,EAAE,EAAE,MAAM,GAAG,GAAG,GAAG,SAAS;IAIpC;;OAEG;IACH,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,GAAG,GAAG,SAAS;IAItC,sCAAsC;IACtC,WAAW,IAAI,MAAM;IAIrB,qCAAqC;IACrC,UAAU,IAAI,MAAM;IAIpB,uCAAuC;IACvC,kBAAkB,IAAI,GAAG,CAAC,UAAU,EAAE,MAAM,CAAC;IAI7C;;;OAGG;IACH,kBAAkB,CAAC,GAAG,EAAE,GAAG,GAAG,gBAAgB,GAAG,IAAI;IAkBrD;;;;;;;;OAQG;IACH,cAAc,CACZ,GAAG,EAAE,MAAM,EAAE,EACb,UAAU,GAAE,MAAsB,EAClC,UAAU,GAAE,MAAW,GACtB,MAAM;IA2BT,0FAA0F;IAC1F,eAAe,IAAI,gBAAgB,EAAE;YAWvB,UAAU;IA8BxB;;;OAGG;YACW,cAAc;IAyD5B;;;OAGG;YACW,YAAY;IAoD1B;;;OAGG;YACW,iBAAiB;IAyC/B;;;OAGG;YACW,cAAc;IAoB5B;;;OAGG;IACG,oBAAoB,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC;IAsC3D;;OAEG;YACW,cAAc;IAO5B;;;OAGG;IACG,oBAAoB,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC;IA6C3D,OAAO,CAAC,MAAM;IAQd,OAAO,CAAC,UAAU;CAgBnB"}