@panguard-ai/core 0.1.0

package/dist/monitor/threat-intel-feeds.js

@@ -0,0 +1,430 @@
+/**
+ * Threat Intelligence Feed Manager - Real-time threat feeds integration
+ * 威脅情報饋送管理器 - 即時威脅情報整合
+ *
+ * Integrates with free, open-source threat intelligence feeds:
+ * - abuse.ch ThreatFox (malware IoCs)
+ * - abuse.ch URLhaus (malicious URLs)
+ * - abuse.ch Feodo Tracker (banking trojan C2)
+ * - GreyNoise Community API (internet scanners)
+ *
+ * All feeds are free and require no registration (except AbuseIPDB which is optional).
+ *
+ * @module @panguard-ai/core/monitor/threat-intel-feeds
+ */
+import { createLogger } from '../utils/logger.js';
+const logger = createLogger('threat-intel-feeds');
+const DEFAULT_CONFIG = {
+    updateIntervalMs: 60 * 60 * 1000, // 1 hour
+    maxIoCs: 50000,
+    enabledFeeds: ['threatfox', 'urlhaus', 'feodotracker', 'greynoise'],
+    requestTimeoutMs: 30000,
+};
+/**
+ * Manages real-time threat intelligence feeds
+ * 管理即時威脅情報饋送
+ */
+export class ThreatIntelFeedManager {
+    config;
+    iocs = new Map();
+    ipIndex = new Map(); // Fast IP lookup
+    updateTimer;
+    lastUpdate = new Map();
+    constructor(config = {}) {
+        this.config = { ...DEFAULT_CONFIG, ...config };
+        if (config.abuseIPDBKey && !this.config.enabledFeeds.includes('abuseipdb')) {
+            this.config.enabledFeeds.push('abuseipdb');
+        }
+    }
+    /**
+     * Start periodic feed updates / 開始定期更新情報
+     */
+    async start() {
+        await this.updateAll();
+        this.updateTimer = setInterval(() => {
+            void this.updateAll();
+        }, this.config.updateIntervalMs);
+        if (this.updateTimer.unref)
+            this.updateTimer.unref();
+        logger.info(`Feed manager started. Update interval: ${Math.round(this.config.updateIntervalMs / 60000)} min`);
+    }
+    /** Stop periodic updates / 停止定期更新 */
+    stop() {
+        if (this.updateTimer) {
+            clearInterval(this.updateTimer);
+            this.updateTimer = undefined;
+        }
+    }
+    /**
+     * Update all enabled feeds / 更新所有啟用的情報源
+     */
+    async updateAll() {
+        const results = [];
+        for (const source of this.config.enabledFeeds) {
+            const result = await this.updateFeed(source);
+            results.push(result);
+        }
+        // Trim if over max
+        if (this.iocs.size > this.config.maxIoCs) {
+            this.trimOldest();
+        }
+        logger.info(`Feed update complete. Total IoCs: ${this.iocs.size}, IPs indexed: ${this.ipIndex.size}`);
+        return results;
+    }
+    /**
+     * Check if an IP is in threat intel / 檢查 IP 是否在威脅情報中
+     */
+    checkIP(ip) {
+        return this.ipIndex.get(ip);
+    }
+    /**
+     * Search IoCs by value / 以值搜尋 IoC
+     */
+    search(value) {
+        return this.iocs.get(value);
+    }
+    /** Get total IoC count / 取得 IoC 總數 */
+    getIoCCount() {
+        return this.iocs.size;
+    }
+    /** Get IP index count / 取得 IP 索引數 */
+    getIPCount() {
+        return this.ipIndex.size;
+    }
+    /** Get last update times / 取得最後更新時間 */
+    getLastUpdateTimes() {
+        return new Map(this.lastUpdate);
+    }
+    /**
+     * Convert IoC to ThreatIntelEntry for compatibility with existing system
+     * 轉換 IoC 為 ThreatIntelEntry 以相容現有系統
+     */
+    toThreatIntelEntry(ioc) {
+        if (ioc.type !== 'ip')
+            return null;
+        const threatType = ioc.threatType.includes('c2')
+            ? 'c2'
+            : ioc.threatType.includes('scan')
+                ? 'scanner'
+                : ioc.threatType.includes('botnet')
+                    ? 'botnet'
+                    : 'malware';
+        return {
+            ip: ioc.value,
+            type: threatType,
+            source: ioc.source,
+            lastSeen: ioc.lastSeen,
+        };
+    }
+    /**
+     * Add external IPs to the threat intel index (e.g., from Threat Cloud blocklist).
+     * 將外部 IP 加入威脅情報索引（例如來自 Threat Cloud 封鎖清單）。
+     *
+     * @param ips - Array of IPs to add / 要加入的 IP 陣列
+     * @param threatType - Threat classification / 威脅分類
+     * @param confidence - Confidence score (0-100) / 信心分數
+     * @returns Number of IPs added / 新增的 IP 數量
+     */
+    addExternalIPs(ips, threatType = 'blocklisted', confidence = 80) {
+        let added = 0;
+        const now = new Date().toISOString();
+        for (const ip of ips) {
+            const trimmed = ip.trim();
+            if (!trimmed || !/^[\d.]+$/.test(trimmed))
+                continue;
+            const ioc = {
+                type: 'ip',
+                value: trimmed,
+                threatType,
+                source: 'threatfox', // Use existing FeedSource for compatibility
+                confidence,
+                lastSeen: now,
+                tags: ['threat-cloud-blocklist'],
+            };
+            this.addIoC(ioc);
+            added++;
+        }
+        if (added > 0) {
+            logger.info(`Added ${added} external IPs to threat intel / 已加入 ${added} 個外部 IP`);
+        }
+        return added;
+    }
+    /** Get all IP-based IoCs as ThreatIntelEntry array / 取得所有 IP IoC 為 ThreatIntelEntry 陣列 */
+    getAllIPEntries() {
+        const entries = [];
+        for (const ioc of this.ipIndex.values()) {
+            const entry = this.toThreatIntelEntry(ioc);
+            if (entry)
+                entries.push(entry);
+        }
+        return entries;
+    }
+    // -- Feed-specific updaters --
+    async updateFeed(source) {
+        const start = Date.now();
+        try {
+            let count = 0;
+            switch (source) {
+                case 'threatfox':
+                    count = await this.fetchThreatFox();
+                    break;
+                case 'urlhaus':
+                    count = await this.fetchURLhaus();
+                    break;
+                case 'feodotracker':
+                    count = await this.fetchFeodoTracker();
+                    break;
+                case 'greynoise':
+                    count = await this.fetchGreyNoise();
+                    break;
+                case 'abuseipdb':
+                    count = await this.fetchAbuseIPDB();
+                    break;
+            }
+            this.lastUpdate.set(source, new Date().toISOString());
+            return { source, success: true, iocCount: count, durationMs: Date.now() - start };
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            logger.error(`Feed update failed [${source}]: ${msg}`);
+            return { source, success: false, iocCount: 0, durationMs: Date.now() - start, error: msg };
+        }
+    }
+    /**
+     * abuse.ch ThreatFox - Recent IoCs
+     * https://threatfox.abuse.ch/api/
+     */
+    async fetchThreatFox() {
+        const res = await fetchWithTimeout('https://threatfox-api.abuse.ch/api/v1/', {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({ query: 'get_iocs', days: 1 }),
+        }, this.config.requestTimeoutMs);
+        const data = (await res.json());
+        if (data.query_status !== 'ok' || !data.data)
+            return 0;
+        let count = 0;
+        for (const item of data.data) {
+            const type = item.ioc_type === 'ip:port'
+                ? 'ip'
+                : item.ioc_type === 'url'
+                    ? 'url'
+                    : item.ioc_type === 'domain'
+                        ? 'domain'
+                        : 'hash';
+            const value = type === 'ip' ? (item.ioc.split(':')[0] ?? item.ioc) : item.ioc;
+            const ioc = {
+                type,
+                value,
+                threatType: `${item.threat_type}:${item.malware}`,
+                source: 'threatfox',
+                confidence: item.confidence_level,
+                firstSeen: item.first_seen_utc,
+                lastSeen: item.last_seen_utc,
+                tags: item.tags ?? [],
+                reference: item.reference,
+            };
+            this.addIoC(ioc);
+            count++;
+        }
+        return count;
+    }
+    /**
+     * abuse.ch URLhaus - Recent malicious URLs (last 24h)
+     * https://urlhaus-api.abuse.ch/v1/
+     */
+    async fetchURLhaus() {
+        const res = await fetchWithTimeout('https://urlhaus-api.abuse.ch/v1/urls/recent/limit/100/', {
+            method: 'GET',
+        }, this.config.requestTimeoutMs);
+        const data = (await res.json());
+        if (!data.urls)
+            return 0;
+        let count = 0;
+        for (const item of data.urls) {
+            // Extract IP from host if possible
+            if (/^[\d.]+$/.test(item.host)) {
+                const ioc = {
+                    type: 'ip',
+                    value: item.host,
+                    threatType: `malware_distribution:${item.threat}`,
+                    source: 'urlhaus',
+                    confidence: item.url_status === 'online' ? 90 : 50,
+                    firstSeen: item.date_added,
+                    tags: item.tags ?? [],
+                };
+                this.addIoC(ioc);
+            }
+            const urlIoc = {
+                type: 'url',
+                value: item.url,
+                threatType: `malware_distribution:${item.threat}`,
+                source: 'urlhaus',
+                confidence: item.url_status === 'online' ? 90 : 50,
+                firstSeen: item.date_added,
+                tags: item.tags ?? [],
+            };
+            this.addIoC(urlIoc);
+            count++;
+        }
+        return count;
+    }
+    /**
+     * abuse.ch Feodo Tracker - Banking trojan C2 servers
+     * https://feodotracker.abuse.ch/
+     */
+    async fetchFeodoTracker() {
+        const res = await fetchWithTimeout('https://feodotracker.abuse.ch/downloads/ipblocklist_recommended.json', {
+            method: 'GET',
+        }, this.config.requestTimeoutMs);
+        const data = (await res.json());
+        if (!Array.isArray(data))
+            return 0;
+        let count = 0;
+        for (const item of data) {
+            const ioc = {
+                type: 'ip',
+                value: item.ip_address,
+                threatType: `c2:${item.malware}`,
+                source: 'feodotracker',
+                confidence: item.status === 'online' ? 95 : 70,
+                firstSeen: item.first_seen,
+                lastSeen: item.last_online,
+                tags: [item.malware, item.country, `AS${item.as_number}`].filter(Boolean),
+            };
+            this.addIoC(ioc);
+            count++;
+        }
+        return count;
+    }
+    /**
+     * GreyNoise Community API - Internet background noise / scanners
+     * Free, no API key required for RIOT endpoint
+     */
+    async fetchGreyNoise() {
+        // GreyNoise doesn't have a bulk free endpoint, so we use their
+        // popular scanner list which is publicly available
+        const res = await fetchWithTimeout('https://api.greynoise.io/v3/community/1.1.1.1', {
+            method: 'GET',
+            headers: { Accept: 'application/json' },
+        }, this.config.requestTimeoutMs);
+        // For the free tier, we just validate the API is reachable
+        // and note that individual IP checks should use checkIPWithGreyNoise()
+        if (res.ok) {
+            logger.info('GreyNoise API reachable');
+        }
+        return 0; // GreyNoise is checked per-IP, not bulk
+    }
+    /**
+     * Check a single IP against GreyNoise (free community API)
+     * 使用 GreyNoise 免費 API 檢查單一 IP
+     */
+    async checkIPWithGreyNoise(ip) {
+        try {
+            const res = await fetchWithTimeout(`https://api.greynoise.io/v3/community/${ip}`, {
+                method: 'GET',
+                headers: { Accept: 'application/json' },
+            }, this.config.requestTimeoutMs);
+            if (!res.ok)
+                return null;
+            const data = (await res.json());
+            if (data.noise) {
+                return {
+                    type: 'ip',
+                    value: ip,
+                    threatType: `scanner:${data.classification}`,
+                    source: 'greynoise',
+                    confidence: data.classification === 'malicious' ? 85 : 50,
+                    lastSeen: data.last_seen,
+                    tags: [data.classification, data.name].filter(Boolean),
+                };
+            }
+            return null;
+        }
+        catch {
+            return null;
+        }
+    }
+    /**
+     * AbuseIPDB check (requires API key, optional)
+     */
+    async fetchAbuseIPDB() {
+        if (!this.config.abuseIPDBKey)
+            return 0;
+        // AbuseIPDB is checked per-IP via checkIPWithAbuseIPDB()
+        logger.info('AbuseIPDB configured (per-IP lookup mode)');
+        return 0;
+    }
+    /**
+     * Check a single IP against AbuseIPDB
+     * 使用 AbuseIPDB 檢查單一 IP
+     */
+    async checkIPWithAbuseIPDB(ip) {
+        if (!this.config.abuseIPDBKey)
+            return null;
+        try {
+            const res = await fetchWithTimeout(`https://api.abuseipdb.com/api/v2/check?ipAddress=${encodeURIComponent(ip)}&maxAgeInDays=90`, {
+                method: 'GET',
+                headers: {
+                    Accept: 'application/json',
+                    Key: this.config.abuseIPDBKey,
+                },
+            }, this.config.requestTimeoutMs);
+            if (!res.ok)
+                return null;
+            const data = (await res.json());
+            if (data.data.abuseConfidenceScore > 25) {
+                return {
+                    type: 'ip',
+                    value: ip,
+                    threatType: 'reported_abuse',
+                    source: 'abuseipdb',
+                    confidence: data.data.abuseConfidenceScore,
+                    lastSeen: data.data.lastReportedAt,
+                    tags: [data.data.countryCode, `reports:${data.data.totalReports}`],
+                };
+            }
+            return null;
+        }
+        catch {
+            return null;
+        }
+    }
+    // -- Internal helpers --
+    addIoC(ioc) {
+        const key = `${ioc.source}:${ioc.type}:${ioc.value}`;
+        this.iocs.set(key, ioc);
+        if (ioc.type === 'ip') {
+            this.ipIndex.set(ioc.value, ioc);
+        }
+    }
+    trimOldest() {
+        const entries = Array.from(this.iocs.entries());
+        const toRemove = entries.length - this.config.maxIoCs;
+        if (toRemove <= 0)
+            return;
+        // Remove oldest entries (first inserted)
+        for (let i = 0; i < toRemove; i++) {
+            const entry = entries[i];
+            if (!entry)
+                continue;
+            const [key, ioc] = entry;
+            this.iocs.delete(key);
+            if (ioc.type === 'ip') {
+                this.ipIndex.delete(ioc.value);
+            }
+        }
+    }
+}
+/** Fetch with timeout / 含逾時的 fetch */
+async function fetchWithTimeout(url, init, timeoutMs) {
+    const controller = new AbortController();
+    const timer = setTimeout(() => controller.abort(), timeoutMs);
+    try {
+        return await fetch(url, { ...init, signal: controller.signal });
+    }
+    finally {
+        clearTimeout(timer);
+    }
+}
+//# sourceMappingURL=threat-intel-feeds.js.map

package/dist/monitor/threat-intel-feeds.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"threat-intel-feeds.js","sourceRoot":"","sources":["../../src/monitor/threat-intel-feeds.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAGlD,MAAM,MAAM,GAAG,YAAY,CAAC,oBAAoB,CAAC,CAAC;AAyClD,MAAM,cAAc,GAAsB;IACxC,gBAAgB,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,SAAS;IAC3C,OAAO,EAAE,KAAK;IACd,YAAY,EAAE,CAAC,WAAW,EAAE,SAAS,EAAE,cAAc,EAAE,WAAW,CAAC;IACnE,gBAAgB,EAAE,KAAK;CACxB,CAAC;AAEF;;;GAGG;AACH,MAAM,OAAO,sBAAsB;IAChB,MAAM,CAAoB;IACnC,IAAI,GAAqB,IAAI,GAAG,EAAE,CAAC;IACnC,OAAO,GAAqB,IAAI,GAAG,EAAE,CAAC,CAAC,iBAAiB;IACxD,WAAW,CAAkC;IAC7C,UAAU,GAA4B,IAAI,GAAG,EAAE,CAAC;IAExD,YAAY,SAAqC,EAAE;QACjD,IAAI,CAAC,MAAM,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,MAAM,EAAE,CAAC;QAC/C,IAAI,MAAM,CAAC,YAAY,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YAC3E,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAC7C,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,KAAK;QACT,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACvB,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC,GAAG,EAAE;YAClC,KAAK,IAAI,CAAC,SAAS,EAAE,CAAC;QACxB,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;QACjC,IAAI,IAAI,CAAC,WAAW,CAAC,KAAK;YAAE,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC;QACrD,MAAM,CAAC,IAAI,CACT,0CAA0C,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,gBAAgB,GAAG,KAAK,CAAC,MAAM,CACjG,CAAC;IACJ,CAAC;IAED,qCAAqC;IACrC,IAAI;QACF,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACrB,aAAa,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YAChC,IAAI,CAAC,WAAW,GAAG,SAAS,CAAC;QAC/B,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,SAAS;QACb,MAAM,OAAO,GAAuB,EAAE,CAAC;QAEvC,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;YAC9C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;YAC7C,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACvB,CAAC;QAED,mBAAmB;QACnB,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzC,IAAI,CAAC,UAAU,EAAE,CAAC;QACpB,CAAC;QAED,MAAM,CAAC,IAAI,CACT,qCAAqC,IAAI,CAAC,IAAI,CAAC,IAAI,kBAAkB,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CACzF,CAAC;QACF,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACH,OAAO,CAAC,EAAU;QAChB,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAC9B,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAa;QAClB,OAAO,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAC9B,CAAC;IAED,sCAAsC;IACtC,WAAW;QACT,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;IACxB,CAAC;IAED,qCAAqC;IACrC,UAAU;QACR,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;IAC3B,CAAC;IAED,uCAAuC;IACvC,kBAAkB;QAChB,OAAO,IAAI,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAClC,CAAC;IAED;;;OAGG;IACH,kBAAkB,CAAC,GAAQ;QACzB,IAAI,GAAG,CAAC,IAAI,KAAK,IAAI;YAAE,OAAO,IAAI,CAAC;QACnC,MAAM,UAAU,GAAG,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC;YAC9C,CAAC,CAAE,IAAc;YACjB,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC;gBAC/B,CAAC,CAAE,SAAmB;gBACtB,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC;oBACjC,CAAC,CAAE,QAAkB;oBACrB,CAAC,CAAE,SAAmB,CAAC;QAE7B,OAAO;YACL,EAAE,EAAE,GAAG,CAAC,KAAK;YACb,IAAI,EAAE,UAAU;YAChB,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,QAAQ,EAAE,GAAG,CAAC,QAAQ;SACvB,CAAC;IACJ,CAAC;IAED;;;;;;;;OAQG;IACH,cAAc,CACZ,GAAa,EACb,aAAqB,aAAa,EAClC,aAAqB,EAAE;QAEvB,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAErC,KAAK,MAAM,EAAE,IAAI,GAAG,EAAE,CAAC;YACrB,MAAM,OAAO,GAAG,EAAE,CAAC,IAAI,EAAE,CAAC;YAC1B,IAAI,CAAC,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC;gBAAE,SAAS;YAEpD,MAAM,GAAG,GAAQ;gBACf,IAAI,EAAE,IAAI;gBACV,KAAK,EAAE,OAAO;gBACd,UAAU;gBACV,MAAM,EAAE,WAAW,EAAE,4CAA4C;gBACjE,UAAU;gBACV,QAAQ,EAAE,GAAG;gBACb,IAAI,EAAE,CAAC,wBAAwB,CAAC;aACjC,CAAC;YACF,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjB,KAAK,EAAE,CAAC;QACV,CAAC;QAED,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;YACd,MAAM,CAAC,IAAI,CAAC,SAAS,KAAK,uCAAuC,KAAK,SAAS,CAAC,CAAC;QACnF,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,0FAA0F;IAC1F,eAAe;QACb,MAAM,OAAO,GAAuB,EAAE,CAAC;QACvC,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;YACxC,MAAM,KAAK,GAAG,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC;YAC3C,IAAI,KAAK;gBAAE,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACjC,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,+BAA+B;IAEvB,KAAK,CAAC,UAAU,CAAC,MAAkB;QACzC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACzB,IAAI,CAAC;YACH,IAAI,KAAK,GAAG,CAAC,CAAC;YACd,QAAQ,MAAM,EAAE,CAAC;gBACf,KAAK,WAAW;oBACd,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;oBACpC,MAAM;gBACR,KAAK,SAAS;oBACZ,KAAK,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;oBAClC,MAAM;gBACR,KAAK,cAAc;oBACjB,KAAK,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;oBACvC,MAAM;gBACR,KAAK,WAAW;oBACd,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;oBACpC,MAAM;gBACR,KAAK,WAAW;oBACd,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;oBACpC,MAAM;YACV,CAAC;YACD,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC;YACtD,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,EAAE,CAAC;QACpF,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC7D,MAAM,CAAC,KAAK,CAAC,uBAAuB,MAAM,MAAM,GAAG,EAAE,CAAC,CAAC;YACvD,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;QAC7F,CAAC;IACH,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,cAAc;QAC1B,MAAM,GAAG,GAAG,MAAM,gBAAgB,CAChC,wCAAwC,EACxC;YACE,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;SACrD,EACD,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAC7B,CAAC;QAEF,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAa7B,CAAC;QACF,IAAI,IAAI,CAAC,YAAY,KAAK,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI;YAAE,OAAO,CAAC,CAAC;QAEvD,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YAC7B,MAAM,IAAI,GACR,IAAI,CAAC,QAAQ,KAAK,SAAS;gBACzB,CAAC,CAAE,IAAc;gBACjB,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,KAAK;oBACvB,CAAC,CAAE,KAAe;oBAClB,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ;wBAC1B,CAAC,CAAE,QAAkB;wBACrB,CAAC,CAAE,MAAgB,CAAC;YAE5B,MAAM,KAAK,GAAG,IAAI,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;YAE9E,MAAM,GAAG,GAAQ;gBACf,IAAI;gBACJ,KAAK;gBACL,UAAU,EAAE,GAAG,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,OAAO,EAAE;gBACjD,MAAM,EAAE,WAAW;gBACnB,UAAU,EAAE,IAAI,CAAC,gBAAgB;gBACjC,SAAS,EAAE,IAAI,CAAC,cAAc;gBAC9B,QAAQ,EAAE,IAAI,CAAC,aAAa;gBAC5B,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,EAAE;gBACrB,SAAS,EAAE,IAAI,CAAC,SAAS;aAC1B,CAAC;YACF,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjB,KAAK,EAAE,CAAC;QACV,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,YAAY;QACxB,MAAM,GAAG,GAAG,MAAM,gBAAgB,CAChC,wDAAwD,EACxD;YACE,MAAM,EAAE,KAAK;SACd,EACD,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAC7B,CAAC;QAEF,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAS7B,CAAC;QACF,IAAI,CAAC,IAAI,CAAC,IAAI;YAAE,OAAO,CAAC,CAAC;QAEzB,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YAC7B,mCAAmC;YACnC,IAAI,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC/B,MAAM,GAAG,GAAQ;oBACf,IAAI,EAAE,IAAI;oBACV,KAAK,EAAE,IAAI,CAAC,IAAI;oBAChB,UAAU,EAAE,wBAAwB,IAAI,CAAC,MAAM,EAAE;oBACjD,MAAM,EAAE,SAAS;oBACjB,UAAU,EAAE,IAAI,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE;oBAClD,SAAS,EAAE,IAAI,CAAC,UAAU;oBAC1B,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,EAAE;iBACtB,CAAC;gBACF,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACnB,CAAC;YAED,MAAM,MAAM,GAAQ;gBAClB,IAAI,EAAE,KAAK;gBACX,KAAK,EAAE,IAAI,CAAC,GAAG;gBACf,UAAU,EAAE,wBAAwB,IAAI,CAAC,MAAM,EAAE;gBACjD,MAAM,EAAE,SAAS;gBACjB,UAAU,EAAE,IAAI,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE;gBAClD,SAAS,EAAE,IAAI,CAAC,UAAU;gBAC1B,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,EAAE;aACtB,CAAC;YACF,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YACpB,KAAK,EAAE,CAAC;QACV,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,iBAAiB;QAC7B,MAAM,GAAG,GAAG,MAAM,gBAAgB,CAChC,sEAAsE,EACtE;YACE,MAAM,EAAE,KAAK;SACd,EACD,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAC7B,CAAC;QAEF,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAW5B,CAAC;QACH,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC;YAAE,OAAO,CAAC,CAAC;QAEnC,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,KAAK,MAAM,IAAI,IAAI,IAAI,EAAE,CAAC;YACxB,MAAM,GAAG,GAAQ;gBACf,IAAI,EAAE,IAAI;gBACV,KAAK,EAAE,IAAI,CAAC,UAAU;gBACtB,UAAU,EAAE,MAAM,IAAI,CAAC,OAAO,EAAE;gBAChC,MAAM,EAAE,cAAc;gBACtB,UAAU,EAAE,IAAI,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE;gBAC9C,SAAS,EAAE,IAAI,CAAC,UAAU;gBAC1B,QAAQ,EAAE,IAAI,CAAC,WAAW;gBAC1B,IAAI,EAAE,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,KAAK,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC;aAC1E,CAAC;YACF,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjB,KAAK,EAAE,CAAC;QACV,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,cAAc;QAC1B,+DAA+D;QAC/D,mDAAmD;QACnD,MAAM,GAAG,GAAG,MAAM,gBAAgB,CAChC,+CAA+C,EAC/C;YACE,MAAM,EAAE,KAAK;YACb,OAAO,EAAE,EAAE,MAAM,EAAE,kBAAkB,EAAE;SACxC,EACD,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAC7B,CAAC;QAEF,2DAA2D;QAC3D,uEAAuE;QACvE,IAAI,GAAG,CAAC,EAAE,EAAE,CAAC;YACX,MAAM,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QACzC,CAAC;QACD,OAAO,CAAC,CAAC,CAAC,wCAAwC;IACpD,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,oBAAoB,CAAC,EAAU;QACnC,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,gBAAgB,CAChC,yCAAyC,EAAE,EAAE,EAC7C;gBACE,MAAM,EAAE,KAAK;gBACb,OAAO,EAAE,EAAE,MAAM,EAAE,kBAAkB,EAAE;aACxC,EACD,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAC7B,CAAC;YAEF,IAAI,CAAC,GAAG,CAAC,EAAE;gBAAE,OAAO,IAAI,CAAC;YAEzB,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAM7B,CAAC;YAEF,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;gBACf,OAAO;oBACL,IAAI,EAAE,IAAI;oBACV,KAAK,EAAE,EAAE;oBACT,UAAU,EAAE,WAAW,IAAI,CAAC,cAAc,EAAE;oBAC5C,MAAM,EAAE,WAAW;oBACnB,UAAU,EAAE,IAAI,CAAC,cAAc,KAAK,WAAW,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE;oBACzD,QAAQ,EAAE,IAAI,CAAC,SAAS;oBACxB,IAAI,EAAE,CAAC,IAAI,CAAC,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC;iBACvD,CAAC;YACJ,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,cAAc;QAC1B,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY;YAAE,OAAO,CAAC,CAAC;QACxC,yDAAyD;QACzD,MAAM,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC;QACzD,OAAO,CAAC,CAAC;IACX,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,oBAAoB,CAAC,EAAU;QACnC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY;YAAE,OAAO,IAAI,CAAC;QAE3C,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,gBAAgB,CAChC,oDAAoD,kBAAkB,CAAC,EAAE,CAAC,kBAAkB,EAC5F;gBACE,MAAM,EAAE,KAAK;gBACb,OAAO,EAAE;oBACP,MAAM,EAAE,kBAAkB;oBAC1B,GAAG,EAAE,IAAI,CAAC,MAAM,CAAC,YAAY;iBAC9B;aACF,EACD,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAC7B,CAAC;YAEF,IAAI,CAAC,GAAG,CAAC,EAAE;gBAAE,OAAO,IAAI,CAAC;YACzB,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAO7B,CAAC;YAEF,IAAI,IAAI,CAAC,IAAI,CAAC,oBAAoB,GAAG,EAAE,EAAE,CAAC;gBACxC,OAAO;oBACL,IAAI,EAAE,IAAI;oBACV,KAAK,EAAE,EAAE;oBACT,UAAU,EAAE,gBAAgB;oBAC5B,MAAM,EAAE,WAAW;oBACnB,UAAU,EAAE,IAAI,CAAC,IAAI,CAAC,oBAAoB;oBAC1C,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,cAAc;oBAClC,IAAI,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;iBACnE,CAAC;YACJ,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,yBAAyB;IAEjB,MAAM,CAAC,GAAQ;QACrB,MAAM,GAAG,GAAG,GAAG,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;QACrD,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACxB,IAAI,GAAG,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;YACtB,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QACnC,CAAC;IACH,CAAC;IAEO,UAAU;QAChB,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;QAChD,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;QACtD,IAAI,QAAQ,IAAI,CAAC;YAAE,OAAO;QAE1B,yCAAyC;QACzC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,EAAE,CAAC,EAAE,EAAE,CAAC;YAClC,MAAM,KAAK,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;YACzB,IAAI,CAAC,KAAK;gBAAE,SAAS;YACrB,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,KAAK,CAAC;YACzB,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACtB,IAAI,GAAG,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;gBACtB,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;YACjC,CAAC;QACH,CAAC;IACH,CAAC;CACF;AAED,sCAAsC;AACtC,KAAK,UAAU,gBAAgB,CAC7B,GAAW,EACX,IAAiB,EACjB,SAAiB;IAEjB,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,SAAS,CAAC,CAAC;IAC9D,IAAI,CAAC;QACH,OAAO,MAAM,KAAK,CAAC,GAAG,EAAE,EAAE,GAAG,IAAI,EAAE,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;IAClE,CAAC;YAAS,CAAC;QACT,YAAY,CAAC,KAAK,CAAC,CAAC;IACtB,CAAC;AACH,CAAC"}

package/dist/monitor/threat-intel.d.ts

@@ -0,0 +1,83 @@
+/**
+ * Threat intelligence matching for known malicious IP addresses
+ * 已知惡意 IP 位址的威脅情報比對
+ *
+ * Provides a built-in threat intelligence database for MVP and supports
+ * CIDR range matching for efficient IP lookups.
+ * 為 MVP 提供內建威脅情報資料庫，並支援 CIDR 範圍比對以進行高效 IP 查詢。
+ *
+ * @module @panguard-ai/core/monitor/threat-intel
+ */
+import type { ThreatIntelEntry } from './types.js';
+import type { ThreatIntelFeedManager } from './threat-intel-feeds.js';
+/**
+ * Register a live feed manager for real-time threat intel lookups.
+ * When set, `checkThreatIntel()` queries the feed manager first,
+ * then falls back to the hardcoded list.
+ */
+export declare function setFeedManager(manager: ThreatIntelFeedManager | null): void;
+/** Get the currently registered feed manager (for tests/status). */
+export declare function getFeedManager(): ThreatIntelFeedManager | null;
+/**
+ * Check if an IP address matches any known threat intelligence entry
+ * 檢查 IP 位址是否符合任何已知的威脅情報條目
+ *
+ * @param ip - IPv4 address to check / 要檢查的 IPv4 位址
+ * @returns Matching ThreatIntelEntry or null / 符合的 ThreatIntelEntry 或 null
+ *
+ * @example
+ * ```typescript
+ * const threat = checkThreatIntel('185.220.101.42');
+ * if (threat) {
+ *   console.log(`Matched: ${threat.type} from ${threat.source}`);
+ * }
+ * ```
+ */
+export declare function checkThreatIntel(ip: string): ThreatIntelEntry | null;
+/**
+ * Check if an IP address is in a private (RFC 1918) range
+ * 檢查 IP 位址是否在私有（RFC 1918）範圍內
+ *
+ * Checks against:
+ * 檢查以下範圍：
+ * - 10.0.0.0/8
+ * - 172.16.0.0/12
+ * - 192.168.0.0/16
+ * - 127.0.0.0/8 (loopback / 迴路)
+ * - 169.254.0.0/16 (link-local / 鏈路本地)
+ *
+ * @param ip - IPv4 address to check / 要檢查的 IPv4 位址
+ * @returns True if the IP is private / 如果 IP 是私有的則為 true
+ *
+ * @example
+ * ```typescript
+ * isPrivateIP('192.168.1.1');  // true
+ * isPrivateIP('8.8.8.8');      // false
+ * ```
+ */
+export declare function isPrivateIP(ip: string): boolean;
+/**
+ * Add a new threat intelligence entry to the database
+ * 將新的威脅情報條目新增到資料庫
+ *
+ * @param entry - Threat intelligence entry to add / 要新增的威脅情報條目
+ *
+ * @example
+ * ```typescript
+ * addThreatIntelEntry({
+ *   ip: '10.99.99.0/24',
+ *   type: 'c2',
+ *   source: 'custom-feed',
+ *   lastSeen: '2025-03-15',
+ * });
+ * ```
+ */
+export declare function addThreatIntelEntry(entry: ThreatIntelEntry): void;
+/**
+ * Get all current threat intelligence entries
+ * 取得所有目前的威脅情報條目
+ *
+ * @returns Array of all threat intel entries (copy) / 所有威脅情報條目的陣列（複本）
+ */
+export declare function getThreatIntelEntries(): ThreatIntelEntry[];
+//# sourceMappingURL=threat-intel.d.ts.map

package/dist/monitor/threat-intel.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"threat-intel.d.ts","sourceRoot":"","sources":["../../src/monitor/threat-intel.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AACnD,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,yBAAyB,CAAC;AAKtE;;;;GAIG;AACH,wBAAgB,cAAc,CAAC,OAAO,EAAE,sBAAsB,GAAG,IAAI,GAAG,IAAI,CAE3E;AAED,oEAAoE;AACpE,wBAAgB,cAAc,IAAI,sBAAsB,GAAG,IAAI,CAE9D;AA2GD;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,gBAAgB,CAAC,EAAE,EAAE,MAAM,GAAG,gBAAgB,GAAG,IAAI,CAiBpE;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAgB,WAAW,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAgB/C;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,gBAAgB,GAAG,IAAI,CAEjE;AAED;;;;;GAKG;AACH,wBAAgB,qBAAqB,IAAI,gBAAgB,EAAE,CAE1D"}