@panguard-ai/core 1.0.0 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/adapters/base-adapter.d.ts.map +1 -1
- package/dist/adapters/base-adapter.js +0 -6
- package/dist/adapters/base-adapter.js.map +1 -1
- package/dist/discovery/security-tools.d.ts.map +1 -1
- package/dist/discovery/security-tools.js +0 -8
- package/dist/discovery/security-tools.js.map +1 -1
- package/dist/index.d.ts +1 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +2 -2
- package/dist/index.js.map +1 -1
- package/dist/rules/index.d.ts +4 -108
- package/dist/rules/index.d.ts.map +1 -1
- package/dist/rules/index.js +4 -237
- package/dist/rules/index.js.map +1 -1
- package/dist/types.d.ts +1 -1
- package/dist/types.d.ts.map +1 -1
- package/package.json +1 -1
- package/dist/rules/rule-loader.d.ts +0 -54
- package/dist/rules/rule-loader.d.ts.map +0 -1
- package/dist/rules/rule-loader.js +0 -167
- package/dist/rules/rule-loader.js.map +0 -1
- package/dist/rules/sigma-matcher.d.ts +0 -40
- package/dist/rules/sigma-matcher.d.ts.map +0 -1
- package/dist/rules/sigma-matcher.js +0 -512
- package/dist/rules/sigma-matcher.js.map +0 -1
- package/dist/rules/sigma-parser.d.ts +0 -36
- package/dist/rules/sigma-parser.d.ts.map +0 -1
- package/dist/rules/sigma-parser.js +0 -216
- package/dist/rules/sigma-parser.js.map +0 -1
- package/dist/rules/types.d.ts +0 -112
- package/dist/rules/types.d.ts.map +0 -1
- package/dist/rules/types.js +0 -11
- package/dist/rules/types.js.map +0 -1
- package/dist/rules/yara-scanner.d.ts +0 -103
- package/dist/rules/yara-scanner.d.ts.map +0 -1
- package/dist/rules/yara-scanner.js +0 -421
- package/dist/rules/yara-scanner.js.map +0 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"base-adapter.d.ts","sourceRoot":"","sources":["../../src/adapters/base-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAMH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,KAAK,EAAE,aAAa,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AACxE,OAAO,KAAK,EAAE,aAAa,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAE/E;;;;;;;;;;;GAWG;AACH,wBAAgB,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,QAAQ,CAuCtD;AAED;;;;;;GAMG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,WAAW,
|
|
1
|
+
{"version":3,"file":"base-adapter.d.ts","sourceRoot":"","sources":["../../src/adapters/base-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAMH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,KAAK,EAAE,aAAa,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AACxE,OAAO,KAAK,EAAE,aAAa,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAE/E;;;;;;;;;;;GAWG;AACH,wBAAgB,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,QAAQ,CAuCtD;AAED;;;;;;GAMG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,WAAW,CAsB1D;AAED;;;;;;;;;;;GAWG;AACH,8BAAsB,WAAY,YAAW,eAAe;IAC1D;;;OAGG;IACH,QAAQ,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IAE/B;;;OAGG;IACH,QAAQ,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IAE/B;;;OAGG;IACH,SAAS,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IAElC;;;OAGG;IACH,SAAS,CAAC,QAAQ,CAAC,MAAM,EAAE,aAAa,CAAC;IAEzC;;;;;;OAMG;gBACS,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa;IAKrD;;;OAGG;IACH,QAAQ,CAAC,WAAW,IAAI,OAAO,CAAC,OAAO,CAAC;IAExC;;;OAGG;IACH,QAAQ,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,IAAI,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC;IAEzD;;;;;;;;;;;OAWG;IACH,gBAAgB,CAAC,MAAM,EAAE,YAAY,EAAE,GAAG,aAAa,EAAE;CAkB1D"}
|
|
@@ -67,12 +67,6 @@ export function mapSeverity(severity) {
|
|
|
67
67
|
*/
|
|
68
68
|
export function mapEventSource(source) {
|
|
69
69
|
const normalized = source.toLowerCase().trim();
|
|
70
|
-
if (normalized.includes('falco')) {
|
|
71
|
-
return 'falco';
|
|
72
|
-
}
|
|
73
|
-
if (normalized.includes('suricata')) {
|
|
74
|
-
return 'suricata';
|
|
75
|
-
}
|
|
76
70
|
if (normalized.includes('syslog')) {
|
|
77
71
|
return 'syslog';
|
|
78
72
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"base-adapter.js","sourceRoot":"","sources":["../../src/adapters/base-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,MAAM,SAAS,CAAC;AAEzB,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAKlD;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,WAAW,CAAC,QAAgB;IAC1C,MAAM,UAAU,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC;IAEjD,QAAQ,UAAU,EAAE,CAAC;QACnB,KAAK,UAAU,CAAC;QAChB,KAAK,OAAO,CAAC;QACb,KAAK,WAAW,CAAC;QACjB,KAAK,GAAG;YACN,OAAO,UAAU,CAAC;QAEpB,KAAK,MAAM,CAAC;QACZ,KAAK,QAAQ,CAAC;QACd,KAAK,OAAO,CAAC;QACb,KAAK,GAAG;YACN,OAAO,MAAM,CAAC;QAEhB,KAAK,QAAQ,CAAC;QACd,KAAK,UAAU,CAAC;QAChB,KAAK,SAAS,CAAC;QACf,KAAK,MAAM,CAAC;QACZ,KAAK,GAAG;YACN,OAAO,QAAQ,CAAC;QAElB,KAAK,KAAK,CAAC;QACX,KAAK,OAAO,CAAC;QACb,KAAK,GAAG;YACN,OAAO,KAAK,CAAC;QAEf,KAAK,MAAM,CAAC;QACZ,KAAK,eAAe,CAAC;QACrB,KAAK,QAAQ,CAAC;QACd,KAAK,OAAO,CAAC;QACb,KAAK,GAAG,CAAC;QACT,KAAK,GAAG;YACN,OAAO,MAAM,CAAC;QAEhB;YACE,OAAO,MAAM,CAAC;IAClB,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,cAAc,CAAC,MAAc;IAC3C,MAAM,UAAU,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC;IAE/C,IAAI,UAAU,CAAC,QAAQ,CAAC,
|
|
1
|
+
{"version":3,"file":"base-adapter.js","sourceRoot":"","sources":["../../src/adapters/base-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,MAAM,SAAS,CAAC;AAEzB,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAKlD;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,WAAW,CAAC,QAAgB;IAC1C,MAAM,UAAU,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC;IAEjD,QAAQ,UAAU,EAAE,CAAC;QACnB,KAAK,UAAU,CAAC;QAChB,KAAK,OAAO,CAAC;QACb,KAAK,WAAW,CAAC;QACjB,KAAK,GAAG;YACN,OAAO,UAAU,CAAC;QAEpB,KAAK,MAAM,CAAC;QACZ,KAAK,QAAQ,CAAC;QACd,KAAK,OAAO,CAAC;QACb,KAAK,GAAG;YACN,OAAO,MAAM,CAAC;QAEhB,KAAK,QAAQ,CAAC;QACd,KAAK,UAAU,CAAC;QAChB,KAAK,SAAS,CAAC;QACf,KAAK,MAAM,CAAC;QACZ,KAAK,GAAG;YACN,OAAO,QAAQ,CAAC;QAElB,KAAK,KAAK,CAAC;QACX,KAAK,OAAO,CAAC;QACb,KAAK,GAAG;YACN,OAAO,KAAK,CAAC;QAEf,KAAK,MAAM,CAAC;QACZ,KAAK,eAAe,CAAC;QACrB,KAAK,QAAQ,CAAC;QACd,KAAK,OAAO,CAAC;QACb,KAAK,GAAG,CAAC;QACT,KAAK,GAAG;YACN,OAAO,MAAM,CAAC;QAEhB;YACE,OAAO,MAAM,CAAC;IAClB,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,cAAc,CAAC,MAAc;IAC3C,MAAM,UAAU,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC;IAE/C,IAAI,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QAClC,OAAO,QAAQ,CAAC;IAClB,CAAC;IACD,IAAI,UAAU,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QACnE,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,IAAI,UAAU,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QACnC,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,IAAI,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QAChC,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,0DAA0D;IAC1D,2CAA2C;IAC3C,IAAI,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QACtE,OAAO,eAAe,CAAC;IACzB,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,OAAgB,WAAW;IAa/B;;;OAGG;IACgB,MAAM,CAAS;IAElC;;;OAGG;IACgB,MAAM,CAAgB;IAEzC;;;;;;OAMG;IACH,YAAY,UAAkB,EAAE,MAAqB;QACnD,IAAI,CAAC,MAAM,GAAG,YAAY,CAAC,UAAU,CAAC,CAAC;QACvC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAcD;;;;;;;;;;;OAWG;IACH,gBAAgB,CAAC,MAAsB;QACrC,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YAC5B,EAAE,EAAE,KAAK,CAAC,EAAE,IAAI,UAAU,EAAE;YAC5B,SAAS,EAAE,IAAI,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC;YACpC,MAAM,EAAE,cAAc,CAAC,KAAK,CAAC,MAAM,CAAC;YACpC,QAAQ,EAAE,WAAW,CAAC,KAAK,CAAC,QAAQ,CAAC;YACrC,QAAQ,EAAE,WAAW,KAAK,CAAC,MAAM,EAAE;YACnC,WAAW,EAAE,IAAI,KAAK,CAAC,KAAK,KAAK,KAAK,CAAC,WAAW,EAAE;YACpD,GAAG,EAAE,KAAK,CAAC,GAAG,IAAI,KAAK;YACvB,IAAI,EAAE,EAAE,CAAC,QAAQ,EAAE;YACnB,QAAQ,EAAE;gBACR,WAAW,EAAE,IAAI,CAAC,IAAI;gBACtB,WAAW,EAAE,IAAI,CAAC,IAAI;gBACtB,gBAAgB,EAAE,KAAK,CAAC,QAAQ;gBAChC,OAAO,EAAE,KAAK,CAAC,EAAE;aAClB;SACF,CAAC,CAAC,CAAC;IACN,CAAC;CACF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"security-tools.d.ts","sourceRoot":"","sources":["../../src/discovery/security-tools.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAOH,OAAO,KAAK,EAAE,YAAY,EAAoB,WAAW,EAAE,MAAM,YAAY,CAAC;
|
|
1
|
+
{"version":3,"file":"security-tools.d.ts","sourceRoot":"","sources":["../../src/discovery/security-tools.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAOH,OAAO,KAAK,EAAE,YAAY,EAAoB,WAAW,EAAE,MAAM,YAAY,CAAC;AA6Q9E;;;;;;;;;;;;;;;GAeG;AACH,wBAAsB,mBAAmB,CAAC,QAAQ,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,CAgF1F"}
|
|
@@ -115,14 +115,6 @@ const KNOWN_SECURITY_TOOLS = [
|
|
|
115
115
|
type: 'ids',
|
|
116
116
|
installPaths: ['/usr/local/bin/snort', '/usr/sbin/snort'],
|
|
117
117
|
},
|
|
118
|
-
{
|
|
119
|
-
name: 'Suricata',
|
|
120
|
-
vendor: 'OISF',
|
|
121
|
-
processNames: ['suricata'],
|
|
122
|
-
serviceName: 'suricata',
|
|
123
|
-
type: 'ids',
|
|
124
|
-
installPaths: ['/usr/bin/suricata', '/usr/local/bin/suricata'],
|
|
125
|
-
},
|
|
126
118
|
{
|
|
127
119
|
name: 'OSSEC',
|
|
128
120
|
vendor: 'OSSEC Foundation',
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"security-tools.js","sourceRoot":"","sources":["../../src/discovery/security-tools.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AACzC,OAAO,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AACjC,OAAO,EAAE,QAAQ,IAAI,UAAU,EAAE,MAAM,IAAI,CAAC;AAC5C,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAGlD,MAAM,aAAa,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;AAC1C,MAAM,MAAM,GAAG,YAAY,CAAC,0BAA0B,CAAC,CAAC;AAqBxD;;;GAGG;AACH,MAAM,oBAAoB,GAAwB;IAChD;QACE,IAAI,EAAE,kBAAkB;QACxB,MAAM,EAAE,WAAW;QACnB,YAAY,EAAE,CAAC,aAAa,EAAE,cAAc,EAAE,YAAY,EAAE,2BAA2B,CAAC;QACxF,WAAW,EAAE,WAAW;QACxB,IAAI,EAAE,WAAW;QACjB,YAAY,EAAE,CAAC,qCAAqC,CAAC;KACtD;IACD;QACE,IAAI,EAAE,OAAO;QACb,MAAM,EAAE,YAAY;QACpB,YAAY,EAAE,CAAC,cAAc,EAAE,aAAa,EAAE,gBAAgB,EAAE,cAAc,CAAC;QAC/E,WAAW,EAAE,aAAa;QAC1B,IAAI,EAAE,MAAM;QACZ,YAAY,EAAE,CAAC,YAAY,EAAE,gBAAgB,CAAC;KAC/C;IACD;QACE,IAAI,EAAE,oBAAoB;QAC1B,MAAM,EAAE,aAAa;QACrB,YAAY,EAAE,CAAC,SAAS,EAAE,eAAe,EAAE,qBAAqB,EAAE,mBAAmB,CAAC;QACtF,WAAW,EAAE,iBAAiB;QAC9B,IAAI,EAAE,KAAK;QACX,YAAY,EAAE,CAAC,kBAAkB,EAAE,aAAa,EAAE,gCAAgC,CAAC;KACpF;IACD;QACE,IAAI,EAAE,QAAQ;QACd,MAAM,EAAE,QAAQ;QAChB,YAAY,EAAE;YACZ,aAAa;YACb,iBAAiB;YACjB,UAAU;YACV,kBAAkB;YAClB,kBAAkB;SACnB;QACD,WAAW,EAAE,mBAAmB;QAChC,IAAI,EAAE,WAAW;QACjB,YAAY,EAAE,CAAC,gBAAgB,EAAE,4BAA4B,EAAE,2BAA2B,CAAC;KAC5F;IACD;QACE,IAAI,EAAE,aAAa;QACnB,MAAM,EAAE,aAAa;QACrB,YAAY,EAAE,CAAC,UAAU,EAAE,WAAW,EAAE,kBAAkB,EAAE,cAAc,EAAE,aAAa,CAAC;QAC1F,WAAW,EAAE,UAAU;QACvB,IAAI,EAAE,WAAW;QACjB,YAAY,EAAE,CAAC,eAAe,EAAE,gCAAgC,CAAC;KAClE;IACD;QACE,IAAI,EAAE,WAAW;QACjB,MAAM,EAAE,WAAW;QACnB,YAAY,EAAE,CAAC,UAAU,EAAE,KAAK,EAAE,SAAS,EAAE,aAAa,CAAC;QAC3D,WAAW,EAAE,UAAU;QACvB,IAAI,EAAE,WAAW;QACjB,YAAY,EAAE,CAAC,kCAAkC,EAAE,wCAAwC,CAAC;KAC7F;IACD;QACE,IAAI,EAAE,cAAc;QACpB,MAAM,EAAE,cAAc;QACtB,YAAY,EAAE,CAAC,aAAa,EAAE,iBAAiB,EAAE,oBAAoB,CAAC;QACtE,WAAW,EAAE,aAAa;QAC1B,IAAI,EAAE,WAAW;QACjB,YAAY,EAAE,CAAC,2CAA2C,EAAE,iCAAiC,CAAC;KAC/F;IACD;QACE,IAAI,EAAE,MAAM;QACZ,MAAM,EAAE,MAAM;QACd,YAAY,EAAE,CAAC,cAAc,EAAE,UAAU,EAAE,UAAU,EAAE,OAAO,CAAC;QAC/D,WAAW,EAAE,cAAc;QAC3B,IAAI,EAAE,WAAW;QACjB,YAAY,EAAE,CAAC,WAAW,EAAE,yBAAyB,CAAC;KACvD;IACD;QACE,IAAI,EAAE,SAAS;QACf,MAAM,EAAE,SAAS;QACjB,YAAY,EAAE,CAAC,IAAI,EAAE,QAAQ,EAAE,OAAO,CAAC;QACvC,IAAI,EAAE,UAAU;QAChB,YAAY,EAAE,CAAC,uBAAuB,CAAC;KACxC;IACD;QACE,IAAI,EAAE,sBAAsB;QAC5B,MAAM,EAAE,UAAU;QAClB,YAAY,EAAE,CAAC,aAAa,EAAE,iBAAiB,EAAE,eAAe,EAAE,aAAa,CAAC;QAChF,WAAW,EAAE,oBAAoB;QACjC,IAAI,EAAE,KAAK;QACX,YAAY,EAAE,CAAC,kBAAkB,EAAE,6BAA6B,CAAC;KAClE;IACD;QACE,IAAI,EAAE,OAAO;QACb,MAAM,EAAE,OAAO;QACf,YAAY,EAAE,CAAC,OAAO,CAAC;QACvB,WAAW,EAAE,OAAO;QACpB,IAAI,EAAE,KAAK;QACX,YAAY,EAAE,CAAC,sBAAsB,EAAE,iBAAiB,CAAC;KAC1D;IACD;QACE,IAAI,EAAE,
|
|
1
|
+
{"version":3,"file":"security-tools.js","sourceRoot":"","sources":["../../src/discovery/security-tools.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AACzC,OAAO,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AACjC,OAAO,EAAE,QAAQ,IAAI,UAAU,EAAE,MAAM,IAAI,CAAC;AAC5C,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAGlD,MAAM,aAAa,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;AAC1C,MAAM,MAAM,GAAG,YAAY,CAAC,0BAA0B,CAAC,CAAC;AAqBxD;;;GAGG;AACH,MAAM,oBAAoB,GAAwB;IAChD;QACE,IAAI,EAAE,kBAAkB;QACxB,MAAM,EAAE,WAAW;QACnB,YAAY,EAAE,CAAC,aAAa,EAAE,cAAc,EAAE,YAAY,EAAE,2BAA2B,CAAC;QACxF,WAAW,EAAE,WAAW;QACxB,IAAI,EAAE,WAAW;QACjB,YAAY,EAAE,CAAC,qCAAqC,CAAC;KACtD;IACD;QACE,IAAI,EAAE,OAAO;QACb,MAAM,EAAE,YAAY;QACpB,YAAY,EAAE,CAAC,cAAc,EAAE,aAAa,EAAE,gBAAgB,EAAE,cAAc,CAAC;QAC/E,WAAW,EAAE,aAAa;QAC1B,IAAI,EAAE,MAAM;QACZ,YAAY,EAAE,CAAC,YAAY,EAAE,gBAAgB,CAAC;KAC/C;IACD;QACE,IAAI,EAAE,oBAAoB;QAC1B,MAAM,EAAE,aAAa;QACrB,YAAY,EAAE,CAAC,SAAS,EAAE,eAAe,EAAE,qBAAqB,EAAE,mBAAmB,CAAC;QACtF,WAAW,EAAE,iBAAiB;QAC9B,IAAI,EAAE,KAAK;QACX,YAAY,EAAE,CAAC,kBAAkB,EAAE,aAAa,EAAE,gCAAgC,CAAC;KACpF;IACD;QACE,IAAI,EAAE,QAAQ;QACd,MAAM,EAAE,QAAQ;QAChB,YAAY,EAAE;YACZ,aAAa;YACb,iBAAiB;YACjB,UAAU;YACV,kBAAkB;YAClB,kBAAkB;SACnB;QACD,WAAW,EAAE,mBAAmB;QAChC,IAAI,EAAE,WAAW;QACjB,YAAY,EAAE,CAAC,gBAAgB,EAAE,4BAA4B,EAAE,2BAA2B,CAAC;KAC5F;IACD;QACE,IAAI,EAAE,aAAa;QACnB,MAAM,EAAE,aAAa;QACrB,YAAY,EAAE,CAAC,UAAU,EAAE,WAAW,EAAE,kBAAkB,EAAE,cAAc,EAAE,aAAa,CAAC;QAC1F,WAAW,EAAE,UAAU;QACvB,IAAI,EAAE,WAAW;QACjB,YAAY,EAAE,CAAC,eAAe,EAAE,gCAAgC,CAAC;KAClE;IACD;QACE,IAAI,EAAE,WAAW;QACjB,MAAM,EAAE,WAAW;QACnB,YAAY,EAAE,CAAC,UAAU,EAAE,KAAK,EAAE,SAAS,EAAE,aAAa,CAAC;QAC3D,WAAW,EAAE,UAAU;QACvB,IAAI,EAAE,WAAW;QACjB,YAAY,EAAE,CAAC,kCAAkC,EAAE,wCAAwC,CAAC;KAC7F;IACD;QACE,IAAI,EAAE,cAAc;QACpB,MAAM,EAAE,cAAc;QACtB,YAAY,EAAE,CAAC,aAAa,EAAE,iBAAiB,EAAE,oBAAoB,CAAC;QACtE,WAAW,EAAE,aAAa;QAC1B,IAAI,EAAE,WAAW;QACjB,YAAY,EAAE,CAAC,2CAA2C,EAAE,iCAAiC,CAAC;KAC/F;IACD;QACE,IAAI,EAAE,MAAM;QACZ,MAAM,EAAE,MAAM;QACd,YAAY,EAAE,CAAC,cAAc,EAAE,UAAU,EAAE,UAAU,EAAE,OAAO,CAAC;QAC/D,WAAW,EAAE,cAAc;QAC3B,IAAI,EAAE,WAAW;QACjB,YAAY,EAAE,CAAC,WAAW,EAAE,yBAAyB,CAAC;KACvD;IACD;QACE,IAAI,EAAE,SAAS;QACf,MAAM,EAAE,SAAS;QACjB,YAAY,EAAE,CAAC,IAAI,EAAE,QAAQ,EAAE,OAAO,CAAC;QACvC,IAAI,EAAE,UAAU;QAChB,YAAY,EAAE,CAAC,uBAAuB,CAAC;KACxC;IACD;QACE,IAAI,EAAE,sBAAsB;QAC5B,MAAM,EAAE,UAAU;QAClB,YAAY,EAAE,CAAC,aAAa,EAAE,iBAAiB,EAAE,eAAe,EAAE,aAAa,CAAC;QAChF,WAAW,EAAE,oBAAoB;QACjC,IAAI,EAAE,KAAK;QACX,YAAY,EAAE,CAAC,kBAAkB,EAAE,6BAA6B,CAAC;KAClE;IACD;QACE,IAAI,EAAE,OAAO;QACb,MAAM,EAAE,OAAO;QACf,YAAY,EAAE,CAAC,OAAO,CAAC;QACvB,WAAW,EAAE,OAAO;QACpB,IAAI,EAAE,KAAK;QACX,YAAY,EAAE,CAAC,sBAAsB,EAAE,iBAAiB,CAAC;KAC1D;IACD;QACE,IAAI,EAAE,OAAO;QACb,MAAM,EAAE,kBAAkB;QAC1B,YAAY,EAAE,CAAC,iBAAiB,EAAE,iBAAiB,EAAE,eAAe,CAAC;QACrE,WAAW,EAAE,OAAO;QACpB,IAAI,EAAE,KAAK;QACX,YAAY,EAAE,CAAC,YAAY,CAAC;KAC7B;IACD;QACE,IAAI,EAAE,QAAQ;QACd,MAAM,EAAE,QAAQ;QAChB,YAAY,EAAE,CAAC,OAAO,EAAE,WAAW,EAAE,WAAW,CAAC;QACjD,WAAW,EAAE,eAAe;QAC5B,IAAI,EAAE,WAAW;QACjB,YAAY,EAAE,CAAC,mBAAmB,EAAE,yBAAyB,CAAC;KAC/D;IACD;QACE,IAAI,EAAE,QAAQ;QACd,MAAM,EAAE,QAAQ;QAChB,YAAY,EAAE,CAAC,SAAS,EAAE,iBAAiB,CAAC;QAC5C,WAAW,EAAE,SAAS;QACtB,IAAI,EAAE,MAAM;QACZ,YAAY,EAAE,CAAC,aAAa,EAAE,sBAAsB,EAAE,2BAA2B,CAAC;KACnF;IACD;QACE,IAAI,EAAE,eAAe;QACrB,MAAM,EAAE,SAAS;QACjB,YAAY,EAAE,CAAC,eAAe,EAAE,UAAU,EAAE,YAAY,EAAE,WAAW,CAAC;QACtE,WAAW,EAAE,eAAe;QAC5B,IAAI,EAAE,MAAM;QACZ,YAAY,EAAE,CAAC,cAAc,EAAE,4BAA4B,CAAC;KAC7D;IACD;QACE,IAAI,EAAE,cAAc;QACpB,MAAM,EAAE,QAAQ;QAChB,YAAY,EAAE,CAAC,UAAU,EAAE,UAAU,EAAE,eAAe,CAAC;QACvD,WAAW,EAAE,WAAW;QACxB,IAAI,EAAE,KAAK;QACX,YAAY,EAAE,CAAC,kBAAkB,EAAE,2BAA2B,CAAC;KAChE;IACD;QACE,IAAI,EAAE,aAAa;QACnB,MAAM,EAAE,aAAa;QACrB,YAAY,EAAE,CAAC,mBAAmB,EAAE,mBAAmB,EAAE,WAAW,CAAC;QACrE,WAAW,EAAE,eAAe;QAC5B,IAAI,EAAE,KAAK;QACX,YAAY,EAAE,CAAC,kBAAkB,EAAE,gCAAgC,CAAC;KACrE;CACF,CAAC;AAEF;;;;;;;GAOG;AACH,KAAK,UAAU,QAAQ,CAAC,GAAW,EAAE,IAAc;IACjD,IAAI,CAAC;QACH,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC;QACvE,OAAO,MAAM,CAAC,IAAI,EAAE,CAAC;IACvB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,KAAK,CAAC,mBAAmB,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE;YACvD,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;SACxD,CAAC,CAAC;QACH,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,KAAK,UAAU,mBAAmB;IAChC,MAAM,SAAS,GAAG,IAAI,GAAG,EAAU,CAAC;IACpC,MAAM,eAAe,GAAG,UAAU,EAAE,CAAC;IAErC,IAAI,CAAC;QACH,IAAI,MAAM,GAAG,EAAE,CAAC;QAEhB,QAAQ,eAAe,EAAE,CAAC;YACxB,KAAK,QAAQ,CAAC;YACd,KAAK,OAAO;gBACV,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC;gBACvC,MAAM;YACR,KAAK,OAAO;gBACV,MAAM,GAAG,MAAM,QAAQ,CAAC,UAAU,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;gBAC3D,MAAM;YACR;gBACE,OAAO,SAAS,CAAC;QACrB,CAAC;QAED,IAAI,CAAC,MAAM;YAAE,OAAO,SAAS,CAAC;QAE9B,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAEjC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,eAAe,KAAK,OAAO,EAAE,CAAC;gBAChC,sCAAsC;gBACtC,iCAAiC;gBACjC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;gBACvC,IAAI,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBACf,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;gBACxC,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,2CAA2C;gBAC3C,sCAAsC;gBACtC,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;gBACvC,IAAI,KAAK,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;oBACvB,MAAM,GAAG,GAAG,KAAK,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC;oBAC5B,kDAAkD;oBAClD,mBAAmB;oBACnB,MAAM,UAAU,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC;oBACjE,IAAI,UAAU,EAAE,CAAC;wBACf,SAAS,CAAC,GAAG,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC,CAAC;oBAC1C,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,KAAK,CAAC,uCAAuC,EAAE;YACpD,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;SACxD,CAAC,CAAC;IACL,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;;;GAMG;AACH,KAAK,UAAU,UAAU,CAAC,QAAgB;IACxC,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAC;QACvB,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;;GAeG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,QAAuB;IAC/D,MAAM,aAAa,GAAmB,EAAE,CAAC;IACzC,MAAM,UAAU,GAAG,MAAM,mBAAmB,EAAE,CAAC;IAE/C,MAAM,CAAC,IAAI,CACT,YAAY,oBAAoB,CAAC,MAAM,iCAAiC,UAAU,CAAC,IAAI,oBAAoB,CAC5G,CAAC;IAEF,wDAAwD;IACxD,mBAAmB;IACnB,MAAM,mBAAmB,GAAG,IAAI,GAAG,CACjC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAChF,CAAC;IAEF,KAAK,MAAM,IAAI,IAAI,oBAAoB,EAAE,CAAC;QACxC,IAAI,OAAO,GAAG,KAAK,CAAC;QACpB,IAAI,eAAe,GAAG,KAAK,CAAC;QAC5B,IAAI,eAAe,GAAG,KAAK,CAAC;QAC5B,IAAI,YAAY,GAAG,KAAK,CAAC;QAEzB,6BAA6B;QAC7B,aAAa;QACb,KAAK,MAAM,WAAW,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YAC5C,IAAI,UAAU,CAAC,GAAG,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;gBAC9C,OAAO,GAAG,IAAI,CAAC;gBACf,eAAe,GAAG,IAAI,CAAC;gBACvB,MAAM;YACR,CAAC;QACH,CAAC;QAED,yBAAyB;QACzB,YAAY;QACZ,IAAI,CAAC,eAAe,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACzC,IAAI,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;gBAC5D,OAAO,GAAG,IAAI,CAAC;gBACf,eAAe,GAAG,IAAI,CAAC;YACzB,CAAC;YACD,qDAAqD;YACrD,iBAAiB;YACjB,MAAM,eAAe,GAAG,QAAQ,CAAC,IAAI,CACnC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,IAAI,CAAC,WAAY,CAAC,WAAW,EAAE,CAChE,CAAC;YACF,IAAI,eAAe,IAAI,CAAC,eAAe,EAAE,CAAC;gBACxC,eAAe,GAAG,IAAI,CAAC;gBACvB,OAAO,GAAG,eAAe,CAAC,MAAM,KAAK,SAAS,CAAC;YACjD,CAAC;QACH,CAAC;QAED,yBAAyB;QACzB,YAAY;QACZ,IAAI,CAAC,eAAe,IAAI,CAAC,eAAe,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YAC9D,KAAK,MAAM,WAAW,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;gBAC5C,IAAI,MAAM,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;oBAClC,YAAY,GAAG,IAAI,CAAC;oBACpB,MAAM;gBACR,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,eAAe,IAAI,eAAe,IAAI,YAAY,EAAE,CAAC;YACvD,MAAM,QAAQ,GAAiB;gBAC7B,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,OAAO;gBACP,IAAI,EAAE,IAAI,CAAC,IAAI;aAChB,CAAC;YAEF,MAAM,CAAC,IAAI,CACT,2BAA2B,IAAI,CAAC,IAAI,KAAK,IAAI,CAAC,MAAM,OAAO,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,2BAA2B,EAAE,EAC9G;gBACE,WAAW,EAAE,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM;aAChF,CACF,CAAC;YAEF,aAAa,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,kCAAkC,aAAa,CAAC,MAAM,EAAE,CAAC,CAAC;IACtE,OAAO,aAAa,CAAC;AACvB,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -14,8 +14,7 @@ export { createLogger, setLogLevel, validateInput, tryValidateInput, sanitizeStr
|
|
|
14
14
|
export type { Logger, ThreatDataInput, RulePublishInput, ATRProposalInput, ATRFeedbackInput, SkillThreatInput, SkillWhitelistInput, } from './utils/index.js';
|
|
15
15
|
export { DISCOVERY_VERSION, detectOS, getNetworkInterfaces, scanOpenPorts, getActiveConnections, getGateway, getDnsServers, getDnsServersAsync, detectServices, detectSecurityTools, checkFirewall, auditUsers, calculateRiskScore, getRiskLevel, OsqueryProvider, createOsqueryProvider, } from './discovery/index.js';
|
|
16
16
|
export type { DiscoveryConfig, OSInfo, NetworkInterface, PortInfo, ActiveConnection, NetworkInfo, ServiceInfo, SecurityToolType, SecurityTool, FirewallRule, FirewallStatus, UpdateStatus, UserInfo, RiskFactor, DiscoveryResult, OsqueryProcess, OsqueryListeningPort, OsqueryLoggedInUser, } from './discovery/index.js';
|
|
17
|
-
export { RULES_VERSION
|
|
18
|
-
export type { SigmaLogSource, SigmaDetection, SigmaRule, RuleMatch, RuleEngineConfig, YaraMatch, YaraScanResult, } from './rules/index.js';
|
|
17
|
+
export { RULES_VERSION } from './rules/index.js';
|
|
19
18
|
export { MONITOR_VERSION, MonitorEngine, LogMonitor, NetworkMonitor, ProcessMonitor, FileMonitor, checkThreatIntel, isPrivateIP, addThreatIntelEntry, getThreatIntelEntries, setFeedManager, getFeedManager, normalizeLogEvent, normalizeNetworkEvent, normalizeProcessEvent, normalizeFileEvent, DEFAULT_MONITOR_CONFIG, ThreatIntelFeedManager, } from './monitor/index.js';
|
|
20
19
|
export type { MonitorConfig, MonitorStatus, ThreatIntelEntry, FileHashRecord, ProcessListEntry, IoC, FeedSource, FeedUpdateResult, FeedManagerConfig, } from './monitor/index.js';
|
|
21
20
|
export { calculateSecurityScore, scoreToGrade, scoreToColor, generateScoreSummary, AchievementTracker, ACHIEVEMENTS, } from './scoring/index.js';
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAGH,YAAY,EACV,QAAQ,EACR,QAAQ,EACR,WAAW,EACX,UAAU,EACV,aAAa,EACb,QAAQ,GACT,MAAM,YAAY,CAAC;AAGpB,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,cAAc,EAAE,CAAC,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAGlF,OAAO,EACL,YAAY,EACZ,WAAW,EACX,aAAa,EACb,gBAAgB,EAChB,cAAc,EACd,gBAAgB,EAChB,gBAAgB,EAChB,eAAe,EACf,cAAc,EACd,aAAa,EACb,qBAAqB,EACrB,gBAAgB,EAChB,eAAe,EACf,gBAAgB,EAChB,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,wBAAwB,EACxB,oBAAoB,GACrB,MAAM,kBAAkB,CAAC;AAC1B,YAAY,EACV,MAAM,EACN,eAAe,EACf,gBAAgB,EAChB,gBAAgB,EAChB,gBAAgB,EAChB,gBAAgB,EAChB,mBAAmB,GACpB,MAAM,kBAAkB,CAAC;AAG1B,OAAO,EACL,iBAAiB,EACjB,QAAQ,EACR,oBAAoB,EACpB,aAAa,EACb,oBAAoB,EACpB,UAAU,EACV,aAAa,EACb,kBAAkB,EAClB,cAAc,EACd,mBAAmB,EACnB,aAAa,EACb,UAAU,EACV,kBAAkB,EAClB,YAAY,EACZ,eAAe,EACf,qBAAqB,GACtB,MAAM,sBAAsB,CAAC;AAC9B,YAAY,EACV,eAAe,EACf,MAAM,EACN,gBAAgB,EAChB,QAAQ,EACR,gBAAgB,EAChB,WAAW,EACX,WAAW,EACX,gBAAgB,EAChB,YAAY,EACZ,YAAY,EACZ,cAAc,EACd,YAAY,EACZ,QAAQ,EACR,UAAU,EACV,eAAe,EACf,cAAc,EACd,oBAAoB,EACpB,mBAAmB,GACpB,MAAM,sBAAsB,CAAC;AAG9B,OAAO,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAGH,YAAY,EACV,QAAQ,EACR,QAAQ,EACR,WAAW,EACX,UAAU,EACV,aAAa,EACb,QAAQ,GACT,MAAM,YAAY,CAAC;AAGpB,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,cAAc,EAAE,CAAC,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAGlF,OAAO,EACL,YAAY,EACZ,WAAW,EACX,aAAa,EACb,gBAAgB,EAChB,cAAc,EACd,gBAAgB,EAChB,gBAAgB,EAChB,eAAe,EACf,cAAc,EACd,aAAa,EACb,qBAAqB,EACrB,gBAAgB,EAChB,eAAe,EACf,gBAAgB,EAChB,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,wBAAwB,EACxB,oBAAoB,GACrB,MAAM,kBAAkB,CAAC;AAC1B,YAAY,EACV,MAAM,EACN,eAAe,EACf,gBAAgB,EAChB,gBAAgB,EAChB,gBAAgB,EAChB,gBAAgB,EAChB,mBAAmB,GACpB,MAAM,kBAAkB,CAAC;AAG1B,OAAO,EACL,iBAAiB,EACjB,QAAQ,EACR,oBAAoB,EACpB,aAAa,EACb,oBAAoB,EACpB,UAAU,EACV,aAAa,EACb,kBAAkB,EAClB,cAAc,EACd,mBAAmB,EACnB,aAAa,EACb,UAAU,EACV,kBAAkB,EAClB,YAAY,EACZ,eAAe,EACf,qBAAqB,GACtB,MAAM,sBAAsB,CAAC;AAC9B,YAAY,EACV,eAAe,EACf,MAAM,EACN,gBAAgB,EAChB,QAAQ,EACR,gBAAgB,EAChB,WAAW,EACX,WAAW,EACX,gBAAgB,EAChB,YAAY,EACZ,YAAY,EACZ,cAAc,EACd,YAAY,EACZ,QAAQ,EACR,UAAU,EACV,eAAe,EACf,cAAc,EACd,oBAAoB,EACpB,mBAAmB,GACpB,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAGjD,OAAO,EACL,eAAe,EACf,aAAa,EACb,UAAU,EACV,cAAc,EACd,cAAc,EACd,WAAW,EACX,gBAAgB,EAChB,WAAW,EACX,mBAAmB,EACnB,qBAAqB,EACrB,cAAc,EACd,cAAc,EACd,iBAAiB,EACjB,qBAAqB,EACrB,qBAAqB,EACrB,kBAAkB,EAClB,sBAAsB,EACtB,sBAAsB,GACvB,MAAM,oBAAoB,CAAC;AAC5B,YAAY,EACV,aAAa,EACb,aAAa,EACb,gBAAgB,EAChB,cAAc,EACd,gBAAgB,EAChB,GAAG,EACH,UAAU,EACV,gBAAgB,EAChB,iBAAiB,GAClB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EACL,sBAAsB,EACtB,YAAY,EACZ,YAAY,EACZ,oBAAoB,EACpB,kBAAkB,EAClB,YAAY,GACb,MAAM,oBAAoB,CAAC;AAC5B,YAAY,EACV,WAAW,EACX,qBAAqB,EACrB,UAAU,EACV,WAAW,EACX,gBAAgB,EAChB,iBAAiB,GAClB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EACL,UAAU,EACV,SAAS,EACT,YAAY,EACZ,WAAW,EACX,cAAc,EACd,kBAAkB,GACnB,MAAM,eAAe,CAAC;AACvB,YAAY,EACV,SAAS,EACT,WAAW,EACX,eAAe,EACf,cAAc,EACd,oBAAoB,EACpB,kBAAkB,EAClB,iBAAiB,EACjB,SAAS,EACT,WAAW,EACX,iBAAiB,EACjB,aAAa,GACd,MAAM,eAAe,CAAC;AAGvB,OAAO,EACL,gBAAgB,EAChB,WAAW,EACX,WAAW,EACX,cAAc,EACd,eAAe,EACf,YAAY,EACZ,aAAa,EACb,kBAAkB,EAClB,eAAe,GAChB,MAAM,qBAAqB,CAAC;AAC7B,YAAY,EACV,aAAa,EACb,YAAY,EACZ,eAAe,EACf,mBAAmB,GACpB,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,YAAY,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC/F,YAAY,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAC;AAG7C,OAAO,EACL,CAAC,EACD,aAAa,EACb,UAAU,EACV,UAAU,EACV,OAAO,EACP,OAAO,EACP,YAAY,EACZ,WAAW,EACX,WAAW,EACX,KAAK,EACL,GAAG,EACH,MAAM,EACN,MAAM,EACN,OAAO,EACP,OAAO,EACP,YAAY,EACZ,WAAW,EACX,SAAS,EACT,cAAc,EACd,OAAO,EACP,MAAM,EACN,YAAY,EACZ,UAAU,EACV,aAAa,EACb,YAAY,GACb,MAAM,gBAAgB,CAAC;AACxB,YAAY,EACV,kBAAkB,EAClB,WAAW,EACX,UAAU,EACV,UAAU,EACV,YAAY,EACZ,YAAY,EACZ,UAAU,EACV,aAAa,EACb,UAAU,EACV,aAAa,GACd,MAAM,gBAAgB,CAAC;AAMxB,oCAAoC;AACpC,eAAO,MAAM,YAAY,EAAE,MAAqB,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -14,8 +14,8 @@ export { initI18n, getI18n, changeLanguage, t, resetI18n } from './i18n/index.js
|
|
|
14
14
|
export { createLogger, setLogLevel, validateInput, tryValidateInput, sanitizeString, validateFilePath, sanitizeFilename, isPathWithinDir, ClientIdSchema, ISODateSchema, PaginationLimitSchema, ReputationSchema, RiskLevelSchema, ThreatDataSchema, RulePublishSchema, ATRProposalSchema, ATRFeedbackSchema, SkillThreatSchema, SkillWhitelistItemSchema, SkillWhitelistSchema, } from './utils/index.js';
|
|
15
15
|
// Discovery engine / 偵察引擎
|
|
16
16
|
export { DISCOVERY_VERSION, detectOS, getNetworkInterfaces, scanOpenPorts, getActiveConnections, getGateway, getDnsServers, getDnsServersAsync, detectServices, detectSecurityTools, checkFirewall, auditUsers, calculateRiskScore, getRiskLevel, OsqueryProvider, createOsqueryProvider, } from './discovery/index.js';
|
|
17
|
-
// Rules engine
|
|
18
|
-
export { RULES_VERSION
|
|
17
|
+
// Rules engine version (Sigma RuleEngine removed; ATR Engine is used exclusively)
|
|
18
|
+
export { RULES_VERSION } from './rules/index.js';
|
|
19
19
|
// Monitor engine / 監控引擎
|
|
20
20
|
export { MONITOR_VERSION, MonitorEngine, LogMonitor, NetworkMonitor, ProcessMonitor, FileMonitor, checkThreatIntel, isPrivateIP, addThreatIntelEntry, getThreatIntelEntries, setFeedManager, getFeedManager, normalizeLogEvent, normalizeNetworkEvent, normalizeProcessEvent, normalizeFileEvent, DEFAULT_MONITOR_CONFIG, ThreatIntelFeedManager, } from './monitor/index.js';
|
|
21
21
|
// Scoring / 安全分數
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAYH,aAAa;AACb,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,cAAc,EAAE,CAAC,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAElF,eAAe;AACf,OAAO,EACL,YAAY,EACZ,WAAW,EACX,aAAa,EACb,gBAAgB,EAChB,cAAc,EACd,gBAAgB,EAChB,gBAAgB,EAChB,eAAe,EACf,cAAc,EACd,aAAa,EACb,qBAAqB,EACrB,gBAAgB,EAChB,eAAe,EACf,gBAAgB,EAChB,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,wBAAwB,EACxB,oBAAoB,GACrB,MAAM,kBAAkB,CAAC;AAW1B,0BAA0B;AAC1B,OAAO,EACL,iBAAiB,EACjB,QAAQ,EACR,oBAAoB,EACpB,aAAa,EACb,oBAAoB,EACpB,UAAU,EACV,aAAa,EACb,kBAAkB,EAClB,cAAc,EACd,mBAAmB,EACnB,aAAa,EACb,UAAU,EACV,kBAAkB,EAClB,YAAY,EACZ,eAAe,EACf,qBAAqB,GACtB,MAAM,sBAAsB,CAAC;AAsB9B,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAYH,aAAa;AACb,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,cAAc,EAAE,CAAC,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAElF,eAAe;AACf,OAAO,EACL,YAAY,EACZ,WAAW,EACX,aAAa,EACb,gBAAgB,EAChB,cAAc,EACd,gBAAgB,EAChB,gBAAgB,EAChB,eAAe,EACf,cAAc,EACd,aAAa,EACb,qBAAqB,EACrB,gBAAgB,EAChB,eAAe,EACf,gBAAgB,EAChB,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,wBAAwB,EACxB,oBAAoB,GACrB,MAAM,kBAAkB,CAAC;AAW1B,0BAA0B;AAC1B,OAAO,EACL,iBAAiB,EACjB,QAAQ,EACR,oBAAoB,EACpB,aAAa,EACb,oBAAoB,EACpB,UAAU,EACV,aAAa,EACb,kBAAkB,EAClB,cAAc,EACd,mBAAmB,EACnB,aAAa,EACb,UAAU,EACV,kBAAkB,EAClB,YAAY,EACZ,eAAe,EACf,qBAAqB,GACtB,MAAM,sBAAsB,CAAC;AAsB9B,kFAAkF;AAClF,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAEjD,wBAAwB;AACxB,OAAO,EACL,eAAe,EACf,aAAa,EACb,UAAU,EACV,cAAc,EACd,cAAc,EACd,WAAW,EACX,gBAAgB,EAChB,WAAW,EACX,mBAAmB,EACnB,qBAAqB,EACrB,cAAc,EACd,cAAc,EACd,iBAAiB,EACjB,qBAAqB,EACrB,qBAAqB,EACrB,kBAAkB,EAClB,sBAAsB,EACtB,sBAAsB,GACvB,MAAM,oBAAoB,CAAC;AAa5B,iBAAiB;AACjB,OAAO,EACL,sBAAsB,EACtB,YAAY,EACZ,YAAY,EACZ,oBAAoB,EACpB,kBAAkB,EAClB,YAAY,GACb,MAAM,oBAAoB,CAAC;AAU5B,iCAAiC;AACjC,OAAO,EACL,UAAU,EACV,SAAS,EACT,YAAY,EACZ,WAAW,EACX,cAAc,EACd,kBAAkB,GACnB,MAAM,eAAe,CAAC;AAevB,iBAAiB;AACjB,OAAO,EACL,gBAAgB,EAChB,WAAW,EACX,WAAW,EACX,cAAc,EACd,eAAe,EACf,YAAY,EACZ,aAAa,EACb,kBAAkB,EAClB,eAAe,GAChB,MAAM,qBAAqB,CAAC;AAQ7B,eAAe;AACf,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,YAAY,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAG/F,yBAAyB;AACzB,OAAO,EACL,CAAC,EACD,aAAa,EACb,UAAU,EACV,UAAU,EACV,OAAO,EACP,OAAO,EACP,YAAY,EACZ,WAAW,EACX,WAAW,EACX,KAAK,EACL,GAAG,EACH,MAAM,EACN,MAAM,EACN,OAAO,EACP,OAAO,EACP,YAAY,EACZ,WAAW,EACX,SAAS,EACT,cAAc,EACd,OAAO,EACP,MAAM,EACN,YAAY,EACZ,UAAU,EACV,aAAa,EACb,YAAY,GACb,MAAM,gBAAgB,CAAC;AAcxB,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,MAAM,QAAQ,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAChD,MAAM,IAAI,GAAG,QAAQ,CAAC,iBAAiB,CAAwB,CAAC;AAEhE,oCAAoC;AACpC,MAAM,CAAC,MAAM,YAAY,GAAW,IAAI,CAAC,OAAO,CAAC"}
|
package/dist/rules/index.d.ts
CHANGED
|
@@ -1,115 +1,11 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* Sigma
|
|
3
|
-
* Sigma/YARA 規則引擎
|
|
2
|
+
* Rules module - Legacy Sigma RuleEngine removed
|
|
4
3
|
*
|
|
5
|
-
*
|
|
6
|
-
*
|
|
7
|
-
* hot-reloading, and custom rule injection.
|
|
8
|
-
* 提供 RuleEngine 類別,用於載入、管理和比對 Sigma 規則與安全事件。
|
|
9
|
-
* 支援檔案系統載入、熱載入和自訂規則注入。
|
|
4
|
+
* The project now uses ATR Engine exclusively for detection.
|
|
5
|
+
* This module is kept for the version export only.
|
|
10
6
|
*
|
|
11
7
|
* @module @panguard-ai/core/rules
|
|
12
8
|
*/
|
|
13
|
-
|
|
14
|
-
import type { SigmaRule, RuleMatch, RuleEngineConfig } from './types.js';
|
|
15
|
-
/** Rules module version / 規則模組版本 */
|
|
9
|
+
/** Rules module version */
|
|
16
10
|
export declare const RULES_VERSION: string;
|
|
17
|
-
/**
|
|
18
|
-
* Sigma rule engine for loading, managing, and matching security rules
|
|
19
|
-
* Sigma 規則引擎,用於載入、管理和比對安全規則
|
|
20
|
-
*
|
|
21
|
-
* The RuleEngine is the primary entry point for working with Sigma rules.
|
|
22
|
-
* It manages a collection of rules, supports hot-reloading from disk,
|
|
23
|
-
* and provides matching against SecurityEvent instances.
|
|
24
|
-
* RuleEngine 是使用 Sigma 規則的主要入口點。
|
|
25
|
-
* 它管理規則集合、支援從磁碟熱載入,並提供與 SecurityEvent 實例的比對。
|
|
26
|
-
*
|
|
27
|
-
* @example
|
|
28
|
-
* ```typescript
|
|
29
|
-
* const engine = new RuleEngine({ rulesDir: './config/sigma-rules', hotReload: true });
|
|
30
|
-
* await engine.loadRules();
|
|
31
|
-
* const matches = engine.match(event);
|
|
32
|
-
* engine.destroy();
|
|
33
|
-
* ```
|
|
34
|
-
*/
|
|
35
|
-
export declare class RuleEngine {
|
|
36
|
-
/** Internal rules collection / 內部規則集合 */
|
|
37
|
-
private rules;
|
|
38
|
-
/** Cleanup function for the filesystem watcher / 檔案系統監視器的清理函式 */
|
|
39
|
-
private cleanupWatcher?;
|
|
40
|
-
/** Engine configuration / 引擎配置 */
|
|
41
|
-
private config;
|
|
42
|
-
/**
|
|
43
|
-
* Create a new RuleEngine instance
|
|
44
|
-
* 建立新的 RuleEngine 實例
|
|
45
|
-
*
|
|
46
|
-
* @param config - Optional configuration / 可選配置
|
|
47
|
-
*/
|
|
48
|
-
constructor(config?: RuleEngineConfig);
|
|
49
|
-
/**
|
|
50
|
-
* Load rules from the configured directory
|
|
51
|
-
* 從配置的目錄載入規則
|
|
52
|
-
*
|
|
53
|
-
* If a rulesDir is configured, loads all Sigma rules from that directory.
|
|
54
|
-
* If hotReload is enabled, starts watching the directory for changes.
|
|
55
|
-
* 如果配置了 rulesDir,從該目錄載入所有 Sigma 規則。
|
|
56
|
-
* 如果啟用了 hotReload,開始監視目錄的變更。
|
|
57
|
-
*
|
|
58
|
-
* @returns Promise that resolves when rules are loaded / 規則載入完成後 resolve 的 Promise
|
|
59
|
-
*/
|
|
60
|
-
loadRules(): Promise<void>;
|
|
61
|
-
/**
|
|
62
|
-
* Add a single rule to the engine
|
|
63
|
-
* 新增單一規則到引擎
|
|
64
|
-
*
|
|
65
|
-
* @param rule - Sigma rule to add / 要新增的 Sigma 規則
|
|
66
|
-
*/
|
|
67
|
-
addRule(rule: SigmaRule): void;
|
|
68
|
-
/**
|
|
69
|
-
* Remove a rule by its id
|
|
70
|
-
* 依 id 移除規則
|
|
71
|
-
*
|
|
72
|
-
* @param id - The rule id to remove / 要移除的規則 id
|
|
73
|
-
* @returns True if a rule was removed, false if not found / 移除成功回傳 true,找不到回傳 false
|
|
74
|
-
*/
|
|
75
|
-
removeRule(id: string): boolean;
|
|
76
|
-
/**
|
|
77
|
-
* Match a security event against all loaded rules
|
|
78
|
-
* 比對安全事件與所有已載入的規則
|
|
79
|
-
*
|
|
80
|
-
* @param event - The security event to match / 要比對的安全事件
|
|
81
|
-
* @returns Array of RuleMatch for all matching rules / 所有比對規則的 RuleMatch 陣列
|
|
82
|
-
*/
|
|
83
|
-
match(event: SecurityEvent): RuleMatch[];
|
|
84
|
-
/**
|
|
85
|
-
* Get a copy of all currently loaded rules
|
|
86
|
-
* 取得所有已載入規則的副本
|
|
87
|
-
*
|
|
88
|
-
* @returns Array of Sigma rules (shallow copy) / Sigma 規則陣列(淺複製)
|
|
89
|
-
*/
|
|
90
|
-
getRules(): SigmaRule[];
|
|
91
|
-
/**
|
|
92
|
-
* Reload all rules from the configured directory
|
|
93
|
-
* 從配置的目錄重新載入所有規則
|
|
94
|
-
*
|
|
95
|
-
* Clears all existing rules (including custom rules) and reloads from scratch.
|
|
96
|
-
* 清除所有現有規則(包含自訂規則)並從頭重新載入。
|
|
97
|
-
*
|
|
98
|
-
* @returns Promise that resolves when rules are reloaded / 規則重新載入完成後 resolve 的 Promise
|
|
99
|
-
*/
|
|
100
|
-
reload(): Promise<void>;
|
|
101
|
-
/**
|
|
102
|
-
* Destroy the engine and clean up resources
|
|
103
|
-
* 銷毀引擎並清理資源
|
|
104
|
-
*
|
|
105
|
-
* Stops the filesystem watcher if active and clears the rule set.
|
|
106
|
-
* 停止檔案系統監視器(如果活動中)並清除規則集。
|
|
107
|
-
*/
|
|
108
|
-
destroy(): void;
|
|
109
|
-
}
|
|
110
|
-
export type { SigmaLogSource, SigmaDetection, SigmaRule, RuleMatch, RuleEngineConfig, } from './types.js';
|
|
111
|
-
export { parseSigmaYaml, parseSigmaFile } from './sigma-parser.js';
|
|
112
|
-
export { matchEvent, matchEventAgainstRules } from './sigma-matcher.js';
|
|
113
|
-
export { loadRulesFromDirectory, loadRulesRecursive, watchRulesDirectory } from './rule-loader.js';
|
|
114
|
-
export { YaraScanner, type YaraMatch, type YaraScanResult } from './yara-scanner.js';
|
|
115
11
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/rules/index.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/rules/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAMH,2BAA2B;AAC3B,eAAO,MAAM,aAAa,EAAE,MAAqB,CAAC"}
|
package/dist/rules/index.js
CHANGED
|
@@ -1,247 +1,14 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* Sigma
|
|
3
|
-
* Sigma/YARA 規則引擎
|
|
2
|
+
* Rules module - Legacy Sigma RuleEngine removed
|
|
4
3
|
*
|
|
5
|
-
*
|
|
6
|
-
*
|
|
7
|
-
* hot-reloading, and custom rule injection.
|
|
8
|
-
* 提供 RuleEngine 類別,用於載入、管理和比對 Sigma 規則與安全事件。
|
|
9
|
-
* 支援檔案系統載入、熱載入和自訂規則注入。
|
|
4
|
+
* The project now uses ATR Engine exclusively for detection.
|
|
5
|
+
* This module is kept for the version export only.
|
|
10
6
|
*
|
|
11
7
|
* @module @panguard-ai/core/rules
|
|
12
8
|
*/
|
|
13
|
-
import { createLogger } from '../utils/logger.js';
|
|
14
|
-
import { matchEventAgainstRules } from './sigma-matcher.js';
|
|
15
|
-
import { loadRulesRecursive, watchRulesDirectory } from './rule-loader.js';
|
|
16
|
-
const logger = createLogger('rule-engine');
|
|
17
9
|
import { createRequire } from 'node:module';
|
|
18
10
|
const _require = createRequire(import.meta.url);
|
|
19
11
|
const _pkg = _require('../../package.json');
|
|
20
|
-
/** Rules module version
|
|
12
|
+
/** Rules module version */
|
|
21
13
|
export const RULES_VERSION = _pkg.version;
|
|
22
|
-
/**
|
|
23
|
-
* Sigma rule engine for loading, managing, and matching security rules
|
|
24
|
-
* Sigma 規則引擎,用於載入、管理和比對安全規則
|
|
25
|
-
*
|
|
26
|
-
* The RuleEngine is the primary entry point for working with Sigma rules.
|
|
27
|
-
* It manages a collection of rules, supports hot-reloading from disk,
|
|
28
|
-
* and provides matching against SecurityEvent instances.
|
|
29
|
-
* RuleEngine 是使用 Sigma 規則的主要入口點。
|
|
30
|
-
* 它管理規則集合、支援從磁碟熱載入,並提供與 SecurityEvent 實例的比對。
|
|
31
|
-
*
|
|
32
|
-
* @example
|
|
33
|
-
* ```typescript
|
|
34
|
-
* const engine = new RuleEngine({ rulesDir: './config/sigma-rules', hotReload: true });
|
|
35
|
-
* await engine.loadRules();
|
|
36
|
-
* const matches = engine.match(event);
|
|
37
|
-
* engine.destroy();
|
|
38
|
-
* ```
|
|
39
|
-
*/
|
|
40
|
-
export class RuleEngine {
|
|
41
|
-
/** Internal rules collection / 內部規則集合 */
|
|
42
|
-
rules = [];
|
|
43
|
-
/** Cleanup function for the filesystem watcher / 檔案系統監視器的清理函式 */
|
|
44
|
-
cleanupWatcher;
|
|
45
|
-
/** Engine configuration / 引擎配置 */
|
|
46
|
-
config;
|
|
47
|
-
/**
|
|
48
|
-
* Create a new RuleEngine instance
|
|
49
|
-
* 建立新的 RuleEngine 實例
|
|
50
|
-
*
|
|
51
|
-
* @param config - Optional configuration / 可選配置
|
|
52
|
-
*/
|
|
53
|
-
constructor(config) {
|
|
54
|
-
this.config = config ?? {};
|
|
55
|
-
// Add any pre-loaded custom rules / 新增預載入的自訂規則
|
|
56
|
-
if (this.config.customRules !== undefined && this.config.customRules.length > 0) {
|
|
57
|
-
this.rules.push(...this.config.customRules);
|
|
58
|
-
logger.info(`Initialized with ${this.config.customRules.length} custom rules / 已初始化 ${this.config.customRules.length} 條自訂規則`);
|
|
59
|
-
}
|
|
60
|
-
}
|
|
61
|
-
/**
|
|
62
|
-
* Load rules from the configured directory
|
|
63
|
-
* 從配置的目錄載入規則
|
|
64
|
-
*
|
|
65
|
-
* If a rulesDir is configured, loads all Sigma rules from that directory.
|
|
66
|
-
* If hotReload is enabled, starts watching the directory for changes.
|
|
67
|
-
* 如果配置了 rulesDir,從該目錄載入所有 Sigma 規則。
|
|
68
|
-
* 如果啟用了 hotReload,開始監視目錄的變更。
|
|
69
|
-
*
|
|
70
|
-
* @returns Promise that resolves when rules are loaded / 規則載入完成後 resolve 的 Promise
|
|
71
|
-
*/
|
|
72
|
-
async loadRules() {
|
|
73
|
-
const existingIds = new Set(this.rules.map((r) => r.id));
|
|
74
|
-
// Load custom rules from rulesDir / 從 rulesDir 載入自訂規則
|
|
75
|
-
if (this.config.rulesDir !== undefined) {
|
|
76
|
-
const customDirRules = loadRulesRecursive(this.config.rulesDir, 'custom');
|
|
77
|
-
for (const rule of customDirRules) {
|
|
78
|
-
if (!existingIds.has(rule.id)) {
|
|
79
|
-
this.rules.push(rule);
|
|
80
|
-
existingIds.add(rule.id);
|
|
81
|
-
}
|
|
82
|
-
else {
|
|
83
|
-
logger.warn(`Skipping duplicate rule id "${rule.id}" from custom directory / 跳過自訂目錄中重複的規則 id "${rule.id}"`);
|
|
84
|
-
}
|
|
85
|
-
}
|
|
86
|
-
}
|
|
87
|
-
// Load community rules from communityRulesDir / 從 communityRulesDir 載入社群規則
|
|
88
|
-
if (this.config.communityRulesDir !== undefined) {
|
|
89
|
-
const communityRules = loadRulesRecursive(this.config.communityRulesDir, 'community');
|
|
90
|
-
for (const rule of communityRules) {
|
|
91
|
-
if (!existingIds.has(rule.id)) {
|
|
92
|
-
this.rules.push(rule);
|
|
93
|
-
existingIds.add(rule.id);
|
|
94
|
-
}
|
|
95
|
-
else {
|
|
96
|
-
logger.warn(`Skipping duplicate rule id "${rule.id}" from community directory / 跳過社群目錄中重複的規則 id "${rule.id}"`);
|
|
97
|
-
}
|
|
98
|
-
}
|
|
99
|
-
}
|
|
100
|
-
if (this.config.rulesDir === undefined && this.config.communityRulesDir === undefined) {
|
|
101
|
-
logger.warn('No rulesDir or communityRulesDir configured, skipping directory load / 未配置規則目錄,跳過載入');
|
|
102
|
-
}
|
|
103
|
-
logger.info(`Total rules loaded: ${this.rules.length} / 已載入規則總數: ${this.rules.length}`);
|
|
104
|
-
// Set up hot-reload watcher if configured / 如果配置了熱載入,設定監視器
|
|
105
|
-
if (this.config.hotReload && this.config.rulesDir !== undefined) {
|
|
106
|
-
if (this.cleanupWatcher !== undefined) {
|
|
107
|
-
this.cleanupWatcher();
|
|
108
|
-
}
|
|
109
|
-
this.cleanupWatcher = watchRulesDirectory(this.config.rulesDir, (updatedRules) => {
|
|
110
|
-
const customRules = this.config.customRules ?? [];
|
|
111
|
-
const customIds = new Set(customRules.map((r) => r.id));
|
|
112
|
-
this.rules = [...customRules];
|
|
113
|
-
const loadedIds = new Set(customIds);
|
|
114
|
-
for (const rule of updatedRules) {
|
|
115
|
-
if (!loadedIds.has(rule.id)) {
|
|
116
|
-
this.rules.push(rule);
|
|
117
|
-
loadedIds.add(rule.id);
|
|
118
|
-
}
|
|
119
|
-
}
|
|
120
|
-
// Re-load community rules after hot-reload / 熱載入後重新載入社群規則
|
|
121
|
-
if (this.config.communityRulesDir !== undefined) {
|
|
122
|
-
const communityRules = loadRulesRecursive(this.config.communityRulesDir, 'community');
|
|
123
|
-
for (const rule of communityRules) {
|
|
124
|
-
if (!loadedIds.has(rule.id)) {
|
|
125
|
-
this.rules.push(rule);
|
|
126
|
-
loadedIds.add(rule.id);
|
|
127
|
-
}
|
|
128
|
-
}
|
|
129
|
-
}
|
|
130
|
-
logger.info(`Hot-reloaded rules, total: ${this.rules.length} / 熱載入規則完成,總數: ${this.rules.length}`);
|
|
131
|
-
});
|
|
132
|
-
}
|
|
133
|
-
}
|
|
134
|
-
/**
|
|
135
|
-
* Add a single rule to the engine
|
|
136
|
-
* 新增單一規則到引擎
|
|
137
|
-
*
|
|
138
|
-
* @param rule - Sigma rule to add / 要新增的 Sigma 規則
|
|
139
|
-
*/
|
|
140
|
-
addRule(rule) {
|
|
141
|
-
const existingIndex = this.rules.findIndex((r) => r.id === rule.id);
|
|
142
|
-
if (existingIndex !== -1) {
|
|
143
|
-
this.rules[existingIndex] = rule;
|
|
144
|
-
logger.info(`Updated existing rule: "${rule.title}" (${rule.id}) / 更新現有規則: "${rule.title}" (${rule.id})`);
|
|
145
|
-
}
|
|
146
|
-
else {
|
|
147
|
-
this.rules.push(rule);
|
|
148
|
-
logger.info(`Added new rule: "${rule.title}" (${rule.id}) / 新增規則: "${rule.title}" (${rule.id})`);
|
|
149
|
-
}
|
|
150
|
-
}
|
|
151
|
-
/**
|
|
152
|
-
* Remove a rule by its id
|
|
153
|
-
* 依 id 移除規則
|
|
154
|
-
*
|
|
155
|
-
* @param id - The rule id to remove / 要移除的規則 id
|
|
156
|
-
* @returns True if a rule was removed, false if not found / 移除成功回傳 true,找不到回傳 false
|
|
157
|
-
*/
|
|
158
|
-
removeRule(id) {
|
|
159
|
-
const initialLength = this.rules.length;
|
|
160
|
-
this.rules = this.rules.filter((r) => r.id !== id);
|
|
161
|
-
const removed = this.rules.length < initialLength;
|
|
162
|
-
if (removed) {
|
|
163
|
-
logger.info(`Removed rule: ${id} / 已移除規則: ${id}`);
|
|
164
|
-
}
|
|
165
|
-
else {
|
|
166
|
-
logger.warn(`Rule not found for removal: ${id} / 找不到要移除的規則: ${id}`);
|
|
167
|
-
}
|
|
168
|
-
return removed;
|
|
169
|
-
}
|
|
170
|
-
/**
|
|
171
|
-
* Match a security event against all loaded rules
|
|
172
|
-
* 比對安全事件與所有已載入的規則
|
|
173
|
-
*
|
|
174
|
-
* @param event - The security event to match / 要比對的安全事件
|
|
175
|
-
* @returns Array of RuleMatch for all matching rules / 所有比對規則的 RuleMatch 陣列
|
|
176
|
-
*/
|
|
177
|
-
match(event) {
|
|
178
|
-
return matchEventAgainstRules(event, this.rules);
|
|
179
|
-
}
|
|
180
|
-
/**
|
|
181
|
-
* Get a copy of all currently loaded rules
|
|
182
|
-
* 取得所有已載入規則的副本
|
|
183
|
-
*
|
|
184
|
-
* @returns Array of Sigma rules (shallow copy) / Sigma 規則陣列(淺複製)
|
|
185
|
-
*/
|
|
186
|
-
getRules() {
|
|
187
|
-
return [...this.rules];
|
|
188
|
-
}
|
|
189
|
-
/**
|
|
190
|
-
* Reload all rules from the configured directory
|
|
191
|
-
* 從配置的目錄重新載入所有規則
|
|
192
|
-
*
|
|
193
|
-
* Clears all existing rules (including custom rules) and reloads from scratch.
|
|
194
|
-
* 清除所有現有規則(包含自訂規則)並從頭重新載入。
|
|
195
|
-
*
|
|
196
|
-
* @returns Promise that resolves when rules are reloaded / 規則重新載入完成後 resolve 的 Promise
|
|
197
|
-
*/
|
|
198
|
-
async reload() {
|
|
199
|
-
logger.info('Reloading all rules / 重新載入所有規則');
|
|
200
|
-
// Reset to custom rules only / 重設為僅有自訂規則
|
|
201
|
-
this.rules = this.config.customRules ? [...this.config.customRules] : [];
|
|
202
|
-
const existingIds = new Set(this.rules.map((r) => r.id));
|
|
203
|
-
if (this.config.rulesDir !== undefined) {
|
|
204
|
-
const customDirRules = loadRulesRecursive(this.config.rulesDir, 'custom');
|
|
205
|
-
for (const rule of customDirRules) {
|
|
206
|
-
if (!existingIds.has(rule.id)) {
|
|
207
|
-
this.rules.push(rule);
|
|
208
|
-
existingIds.add(rule.id);
|
|
209
|
-
}
|
|
210
|
-
}
|
|
211
|
-
}
|
|
212
|
-
if (this.config.communityRulesDir !== undefined) {
|
|
213
|
-
const communityRules = loadRulesRecursive(this.config.communityRulesDir, 'community');
|
|
214
|
-
for (const rule of communityRules) {
|
|
215
|
-
if (!existingIds.has(rule.id)) {
|
|
216
|
-
this.rules.push(rule);
|
|
217
|
-
existingIds.add(rule.id);
|
|
218
|
-
}
|
|
219
|
-
}
|
|
220
|
-
}
|
|
221
|
-
logger.info(`Reload complete, total rules: ${this.rules.length} / 重新載入完成,規則總數: ${this.rules.length}`);
|
|
222
|
-
}
|
|
223
|
-
/**
|
|
224
|
-
* Destroy the engine and clean up resources
|
|
225
|
-
* 銷毀引擎並清理資源
|
|
226
|
-
*
|
|
227
|
-
* Stops the filesystem watcher if active and clears the rule set.
|
|
228
|
-
* 停止檔案系統監視器(如果活動中)並清除規則集。
|
|
229
|
-
*/
|
|
230
|
-
destroy() {
|
|
231
|
-
if (this.cleanupWatcher !== undefined) {
|
|
232
|
-
this.cleanupWatcher();
|
|
233
|
-
this.cleanupWatcher = undefined;
|
|
234
|
-
}
|
|
235
|
-
this.rules = [];
|
|
236
|
-
logger.info('RuleEngine destroyed / RuleEngine 已銷毀');
|
|
237
|
-
}
|
|
238
|
-
}
|
|
239
|
-
// Re-export parser functions / 重新匯出解析器函式
|
|
240
|
-
export { parseSigmaYaml, parseSigmaFile } from './sigma-parser.js';
|
|
241
|
-
// Re-export matcher functions / 重新匯出比對器函式
|
|
242
|
-
export { matchEvent, matchEventAgainstRules } from './sigma-matcher.js';
|
|
243
|
-
// Re-export loader functions / 重新匯出載入器函式
|
|
244
|
-
export { loadRulesFromDirectory, loadRulesRecursive, watchRulesDirectory } from './rule-loader.js';
|
|
245
|
-
// Re-export YARA scanner / 重新匯出 YARA 掃描器
|
|
246
|
-
export { YaraScanner } from './yara-scanner.js';
|
|
247
14
|
//# sourceMappingURL=index.js.map
|
package/dist/rules/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/rules/index.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/rules/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,MAAM,QAAQ,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAChD,MAAM,IAAI,GAAG,QAAQ,CAAC,oBAAoB,CAAwB,CAAC;AAEnE,2BAA2B;AAC3B,MAAM,CAAC,MAAM,aAAa,GAAW,IAAI,CAAC,OAAO,CAAC"}
|
package/dist/types.d.ts
CHANGED
|
@@ -15,7 +15,7 @@ export type Severity = 'info' | 'low' | 'medium' | 'high' | 'critical';
|
|
|
15
15
|
/**
|
|
16
16
|
* Security event source types / 安全事件來源類型
|
|
17
17
|
*/
|
|
18
|
-
export type EventSource = 'windows_event' | 'syslog' | 'authlog' | 'journald' | 'network' | 'process' | 'file' | '
|
|
18
|
+
export type EventSource = 'windows_event' | 'syslog' | 'authlog' | 'journald' | 'network' | 'process' | 'file' | 'honeypot' | 'dpi' | 'memory_scanner' | 'syscall' | 'agent_input' | 'agent_output' | 'agent_behavior' | 'llm_input' | 'llm_output' | 'tool_call' | 'tool_response' | 'function_call' | 'mcp_response' | 'multi_agent' | 'git';
|
|
19
19
|
/**
|
|
20
20
|
* Base application configuration / 基礎應用程式配置
|
|
21
21
|
*/
|
package/dist/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;GAEG;AACH,MAAM,MAAM,QAAQ,GAAG,OAAO,GAAG,IAAI,CAAC;AAEtC;;GAEG;AACH,MAAM,MAAM,QAAQ,GAAG,MAAM,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;AAEvE;;GAEG;AACH,MAAM,MAAM,WAAW,GACnB,eAAe,GACf,QAAQ,GACR,SAAS,GACT,UAAU,GACV,SAAS,GACT,SAAS,GACT,MAAM,GACN,
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;GAEG;AACH,MAAM,MAAM,QAAQ,GAAG,OAAO,GAAG,IAAI,CAAC;AAEtC;;GAEG;AACH,MAAM,MAAM,QAAQ,GAAG,MAAM,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;AAEvE;;GAEG;AACH,MAAM,MAAM,WAAW,GACnB,eAAe,GACf,QAAQ,GACR,SAAS,GACT,UAAU,GACV,SAAS,GACT,SAAS,GACT,MAAM,GACN,UAAU,GACV,KAAK,GACL,gBAAgB,GAChB,SAAS,GACT,aAAa,GACb,cAAc,GACd,gBAAgB,GAChB,WAAW,GACX,YAAY,GACZ,WAAW,GACX,eAAe,GACf,eAAe,GACf,cAAc,GACd,aAAa,GACb,KAAK,CAAC;AAEV;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,kCAAkC;IAClC,QAAQ,EAAE,QAAQ,CAAC;IACnB,wBAAwB;IACxB,KAAK,EAAE,OAAO,CAAC;IACf,uBAAuB;IACvB,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,OAAO,CAAC;CAC/C;AAED;;;;;GAKG;AACH,MAAM,WAAW,aAAa;IAC5B,wCAAwC;IACxC,EAAE,EAAE,MAAM,CAAC;IACX,8BAA8B;IAC9B,SAAS,EAAE,IAAI,CAAC;IAChB,iCAAiC;IACjC,MAAM,EAAE,WAAW,CAAC;IACpB,4BAA4B;IAC5B,QAAQ,EAAE,QAAQ,CAAC;IACnB,8CAA8C;IAC9C,QAAQ,EAAE,MAAM,CAAC;IACjB,+BAA+B;IAC/B,WAAW,EAAE,MAAM,CAAC;IACpB,8BAA8B;IAC9B,GAAG,EAAE,OAAO,CAAC;IACb,sBAAsB;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,mCAAmC;IACnC,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AAED;;GAEG;AACH,MAAM,WAAW,QAAQ;IACvB,8BAA8B;IAC9B,SAAS,EAAE,MAAM,CAAC;IAClB,uBAAuB;IACvB,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,OAAO,CAAC;IAC3C,yBAAyB;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,8CAA8C;IAC9C,MAAM,EAAE,MAAM,CAAC;IACf,iCAAiC;IACjC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC"}
|