npm - @panguard-ai/panguard-guard - Versions diffs - 0.1.0 - Mend

@panguard-ai/panguard-guard 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (130) hide show

package/dist/agent/analyze-agent.d.ts +62 -0
package/dist/agent/analyze-agent.d.ts.map +1 -0
package/dist/agent/analyze-agent.js +327 -0
package/dist/agent/analyze-agent.js.map +1 -0
package/dist/agent/detect-agent.d.ts +59 -0
package/dist/agent/detect-agent.d.ts.map +1 -0
package/dist/agent/detect-agent.js +214 -0
package/dist/agent/detect-agent.js.map +1 -0
package/dist/agent/index.d.ts +15 -0
package/dist/agent/index.d.ts.map +1 -0
package/dist/agent/index.js +14 -0
package/dist/agent/index.js.map +1 -0
package/dist/agent/report-agent.d.ts +122 -0
package/dist/agent/report-agent.d.ts.map +1 -0
package/dist/agent/report-agent.js +468 -0
package/dist/agent/report-agent.js.map +1 -0
package/dist/agent/respond-agent.d.ts +113 -0
package/dist/agent/respond-agent.d.ts.map +1 -0
package/dist/agent/respond-agent.js +749 -0
package/dist/agent/respond-agent.js.map +1 -0
package/dist/agent-client/index.d.ts +81 -0
package/dist/agent-client/index.d.ts.map +1 -0
package/dist/agent-client/index.js +170 -0
package/dist/agent-client/index.js.map +1 -0
package/dist/cli/index.d.ts +17 -0
package/dist/cli/index.d.ts.map +1 -0
package/dist/cli/index.js +295 -0
package/dist/cli/index.js.map +1 -0
package/dist/config.d.ts +23 -0
package/dist/config.d.ts.map +1 -0
package/dist/config.js +108 -0
package/dist/config.js.map +1 -0
package/dist/daemon/index.d.ts +66 -0
package/dist/daemon/index.d.ts.map +1 -0
package/dist/daemon/index.js +284 -0
package/dist/daemon/index.js.map +1 -0
package/dist/dashboard/index.d.ts +78 -0
package/dist/dashboard/index.d.ts.map +1 -0
package/dist/dashboard/index.js +455 -0
package/dist/dashboard/index.js.map +1 -0
package/dist/guard-engine.d.ts +108 -0
package/dist/guard-engine.d.ts.map +1 -0
package/dist/guard-engine.js +740 -0
package/dist/guard-engine.js.map +1 -0
package/dist/index.d.ts +29 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +39 -0
package/dist/index.js.map +1 -0
package/dist/install/index.d.ts +23 -0
package/dist/install/index.d.ts.map +1 -0
package/dist/install/index.js +216 -0
package/dist/install/index.js.map +1 -0
package/dist/investigation/index.d.ts +80 -0
package/dist/investigation/index.d.ts.map +1 -0
package/dist/investigation/index.js +570 -0
package/dist/investigation/index.js.map +1 -0
package/dist/license/index.d.ts +46 -0
package/dist/license/index.d.ts.map +1 -0
package/dist/license/index.js +145 -0
package/dist/license/index.js.map +1 -0
package/dist/memory/baseline.d.ts +34 -0
package/dist/memory/baseline.d.ts.map +1 -0
package/dist/memory/baseline.js +224 -0
package/dist/memory/baseline.js.map +1 -0
package/dist/memory/index.d.ts +32 -0
package/dist/memory/index.d.ts.map +1 -0
package/dist/memory/index.js +58 -0
package/dist/memory/index.js.map +1 -0
package/dist/memory/learning.d.ts +35 -0
package/dist/memory/learning.d.ts.map +1 -0
package/dist/memory/learning.js +60 -0
package/dist/memory/learning.js.map +1 -0
package/dist/monitors/falco-monitor.d.ts +62 -0
package/dist/monitors/falco-monitor.d.ts.map +1 -0
package/dist/monitors/falco-monitor.js +226 -0
package/dist/monitors/falco-monitor.js.map +1 -0
package/dist/monitors/suricata-monitor.d.ts +80 -0
package/dist/monitors/suricata-monitor.d.ts.map +1 -0
package/dist/monitors/suricata-monitor.js +227 -0
package/dist/monitors/suricata-monitor.js.map +1 -0
package/dist/notify/email.d.ts +23 -0
package/dist/notify/email.d.ts.map +1 -0
package/dist/notify/email.js +124 -0
package/dist/notify/email.js.map +1 -0
package/dist/notify/index.d.ts +31 -0
package/dist/notify/index.d.ts.map +1 -0
package/dist/notify/index.js +70 -0
package/dist/notify/index.js.map +1 -0
package/dist/notify/line-notify.d.ts.map +1 -0
package/dist/notify/slack.d.ts +21 -0
package/dist/notify/slack.d.ts.map +1 -0
package/dist/notify/slack.js +92 -0
package/dist/notify/slack.js.map +1 -0
package/dist/notify/telegram.d.ts +21 -0
package/dist/notify/telegram.d.ts.map +1 -0
package/dist/notify/telegram.js +89 -0
package/dist/notify/telegram.js.map +1 -0
package/dist/response/file-quarantine.d.ts +63 -0
package/dist/response/file-quarantine.d.ts.map +1 -0
package/dist/response/file-quarantine.js +137 -0
package/dist/response/file-quarantine.js.map +1 -0
package/dist/response/index.d.ts +4 -0
package/dist/response/index.d.ts.map +1 -0
package/dist/response/index.js +4 -0
package/dist/response/index.js.map +1 -0
package/dist/response/ip-blocker.d.ts +69 -0
package/dist/response/ip-blocker.d.ts.map +1 -0
package/dist/response/ip-blocker.js +191 -0
package/dist/response/ip-blocker.js.map +1 -0
package/dist/response/process-killer.d.ts +49 -0
package/dist/response/process-killer.d.ts.map +1 -0
package/dist/response/process-killer.js +230 -0
package/dist/response/process-killer.js.map +1 -0
package/dist/rules/builtin-rules.d.ts +12 -0
package/dist/rules/builtin-rules.d.ts.map +1 -0
package/dist/rules/builtin-rules.js +471 -0
package/dist/rules/builtin-rules.js.map +1 -0
package/dist/threat-cloud/client-id.d.ts +13 -0
package/dist/threat-cloud/client-id.d.ts.map +1 -0
package/dist/threat-cloud/client-id.js +38 -0
package/dist/threat-cloud/client-id.js.map +1 -0
package/dist/threat-cloud/index.d.ts +103 -0
package/dist/threat-cloud/index.d.ts.map +1 -0
package/dist/threat-cloud/index.js +386 -0
package/dist/threat-cloud/index.js.map +1 -0
package/dist/types.d.ts +336 -0
package/dist/types.d.ts.map +1 -0
package/dist/types.js +42 -0
package/dist/types.js.map +1 -0
package/package.json +35 -0

package/dist/monitors/falco-monitor.d.ts ADDED Viewed

@@ -0,0 +1,62 @@
+/**
+ * FalcoMonitor - eBPF-based kernel-level syscall monitoring via Falco
+ * FalcoMonitor - 透過 Falco 實作的 eBPF kernel-level syscall 監控
+ *
+ * Integrates with the CNCF Falco project to provide kernel-level
+ * visibility into system calls. Gracefully degrades when Falco
+ * is not installed (same pattern as optional LLM providers).
+ *
+ * @module @panguard-ai/panguard-guard/monitors/falco-monitor
+ */
+import { EventEmitter } from 'node:events';
+import type { SecurityEvent } from '@panguard-ai/core';
+/**
+ * Raw Falco JSON alert structure
+ */
+export interface FalcoAlert {
+    priority: string;
+    rule: string;
+    time: string;
+    output: string;
+    output_fields?: Record<string, unknown>;
+    source?: string;
+    tags?: string[];
+    hostname?: string;
+}
+/**
+ * Parse a raw Falco JSON alert into a Panguard SecurityEvent
+ */
+export declare function parseFalcoEvent(raw: FalcoAlert): SecurityEvent;
+/**
+ * FalcoMonitor watches Falco alert output and emits SecurityEvents
+ *
+ * Usage:
+ *   const monitor = new FalcoMonitor();
+ *   if (await monitor.checkAvailability()) {
+ *     monitor.on('event', (event) => processEvent(event));
+ *     await monitor.start();
+ *   }
+ */
+export declare class FalcoMonitor extends EventEmitter {
+    private alertPath;
+    private running;
+    private fileOffset;
+    private watchInterval;
+    /**
+     * Check if Falco is installed and alert files are accessible
+     */
+    checkAvailability(): Promise<boolean>;
+    /**
+     * Start tailing the Falco alert file
+     */
+    start(): Promise<void>;
+    /**
+     * Read new lines from the alert file since last offset
+     */
+    private readNewLines;
+    /**
+     * Stop monitoring
+     */
+    stop(): void;
+}
+//# sourceMappingURL=falco-monitor.d.ts.map

package/dist/monitors/falco-monitor.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"falco-monitor.d.ts","sourceRoot":"","sources":["../../src/monitors/falco-monitor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAK3C,OAAO,KAAK,EAAE,aAAa,EAAY,MAAM,mBAAmB,CAAC;AAWjE;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACxC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAmCD;;GAEG;AACH,wBAAgB,eAAe,CAAC,GAAG,EAAE,UAAU,GAAG,aAAa,CA4B9D;AAED;;;;;;;;;GASG;AACH,qBAAa,YAAa,SAAQ,YAAY;IAC5C,OAAO,CAAC,SAAS,CAAuB;IACxC,OAAO,CAAC,OAAO,CAAS;IACxB,OAAO,CAAC,UAAU,CAAK;IACvB,OAAO,CAAC,aAAa,CAA+C;IAEpE;;OAEG;IACG,iBAAiB,IAAI,OAAO,CAAC,OAAO,CAAC;IAwC3C;;OAEG;IACG,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAyB5B;;OAEG;IACH,OAAO,CAAC,YAAY;IA0CpB;;OAEG;IACH,IAAI,IAAI,IAAI;CAcb"}

package/dist/monitors/falco-monitor.js ADDED Viewed

@@ -0,0 +1,226 @@
+/**
+ * FalcoMonitor - eBPF-based kernel-level syscall monitoring via Falco
+ * FalcoMonitor - 透過 Falco 實作的 eBPF kernel-level syscall 監控
+ *
+ * Integrates with the CNCF Falco project to provide kernel-level
+ * visibility into system calls. Gracefully degrades when Falco
+ * is not installed (same pattern as optional LLM providers).
+ *
+ * @module @panguard-ai/panguard-guard/monitors/falco-monitor
+ */
+import { EventEmitter } from 'node:events';
+import { createReadStream, existsSync, watchFile, unwatchFile, statSync } from 'node:fs';
+import { createInterface } from 'node:readline';
+import { execFile } from 'node:child_process';
+import { createLogger } from '@panguard-ai/core';
+const logger = createLogger('panguard-guard:falco-monitor');
+/** Default Falco alert file paths (ordered by preference) */
+const FALCO_ALERT_PATHS = [
+    '/var/log/falco/alerts.json',
+    '/var/log/falco/events.json',
+    '/etc/falco/alerts.json',
+];
+/**
+ * Map Falco priority to Panguard severity
+ */
+function mapFalcoPriority(priority) {
+    const p = priority.toUpperCase();
+    if (p === 'CRITICAL' || p === 'EMERGENCY' || p === 'ALERT')
+        return 'critical';
+    if (p === 'ERROR')
+        return 'high';
+    if (p === 'WARNING')
+        return 'medium';
+    if (p === 'NOTICE')
+        return 'low';
+    return 'info';
+}
+/**
+ * Map Falco tags to MITRE ATT&CK categories
+ */
+function mapFalcoCategory(tags) {
+    if (!tags || tags.length === 0)
+        return 'unknown';
+    const tagStr = tags.join(' ').toLowerCase();
+    if (tagStr.includes('container') || tagStr.includes('escape'))
+        return 'container_escape';
+    if (tagStr.includes('shell') || tagStr.includes('terminal'))
+        return 'reverse_shell';
+    if (tagStr.includes('crypto') || tagStr.includes('mining'))
+        return 'cryptomining';
+    if (tagStr.includes('credential') || tagStr.includes('shadow'))
+        return 'credential_access';
+    if (tagStr.includes('network') || tagStr.includes('connect'))
+        return 'network_activity';
+    if (tagStr.includes('file') || tagStr.includes('write') || tagStr.includes('read'))
+        return 'file_access';
+    if (tagStr.includes('process') || tagStr.includes('exec'))
+        return 'process_execution';
+    return tags[0] ?? 'unknown';
+}
+let eventCounter = 0;
+/**
+ * Parse a raw Falco JSON alert into a Panguard SecurityEvent
+ */
+export function parseFalcoEvent(raw) {
+    eventCounter++;
+    const fields = raw.output_fields ?? {};
+    return {
+        id: `falco-${Date.now()}-${eventCounter}`,
+        timestamp: raw.time ? new Date(raw.time) : new Date(),
+        source: 'falco',
+        severity: mapFalcoPriority(raw.priority),
+        category: mapFalcoCategory(raw.tags),
+        description: raw.output || `Falco rule triggered: ${raw.rule}`,
+        raw,
+        host: raw.hostname ?? raw.output_fields?.['hostname'] ?? 'unknown',
+        metadata: {
+            rule: raw.rule,
+            priority: raw.priority,
+            hostname: raw.hostname,
+            tags: raw.tags,
+            pid: fields['proc.pid'],
+            processName: fields['proc.name'],
+            userName: fields['user.name'],
+            containerName: fields['container.name'],
+            containerId: fields['container.id'],
+            filePath: fields['fd.name'],
+            sourceIP: fields['fd.sip'],
+            destIP: fields['fd.dip'],
+        },
+    };
+}
+/**
+ * FalcoMonitor watches Falco alert output and emits SecurityEvents
+ *
+ * Usage:
+ *   const monitor = new FalcoMonitor();
+ *   if (await monitor.checkAvailability()) {
+ *     monitor.on('event', (event) => processEvent(event));
+ *     await monitor.start();
+ *   }
+ */
+export class FalcoMonitor extends EventEmitter {
+    alertPath = null;
+    running = false;
+    fileOffset = 0;
+    watchInterval = null;
+    /**
+     * Check if Falco is installed and alert files are accessible
+     */
+    async checkAvailability() {
+        // Check if falco binary exists
+        const hasBinary = await new Promise((resolve) => {
+            execFile('which', ['falco'], (error) => {
+                resolve(!error);
+            });
+        });
+        if (hasBinary) {
+            logger.info('Falco binary detected');
+        }
+        // Check for alert file
+        for (const path of FALCO_ALERT_PATHS) {
+            if (existsSync(path)) {
+                this.alertPath = path;
+                logger.info(`Falco alert file found: ${path}`);
+                return true;
+            }
+        }
+        // Allow custom path via env
+        const customPath = process.env['FALCO_ALERTS_PATH'];
+        if (customPath && existsSync(customPath)) {
+            this.alertPath = customPath;
+            logger.info(`Falco alert file (custom): ${customPath}`);
+            return true;
+        }
+        if (hasBinary) {
+            logger.warn('Falco binary found but no alert file. Ensure Falco is running with json_output=true');
+            return false;
+        }
+        logger.info('Falco not detected, kernel-level monitoring disabled (optional)');
+        return false;
+    }
+    /**
+     * Start tailing the Falco alert file
+     */
+    async start() {
+        if (!this.alertPath) {
+            throw new Error('Falco alert file not found. Call checkAvailability() first.');
+        }
+        if (this.running)
+            return;
+        this.running = true;
+        // Start from end of file (only read new alerts)
+        try {
+            const stats = statSync(this.alertPath);
+            this.fileOffset = stats.size;
+        }
+        catch {
+            this.fileOffset = 0;
+        }
+        logger.info(`FalcoMonitor started, tailing ${this.alertPath}`);
+        // Use polling-based file watch for compatibility
+        const alertPath = this.alertPath;
+        watchFile(alertPath, { interval: 1000 }, () => {
+            this.readNewLines(alertPath);
+        });
+    }
+    /**
+     * Read new lines from the alert file since last offset
+     */
+    readNewLines(filePath) {
+        try {
+            const stats = statSync(filePath);
+            if (stats.size <= this.fileOffset) {
+                // File was truncated or unchanged
+                if (stats.size < this.fileOffset) {
+                    this.fileOffset = 0;
+                }
+                return;
+            }
+            const stream = createReadStream(filePath, {
+                start: this.fileOffset,
+                encoding: 'utf-8',
+            });
+            const rl = createInterface({ input: stream, crlfDelay: Infinity });
+            rl.on('line', (line) => {
+                const trimmed = line.trim();
+                if (!trimmed)
+                    return;
+                try {
+                    const alert = JSON.parse(trimmed);
+                    if (alert.rule && alert.priority) {
+                        const event = parseFalcoEvent(alert);
+                        this.emit('event', event);
+                    }
+                }
+                catch {
+                    // Skip non-JSON lines
+                }
+            });
+            rl.on('close', () => {
+                this.fileOffset = stats.size;
+            });
+        }
+        catch (err) {
+            logger.error(`Error reading Falco alerts: ${err instanceof Error ? err.message : String(err)}`);
+        }
+    }
+    /**
+     * Stop monitoring
+     */
+    stop() {
+        if (!this.running)
+            return;
+        this.running = false;
+        if (this.alertPath) {
+            unwatchFile(this.alertPath);
+        }
+        if (this.watchInterval) {
+            clearInterval(this.watchInterval);
+            this.watchInterval = null;
+        }
+        logger.info('FalcoMonitor stopped');
+    }
+}
+//# sourceMappingURL=falco-monitor.js.map

package/dist/monitors/falco-monitor.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"falco-monitor.js","sourceRoot":"","sources":["../../src/monitors/falco-monitor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,gBAAgB,EAAE,UAAU,EAAE,SAAS,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACzF,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAChD,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAGjD,MAAM,MAAM,GAAG,YAAY,CAAC,8BAA8B,CAAC,CAAC;AAE5D,6DAA6D;AAC7D,MAAM,iBAAiB,GAAG;IACxB,4BAA4B;IAC5B,4BAA4B;IAC5B,wBAAwB;CAChB,CAAC;AAgBX;;GAEG;AACH,SAAS,gBAAgB,CAAC,QAAgB;IACxC,MAAM,CAAC,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;IACjC,IAAI,CAAC,KAAK,UAAU,IAAI,CAAC,KAAK,WAAW,IAAI,CAAC,KAAK,OAAO;QAAE,OAAO,UAAU,CAAC;IAC9E,IAAI,CAAC,KAAK,OAAO;QAAE,OAAO,MAAM,CAAC;IACjC,IAAI,CAAC,KAAK,SAAS;QAAE,OAAO,QAAQ,CAAC;IACrC,IAAI,CAAC,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IACjC,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB,CAAC,IAAe;IACvC,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IAEjD,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;IAC5C,IAAI,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAAE,OAAO,kBAAkB,CAAC;IACzF,IAAI,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC;QAAE,OAAO,eAAe,CAAC;IACpF,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAAE,OAAO,cAAc,CAAC;IAClF,IAAI,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAAE,OAAO,mBAAmB,CAAC;IAC3F,IAAI,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC;QAAE,OAAO,kBAAkB,CAAC;IACxF,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;QAChF,OAAO,aAAa,CAAC;IACvB,IAAI,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,OAAO,mBAAmB,CAAC;IAEtF,OAAO,IAAI,CAAC,CAAC,CAAC,IAAI,SAAS,CAAC;AAC9B,CAAC;AAED,IAAI,YAAY,GAAG,CAAC,CAAC;AAErB;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,GAAe;IAC7C,YAAY,EAAE,CAAC;IACf,MAAM,MAAM,GAAG,GAAG,CAAC,aAAa,IAAI,EAAE,CAAC;IAEvC,OAAO;QACL,EAAE,EAAE,SAAS,IAAI,CAAC,GAAG,EAAE,IAAI,YAAY,EAAE;QACzC,SAAS,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE;QACrD,MAAM,EAAE,OAAO;QACf,QAAQ,EAAE,gBAAgB,CAAC,GAAG,CAAC,QAAQ,CAAC;QACxC,QAAQ,EAAE,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC;QACpC,WAAW,EAAE,GAAG,CAAC,MAAM,IAAI,yBAAyB,GAAG,CAAC,IAAI,EAAE;QAC9D,GAAG;QACH,IAAI,EAAE,GAAG,CAAC,QAAQ,IAAK,GAAG,CAAC,aAAa,EAAE,CAAC,UAAU,CAAY,IAAI,SAAS;QAC9E,QAAQ,EAAE;YACR,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,QAAQ,EAAE,GAAG,CAAC,QAAQ;YACtB,QAAQ,EAAE,GAAG,CAAC,QAAQ;YACtB,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,GAAG,EAAE,MAAM,CAAC,UAAU,CAAuB;YAC7C,WAAW,EAAE,MAAM,CAAC,WAAW,CAAuB;YACtD,QAAQ,EAAE,MAAM,CAAC,WAAW,CAAuB;YACnD,aAAa,EAAE,MAAM,CAAC,gBAAgB,CAAuB;YAC7D,WAAW,EAAE,MAAM,CAAC,cAAc,CAAuB;YACzD,QAAQ,EAAE,MAAM,CAAC,SAAS,CAAuB;YACjD,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAuB;YAChD,MAAM,EAAE,MAAM,CAAC,QAAQ,CAAuB;SAC/C;KACF,CAAC;AACJ,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,OAAO,YAAa,SAAQ,YAAY;IACpC,SAAS,GAAkB,IAAI,CAAC;IAChC,OAAO,GAAG,KAAK,CAAC;IAChB,UAAU,GAAG,CAAC,CAAC;IACf,aAAa,GAA0C,IAAI,CAAC;IAEpE;;OAEG;IACH,KAAK,CAAC,iBAAiB;QACrB,+BAA+B;QAC/B,MAAM,SAAS,GAAG,MAAM,IAAI,OAAO,CAAU,CAAC,OAAO,EAAE,EAAE;YACvD,QAAQ,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,EAAE;gBACrC,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC;YAClB,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;QACvC,CAAC;QAED,uBAAuB;QACvB,KAAK,MAAM,IAAI,IAAI,iBAAiB,EAAE,CAAC;YACrC,IAAI,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;gBACrB,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;gBACtB,MAAM,CAAC,IAAI,CAAC,2BAA2B,IAAI,EAAE,CAAC,CAAC;gBAC/C,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,4BAA4B;QAC5B,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;QACpD,IAAI,UAAU,IAAI,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YACzC,IAAI,CAAC,SAAS,GAAG,UAAU,CAAC;YAC5B,MAAM,CAAC,IAAI,CAAC,8BAA8B,UAAU,EAAE,CAAC,CAAC;YACxD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,CAAC,IAAI,CACT,qFAAqF,CACtF,CAAC;YACF,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,iEAAiE,CAAC,CAAC;QAC/E,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,KAAK;QACT,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAC;QACjF,CAAC;QAED,IAAI,IAAI,CAAC,OAAO;YAAE,OAAO;QACzB,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;QAEpB,gDAAgD;QAChD,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACvC,IAAI,CAAC,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC;QAC/B,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,CAAC,UAAU,GAAG,CAAC,CAAC;QACtB,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,iCAAiC,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC;QAE/D,iDAAiD;QACjD,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;QACjC,SAAS,CAAC,SAAS,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE;YAC5C,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;QAC/B,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACK,YAAY,CAAC,QAAgB;QACnC,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACjC,IAAI,KAAK,CAAC,IAAI,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;gBAClC,kCAAkC;gBAClC,IAAI,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;oBACjC,IAAI,CAAC,UAAU,GAAG,CAAC,CAAC;gBACtB,CAAC;gBACD,OAAO;YACT,CAAC;YAED,MAAM,MAAM,GAAG,gBAAgB,CAAC,QAAQ,EAAE;gBACxC,KAAK,EAAE,IAAI,CAAC,UAAU;gBACtB,QAAQ,EAAE,OAAO;aAClB,CAAC,CAAC;YACH,MAAM,EAAE,GAAG,eAAe,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,CAAC;YAEnE,EAAE,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;gBACrB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC5B,IAAI,CAAC,OAAO;oBAAE,OAAO;gBAErB,IAAI,CAAC;oBACH,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAe,CAAC;oBAChD,IAAI,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;wBACjC,MAAM,KAAK,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;wBACrC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;oBAC5B,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,sBAAsB;gBACxB,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;gBAClB,IAAI,CAAC,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC;YAC/B,CAAC,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,MAAM,CAAC,KAAK,CACV,+BAA+B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAClF,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACH,IAAI;QACF,IAAI,CAAC,IAAI,CAAC,OAAO;YAAE,OAAO;QAC1B,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC;QAErB,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACnB,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC9B,CAAC;QACD,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACvB,aAAa,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;YAClC,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC;QAC5B,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;IACtC,CAAC;CACF"}

package/dist/monitors/suricata-monitor.d.ts ADDED Viewed

@@ -0,0 +1,80 @@
+/**
+ * SuricataMonitor - Network intrusion detection via Suricata EVE JSON
+ * SuricataMonitor - 透過 Suricata EVE JSON 實作的網路入侵偵測
+ *
+ * Integrates with Suricata's EVE JSON output to provide deep packet
+ * inspection (DPI) capabilities. Gracefully degrades when Suricata
+ * is not installed (same pattern as FalcoMonitor).
+ *
+ * @module @panguard-ai/panguard-guard/monitors/suricata-monitor
+ */
+import { EventEmitter } from 'node:events';
+import type { SecurityEvent } from '@panguard-ai/core';
+/**
+ * Raw Suricata EVE JSON alert structure
+ */
+export interface SuricataEveAlert {
+    timestamp: string;
+    event_type: string;
+    src_ip?: string;
+    src_port?: number;
+    dest_ip?: string;
+    dest_port?: number;
+    proto?: string;
+    alert?: {
+        action?: string;
+        gid?: number;
+        signature_id?: number;
+        rev?: number;
+        signature?: string;
+        category?: string;
+        severity?: number;
+        metadata?: Record<string, string[]>;
+    };
+    flow?: {
+        pkts_toserver?: number;
+        pkts_toclient?: number;
+        bytes_toserver?: number;
+        bytes_toclient?: number;
+        start?: string;
+    };
+    app_proto?: string;
+    in_iface?: string;
+    host?: string;
+}
+/**
+ * Parse a raw Suricata EVE JSON alert into a Panguard SecurityEvent
+ */
+export declare function parseSuricataEvent(raw: SuricataEveAlert): SecurityEvent | null;
+/**
+ * SuricataMonitor watches Suricata EVE JSON output and emits SecurityEvents
+ *
+ * Usage:
+ *   const monitor = new SuricataMonitor();
+ *   if (await monitor.checkAvailability()) {
+ *     monitor.on('event', (event) => processEvent(event));
+ *     await monitor.start();
+ *   }
+ */
+export declare class SuricataMonitor extends EventEmitter {
+    private evePath;
+    private running;
+    private fileOffset;
+    /**
+     * Check if Suricata is installed and EVE log files are accessible
+     */
+    checkAvailability(): Promise<boolean>;
+    /**
+     * Start tailing the Suricata EVE log file
+     */
+    start(): Promise<void>;
+    /**
+     * Read new lines from the EVE log since last offset
+     */
+    private readNewLines;
+    /**
+     * Stop monitoring
+     */
+    stop(): void;
+}
+//# sourceMappingURL=suricata-monitor.d.ts.map

package/dist/monitors/suricata-monitor.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"suricata-monitor.d.ts","sourceRoot":"","sources":["../../src/monitors/suricata-monitor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAK3C,OAAO,KAAK,EAAE,aAAa,EAAY,MAAM,mBAAmB,CAAC;AAWjE;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE;QACN,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;KACrC,CAAC;IACF,IAAI,CAAC,EAAE;QACL,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,CAAC;IACF,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AA2CD;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,gBAAgB,GAAG,aAAa,GAAG,IAAI,CA8B9E;AAED;;;;;;;;;GASG;AACH,qBAAa,eAAgB,SAAQ,YAAY;IAC/C,OAAO,CAAC,OAAO,CAAuB;IACtC,OAAO,CAAC,OAAO,CAAS;IACxB,OAAO,CAAC,UAAU,CAAK;IAEvB;;OAEG;IACG,iBAAiB,IAAI,OAAO,CAAC,OAAO,CAAC;IAwC3C;;OAEG;IACG,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAyB5B;;OAEG;IACH,OAAO,CAAC,YAAY;IA0CpB;;OAEG;IACH,IAAI,IAAI,IAAI;CAUb"}

package/dist/monitors/suricata-monitor.js ADDED Viewed

@@ -0,0 +1,227 @@
+/**
+ * SuricataMonitor - Network intrusion detection via Suricata EVE JSON
+ * SuricataMonitor - 透過 Suricata EVE JSON 實作的網路入侵偵測
+ *
+ * Integrates with Suricata's EVE JSON output to provide deep packet
+ * inspection (DPI) capabilities. Gracefully degrades when Suricata
+ * is not installed (same pattern as FalcoMonitor).
+ *
+ * @module @panguard-ai/panguard-guard/monitors/suricata-monitor
+ */
+import { EventEmitter } from 'node:events';
+import { createReadStream, existsSync, watchFile, unwatchFile, statSync } from 'node:fs';
+import { createInterface } from 'node:readline';
+import { execFile } from 'node:child_process';
+import { createLogger } from '@panguard-ai/core';
+const logger = createLogger('panguard-guard:suricata-monitor');
+/** Default Suricata EVE log paths (ordered by preference) */
+const SURICATA_EVE_PATHS = [
+    '/var/log/suricata/eve.json',
+    '/var/log/suricata/fast.json',
+    '/usr/local/var/log/suricata/eve.json',
+];
+/**
+ * Map Suricata severity (1-4) to Panguard severity
+ */
+function mapSuricataSeverity(severity) {
+    if (severity === 1)
+        return 'critical';
+    if (severity === 2)
+        return 'high';
+    if (severity === 3)
+        return 'medium';
+    return 'low';
+}
+/**
+ * Map Suricata alert category to Panguard category
+ */
+function mapSuricataCategory(category, signature) {
+    if (!category && !signature)
+        return 'unknown';
+    const text = `${category ?? ''} ${signature ?? ''}`.toLowerCase();
+    // More specific categories first, then general ones
+    if (text.includes('c2') || text.includes('command and control') || text.includes('cnc'))
+        return 'command_and_control';
+    if (text.includes('mining') || text.includes('crypto') || text.includes('stratum'))
+        return 'cryptomining';
+    if (text.includes('exfil') || text.includes('data leak'))
+        return 'data_exfiltration';
+    if (text.includes('shellcode') || text.includes('exploit'))
+        return 'exploit';
+    if (text.includes('trojan') || text.includes('malware') || text.includes('backdoor'))
+        return 'malware';
+    if (text.includes('scan') || text.includes('recon') || text.includes('discovery'))
+        return 'reconnaissance';
+    if (text.includes('dos') || text.includes('denial'))
+        return 'denial_of_service';
+    if (text.includes('credential') || text.includes('brute') || text.includes('login'))
+        return 'credential_access';
+    if (text.includes('web') || text.includes('sql') || text.includes('xss') || text.includes('rfi'))
+        return 'web_attack';
+    if (text.includes('policy') || text.includes('not-suspicious'))
+        return 'policy_violation';
+    return category ?? 'network_activity';
+}
+let eventCounter = 0;
+/**
+ * Parse a raw Suricata EVE JSON alert into a Panguard SecurityEvent
+ */
+export function parseSuricataEvent(raw) {
+    // Only process alert events
+    if (raw.event_type !== 'alert' || !raw.alert)
+        return null;
+    eventCounter++;
+    const alert = raw.alert;
+    return {
+        id: `suricata-${Date.now()}-${eventCounter}`,
+        timestamp: raw.timestamp ? new Date(raw.timestamp) : new Date(),
+        source: 'suricata',
+        severity: mapSuricataSeverity(alert.severity),
+        category: mapSuricataCategory(alert.category, alert.signature),
+        description: alert.signature ?? `Suricata alert: SID ${alert.signature_id ?? 'unknown'}`,
+        raw,
+        host: raw.host ?? 'unknown',
+        metadata: {
+            signatureId: alert.signature_id,
+            signature: alert.signature,
+            alertCategory: alert.category,
+            alertAction: alert.action,
+            sourceIP: raw.src_ip,
+            sourcePort: raw.src_port,
+            destIP: raw.dest_ip,
+            destPort: raw.dest_port,
+            protocol: raw.proto,
+            appProto: raw.app_proto,
+            interface: raw.in_iface,
+        },
+    };
+}
+/**
+ * SuricataMonitor watches Suricata EVE JSON output and emits SecurityEvents
+ *
+ * Usage:
+ *   const monitor = new SuricataMonitor();
+ *   if (await monitor.checkAvailability()) {
+ *     monitor.on('event', (event) => processEvent(event));
+ *     await monitor.start();
+ *   }
+ */
+export class SuricataMonitor extends EventEmitter {
+    evePath = null;
+    running = false;
+    fileOffset = 0;
+    /**
+     * Check if Suricata is installed and EVE log files are accessible
+     */
+    async checkAvailability() {
+        // Check if suricata binary exists
+        const hasBinary = await new Promise((resolve) => {
+            execFile('which', ['suricata'], (error) => {
+                resolve(!error);
+            });
+        });
+        if (hasBinary) {
+            logger.info('Suricata binary detected');
+        }
+        // Check for EVE log file
+        for (const path of SURICATA_EVE_PATHS) {
+            if (existsSync(path)) {
+                this.evePath = path;
+                logger.info(`Suricata EVE log found: ${path}`);
+                return true;
+            }
+        }
+        // Allow custom path via env
+        const customPath = process.env['SURICATA_EVE_PATH'];
+        if (customPath && existsSync(customPath)) {
+            this.evePath = customPath;
+            logger.info(`Suricata EVE log (custom): ${customPath}`);
+            return true;
+        }
+        if (hasBinary) {
+            logger.warn('Suricata binary found but no EVE log file. Ensure Suricata is running with eve-log enabled');
+            return false;
+        }
+        logger.info('Suricata not detected, network IDS monitoring disabled (optional)');
+        return false;
+    }
+    /**
+     * Start tailing the Suricata EVE log file
+     */
+    async start() {
+        if (!this.evePath) {
+            throw new Error('Suricata EVE log not found. Call checkAvailability() first.');
+        }
+        if (this.running)
+            return;
+        this.running = true;
+        // Start from end of file (only read new alerts)
+        try {
+            const stats = statSync(this.evePath);
+            this.fileOffset = stats.size;
+        }
+        catch {
+            this.fileOffset = 0;
+        }
+        logger.info(`SuricataMonitor started, tailing ${this.evePath}`);
+        // Use polling-based file watch for compatibility
+        const evePath = this.evePath;
+        watchFile(evePath, { interval: 1000 }, () => {
+            this.readNewLines(evePath);
+        });
+    }
+    /**
+     * Read new lines from the EVE log since last offset
+     */
+    readNewLines(filePath) {
+        try {
+            const stats = statSync(filePath);
+            if (stats.size <= this.fileOffset) {
+                // File was truncated or unchanged
+                if (stats.size < this.fileOffset) {
+                    this.fileOffset = 0;
+                }
+                return;
+            }
+            const stream = createReadStream(filePath, {
+                start: this.fileOffset,
+                encoding: 'utf-8',
+            });
+            const rl = createInterface({ input: stream, crlfDelay: Infinity });
+            rl.on('line', (line) => {
+                const trimmed = line.trim();
+                if (!trimmed)
+                    return;
+                try {
+                    const eve = JSON.parse(trimmed);
+                    const event = parseSuricataEvent(eve);
+                    if (event) {
+                        this.emit('event', event);
+                    }
+                }
+                catch {
+                    // Skip non-JSON lines
+                }
+            });
+            rl.on('close', () => {
+                this.fileOffset = stats.size;
+            });
+        }
+        catch (err) {
+            logger.error(`Error reading Suricata EVE log: ${err instanceof Error ? err.message : String(err)}`);
+        }
+    }
+    /**
+     * Stop monitoring
+     */
+    stop() {
+        if (!this.running)
+            return;
+        this.running = false;
+        if (this.evePath) {
+            unwatchFile(this.evePath);
+        }
+        logger.info('SuricataMonitor stopped');
+    }
+}
+//# sourceMappingURL=suricata-monitor.js.map

package/dist/monitors/suricata-monitor.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"suricata-monitor.js","sourceRoot":"","sources":["../../src/monitors/suricata-monitor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,gBAAgB,EAAE,UAAU,EAAE,SAAS,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACzF,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAChD,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAGjD,MAAM,MAAM,GAAG,YAAY,CAAC,iCAAiC,CAAC,CAAC;AAE/D,6DAA6D;AAC7D,MAAM,kBAAkB,GAAG;IACzB,4BAA4B;IAC5B,6BAA6B;IAC7B,sCAAsC;CAC9B,CAAC;AAmCX;;GAEG;AACH,SAAS,mBAAmB,CAAC,QAAiB;IAC5C,IAAI,QAAQ,KAAK,CAAC;QAAE,OAAO,UAAU,CAAC;IACtC,IAAI,QAAQ,KAAK,CAAC;QAAE,OAAO,MAAM,CAAC;IAClC,IAAI,QAAQ,KAAK,CAAC;QAAE,OAAO,QAAQ,CAAC;IACpC,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAAC,QAAiB,EAAE,SAAkB;IAChE,IAAI,CAAC,QAAQ,IAAI,CAAC,SAAS;QAAE,OAAO,SAAS,CAAC;IAE9C,MAAM,IAAI,GAAG,GAAG,QAAQ,IAAI,EAAE,IAAI,SAAS,IAAI,EAAE,EAAE,CAAC,WAAW,EAAE,CAAC;IAElE,oDAAoD;IACpD,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,qBAAqB,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;QACrF,OAAO,qBAAqB,CAAC;IAC/B,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC;QAChF,OAAO,cAAc,CAAC;IACxB,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC;QAAE,OAAO,mBAAmB,CAAC;IACrF,IAAI,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC;QAAE,OAAO,SAAS,CAAC;IAC7E,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC;QAClF,OAAO,SAAS,CAAC;IACnB,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC;QAC/E,OAAO,gBAAgB,CAAC;IAC1B,IAAI,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAAE,OAAO,mBAAmB,CAAC;IAChF,IAAI,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC;QACjF,OAAO,mBAAmB,CAAC;IAC7B,IAAI,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;QAC9F,OAAO,YAAY,CAAC;IACtB,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC;QAAE,OAAO,kBAAkB,CAAC;IAE1F,OAAO,QAAQ,IAAI,kBAAkB,CAAC;AACxC,CAAC;AAED,IAAI,YAAY,GAAG,CAAC,CAAC;AAErB;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,GAAqB;IACtD,4BAA4B;IAC5B,IAAI,GAAG,CAAC,UAAU,KAAK,OAAO,IAAI,CAAC,GAAG,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IAE1D,YAAY,EAAE,CAAC;IACf,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC;IAExB,OAAO;QACL,EAAE,EAAE,YAAY,IAAI,CAAC,GAAG,EAAE,IAAI,YAAY,EAAE;QAC5C,SAAS,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE;QAC/D,MAAM,EAAE,UAAU;QAClB,QAAQ,EAAE,mBAAmB,CAAC,KAAK,CAAC,QAAQ,CAAC;QAC7C,QAAQ,EAAE,mBAAmB,CAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAC;QAC9D,WAAW,EAAE,KAAK,CAAC,SAAS,IAAI,uBAAuB,KAAK,CAAC,YAAY,IAAI,SAAS,EAAE;QACxF,GAAG;QACH,IAAI,EAAE,GAAG,CAAC,IAAI,IAAI,SAAS;QAC3B,QAAQ,EAAE;YACR,WAAW,EAAE,KAAK,CAAC,YAAY;YAC/B,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,aAAa,EAAE,KAAK,CAAC,QAAQ;YAC7B,WAAW,EAAE,KAAK,CAAC,MAAM;YACzB,QAAQ,EAAE,GAAG,CAAC,MAAM;YACpB,UAAU,EAAE,GAAG,CAAC,QAAQ;YACxB,MAAM,EAAE,GAAG,CAAC,OAAO;YACnB,QAAQ,EAAE,GAAG,CAAC,SAAS;YACvB,QAAQ,EAAE,GAAG,CAAC,KAAK;YACnB,QAAQ,EAAE,GAAG,CAAC,SAAS;YACvB,SAAS,EAAE,GAAG,CAAC,QAAQ;SACxB;KACF,CAAC;AACJ,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,OAAO,eAAgB,SAAQ,YAAY;IACvC,OAAO,GAAkB,IAAI,CAAC;IAC9B,OAAO,GAAG,KAAK,CAAC;IAChB,UAAU,GAAG,CAAC,CAAC;IAEvB;;OAEG;IACH,KAAK,CAAC,iBAAiB;QACrB,kCAAkC;QAClC,MAAM,SAAS,GAAG,MAAM,IAAI,OAAO,CAAU,CAAC,OAAO,EAAE,EAAE;YACvD,QAAQ,CAAC,OAAO,EAAE,CAAC,UAAU,CAAC,EAAE,CAAC,KAAK,EAAE,EAAE;gBACxC,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC;YAClB,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;QAC1C,CAAC;QAED,yBAAyB;QACzB,KAAK,MAAM,IAAI,IAAI,kBAAkB,EAAE,CAAC;YACtC,IAAI,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;gBACrB,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;gBACpB,MAAM,CAAC,IAAI,CAAC,2BAA2B,IAAI,EAAE,CAAC,CAAC;gBAC/C,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,4BAA4B;QAC5B,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;QACpD,IAAI,UAAU,IAAI,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YACzC,IAAI,CAAC,OAAO,GAAG,UAAU,CAAC;YAC1B,MAAM,CAAC,IAAI,CAAC,8BAA8B,UAAU,EAAE,CAAC,CAAC;YACxD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,CAAC,IAAI,CACT,4FAA4F,CAC7F,CAAC;YACF,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,mEAAmE,CAAC,CAAC;QACjF,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,KAAK;QACT,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAClB,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAC;QACjF,CAAC;QAED,IAAI,IAAI,CAAC,OAAO;YAAE,OAAO;QACzB,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;QAEpB,gDAAgD;QAChD,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACrC,IAAI,CAAC,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC;QAC/B,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,CAAC,UAAU,GAAG,CAAC,CAAC;QACtB,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,oCAAoC,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;QAEhE,iDAAiD;QACjD,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC;QAC7B,SAAS,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE;YAC1C,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;QAC7B,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACK,YAAY,CAAC,QAAgB;QACnC,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACjC,IAAI,KAAK,CAAC,IAAI,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;gBAClC,kCAAkC;gBAClC,IAAI,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;oBACjC,IAAI,CAAC,UAAU,GAAG,CAAC,CAAC;gBACtB,CAAC;gBACD,OAAO;YACT,CAAC;YAED,MAAM,MAAM,GAAG,gBAAgB,CAAC,QAAQ,EAAE;gBACxC,KAAK,EAAE,IAAI,CAAC,UAAU;gBACtB,QAAQ,EAAE,OAAO;aAClB,CAAC,CAAC;YACH,MAAM,EAAE,GAAG,eAAe,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,CAAC;YAEnE,EAAE,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;gBACrB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC5B,IAAI,CAAC,OAAO;oBAAE,OAAO;gBAErB,IAAI,CAAC;oBACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAqB,CAAC;oBACpD,MAAM,KAAK,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAC;oBACtC,IAAI,KAAK,EAAE,CAAC;wBACV,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;oBAC5B,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,sBAAsB;gBACxB,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;gBAClB,IAAI,CAAC,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC;YAC/B,CAAC,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,MAAM,CAAC,KAAK,CACV,mCAAmC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CACtF,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACH,IAAI;QACF,IAAI,CAAC,IAAI,CAAC,OAAO;YAAE,OAAO;QAC1B,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC;QAErB,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC5B,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;IACzC,CAAC;CACF"}

package/dist/notify/email.d.ts ADDED Viewed

@@ -0,0 +1,23 @@
+/**
+ * Email SMTP notification integration
+ * Email SMTP 通知整合
+ *
+ * Sends threat alerts via raw SMTP without external dependencies.
+ * Uses Node.js net/tls modules for direct SMTP communication.
+ * 透過原始 SMTP 發送威脅警報，不使用外部相依套件。
+ * 使用 Node.js net/tls 模組進行直接 SMTP 通訊。
+ *
+ * @module @panguard-ai/panguard-guard/notify/email
+ */
+import type { EmailConfig, NotificationResult, ThreatVerdict } from '../types.js';
+/**
+ * Send a threat alert via Email (raw SMTP)
+ * 透過 Email (原始 SMTP) 發送威脅警報
+ *
+ * @param config - Email SMTP configuration / Email SMTP 配置
+ * @param verdict - The threat verdict / 威脅判決
+ * @param eventDescription - Event description / 事件描述
+ * @returns Notification result / 通知結果
+ */
+export declare function sendEmailNotify(config: EmailConfig, verdict: ThreatVerdict, eventDescription: string): Promise<NotificationResult>;
+//# sourceMappingURL=email.d.ts.map

package/dist/notify/email.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"email.d.ts","sourceRoot":"","sources":["../../src/notify/email.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAKH,OAAO,KAAK,EAAE,WAAW,EAAE,kBAAkB,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAIlF;;;;;;;;GAQG;AACH,wBAAsB,eAAe,CACnC,MAAM,EAAE,WAAW,EACnB,OAAO,EAAE,aAAa,EACtB,gBAAgB,EAAE,MAAM,GACvB,OAAO,CAAC,kBAAkB,CAAC,CA0B7B"}