npm - @panguard-ai/threat-cloud - Versions diffs - 0.1.0 - Mend

@panguard-ai/threat-cloud 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (57) hide show

package/dist/audit-logger.d.ts +46 -0
package/dist/audit-logger.d.ts.map +1 -0
package/dist/audit-logger.js +105 -0
package/dist/audit-logger.js.map +1 -0
package/dist/cli.d.ts +9 -0
package/dist/cli.d.ts.map +1 -0
package/dist/cli.js +115 -0
package/dist/cli.js.map +1 -0
package/dist/correlation-engine.d.ts +41 -0
package/dist/correlation-engine.d.ts.map +1 -0
package/dist/correlation-engine.js +313 -0
package/dist/correlation-engine.js.map +1 -0
package/dist/database.d.ts +63 -0
package/dist/database.d.ts.map +1 -0
package/dist/database.js +444 -0
package/dist/database.js.map +1 -0
package/dist/feed-distributor.d.ts +36 -0
package/dist/feed-distributor.d.ts.map +1 -0
package/dist/feed-distributor.js +125 -0
package/dist/feed-distributor.js.map +1 -0
package/dist/index.d.ts +13 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +12 -0
package/dist/index.js.map +1 -0
package/dist/ioc-store.d.ts +83 -0
package/dist/ioc-store.d.ts.map +1 -0
package/dist/ioc-store.js +278 -0
package/dist/ioc-store.js.map +1 -0
package/dist/query-handlers.d.ts +40 -0
package/dist/query-handlers.d.ts.map +1 -0
package/dist/query-handlers.js +211 -0
package/dist/query-handlers.js.map +1 -0
package/dist/reputation-engine.d.ts +44 -0
package/dist/reputation-engine.d.ts.map +1 -0
package/dist/reputation-engine.js +169 -0
package/dist/reputation-engine.js.map +1 -0
package/dist/rule-generator.d.ts +47 -0
package/dist/rule-generator.d.ts.map +1 -0
package/dist/rule-generator.js +238 -0
package/dist/rule-generator.js.map +1 -0
package/dist/scheduler.d.ts +52 -0
package/dist/scheduler.d.ts.map +1 -0
package/dist/scheduler.js +143 -0
package/dist/scheduler.js.map +1 -0
package/dist/server.d.ts +99 -0
package/dist/server.d.ts.map +1 -0
package/dist/server.js +809 -0
package/dist/server.js.map +1 -0
package/dist/sighting-store.d.ts +61 -0
package/dist/sighting-store.d.ts.map +1 -0
package/dist/sighting-store.js +191 -0
package/dist/sighting-store.js.map +1 -0
package/dist/types.d.ts +352 -0
package/dist/types.d.ts.map +1 -0
package/dist/types.js +6 -0
package/dist/types.js.map +1 -0
package/package.json +37 -0

package/dist/feed-distributor.js ADDED Viewed

@@ -0,0 +1,125 @@
+/**
+ * Feed Distributor
+ * 情報分發模組
+ *
+ * Generates blocklists, IoC feeds, and agent update packages.
+ *
+ * @module @panguard-ai/threat-cloud/feed-distributor
+ */
+export class FeedDistributor {
+    db;
+    constructor(db) {
+        this.db = db;
+    }
+    /**
+     * Generate IP blocklist as plain text (one IP per line).
+     * Only includes redistributable IoCs to comply with feed licenses.
+     * 產生 IP 封鎖清單（僅包含可轉散佈的 IoC，遵守授權）
+     */
+    getIPBlocklist(minReputation = 70) {
+        const rows = this.db
+            .prepare(`SELECT normalized_value
+         FROM iocs
+         WHERE type = 'ip' AND status = 'active' AND reputation_score >= ?
+           AND (json_extract(metadata, '$.redistributable') != 'false'
+                OR json_extract(metadata, '$.redistributable') IS NULL
+                OR source NOT LIKE 'feed:%')
+         ORDER BY reputation_score DESC`)
+            .all(minReputation);
+        return rows.map((r) => r.normalized_value).join('\n');
+    }
+    /**
+     * Generate domain blocklist as plain text.
+     * 產生 Domain 封鎖清單
+     */
+    getDomainBlocklist(minReputation = 70) {
+        const rows = this.db
+            .prepare(`SELECT normalized_value
+         FROM iocs
+         WHERE type = 'domain' AND status = 'active' AND reputation_score >= ?
+           AND (json_extract(metadata, '$.redistributable') != 'false'
+                OR json_extract(metadata, '$.redistributable') IS NULL
+                OR source NOT LIKE 'feed:%')
+         ORDER BY reputation_score DESC`)
+            .all(minReputation);
+        return rows.map((r) => r.normalized_value).join('\n');
+    }
+    /**
+     * Generate JSON IoC feed.
+     * 產生 JSON IoC feed
+     */
+    getIoCFeed(minReputation = 50, limit = 1000, since) {
+        const conditions = ["status = 'active'", 'reputation_score >= ?'];
+        const params = [minReputation];
+        if (since) {
+            conditions.push('last_seen > ?');
+            params.push(since);
+        }
+        const safeLimit = Math.min(Math.max(1, limit), 10000);
+        const where = conditions.join(' AND ');
+        const rows = this.db
+            .prepare(`SELECT type, normalized_value, threat_type, reputation_score, confidence, last_seen, tags
+         FROM iocs
+         WHERE ${where}
+         ORDER BY reputation_score DESC
+         LIMIT ?`)
+            .all(...params, safeLimit);
+        const entries = rows.map((r) => ({
+            type: r.type,
+            value: r.normalized_value,
+            threatType: r.threat_type,
+            reputation: r.reputation_score,
+            confidence: r.confidence,
+            lastSeen: r.last_seen,
+            tags: JSON.parse(r.tags),
+        }));
+        return {
+            generatedAt: new Date().toISOString(),
+            totalEntries: entries.length,
+            entries,
+        };
+    }
+    /**
+     * Generate agent update package (rules + IoCs since a given timestamp).
+     * 產生 Agent 更新包
+     */
+    getAgentUpdate(since) {
+        const sinceDate = since ?? new Date(Date.now() - 24 * 60 * 60 * 1000).toISOString();
+        // Fetch new rules
+        const rules = this.db
+            .prepare(`SELECT rule_id as ruleId, rule_content as ruleContent, published_at as publishedAt, source
+         FROM rules
+         WHERE published_at > ?
+         ORDER BY published_at ASC`)
+            .all(sinceDate);
+        // Fetch high-reputation IoCs updated since
+        const iocRows = this.db
+            .prepare(`SELECT type, normalized_value, threat_type, reputation_score, confidence, last_seen, tags
+         FROM iocs
+         WHERE status = 'active' AND reputation_score >= 60 AND updated_at > ?
+         ORDER BY reputation_score DESC
+         LIMIT 500`)
+            .all(sinceDate);
+        const iocs = iocRows.map((r) => ({
+            type: r.type,
+            value: r.normalized_value,
+            threatType: r.threat_type,
+            reputation: r.reputation_score,
+            confidence: r.confidence,
+            lastSeen: r.last_seen,
+            tags: JSON.parse(r.tags),
+        }));
+        const totalActiveIoCs = this.db.prepare("SELECT COUNT(*) as count FROM iocs WHERE status = 'active'").get().count;
+        return {
+            generatedAt: new Date().toISOString(),
+            rules,
+            iocs,
+            stats: {
+                newRules: rules.length,
+                newIoCs: iocs.length,
+                totalActiveIoCs,
+            },
+        };
+    }
+}
+//# sourceMappingURL=feed-distributor.js.map

package/dist/feed-distributor.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"feed-distributor.js","sourceRoot":"","sources":["../src/feed-distributor.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAUH,MAAM,OAAO,eAAe;IACG;IAA7B,YAA6B,EAAqB;QAArB,OAAE,GAAF,EAAE,CAAmB;IAAG,CAAC;IAEtD;;;;OAIG;IACH,cAAc,CAAC,gBAAwB,EAAE;QACvC,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE;aACjB,OAAO,CACN;;;;;;wCAMgC,CACjC;aACA,GAAG,CAAC,aAAa,CAAwC,CAAC;QAE7D,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACxD,CAAC;IAED;;;OAGG;IACH,kBAAkB,CAAC,gBAAwB,EAAE;QAC3C,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE;aACjB,OAAO,CACN;;;;;;wCAMgC,CACjC;aACA,GAAG,CAAC,aAAa,CAAwC,CAAC;QAE7D,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACxD,CAAC;IAED;;;OAGG;IACH,UAAU,CAAC,gBAAwB,EAAE,EAAE,QAAgB,IAAI,EAAE,KAAc;QACzE,MAAM,UAAU,GAAG,CAAC,mBAAmB,EAAE,uBAAuB,CAAC,CAAC;QAClE,MAAM,MAAM,GAAc,CAAC,aAAa,CAAC,CAAC;QAE1C,IAAI,KAAK,EAAE,CAAC;YACV,UAAU,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;YACjC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACrB,CAAC;QAED,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,EAAE,KAAK,CAAC,CAAC;QACtD,MAAM,KAAK,GAAG,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAEvC,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE;aACjB,OAAO,CACN;;iBAES,KAAK;;iBAEL,CACV;aACA,GAAG,CAAC,GAAG,MAAM,EAAE,SAAS,CAQzB,CAAC;QAEH,MAAM,OAAO,GAAmB,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC/C,IAAI,EAAE,CAAC,CAAC,IAA4B;YACpC,KAAK,EAAE,CAAC,CAAC,gBAAgB;YACzB,UAAU,EAAE,CAAC,CAAC,WAAW;YACzB,UAAU,EAAE,CAAC,CAAC,gBAAgB;YAC9B,UAAU,EAAE,CAAC,CAAC,UAAU;YACxB,QAAQ,EAAE,CAAC,CAAC,SAAS;YACrB,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAa;SACrC,CAAC,CAAC,CAAC;QAEJ,OAAO;YACL,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACrC,YAAY,EAAE,OAAO,CAAC,MAAM;YAC5B,OAAO;SACR,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,cAAc,CAAC,KAAc;QAC3B,MAAM,SAAS,GAAG,KAAK,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;QAEpF,kBAAkB;QAClB,MAAM,KAAK,GAAG,IAAI,CAAC,EAAE;aAClB,OAAO,CACN;;;mCAG2B,CAC5B;aACA,GAAG,CAAC,SAAS,CAAsB,CAAC;QAEvC,2CAA2C;QAC3C,MAAM,OAAO,GAAG,IAAI,CAAC,EAAE;aACpB,OAAO,CACN;;;;mBAIW,CACZ;aACA,GAAG,CAAC,SAAS,CAQd,CAAC;QAEH,MAAM,IAAI,GAAmB,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC/C,IAAI,EAAE,CAAC,CAAC,IAA4B;YACpC,KAAK,EAAE,CAAC,CAAC,gBAAgB;YACzB,UAAU,EAAE,CAAC,CAAC,WAAW;YACzB,UAAU,EAAE,CAAC,CAAC,gBAAgB;YAC9B,UAAU,EAAE,CAAC,CAAC,UAAU;YACxB,QAAQ,EAAE,CAAC,CAAC,SAAS;YACrB,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAa;SACrC,CAAC,CAAC,CAAC;QAEJ,MAAM,eAAe,GACnB,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,4DAA4D,CAAC,CAAC,GAAG,EAGlF,CAAC,KAAK,CAAC;QAER,OAAO;YACL,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACrC,KAAK;YACL,IAAI;YACJ,KAAK,EAAE;gBACL,QAAQ,EAAE,KAAK,CAAC,MAAM;gBACtB,OAAO,EAAE,IAAI,CAAC,MAAM;gBACpB,eAAe;aAChB;SACF,CAAC;IACJ,CAAC;CACF"}

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+export { ThreatCloudServer } from './server.js';
+export { ThreatCloudDB } from './database.js';
+export { IoCStore } from './ioc-store.js';
+export { ReputationEngine } from './reputation-engine.js';
+export { CorrelationEngine } from './correlation-engine.js';
+export { RuleGenerator } from './rule-generator.js';
+export { QueryHandlers } from './query-handlers.js';
+export { FeedDistributor } from './feed-distributor.js';
+export { SightingStore } from './sighting-store.js';
+export { AuditLogger } from './audit-logger.js';
+export { Scheduler } from './scheduler.js';
+export type { AnonymizedThreatData, ThreatCloudRule, ThreatStats, ServerConfig, ApiResponse, IoCType, IoCStatus, IoCRecord, IoCInput, IoCLookupResult, TrapIntelligencePayload, EnrichedThreatEvent, PaginationParams, PaginatedResponse, ReputationConfig, CorrelationConfig, Campaign, CampaignScanResult, CampaignStats, DetectedPattern, RuleGenerationResult, RuleGeneratorConfig, TimeSeriesPoint, GeoDistributionEntry, TrendEntry, MitreHeatmapEntry, EnhancedStats, IoCFeedEntry, IoCFeedResponse, AgentUpdatePackage, SchedulerConfig, SourceReliability, SightingType, SightingInput, SightingRecord, AuditAction, AuditLogEntry, AuditLogQuery, FeedLicense, FeedSourceConfig, } from './types.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAC9C,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAC1C,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAC3C,YAAY,EACV,oBAAoB,EACpB,eAAe,EACf,WAAW,EACX,YAAY,EACZ,WAAW,EACX,OAAO,EACP,SAAS,EACT,SAAS,EACT,QAAQ,EACR,eAAe,EACf,uBAAuB,EACvB,mBAAmB,EACnB,gBAAgB,EAChB,iBAAiB,EACjB,gBAAgB,EAChB,iBAAiB,EACjB,QAAQ,EACR,kBAAkB,EAClB,aAAa,EACb,eAAe,EACf,oBAAoB,EACpB,mBAAmB,EACnB,eAAe,EACf,oBAAoB,EACpB,UAAU,EACV,iBAAiB,EACjB,aAAa,EACb,YAAY,EACZ,eAAe,EACf,kBAAkB,EAClB,eAAe,EACf,iBAAiB,EACjB,YAAY,EACZ,aAAa,EACb,cAAc,EACd,WAAW,EACX,aAAa,EACb,aAAa,EACb,WAAW,EACX,gBAAgB,GACjB,MAAM,YAAY,CAAC"}

package/dist/index.js ADDED Viewed

@@ -0,0 +1,12 @@
+export { ThreatCloudServer } from './server.js';
+export { ThreatCloudDB } from './database.js';
+export { IoCStore } from './ioc-store.js';
+export { ReputationEngine } from './reputation-engine.js';
+export { CorrelationEngine } from './correlation-engine.js';
+export { RuleGenerator } from './rule-generator.js';
+export { QueryHandlers } from './query-handlers.js';
+export { FeedDistributor } from './feed-distributor.js';
+export { SightingStore } from './sighting-store.js';
+export { AuditLogger } from './audit-logger.js';
+export { Scheduler } from './scheduler.js';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAC9C,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAC1C,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC"}

package/dist/ioc-store.d.ts ADDED Viewed

@@ -0,0 +1,83 @@
+/**
+ * IoC (Indicator of Compromise) Store
+ * IoC（入侵指標）儲存模組
+ *
+ * Handles CRUD, normalization, deduplication, and sighting-merge for IoCs.
+ *
+ * @module @panguard-ai/threat-cloud/ioc-store
+ */
+import type Database from 'better-sqlite3';
+import type { IoCType, IoCStatus, IoCRecord, IoCInput, IoCLookupResult, PaginationParams, PaginatedResponse } from './types.js';
+export declare class IoCStore {
+    private readonly db;
+    constructor(db: Database.Database);
+    /**
+     * Normalize IoC value for deduplication.
+     * 正規化 IoC 值以便去重
+     */
+    normalizeValue(type: IoCType, value: string): string;
+    /**
+     * Auto-detect IoC type from value / 自動偵測 IoC 類型
+     */
+    detectType(value: string): IoCType;
+    /**
+     * Upsert an IoC: insert if new, merge sighting if existing.
+     * Upsert IoC：新建或合併觀測
+     */
+    upsertIoC(input: IoCInput): IoCRecord;
+    /**
+     * Lookup a single IoC by type+value / 以 type+value 查詢單一 IoC
+     */
+    lookupIoC(type: IoCType, value: string): IoCRecord | null;
+    /**
+     * Lookup IoC with related threat count / 查詢 IoC 含相關威脅數
+     */
+    lookupIoCWithContext(type: IoCType, value: string, countThreats: (ip: string) => number): IoCLookupResult;
+    /**
+     * Get IoC by ID / 以 ID 取得 IoC
+     */
+    getIoCById(id: number): IoCRecord | null;
+    /**
+     * Get active IoCs by type with minimum reputation / 取得特定類型的活躍 IoC
+     */
+    getActiveIoCsByType(type: IoCType, minReputation: number, limit: number): IoCRecord[];
+    /**
+     * Search IoCs with filters and pagination / 以篩選條件搜尋 IoC
+     */
+    searchIoCs(filters: {
+        type?: IoCType;
+        source?: string;
+        minReputation?: number;
+        status?: IoCStatus;
+        since?: string;
+        search?: string;
+    }, pagination: PaginationParams): PaginatedResponse<IoCRecord>;
+    /**
+     * Batch update reputation scores / 批次更新信譽分數
+     */
+    batchUpdateReputation(updates: Array<{
+        id: number;
+        reputationScore: number;
+    }>): void;
+    /**
+     * Expire stale IoCs / 過期未活躍的 IoC
+     */
+    expireStaleIoCs(olderThan: string): number;
+    /**
+     * Delete expired IoCs beyond retention / 刪除超齡的已過期 IoC
+     */
+    purgeExpiredIoCs(olderThan: string): number;
+    /**
+     * Get IoC counts by type / 取得各類型 IoC 數量
+     */
+    getIoCCountsByType(): Record<string, number>;
+    /**
+     * Get top malicious IoCs / 取得最高威脅度 IoC
+     */
+    getTopMaliciousIoCs(limit: number): IoCRecord[];
+    /**
+     * Get total active IoC count / 取得活躍 IoC 總數
+     */
+    getTotalActiveCount(): number;
+}
+//# sourceMappingURL=ioc-store.d.ts.map

package/dist/ioc-store.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"ioc-store.d.ts","sourceRoot":"","sources":["../src/ioc-store.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,QAAQ,MAAM,gBAAgB,CAAC;AAC3C,OAAO,KAAK,EACV,OAAO,EACP,SAAS,EACT,SAAS,EACT,QAAQ,EACR,eAAe,EACf,gBAAgB,EAChB,iBAAiB,EAClB,MAAM,YAAY,CAAC;AA4CpB,qBAAa,QAAQ;IACP,OAAO,CAAC,QAAQ,CAAC,EAAE;gBAAF,EAAE,EAAE,QAAQ,CAAC,QAAQ;IAMlD;;;OAGG;IACH,cAAc,CAAC,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM;IAuBpD;;OAEG;IACH,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;IAsBlC;;;OAGG;IACH,SAAS,CAAC,KAAK,EAAE,QAAQ,GAAG,SAAS;IA0DrC;;OAEG;IACH,SAAS,CAAC,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI;IAQzD;;OAEG;IACH,oBAAoB,CAClB,IAAI,EAAE,OAAO,EACb,KAAK,EAAE,MAAM,EACb,YAAY,EAAE,CAAC,EAAE,EAAE,MAAM,KAAK,MAAM,GACnC,eAAe;IASlB;;OAEG;IACH,UAAU,CAAC,EAAE,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI;IAKxC;;OAEG;IACH,mBAAmB,CAAC,IAAI,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,SAAS,EAAE;IAYrF;;OAEG;IACH,UAAU,CACR,OAAO,EAAE;QACP,IAAI,CAAC,EAAE,OAAO,CAAC;QACf,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,MAAM,CAAC,EAAE,SAAS,CAAC;QACnB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,MAAM,CAAC,EAAE,MAAM,CAAC;KACjB,EACD,UAAU,EAAE,gBAAgB,GAC3B,iBAAiB,CAAC,SAAS,CAAC;IAuD/B;;OAEG;IACH,qBAAqB,CAAC,OAAO,EAAE,KAAK,CAAC;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,eAAe,EAAE,MAAM,CAAA;KAAE,CAAC,GAAG,IAAI;IAYpF;;OAEG;IACH,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM;IAS1C;;OAEG;IACH,gBAAgB,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM;IAO3C;;OAEG;IACH,kBAAkB,IAAI,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC;IAW5C;;OAEG;IACH,mBAAmB,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,EAAE;IAO/C;;OAEG;IACH,mBAAmB,IAAI,MAAM;CAO9B"}

package/dist/ioc-store.js ADDED Viewed

@@ -0,0 +1,278 @@
+/**
+ * IoC (Indicator of Compromise) Store
+ * IoC（入侵指標）儲存模組
+ *
+ * Handles CRUD, normalization, deduplication, and sighting-merge for IoCs.
+ *
+ * @module @panguard-ai/threat-cloud/ioc-store
+ */
+/** Convert DB row to IoCRecord / 將 DB 列轉換為 IoCRecord */
+function rowToRecord(row) {
+    return {
+        id: row.id,
+        type: row.type,
+        value: row.value,
+        normalizedValue: row.normalized_value,
+        threatType: row.threat_type,
+        source: row.source,
+        confidence: row.confidence,
+        reputationScore: row.reputation_score,
+        firstSeen: row.first_seen,
+        lastSeen: row.last_seen,
+        sightings: row.sightings,
+        status: row.status,
+        tags: JSON.parse(row.tags),
+        metadata: JSON.parse(row.metadata),
+        createdAt: row.created_at,
+        updatedAt: row.updated_at,
+    };
+}
+export class IoCStore {
+    db;
+    constructor(db) {
+        this.db = db;
+    }
+    // -------------------------------------------------------------------------
+    // Normalization / 正規化
+    // -------------------------------------------------------------------------
+    /**
+     * Normalize IoC value for deduplication.
+     * 正規化 IoC 值以便去重
+     */
+    normalizeValue(type, value) {
+        const trimmed = value.trim();
+        switch (type) {
+            case 'ip': {
+                // Strip port if present (e.g., "1.2.3.4:8080" -> "1.2.3.4")
+                const noPort = trimmed.replace(/:\d+$/, '');
+                return noPort.toLowerCase();
+            }
+            case 'domain':
+                // Lowercase, remove trailing dot
+                return trimmed.toLowerCase().replace(/\.$/, '');
+            case 'url':
+                // Lowercase scheme+host, strip trailing slash
+                return trimmed.toLowerCase().replace(/\/+$/, '');
+            case 'hash_md5':
+            case 'hash_sha1':
+            case 'hash_sha256':
+                return trimmed.toLowerCase();
+            default:
+                return trimmed.toLowerCase();
+        }
+    }
+    /**
+     * Auto-detect IoC type from value / 自動偵測 IoC 類型
+     */
+    detectType(value) {
+        const v = value.trim();
+        // IPv4
+        if (/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(:\d+)?$/.test(v))
+            return 'ip';
+        // IPv6
+        if (v.includes(':') && /^[0-9a-fA-F:]+$/.test(v))
+            return 'ip';
+        // URL
+        if (/^https?:\/\//i.test(v))
+            return 'url';
+        // SHA-256
+        if (/^[a-fA-F0-9]{64}$/.test(v))
+            return 'hash_sha256';
+        // SHA-1
+        if (/^[a-fA-F0-9]{40}$/.test(v))
+            return 'hash_sha1';
+        // MD5
+        if (/^[a-fA-F0-9]{32}$/.test(v))
+            return 'hash_md5';
+        // Default to domain
+        return 'domain';
+    }
+    // -------------------------------------------------------------------------
+    // CRUD / 資料操作
+    // -------------------------------------------------------------------------
+    /**
+     * Upsert an IoC: insert if new, merge sighting if existing.
+     * Upsert IoC：新建或合併觀測
+     */
+    upsertIoC(input) {
+        const normalized = this.normalizeValue(input.type, input.value);
+        const now = new Date().toISOString();
+        const tags = input.tags ?? [];
+        const metadata = input.metadata ?? {};
+        // Try to find existing
+        const existing = this.db
+            .prepare('SELECT * FROM iocs WHERE type = ? AND normalized_value = ?')
+            .get(input.type, normalized);
+        if (existing) {
+            // Merge: increment sightings, update last_seen, update confidence, merge tags
+            const existingTags = JSON.parse(existing.tags);
+            const mergedTags = [...new Set([...existingTags, ...tags])];
+            const newConfidence = Math.max(existing.confidence, input.confidence);
+            const newLastSeen = now > existing.last_seen ? now : existing.last_seen;
+            this.db
+                .prepare(`UPDATE iocs SET
+            sightings = sightings + 1,
+            last_seen = ?,
+            confidence = ?,
+            tags = ?,
+            status = CASE WHEN status = 'expired' THEN 'active' ELSE status END,
+            updated_at = datetime('now')
+          WHERE id = ?`)
+                .run(newLastSeen, newConfidence, JSON.stringify(mergedTags), existing.id);
+            return this.getIoCById(existing.id);
+        }
+        // Insert new
+        const result = this.db
+            .prepare(`INSERT INTO iocs
+          (type, value, normalized_value, threat_type, source, confidence,
+           reputation_score, first_seen, last_seen, tags, metadata)
+        VALUES (?, ?, ?, ?, ?, ?, 50, ?, ?, ?, ?)`)
+            .run(input.type, input.value, normalized, input.threatType, input.source, input.confidence, now, now, JSON.stringify(tags), JSON.stringify(metadata));
+        return this.getIoCById(Number(result.lastInsertRowid));
+    }
+    /**
+     * Lookup a single IoC by type+value / 以 type+value 查詢單一 IoC
+     */
+    lookupIoC(type, value) {
+        const normalized = this.normalizeValue(type, value);
+        const row = this.db
+            .prepare('SELECT * FROM iocs WHERE type = ? AND normalized_value = ?')
+            .get(type, normalized);
+        return row ? rowToRecord(row) : null;
+    }
+    /**
+     * Lookup IoC with related threat count / 查詢 IoC 含相關威脅數
+     */
+    lookupIoCWithContext(type, value, countThreats) {
+        const ioc = this.lookupIoC(type, value);
+        if (!ioc) {
+            return { found: false, relatedThreats: 0 };
+        }
+        const relatedThreats = type === 'ip' ? countThreats(ioc.normalizedValue) : 0;
+        return { found: true, ioc, relatedThreats };
+    }
+    /**
+     * Get IoC by ID / 以 ID 取得 IoC
+     */
+    getIoCById(id) {
+        const row = this.db.prepare('SELECT * FROM iocs WHERE id = ?').get(id);
+        return row ? rowToRecord(row) : null;
+    }
+    /**
+     * Get active IoCs by type with minimum reputation / 取得特定類型的活躍 IoC
+     */
+    getActiveIoCsByType(type, minReputation, limit) {
+        const rows = this.db
+            .prepare(`SELECT * FROM iocs
+         WHERE type = ? AND status = 'active' AND reputation_score >= ?
+         ORDER BY reputation_score DESC
+         LIMIT ?`)
+            .all(type, minReputation, limit);
+        return rows.map(rowToRecord);
+    }
+    /**
+     * Search IoCs with filters and pagination / 以篩選條件搜尋 IoC
+     */
+    searchIoCs(filters, pagination) {
+        const conditions = [];
+        const params = [];
+        if (filters.type) {
+            conditions.push('type = ?');
+            params.push(filters.type);
+        }
+        if (filters.source) {
+            conditions.push('source = ?');
+            params.push(filters.source);
+        }
+        if (filters.minReputation !== undefined) {
+            conditions.push('reputation_score >= ?');
+            params.push(filters.minReputation);
+        }
+        if (filters.status) {
+            conditions.push('status = ?');
+            params.push(filters.status);
+        }
+        if (filters.since) {
+            conditions.push('updated_at > ?');
+            params.push(filters.since);
+        }
+        if (filters.search) {
+            conditions.push('normalized_value LIKE ?');
+            params.push(`%${filters.search}%`);
+        }
+        const where = conditions.length > 0 ? `WHERE ${conditions.join(' AND ')}` : '';
+        const safePage = Math.max(1, pagination.page);
+        const safeLimit = Math.min(Math.max(1, pagination.limit), 1000);
+        const offset = (safePage - 1) * safeLimit;
+        const total = this.db.prepare(`SELECT COUNT(*) as count FROM iocs ${where}`).get(...params).count;
+        const rows = this.db
+            .prepare(`SELECT * FROM iocs ${where} ORDER BY reputation_score DESC, last_seen DESC LIMIT ? OFFSET ?`)
+            .all(...params, safeLimit, offset);
+        return {
+            items: rows.map(rowToRecord),
+            total,
+            page: safePage,
+            limit: safeLimit,
+            hasMore: offset + safeLimit < total,
+        };
+    }
+    /**
+     * Batch update reputation scores / 批次更新信譽分數
+     */
+    batchUpdateReputation(updates) {
+        const stmt = this.db.prepare("UPDATE iocs SET reputation_score = ?, updated_at = datetime('now') WHERE id = ?");
+        const updateAll = this.db.transaction((items) => {
+            for (const u of items) {
+                stmt.run(Math.max(0, Math.min(100, Math.round(u.reputationScore))), u.id);
+            }
+        });
+        updateAll(updates);
+    }
+    /**
+     * Expire stale IoCs / 過期未活躍的 IoC
+     */
+    expireStaleIoCs(olderThan) {
+        const result = this.db
+            .prepare("UPDATE iocs SET status = 'expired', updated_at = datetime('now') WHERE status = 'active' AND last_seen < ?")
+            .run(olderThan);
+        return result.changes;
+    }
+    /**
+     * Delete expired IoCs beyond retention / 刪除超齡的已過期 IoC
+     */
+    purgeExpiredIoCs(olderThan) {
+        const result = this.db
+            .prepare("DELETE FROM iocs WHERE status = 'expired' AND updated_at < ?")
+            .run(olderThan);
+        return result.changes;
+    }
+    /**
+     * Get IoC counts by type / 取得各類型 IoC 數量
+     */
+    getIoCCountsByType() {
+        const rows = this.db
+            .prepare("SELECT type, COUNT(*) as count FROM iocs WHERE status = 'active' GROUP BY type")
+            .all();
+        const result = {};
+        for (const r of rows) {
+            result[r.type] = r.count;
+        }
+        return result;
+    }
+    /**
+     * Get top malicious IoCs / 取得最高威脅度 IoC
+     */
+    getTopMaliciousIoCs(limit) {
+        const rows = this.db
+            .prepare("SELECT * FROM iocs WHERE status = 'active' ORDER BY reputation_score DESC LIMIT ?")
+            .all(limit);
+        return rows.map(rowToRecord);
+    }
+    /**
+     * Get total active IoC count / 取得活躍 IoC 總數
+     */
+    getTotalActiveCount() {
+        return this.db.prepare("SELECT COUNT(*) as count FROM iocs WHERE status = 'active'").get().count;
+    }
+}
+//# sourceMappingURL=ioc-store.js.map

package/dist/ioc-store.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"ioc-store.js","sourceRoot":"","sources":["../src/ioc-store.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAiCH,wDAAwD;AACxD,SAAS,WAAW,CAAC,GAAW;IAC9B,OAAO;QACL,EAAE,EAAE,GAAG,CAAC,EAAE;QACV,IAAI,EAAE,GAAG,CAAC,IAAe;QACzB,KAAK,EAAE,GAAG,CAAC,KAAK;QAChB,eAAe,EAAE,GAAG,CAAC,gBAAgB;QACrC,UAAU,EAAE,GAAG,CAAC,WAAW;QAC3B,MAAM,EAAE,GAAG,CAAC,MAAM;QAClB,UAAU,EAAE,GAAG,CAAC,UAAU;QAC1B,eAAe,EAAE,GAAG,CAAC,gBAAgB;QACrC,SAAS,EAAE,GAAG,CAAC,UAAU;QACzB,QAAQ,EAAE,GAAG,CAAC,SAAS;QACvB,SAAS,EAAE,GAAG,CAAC,SAAS;QACxB,MAAM,EAAE,GAAG,CAAC,MAAmB;QAC/B,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAa;QACtC,QAAQ,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAA4B;QAC7D,SAAS,EAAE,GAAG,CAAC,UAAU;QACzB,SAAS,EAAE,GAAG,CAAC,UAAU;KAC1B,CAAC;AACJ,CAAC;AAED,MAAM,OAAO,QAAQ;IACU;IAA7B,YAA6B,EAAqB;QAArB,OAAE,GAAF,EAAE,CAAmB;IAAG,CAAC;IAEtD,4EAA4E;IAC5E,sBAAsB;IACtB,4EAA4E;IAE5E;;;OAGG;IACH,cAAc,CAAC,IAAa,EAAE,KAAa;QACzC,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;QAC7B,QAAQ,IAAI,EAAE,CAAC;YACb,KAAK,IAAI,CAAC,CAAC,CAAC;gBACV,4DAA4D;gBAC5D,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;gBAC5C,OAAO,MAAM,CAAC,WAAW,EAAE,CAAC;YAC9B,CAAC;YACD,KAAK,QAAQ;gBACX,iCAAiC;gBACjC,OAAO,OAAO,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YAClD,KAAK,KAAK;gBACR,8CAA8C;gBAC9C,OAAO,OAAO,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;YACnD,KAAK,UAAU,CAAC;YAChB,KAAK,WAAW,CAAC;YACjB,KAAK,aAAa;gBAChB,OAAO,OAAO,CAAC,WAAW,EAAE,CAAC;YAC/B;gBACE,OAAO,OAAO,CAAC,WAAW,EAAE,CAAC;QACjC,CAAC;IACH,CAAC;IAED;;OAEG;IACH,UAAU,CAAC,KAAa;QACtB,MAAM,CAAC,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;QACvB,OAAO;QACP,IAAI,6CAA6C,CAAC,IAAI,CAAC,CAAC,CAAC;YAAE,OAAO,IAAI,CAAC;QACvE,OAAO;QACP,IAAI,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC;YAAE,OAAO,IAAI,CAAC;QAC9D,MAAM;QACN,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;QAC1C,UAAU;QACV,IAAI,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC;YAAE,OAAO,aAAa,CAAC;QACtD,QAAQ;QACR,IAAI,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC;YAAE,OAAO,WAAW,CAAC;QACpD,MAAM;QACN,IAAI,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC;YAAE,OAAO,UAAU,CAAC;QACnD,oBAAoB;QACpB,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,4EAA4E;IAC5E,cAAc;IACd,4EAA4E;IAE5E;;;OAGG;IACH,SAAS,CAAC,KAAe;QACvB,MAAM,UAAU,GAAG,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;QAChE,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACrC,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,IAAI,EAAE,CAAC;QAC9B,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,IAAI,EAAE,CAAC;QAEtC,uBAAuB;QACvB,MAAM,QAAQ,GAAG,IAAI,CAAC,EAAE;aACrB,OAAO,CAAC,4DAA4D,CAAC;aACrE,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,UAAU,CAAuB,CAAC;QAErD,IAAI,QAAQ,EAAE,CAAC;YACb,8EAA8E;YAC9E,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAa,CAAC;YAC3D,MAAM,UAAU,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,YAAY,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;YAC5D,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,UAAU,EAAE,KAAK,CAAC,UAAU,CAAC,CAAC;YACtE,MAAM,WAAW,GAAG,GAAG,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC;YAExE,IAAI,CAAC,EAAE;iBACJ,OAAO,CACN;;;;;;;uBAOa,CACd;iBACA,GAAG,CAAC,WAAW,EAAE,aAAa,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,EAAE,QAAQ,CAAC,EAAE,CAAC,CAAC;YAE5E,OAAO,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAE,CAAC;QACvC,CAAC;QAED,aAAa;QACb,MAAM,MAAM,GAAG,IAAI,CAAC,EAAE;aACnB,OAAO,CACN;;;kDAG0C,CAC3C;aACA,GAAG,CACF,KAAK,CAAC,IAAI,EACV,KAAK,CAAC,KAAK,EACX,UAAU,EACV,KAAK,CAAC,UAAU,EAChB,KAAK,CAAC,MAAM,EACZ,KAAK,CAAC,UAAU,EAChB,GAAG,EACH,GAAG,EACH,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EACpB,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CACzB,CAAC;QAEJ,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAE,CAAC;IAC1D,CAAC;IAED;;OAEG;IACH,SAAS,CAAC,IAAa,EAAE,KAAa;QACpC,MAAM,UAAU,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QACpD,MAAM,GAAG,GAAG,IAAI,CAAC,EAAE;aAChB,OAAO,CAAC,4DAA4D,CAAC;aACrE,GAAG,CAAC,IAAI,EAAE,UAAU,CAAuB,CAAC;QAC/C,OAAO,GAAG,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACvC,CAAC;IAED;;OAEG;IACH,oBAAoB,CAClB,IAAa,EACb,KAAa,EACb,YAAoC;QAEpC,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QACxC,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,EAAE,CAAC;QAC7C,CAAC;QACD,MAAM,cAAc,GAAG,IAAI,KAAK,IAAI,CAAC,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC7E,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,EAAE,cAAc,EAAE,CAAC;IAC9C,CAAC;IAED;;OAEG;IACH,UAAU,CAAC,EAAU;QACnB,MAAM,GAAG,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,iCAAiC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAuB,CAAC;QAC7F,OAAO,GAAG,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACvC,CAAC;IAED;;OAEG;IACH,mBAAmB,CAAC,IAAa,EAAE,aAAqB,EAAE,KAAa;QACrE,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE;aACjB,OAAO,CACN;;;iBAGS,CACV;aACA,GAAG,CAAC,IAAI,EAAE,aAAa,EAAE,KAAK,CAAa,CAAC;QAC/C,OAAO,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IAC/B,CAAC;IAED;;OAEG;IACH,UAAU,CACR,OAOC,EACD,UAA4B;QAE5B,MAAM,UAAU,GAAa,EAAE,CAAC;QAChC,MAAM,MAAM,GAAc,EAAE,CAAC;QAE7B,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YACjB,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAC5B,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAC5B,CAAC;QACD,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnB,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YAC9B,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC9B,CAAC;QACD,IAAI,OAAO,CAAC,aAAa,KAAK,SAAS,EAAE,CAAC;YACxC,UAAU,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;YACzC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;QACrC,CAAC;QACD,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnB,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YAC9B,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC9B,CAAC;QACD,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,UAAU,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;YAClC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QAC7B,CAAC;QACD,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnB,UAAU,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;YAC3C,MAAM,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC;QACrC,CAAC;QAED,MAAM,KAAK,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC/E,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,CAAC,IAAI,CAAC,CAAC;QAC9C,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,CAAC,KAAK,CAAC,EAAE,IAAI,CAAC,CAAC;QAChE,MAAM,MAAM,GAAG,CAAC,QAAQ,GAAG,CAAC,CAAC,GAAG,SAAS,CAAC;QAE1C,MAAM,KAAK,GACT,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,sCAAsC,KAAK,EAAE,CAAC,CAAC,GAAG,CAAC,GAAG,MAAM,CAG7E,CAAC,KAAK,CAAC;QAER,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE;aACjB,OAAO,CACN,sBAAsB,KAAK,kEAAkE,CAC9F;aACA,GAAG,CAAC,GAAG,MAAM,EAAE,SAAS,EAAE,MAAM,CAAa,CAAC;QAEjD,OAAO;YACL,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC;YAC5B,KAAK;YACL,IAAI,EAAE,QAAQ;YACd,KAAK,EAAE,SAAS;YAChB,OAAO,EAAE,MAAM,GAAG,SAAS,GAAG,KAAK;SACpC,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,qBAAqB,CAAC,OAAuD;QAC3E,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAC1B,iFAAiF,CAClF,CAAC;QACF,MAAM,SAAS,GAAG,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,CAAC,KAAqB,EAAE,EAAE;YAC9D,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;gBACtB,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;YAC5E,CAAC;QACH,CAAC,CAAC,CAAC;QACH,SAAS,CAAC,OAAO,CAAC,CAAC;IACrB,CAAC;IAED;;OAEG;IACH,eAAe,CAAC,SAAiB;QAC/B,MAAM,MAAM,GAAG,IAAI,CAAC,EAAE;aACnB,OAAO,CACN,4GAA4G,CAC7G;aACA,GAAG,CAAC,SAAS,CAAC,CAAC;QAClB,OAAO,MAAM,CAAC,OAAO,CAAC;IACxB,CAAC;IAED;;OAEG;IACH,gBAAgB,CAAC,SAAiB;QAChC,MAAM,MAAM,GAAG,IAAI,CAAC,EAAE;aACnB,OAAO,CAAC,8DAA8D,CAAC;aACvE,GAAG,CAAC,SAAS,CAAC,CAAC;QAClB,OAAO,MAAM,CAAC,OAAO,CAAC;IACxB,CAAC;IAED;;OAEG;IACH,kBAAkB;QAChB,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE;aACjB,OAAO,CAAC,gFAAgF,CAAC;aACzF,GAAG,EAA4C,CAAC;QACnD,MAAM,MAAM,GAA2B,EAAE,CAAC;QAC1C,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;YACrB,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC;QAC3B,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,mBAAmB,CAAC,KAAa;QAC/B,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE;aACjB,OAAO,CAAC,mFAAmF,CAAC;aAC5F,GAAG,CAAC,KAAK,CAAa,CAAC;QAC1B,OAAO,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IAC/B,CAAC;IAED;;OAEG;IACH,mBAAmB;QACjB,OACE,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,4DAA4D,CAAC,CAAC,GAAG,EAGlF,CAAC,KAAK,CAAC;IACV,CAAC;CACF"}

package/dist/query-handlers.d.ts ADDED Viewed

@@ -0,0 +1,40 @@
+/**
+ * Query Handlers for advanced analytics
+ * 進階分析查詢處理器
+ *
+ * Provides timeseries, geo distribution, trends, and MITRE heatmap queries.
+ *
+ * @module @panguard-ai/threat-cloud/query-handlers
+ */
+import type Database from 'better-sqlite3';
+import type { TimeSeriesPoint, GeoDistributionEntry, TrendEntry, MitreHeatmapEntry, EnhancedStats } from './types.js';
+export declare class QueryHandlers {
+    private readonly db;
+    constructor(db: Database.Database);
+    /**
+     * Time-series query: event counts grouped by time bucket.
+     * 時間序列查詢：依時間桶分組的事件計數
+     */
+    getTimeSeries(granularity?: 'hour' | 'day' | 'week', since?: string, attackType?: string): TimeSeriesPoint[];
+    /**
+     * Geographic distribution query.
+     * 地理分佈查詢
+     */
+    getGeoDistribution(since?: string): GeoDistributionEntry[];
+    /**
+     * Trend analysis: compare current period with previous period.
+     * 趨勢分析：比較當前與前一期間
+     */
+    getTrends(periodDays?: number): TrendEntry[];
+    /**
+     * MITRE ATT&CK technique heatmap.
+     * MITRE ATT&CK 技術熱力圖
+     */
+    getMitreHeatmap(since?: string): MitreHeatmapEntry[];
+    /**
+     * Enhanced stats combining all data sources.
+     * 增強統計：整合所有資料來源
+     */
+    getEnhancedStats(): EnhancedStats;
+}
+//# sourceMappingURL=query-handlers.d.ts.map

package/dist/query-handlers.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"query-handlers.d.ts","sourceRoot":"","sources":["../src/query-handlers.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,QAAQ,MAAM,gBAAgB,CAAC;AAC3C,OAAO,KAAK,EACV,eAAe,EACf,oBAAoB,EACpB,UAAU,EACV,iBAAiB,EACjB,aAAa,EACd,MAAM,YAAY,CAAC;AAEpB,qBAAa,aAAa;IACZ,OAAO,CAAC,QAAQ,CAAC,EAAE;gBAAF,EAAE,EAAE,QAAQ,CAAC,QAAQ;IAElD;;;OAGG;IACH,aAAa,CACX,WAAW,GAAE,MAAM,GAAG,KAAK,GAAG,MAAc,EAC5C,KAAK,CAAC,EAAE,MAAM,EACd,UAAU,CAAC,EAAE,MAAM,GAClB,eAAe,EAAE;IAkCpB;;;OAGG;IACH,kBAAkB,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,oBAAoB,EAAE;IAkC1D;;;OAGG;IACH,SAAS,CAAC,UAAU,GAAE,MAAU,GAAG,UAAU,EAAE;IAmD/C;;;OAGG;IACH,eAAe,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,iBAAiB,EAAE;IAiCpD;;;OAGG;IACH,gBAAgB,IAAI,aAAa;CAsGlC"}