@panguard-ai/threat-cloud 0.2.0 → 0.2.1

package/dist/audit-logger.js

@@ -1,105 +0,0 @@
-/**
- * Audit Logger — provenance tracking for all write operations
- * 稽核日誌 — 所有寫入操作的溯源追蹤
- *
- * Every mutation (IoC create/update, sighting, threat upload, rule publish)
- * is logged with actor, IP, timestamp, and action details.
- *
- * @module @panguard-ai/threat-cloud/audit-logger
- */
-import { createHash } from 'node:crypto';
-function rowToEntry(row) {
-    return {
-        id: row.id,
-        action: row.action,
-        entityType: row.entity_type,
-        entityId: row.entity_id,
-        actorHash: row.actor_hash,
-        ipAddress: row.ip_address,
-        details: row.details,
-        createdAt: row.created_at,
-    };
-}
-export class AuditLogger {
-    db;
-    insertStmt;
-    constructor(db) {
-        this.db = db;
-        this.insertStmt = this.db.prepare(`INSERT INTO audit_log (action, entity_type, entity_id, actor_hash, ip_address, details)
-       VALUES (?, ?, ?, ?, ?, ?)`);
-    }
-    /**
-     * Log an auditable action.
-     * 記錄可稽核的操作
-     */
-    log(action, entityType, entityId, context = {}) {
-        this.insertStmt.run(action, entityType, entityId, context.actorHash ?? '', context.ipAddress ?? '', JSON.stringify(context.details ?? {}));
-    }
-    /**
-     * Hash an API key for audit logging (never log raw keys).
-     * 將 API key 雜湊化用於稽核日誌（永遠不記錄原始 key）
-     */
-    static hashApiKey(apiKey) {
-        if (!apiKey)
-            return '';
-        return createHash('sha256').update(apiKey).digest('hex').slice(0, 16);
-    }
-    /**
-     * Query audit log with filters.
-     * 查詢稽核日誌
-     */
-    query(params) {
-        const conditions = [];
-        const values = [];
-        if (params.action) {
-            conditions.push('action = ?');
-            values.push(params.action);
-        }
-        if (params.entityType) {
-            conditions.push('entity_type = ?');
-            values.push(params.entityType);
-        }
-        if (params.entityId) {
-            conditions.push('entity_id = ?');
-            values.push(params.entityId);
-        }
-        if (params.since) {
-            conditions.push('created_at > ?');
-            values.push(params.since);
-        }
-        const where = conditions.length > 0 ? `WHERE ${conditions.join(' AND ')}` : '';
-        const safeLimit = Math.min(Math.max(1, params.limit ?? 50), 500);
-        const total = this.db.prepare(`SELECT COUNT(*) as count FROM audit_log ${where}`).get(...values).count;
-        const rows = this.db
-            .prepare(`SELECT * FROM audit_log ${where} ORDER BY created_at DESC LIMIT ?`)
-            .all(...values, safeLimit);
-        return {
-            items: rows.map(rowToEntry),
-            total,
-            page: 1,
-            limit: safeLimit,
-            hasMore: safeLimit < total,
-        };
-    }
-    /**
-     * Get audit trail for a specific entity.
-     * 取得特定實體的稽核記錄
-     */
-    getEntityTrail(entityType, entityId) {
-        const rows = this.db
-            .prepare(`SELECT * FROM audit_log
-         WHERE entity_type = ? AND entity_id = ?
-         ORDER BY created_at ASC`)
-            .all(entityType, entityId);
-        return rows.map(rowToEntry);
-    }
-    /**
-     * Purge old audit entries beyond retention.
-     * 清除超齡的稽核記錄
-     */
-    purgeOldEntries(olderThan) {
-        const result = this.db.prepare('DELETE FROM audit_log WHERE created_at < ?').run(olderThan);
-        return result.changes;
-    }
-}
-//# sourceMappingURL=audit-logger.js.map

package/dist/audit-logger.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"audit-logger.js","sourceRoot":"","sources":["../src/audit-logger.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAgBzC,SAAS,UAAU,CAAC,GAAa;IAC/B,OAAO;QACL,EAAE,EAAE,GAAG,CAAC,EAAE;QACV,MAAM,EAAE,GAAG,CAAC,MAAqB;QACjC,UAAU,EAAE,GAAG,CAAC,WAAW;QAC3B,QAAQ,EAAE,GAAG,CAAC,SAAS;QACvB,SAAS,EAAE,GAAG,CAAC,UAAU;QACzB,SAAS,EAAE,GAAG,CAAC,UAAU;QACzB,OAAO,EAAE,GAAG,CAAC,OAAO;QACpB,SAAS,EAAE,GAAG,CAAC,UAAU;KAC1B,CAAC;AACJ,CAAC;AAED,MAAM,OAAO,WAAW;IAGO;IAFZ,UAAU,CAAqB;IAEhD,YAA6B,EAAqB;QAArB,OAAE,GAAF,EAAE,CAAmB;QAChD,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAC/B;iCAC2B,CAC5B,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,GAAG,CACD,MAAmB,EACnB,UAAkB,EAClB,QAAgB,EAChB,UAII,EAAE;QAEN,IAAI,CAAC,UAAU,CAAC,GAAG,CACjB,MAAM,EACN,UAAU,EACV,QAAQ,EACR,OAAO,CAAC,SAAS,IAAI,EAAE,EACvB,OAAO,CAAC,SAAS,IAAI,EAAE,EACvB,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,OAAO,IAAI,EAAE,CAAC,CACtC,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,MAAM,CAAC,UAAU,CAAC,MAAc;QAC9B,IAAI,CAAC,MAAM;YAAE,OAAO,EAAE,CAAC;QACvB,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACxE,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,MAAqB;QACzB,MAAM,UAAU,GAAa,EAAE,CAAC;QAChC,MAAM,MAAM,GAAc,EAAE,CAAC;QAE7B,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAClB,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YAC9B,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAC7B,CAAC;QACD,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;YACtB,UAAU,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;YACnC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QACjC,CAAC;QACD,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACpB,UAAU,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;YACjC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC/B,CAAC;QACD,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YACjB,UAAU,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;YAClC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC5B,CAAC;QAED,MAAM,KAAK,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC/E,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC;QAEjE,MAAM,KAAK,GACT,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,2CAA2C,KAAK,EAAE,CAAC,CAAC,GAAG,CAAC,GAAG,MAAM,CAGlF,CAAC,KAAK,CAAC;QAER,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE;aACjB,OAAO,CAAC,2BAA2B,KAAK,mCAAmC,CAAC;aAC5E,GAAG,CAAC,GAAG,MAAM,EAAE,SAAS,CAAe,CAAC;QAE3C,OAAO;YACL,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC;YAC3B,KAAK;YACL,IAAI,EAAE,CAAC;YACP,KAAK,EAAE,SAAS;YAChB,OAAO,EAAE,SAAS,GAAG,KAAK;SAC3B,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,cAAc,CAAC,UAAkB,EAAE,QAAgB;QACjD,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE;aACjB,OAAO,CACN;;iCAEyB,CAC1B;aACA,GAAG,CAAC,UAAU,EAAE,QAAQ,CAAe,CAAC;QAC3C,OAAO,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC9B,CAAC;IAED;;;OAGG;IACH,eAAe,CAAC,SAAiB;QAC/B,MAAM,MAAM,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,4CAA4C,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC5F,OAAO,MAAM,CAAC,OAAO,CAAC;IACxB,CAAC;CACF"}

package/dist/correlation-engine.d.ts

@@ -1,41 +0,0 @@
-/**
- * Threat Correlation Engine
- * 威脅關聯引擎
- *
- * Groups related threat events into campaigns based on:
- * 1. Same source IP within a time window (IP cluster)
- * 2. Same attack pattern across multiple IPs (pattern cluster)
- *
- * @module @panguard-ai/threat-cloud/correlation-engine
- */
-import type Database from 'better-sqlite3';
-import type { CorrelationConfig, Campaign, CampaignScanResult, CampaignStats, PaginationParams, PaginatedResponse, EnrichedThreatEvent } from './types.js';
-export declare class CorrelationEngine {
-    private readonly db;
-    private readonly config;
-    constructor(db: Database.Database, config?: Partial<CorrelationConfig>);
-    /** Create campaigns table if not exists / 建立 campaigns 表 */
-    private ensureTable;
-    /**
-     * Scan for new campaigns in uncorrelated events.
-     * 掃描未關聯的事件，建立新的攻擊活動
-     */
-    scanForCampaigns(): CampaignScanResult;
-    /** Get campaign by ID / 取得 campaign */
-    getCampaign(campaignId: string): Campaign | null;
-    /** List campaigns / 列表 campaigns */
-    listCampaigns(pagination: PaginationParams, status?: string): PaginatedResponse<Campaign>;
-    /** Get campaign events / 取得 campaign 事件 */
-    getCampaignEvents(campaignId: string): EnrichedThreatEvent[];
-    /** Get campaign statistics / 取得攻擊活動統計 */
-    getCampaignStats(): CampaignStats;
-    /** Cluster events by time window / 依時間窗口聚類事件 */
-    private clusterByTimeWindow;
-    /** Generate deterministic campaign ID / 產生確定性 campaign ID */
-    private generateCampaignId;
-    /** Pick the maximum severity / 選擇最高嚴重度 */
-    private pickMaxSeverity;
-    /** Upsert campaign / 新增或更新攻擊活動 */
-    private upsertCampaign;
-}
-//# sourceMappingURL=correlation-engine.d.ts.map

package/dist/correlation-engine.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"correlation-engine.d.ts","sourceRoot":"","sources":["../src/correlation-engine.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAGH,OAAO,KAAK,QAAQ,MAAM,gBAAgB,CAAC;AAC3C,OAAO,KAAK,EACV,iBAAiB,EACjB,QAAQ,EACR,kBAAkB,EAClB,aAAa,EACb,gBAAgB,EAChB,iBAAiB,EACjB,mBAAmB,EACpB,MAAM,YAAY,CAAC;AAgDpB,qBAAa,iBAAiB;IAI1B,OAAO,CAAC,QAAQ,CAAC,EAAE;IAHrB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAoB;gBAGxB,EAAE,EAAE,QAAQ,CAAC,QAAQ,EACtC,MAAM,CAAC,EAAE,OAAO,CAAC,iBAAiB,CAAC;IAMrC,4DAA4D;IAC5D,OAAO,CAAC,WAAW;IAuBnB;;;OAGG;IACH,gBAAgB,IAAI,kBAAkB;IAiJtC,uCAAuC;IACvC,WAAW,CAAC,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,IAAI;IAOhD,oCAAoC;IACpC,aAAa,CAAC,UAAU,EAAE,gBAAgB,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,iBAAiB,CAAC,QAAQ,CAAC;IAyBzF,2CAA2C;IAC3C,iBAAiB,CAAC,UAAU,EAAE,MAAM,GAAG,mBAAmB,EAAE;IA2B5D,yCAAyC;IACzC,gBAAgB,IAAI,aAAa;IAmCjC,gDAAgD;IAChD,OAAO,CAAC,mBAAmB;IAoB3B,6DAA6D;IAC7D,OAAO,CAAC,kBAAkB;IAO1B,0CAA0C;IAC1C,OAAO,CAAC,eAAe;IAQvB,kCAAkC;IAClC,OAAO,CAAC,cAAc;CA+BvB"}

package/dist/correlation-engine.js

@@ -1,313 +0,0 @@
-/**
- * Threat Correlation Engine
- * 威脅關聯引擎
- *
- * Groups related threat events into campaigns based on:
- * 1. Same source IP within a time window (IP cluster)
- * 2. Same attack pattern across multiple IPs (pattern cluster)
- *
- * @module @panguard-ai/threat-cloud/correlation-engine
- */
-import { createHash } from 'node:crypto';
-/** Default config / 預設配置 */
-const DEFAULT_CONFIG = {
-    timeWindowMinutes: 60,
-    minEventsForCampaign: 3,
-    minIPsForPatternCampaign: 5,
-    scanWindowHours: 24,
-};
-/** Convert DB row to Campaign / 轉換 DB 列 */
-function rowToCampaign(row) {
-    return {
-        campaignId: row.campaign_id,
-        name: row.name,
-        campaignType: row.campaign_type,
-        firstSeen: row.first_seen,
-        lastSeen: row.last_seen,
-        eventCount: row.event_count,
-        uniqueIPs: row.unique_ips,
-        attackTypes: JSON.parse(row.attack_types),
-        mitreTechniques: JSON.parse(row.mitre_techniques),
-        regions: JSON.parse(row.regions),
-        severity: row.severity,
-        status: row.status,
-        createdAt: row.created_at,
-        updatedAt: row.updated_at,
-    };
-}
-export class CorrelationEngine {
-    db;
-    config;
-    constructor(db, config) {
-        this.db = db;
-        this.config = { ...DEFAULT_CONFIG, ...config };
-        this.ensureTable();
-    }
-    /** Create campaigns table if not exists / 建立 campaigns 表 */
-    ensureTable() {
-        this.db.exec(`
-      CREATE TABLE IF NOT EXISTS campaigns (
-        campaign_id TEXT PRIMARY KEY,
-        name TEXT NOT NULL,
-        campaign_type TEXT NOT NULL CHECK(campaign_type IN ('ip_cluster','pattern_cluster','manual')),
-        first_seen TEXT NOT NULL,
-        last_seen TEXT NOT NULL,
-        event_count INTEGER NOT NULL DEFAULT 0,
-        unique_ips INTEGER NOT NULL DEFAULT 0,
-        attack_types TEXT NOT NULL DEFAULT '[]',
-        mitre_techniques TEXT NOT NULL DEFAULT '[]',
-        regions TEXT NOT NULL DEFAULT '[]',
-        severity TEXT NOT NULL DEFAULT 'medium',
-        status TEXT NOT NULL DEFAULT 'active' CHECK(status IN ('active','resolved','false_positive')),
-        created_at TEXT NOT NULL DEFAULT (datetime('now')),
-        updated_at TEXT NOT NULL DEFAULT (datetime('now'))
-      );
-      CREATE INDEX IF NOT EXISTS idx_campaigns_status ON campaigns(status);
-      CREATE INDEX IF NOT EXISTS idx_campaigns_last_seen ON campaigns(last_seen);
-    `);
-    }
-    /**
-     * Scan for new campaigns in uncorrelated events.
-     * 掃描未關聯的事件，建立新的攻擊活動
-     */
-    scanForCampaigns() {
-        const startTime = Date.now();
-        let newCampaigns = 0;
-        const updatedCampaigns = 0;
-        let eventsCorrelated = 0;
-        const sinceDate = new Date(Date.now() - this.config.scanWindowHours * 60 * 60 * 1000).toISOString();
-        // Fetch uncorrelated events within scan window
-        const events = this.db
-            .prepare(`SELECT id, attack_source_ip, attack_type, mitre_techniques, timestamp, region, severity
-         FROM enriched_threats
-         WHERE campaign_id IS NULL AND received_at > ?
-         ORDER BY timestamp ASC`)
-            .all(sinceDate);
-        if (events.length === 0) {
-            return {
-                newCampaigns: 0,
-                updatedCampaigns: 0,
-                eventsCorrelated: 0,
-                duration: Date.now() - startTime,
-            };
-        }
-        // --- IP Cluster detection ---
-        const byIP = new Map();
-        for (const e of events) {
-            const list = byIP.get(e.attack_source_ip) ?? [];
-            list.push(e);
-            byIP.set(e.attack_source_ip, list);
-        }
-        const assignedIds = new Set();
-        const updateCampaignId = this.db.prepare('UPDATE enriched_threats SET campaign_id = ? WHERE id = ?');
-        this.db.transaction(() => {
-            for (const [ip, ipEvents] of byIP) {
-                if (ipEvents.length < this.config.minEventsForCampaign)
-                    continue;
-                // Check time window clustering
-                const clustered = this.clusterByTimeWindow(ipEvents);
-                for (const cluster of clustered) {
-                    if (cluster.length < this.config.minEventsForCampaign)
-                        continue;
-                    const campaignId = this.generateCampaignId(cluster.map((e) => e.id));
-                    const attackTypes = [...new Set(cluster.map((e) => e.attack_type))];
-                    const allTechniques = cluster.flatMap((e) => JSON.parse(e.mitre_techniques));
-                    const techniques = [...new Set(allTechniques)];
-                    const regions = [...new Set(cluster.map((e) => e.region))];
-                    const timestamps = cluster.map((e) => e.timestamp).sort();
-                    const maxSeverity = this.pickMaxSeverity(cluster.map((e) => e.severity));
-                    this.upsertCampaign({
-                        campaignId,
-                        name: `IP ${ip}: ${attackTypes.join(', ')}`,
-                        campaignType: 'ip_cluster',
-                        firstSeen: timestamps[0],
-                        lastSeen: timestamps[timestamps.length - 1],
-                        eventCount: cluster.length,
-                        uniqueIPs: 1,
-                        attackTypes,
-                        mitreTechniques: techniques,
-                        regions,
-                        severity: maxSeverity,
-                    });
-                    for (const e of cluster) {
-                        updateCampaignId.run(campaignId, e.id);
-                        assignedIds.add(e.id);
-                    }
-                    newCampaigns++;
-                    eventsCorrelated += cluster.length;
-                }
-            }
-            // --- Pattern Cluster detection ---
-            const unassigned = events.filter((e) => !assignedIds.has(e.id));
-            const byPattern = new Map();
-            for (const e of unassigned) {
-                const techniques = JSON.parse(e.mitre_techniques).sort().join(',');
-                const key = `${e.attack_type}|${techniques}`;
-                const list = byPattern.get(key) ?? [];
-                list.push(e);
-                byPattern.set(key, list);
-            }
-            for (const [pattern, patternEvents] of byPattern) {
-                const distinctIPs = new Set(patternEvents.map((e) => e.attack_source_ip));
-                if (distinctIPs.size < this.config.minIPsForPatternCampaign)
-                    continue;
-                const campaignId = this.generateCampaignId(patternEvents.map((e) => e.id));
-                const [attackType] = pattern.split('|');
-                const allTechniques = patternEvents.flatMap((e) => JSON.parse(e.mitre_techniques));
-                const techniques = [...new Set(allTechniques)];
-                const regions = [...new Set(patternEvents.map((e) => e.region))];
-                const timestamps = patternEvents.map((e) => e.timestamp).sort();
-                const maxSeverity = this.pickMaxSeverity(patternEvents.map((e) => e.severity));
-                this.upsertCampaign({
-                    campaignId,
-                    name: `Pattern: ${attackType} from ${distinctIPs.size} IPs`,
-                    campaignType: 'pattern_cluster',
-                    firstSeen: timestamps[0],
-                    lastSeen: timestamps[timestamps.length - 1],
-                    eventCount: patternEvents.length,
-                    uniqueIPs: distinctIPs.size,
-                    attackTypes: [attackType],
-                    mitreTechniques: techniques,
-                    regions,
-                    severity: maxSeverity,
-                });
-                for (const e of patternEvents) {
-                    updateCampaignId.run(campaignId, e.id);
-                }
-                newCampaigns++;
-                eventsCorrelated += patternEvents.length;
-            }
-        })();
-        return {
-            newCampaigns,
-            updatedCampaigns,
-            eventsCorrelated,
-            duration: Date.now() - startTime,
-        };
-    }
-    /** Get campaign by ID / 取得 campaign */
-    getCampaign(campaignId) {
-        const row = this.db.prepare('SELECT * FROM campaigns WHERE campaign_id = ?').get(campaignId);
-        return row ? rowToCampaign(row) : null;
-    }
-    /** List campaigns / 列表 campaigns */
-    listCampaigns(pagination, status) {
-        const where = status ? 'WHERE status = ?' : '';
-        const params = status ? [status] : [];
-        const safeLimit = Math.min(Math.max(1, pagination.limit), 1000);
-        const offset = (Math.max(1, pagination.page) - 1) * safeLimit;
-        const total = this.db.prepare(`SELECT COUNT(*) as count FROM campaigns ${where}`).get(...params).count;
-        const rows = this.db
-            .prepare(`SELECT * FROM campaigns ${where} ORDER BY last_seen DESC LIMIT ? OFFSET ?`)
-            .all(...params, safeLimit, offset);
-        return {
-            items: rows.map(rowToCampaign),
-            total,
-            page: pagination.page,
-            limit: safeLimit,
-            hasMore: offset + safeLimit < total,
-        };
-    }
-    /** Get campaign events / 取得 campaign 事件 */
-    getCampaignEvents(campaignId) {
-        const rows = this.db
-            .prepare('SELECT * FROM enriched_threats WHERE campaign_id = ? ORDER BY timestamp ASC')
-            .all(campaignId);
-        return rows.map((r) => ({
-            id: r['id'],
-            sourceType: r['source_type'],
-            attackSourceIP: r['attack_source_ip'],
-            attackType: r['attack_type'],
-            mitreTechniques: JSON.parse(r['mitre_techniques']),
-            sigmaRuleMatched: r['sigma_rule_matched'],
-            timestamp: r['timestamp'],
-            industry: r['industry'],
-            region: r['region'],
-            confidence: r['confidence'],
-            severity: r['severity'],
-            serviceType: r['service_type'],
-            skillLevel: r['skill_level'],
-            intent: r['intent'],
-            tools: r['tools'] ? JSON.parse(r['tools']) : undefined,
-            eventHash: r['event_hash'],
-            receivedAt: r['received_at'],
-            campaignId: r['campaign_id'],
-        }));
-    }
-    /** Get campaign statistics / 取得攻擊活動統計 */
-    getCampaignStats() {
-        const total = this.db.prepare('SELECT COUNT(*) as count FROM campaigns').get().count;
-        const active = this.db.prepare("SELECT COUNT(*) as count FROM campaigns WHERE status = 'active'").get().count;
-        const correlated = this.db
-            .prepare('SELECT COUNT(*) as count FROM enriched_threats WHERE campaign_id IS NOT NULL')
-            .get().count;
-        const topTypes = this.db
-            .prepare(`SELECT attack_type as type, COUNT(*) as count
-         FROM enriched_threats WHERE campaign_id IS NOT NULL
-         GROUP BY attack_type ORDER BY count DESC LIMIT 10`)
-            .all();
-        return {
-            totalCampaigns: total,
-            activeCampaigns: active,
-            totalCorrelatedEvents: correlated,
-            topAttackTypes: topTypes,
-        };
-    }
-    // -------------------------------------------------------------------------
-    // Private helpers / 私有輔助方法
-    // -------------------------------------------------------------------------
-    /** Cluster events by time window / 依時間窗口聚類事件 */
-    clusterByTimeWindow(events) {
-        if (events.length === 0)
-            return [];
-        const sorted = [...events].sort((a, b) => a.timestamp.localeCompare(b.timestamp));
-        const windowMs = this.config.timeWindowMinutes * 60 * 1000;
-        const clusters = [[sorted[0]]];
-        for (let i = 1; i < sorted.length; i++) {
-            const current = new Date(sorted[i].timestamp).getTime();
-            const clusterStart = new Date(clusters[clusters.length - 1][0].timestamp).getTime();
-            if (current - clusterStart <= windowMs) {
-                clusters[clusters.length - 1].push(sorted[i]);
-            }
-            else {
-                clusters.push([sorted[i]]);
-            }
-        }
-        return clusters;
-    }
-    /** Generate deterministic campaign ID / 產生確定性 campaign ID */
-    generateCampaignId(eventIds) {
-        const sorted = [...eventIds].sort((a, b) => a - b);
-        const hash = createHash('sha256').update(sorted.join(',')).digest('hex').slice(0, 8);
-        const date = new Date().toISOString().slice(0, 10).replace(/-/g, '');
-        return `C-${date}-${hash}`;
-    }
-    /** Pick the maximum severity / 選擇最高嚴重度 */
-    pickMaxSeverity(severities) {
-        const order = ['critical', 'high', 'medium', 'low'];
-        for (const s of order) {
-            if (severities.includes(s))
-                return s;
-        }
-        return 'medium';
-    }
-    /** Upsert campaign / 新增或更新攻擊活動 */
-    upsertCampaign(c) {
-        this.db
-            .prepare(`INSERT INTO campaigns
-          (campaign_id, name, campaign_type, first_seen, last_seen, event_count, unique_ips,
-           attack_types, mitre_techniques, regions, severity)
-        VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
-        ON CONFLICT(campaign_id) DO UPDATE SET
-          last_seen = excluded.last_seen,
-          event_count = excluded.event_count,
-          unique_ips = excluded.unique_ips,
-          attack_types = excluded.attack_types,
-          mitre_techniques = excluded.mitre_techniques,
-          regions = excluded.regions,
-          severity = excluded.severity,
-          updated_at = datetime('now')`)
-            .run(c.campaignId, c.name, c.campaignType, c.firstSeen, c.lastSeen, c.eventCount, c.uniqueIPs, JSON.stringify(c.attackTypes), JSON.stringify(c.mitreTechniques), JSON.stringify(c.regions), c.severity);
-    }
-}
-//# sourceMappingURL=correlation-engine.js.map

package/dist/correlation-engine.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"correlation-engine.js","sourceRoot":"","sources":["../src/correlation-engine.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAYzC,4BAA4B;AAC5B,MAAM,cAAc,GAAsB;IACxC,iBAAiB,EAAE,EAAE;IACrB,oBAAoB,EAAE,CAAC;IACvB,wBAAwB,EAAE,CAAC;IAC3B,eAAe,EAAE,EAAE;CACpB,CAAC;AAoBF,2CAA2C;AAC3C,SAAS,aAAa,CAAC,GAAgB;IACrC,OAAO;QACL,UAAU,EAAE,GAAG,CAAC,WAAW;QAC3B,IAAI,EAAE,GAAG,CAAC,IAAI;QACd,YAAY,EAAE,GAAG,CAAC,aAAyC;QAC3D,SAAS,EAAE,GAAG,CAAC,UAAU;QACzB,QAAQ,EAAE,GAAG,CAAC,SAAS;QACvB,UAAU,EAAE,GAAG,CAAC,WAAW;QAC3B,SAAS,EAAE,GAAG,CAAC,UAAU;QACzB,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,YAAY,CAAa;QACrD,eAAe,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,gBAAgB,CAAa;QAC7D,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAa;QAC5C,QAAQ,EAAE,GAAG,CAAC,QAAQ;QACtB,MAAM,EAAE,GAAG,CAAC,MAA4B;QACxC,SAAS,EAAE,GAAG,CAAC,UAAU;QACzB,SAAS,EAAE,GAAG,CAAC,UAAU;KAC1B,CAAC;AACJ,CAAC;AAED,MAAM,OAAO,iBAAiB;IAIT;IAHF,MAAM,CAAoB;IAE3C,YACmB,EAAqB,EACtC,MAAmC;QADlB,OAAE,GAAF,EAAE,CAAmB;QAGtC,IAAI,CAAC,MAAM,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,MAAM,EAAE,CAAC;QAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;IACrB,CAAC;IAED,4DAA4D;IACpD,WAAW;QACjB,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC;;;;;;;;;;;;;;;;;;;KAmBZ,CAAC,CAAC;IACL,CAAC;IAED;;;OAGG;IACH,gBAAgB;QACd,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC7B,IAAI,YAAY,GAAG,CAAC,CAAC;QACrB,MAAM,gBAAgB,GAAG,CAAC,CAAC;QAC3B,IAAI,gBAAgB,GAAG,CAAC,CAAC;QAEzB,MAAM,SAAS,GAAG,IAAI,IAAI,CACxB,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,eAAe,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAC1D,CAAC,WAAW,EAAE,CAAC;QAEhB,+CAA+C;QAC/C,MAAM,MAAM,GAAG,IAAI,CAAC,EAAE;aACnB,OAAO,CACN;;;gCAGwB,CACzB;aACA,GAAG,CAAC,SAAS,CAQd,CAAC;QAEH,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxB,OAAO;gBACL,YAAY,EAAE,CAAC;gBACf,gBAAgB,EAAE,CAAC;gBACnB,gBAAgB,EAAE,CAAC;gBACnB,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;aACjC,CAAC;QACJ,CAAC;QAED,+BAA+B;QAC/B,MAAM,IAAI,GAAG,IAAI,GAAG,EAAyB,CAAC;QAC9C,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;YACvB,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC;YAChD,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACb,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,gBAAgB,EAAE,IAAI,CAAC,CAAC;QACrC,CAAC;QAED,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;QACtC,MAAM,gBAAgB,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CACtC,0DAA0D,CAC3D,CAAC;QAEF,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,GAAG,EAAE;YACvB,KAAK,MAAM,CAAC,EAAE,EAAE,QAAQ,CAAC,IAAI,IAAI,EAAE,CAAC;gBAClC,IAAI,QAAQ,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,oBAAoB;oBAAE,SAAS;gBAEjE,+BAA+B;gBAC/B,MAAM,SAAS,GAAG,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,CAAC;gBACrD,KAAK,MAAM,OAAO,IAAI,SAAS,EAAE,CAAC;oBAChC,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,oBAAoB;wBAAE,SAAS;oBAEhE,MAAM,UAAU,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;oBACrE,MAAM,WAAW,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;oBACpE,MAAM,aAAa,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,gBAAgB,CAAa,CAAC,CAAC;oBACzF,MAAM,UAAU,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC;oBAC/C,MAAM,OAAO,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;oBAC3D,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC;oBAC1D,MAAM,WAAW,GAAG,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;oBAEzE,IAAI,CAAC,cAAc,CAAC;wBAClB,UAAU;wBACV,IAAI,EAAE,MAAM,EAAE,KAAK,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;wBAC3C,YAAY,EAAE,YAAY;wBAC1B,SAAS,EAAE,UAAU,CAAC,CAAC,CAAE;wBACzB,QAAQ,EAAE,UAAU,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAE;wBAC5C,UAAU,EAAE,OAAO,CAAC,MAAM;wBAC1B,SAAS,EAAE,CAAC;wBACZ,WAAW;wBACX,eAAe,EAAE,UAAU;wBAC3B,OAAO;wBACP,QAAQ,EAAE,WAAW;qBACtB,CAAC,CAAC;oBAEH,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;wBACxB,gBAAgB,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;wBACvC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;oBACxB,CAAC;oBACD,YAAY,EAAE,CAAC;oBACf,gBAAgB,IAAI,OAAO,CAAC,MAAM,CAAC;gBACrC,CAAC;YACH,CAAC;YAED,oCAAoC;YACpC,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YAChE,MAAM,SAAS,GAAG,IAAI,GAAG,EAAyB,CAAC;YACnD,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;gBAC3B,MAAM,UAAU,GAAI,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,gBAAgB,CAAc,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACjF,MAAM,GAAG,GAAG,GAAG,CAAC,CAAC,WAAW,IAAI,UAAU,EAAE,CAAC;gBAC7C,MAAM,IAAI,GAAG,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;gBACtC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBACb,SAAS,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;YAC3B,CAAC;YAED,KAAK,MAAM,CAAC,OAAO,EAAE,aAAa,CAAC,IAAI,SAAS,EAAE,CAAC;gBACjD,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC;gBAC1E,IAAI,WAAW,CAAC,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,wBAAwB;oBAAE,SAAS;gBAEtE,MAAM,UAAU,GAAG,IAAI,CAAC,kBAAkB,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;gBAC3E,MAAM,CAAC,UAAU,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBACxC,MAAM,aAAa,GAAG,aAAa,CAAC,OAAO,CACzC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,gBAAgB,CAAa,CAClD,CAAC;gBACF,MAAM,UAAU,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC;gBAC/C,MAAM,OAAO,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;gBACjE,MAAM,UAAU,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC;gBAChE,MAAM,WAAW,GAAG,IAAI,CAAC,eAAe,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;gBAE/E,IAAI,CAAC,cAAc,CAAC;oBAClB,UAAU;oBACV,IAAI,EAAE,YAAY,UAAU,SAAS,WAAW,CAAC,IAAI,MAAM;oBAC3D,YAAY,EAAE,iBAAiB;oBAC/B,SAAS,EAAE,UAAU,CAAC,CAAC,CAAE;oBACzB,QAAQ,EAAE,UAAU,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAE;oBAC5C,UAAU,EAAE,aAAa,CAAC,MAAM;oBAChC,SAAS,EAAE,WAAW,CAAC,IAAI;oBAC3B,WAAW,EAAE,CAAC,UAAW,CAAC;oBAC1B,eAAe,EAAE,UAAU;oBAC3B,OAAO;oBACP,QAAQ,EAAE,WAAW;iBACtB,CAAC,CAAC;gBAEH,KAAK,MAAM,CAAC,IAAI,aAAa,EAAE,CAAC;oBAC9B,gBAAgB,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;gBACzC,CAAC;gBACD,YAAY,EAAE,CAAC;gBACf,gBAAgB,IAAI,aAAa,CAAC,MAAM,CAAC;YAC3C,CAAC;QACH,CAAC,CAAC,EAAE,CAAC;QAEL,OAAO;YACL,YAAY;YACZ,gBAAgB;YAChB,gBAAgB;YAChB,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;SACjC,CAAC;IACJ,CAAC;IAED,uCAAuC;IACvC,WAAW,CAAC,UAAkB;QAC5B,MAAM,GAAG,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,+CAA+C,CAAC,CAAC,GAAG,CAAC,UAAU,CAE9E,CAAC;QACd,OAAO,GAAG,CAAC,CAAC,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACzC,CAAC;IAED,oCAAoC;IACpC,aAAa,CAAC,UAA4B,EAAE,MAAe;QACzD,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,EAAE,CAAC;QAC/C,MAAM,MAAM,GAAc,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QACjD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,CAAC,KAAK,CAAC,EAAE,IAAI,CAAC,CAAC;QAChE,MAAM,MAAM,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,SAAS,CAAC;QAE9D,MAAM,KAAK,GACT,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,2CAA2C,KAAK,EAAE,CAAC,CAAC,GAAG,CAAC,GAAG,MAAM,CAGlF,CAAC,KAAK,CAAC;QAER,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE;aACjB,OAAO,CAAC,2BAA2B,KAAK,2CAA2C,CAAC;aACpF,GAAG,CAAC,GAAG,MAAM,EAAE,SAAS,EAAE,MAAM,CAAkB,CAAC;QAEtD,OAAO;YACL,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC;YAC9B,KAAK;YACL,IAAI,EAAE,UAAU,CAAC,IAAI;YACrB,KAAK,EAAE,SAAS;YAChB,OAAO,EAAE,MAAM,GAAG,SAAS,GAAG,KAAK;SACpC,CAAC;IACJ,CAAC;IAED,2CAA2C;IAC3C,iBAAiB,CAAC,UAAkB;QAClC,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE;aACjB,OAAO,CAAC,6EAA6E,CAAC;aACtF,GAAG,CAAC,UAAU,CAAmC,CAAC;QAErD,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACtB,EAAE,EAAE,CAAC,CAAC,IAAI,CAAW;YACrB,UAAU,EAAE,CAAC,CAAC,aAAa,CAAsC;YACjE,cAAc,EAAE,CAAC,CAAC,kBAAkB,CAAW;YAC/C,UAAU,EAAE,CAAC,CAAC,aAAa,CAAW;YACtC,eAAe,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,kBAAkB,CAAW,CAAa;YACxE,gBAAgB,EAAE,CAAC,CAAC,oBAAoB,CAAW;YACnD,SAAS,EAAE,CAAC,CAAC,WAAW,CAAW;YACnC,QAAQ,EAAE,CAAC,CAAC,UAAU,CAAuB;YAC7C,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAW;YAC7B,UAAU,EAAE,CAAC,CAAC,YAAY,CAAW;YACrC,QAAQ,EAAE,CAAC,CAAC,UAAU,CAAW;YACjC,WAAW,EAAE,CAAC,CAAC,cAAc,CAAuB;YACpD,UAAU,EAAE,CAAC,CAAC,aAAa,CAAuB;YAClD,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAuB;YACzC,KAAK,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAW,CAAc,CAAC,CAAC,CAAC,SAAS;YAC9E,SAAS,EAAE,CAAC,CAAC,YAAY,CAAW;YACpC,UAAU,EAAE,CAAC,CAAC,aAAa,CAAW;YACtC,UAAU,EAAE,CAAC,CAAC,aAAa,CAAuB;SACnD,CAAC,CAAC,CAAC;IACN,CAAC;IAED,yCAAyC;IACzC,gBAAgB;QACd,MAAM,KAAK,GACT,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,yCAAyC,CAAC,CAAC,GAAG,EAC/D,CAAC,KAAK,CAAC;QACR,MAAM,MAAM,GACV,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,iEAAiE,CAAC,CAAC,GAAG,EAGvF,CAAC,KAAK,CAAC;QACR,MAAM,UAAU,GACd,IAAI,CAAC,EAAE;aACJ,OAAO,CAAC,8EAA8E,CAAC;aACvF,GAAG,EACP,CAAC,KAAK,CAAC;QAER,MAAM,QAAQ,GAAG,IAAI,CAAC,EAAE;aACrB,OAAO,CACN;;2DAEmD,CACpD;aACA,GAAG,EAA4C,CAAC;QAEnD,OAAO;YACL,cAAc,EAAE,KAAK;YACrB,eAAe,EAAE,MAAM;YACvB,qBAAqB,EAAE,UAAU;YACjC,cAAc,EAAE,QAAQ;SACzB,CAAC;IACJ,CAAC;IAED,4EAA4E;IAC5E,2BAA2B;IAC3B,4EAA4E;IAE5E,gDAAgD;IACxC,mBAAmB,CAAkC,MAAW;QACtE,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,EAAE,CAAC;QACnC,MAAM,MAAM,GAAG,CAAC,GAAG,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC;QAClF,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,iBAAiB,GAAG,EAAE,GAAG,IAAI,CAAC;QAC3D,MAAM,QAAQ,GAAU,CAAC,CAAC,MAAM,CAAC,CAAC,CAAE,CAAC,CAAC,CAAC;QAEvC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACvC,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC,CAAE,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAC;YACzD,MAAM,YAAY,GAAG,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAE,CAAC,CAAC,CAAE,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAC;YAEtF,IAAI,OAAO,GAAG,YAAY,IAAI,QAAQ,EAAE,CAAC;gBACvC,QAAQ,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAE,CAAC,CAAC;YAClD,CAAC;iBAAM,CAAC;gBACN,QAAQ,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAE,CAAC,CAAC,CAAC;YAC9B,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,6DAA6D;IACrD,kBAAkB,CAAC,QAAkB;QAC3C,MAAM,MAAM,GAAG,CAAC,GAAG,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QACnD,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QACrF,MAAM,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QACrE,OAAO,KAAK,IAAI,IAAI,IAAI,EAAE,CAAC;IAC7B,CAAC;IAED,0CAA0C;IAClC,eAAe,CAAC,UAAoB;QAC1C,MAAM,KAAK,GAAG,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;QACpD,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;YACtB,IAAI,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC;gBAAE,OAAO,CAAC,CAAC;QACvC,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,kCAAkC;IAC1B,cAAc,CAAC,CAAuD;QAC5E,IAAI,CAAC,EAAE;aACJ,OAAO,CACN;;;;;;;;;;;;uCAY+B,CAChC;aACA,GAAG,CACF,CAAC,CAAC,UAAU,EACZ,CAAC,CAAC,IAAI,EACN,CAAC,CAAC,YAAY,EACd,CAAC,CAAC,SAAS,EACX,CAAC,CAAC,QAAQ,EACV,CAAC,CAAC,UAAU,EACZ,CAAC,CAAC,SAAS,EACX,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,EAC7B,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,eAAe,CAAC,EACjC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,EACzB,CAAC,CAAC,QAAQ,CACX,CAAC;IACN,CAAC;CACF"}

package/dist/feed-distributor.d.ts

@@ -1,36 +0,0 @@
-/**
- * Feed Distributor
- * 情報分發模組
- *
- * Generates blocklists, IoC feeds, and agent update packages.
- *
- * @module @panguard-ai/threat-cloud/feed-distributor
- */
-import type Database from 'better-sqlite3';
-import type { IoCFeedResponse, AgentUpdatePackage } from './types.js';
-export declare class FeedDistributor {
-    private readonly db;
-    constructor(db: Database.Database);
-    /**
-     * Generate IP blocklist as plain text (one IP per line).
-     * Only includes redistributable IoCs to comply with feed licenses.
-     * 產生 IP 封鎖清單（僅包含可轉散佈的 IoC，遵守授權）
-     */
-    getIPBlocklist(minReputation?: number): string;
-    /**
-     * Generate domain blocklist as plain text.
-     * 產生 Domain 封鎖清單
-     */
-    getDomainBlocklist(minReputation?: number): string;
-    /**
-     * Generate JSON IoC feed.
-     * 產生 JSON IoC feed
-     */
-    getIoCFeed(minReputation?: number, limit?: number, since?: string): IoCFeedResponse;
-    /**
-     * Generate agent update package (rules + IoCs since a given timestamp).
-     * 產生 Agent 更新包
-     */
-    getAgentUpdate(since?: string): AgentUpdatePackage;
-}
-//# sourceMappingURL=feed-distributor.d.ts.map

package/dist/feed-distributor.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"feed-distributor.d.ts","sourceRoot":"","sources":["../src/feed-distributor.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,QAAQ,MAAM,gBAAgB,CAAC;AAC3C,OAAO,KAAK,EAEV,eAAe,EACf,kBAAkB,EAEnB,MAAM,YAAY,CAAC;AAEpB,qBAAa,eAAe;IACd,OAAO,CAAC,QAAQ,CAAC,EAAE;gBAAF,EAAE,EAAE,QAAQ,CAAC,QAAQ;IAElD;;;;OAIG;IACH,cAAc,CAAC,aAAa,GAAE,MAAW,GAAG,MAAM;IAgBlD;;;OAGG;IACH,kBAAkB,CAAC,aAAa,GAAE,MAAW,GAAG,MAAM;IAgBtD;;;OAGG;IACH,UAAU,CAAC,aAAa,GAAE,MAAW,EAAE,KAAK,GAAE,MAAa,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,eAAe;IA+C7F;;;OAGG;IACH,cAAc,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,kBAAkB;CA2DnD"}

package/dist/feed-distributor.js

@@ -1,125 +0,0 @@
-/**
- * Feed Distributor
- * 情報分發模組
- *
- * Generates blocklists, IoC feeds, and agent update packages.
- *
- * @module @panguard-ai/threat-cloud/feed-distributor
- */
-export class FeedDistributor {
-    db;
-    constructor(db) {
-        this.db = db;
-    }
-    /**
-     * Generate IP blocklist as plain text (one IP per line).
-     * Only includes redistributable IoCs to comply with feed licenses.
-     * 產生 IP 封鎖清單（僅包含可轉散佈的 IoC，遵守授權）
-     */
-    getIPBlocklist(minReputation = 70) {
-        const rows = this.db
-            .prepare(`SELECT normalized_value
-         FROM iocs
-         WHERE type = 'ip' AND status = 'active' AND reputation_score >= ?
-           AND (json_extract(metadata, '$.redistributable') != 'false'
-                OR json_extract(metadata, '$.redistributable') IS NULL
-                OR source NOT LIKE 'feed:%')
-         ORDER BY reputation_score DESC`)
-            .all(minReputation);
-        return rows.map((r) => r.normalized_value).join('\n');
-    }
-    /**
-     * Generate domain blocklist as plain text.
-     * 產生 Domain 封鎖清單
-     */
-    getDomainBlocklist(minReputation = 70) {
-        const rows = this.db
-            .prepare(`SELECT normalized_value
-         FROM iocs
-         WHERE type = 'domain' AND status = 'active' AND reputation_score >= ?
-           AND (json_extract(metadata, '$.redistributable') != 'false'
-                OR json_extract(metadata, '$.redistributable') IS NULL
-                OR source NOT LIKE 'feed:%')
-         ORDER BY reputation_score DESC`)
-            .all(minReputation);
-        return rows.map((r) => r.normalized_value).join('\n');
-    }
-    /**
-     * Generate JSON IoC feed.
-     * 產生 JSON IoC feed
-     */
-    getIoCFeed(minReputation = 50, limit = 1000, since) {
-        const conditions = ["status = 'active'", 'reputation_score >= ?'];
-        const params = [minReputation];
-        if (since) {
-            conditions.push('last_seen > ?');
-            params.push(since);
-        }
-        const safeLimit = Math.min(Math.max(1, limit), 10000);
-        const where = conditions.join(' AND ');
-        const rows = this.db
-            .prepare(`SELECT type, normalized_value, threat_type, reputation_score, confidence, last_seen, tags
-         FROM iocs
-         WHERE ${where}
-         ORDER BY reputation_score DESC
-         LIMIT ?`)
-            .all(...params, safeLimit);
-        const entries = rows.map((r) => ({
-            type: r.type,
-            value: r.normalized_value,
-            threatType: r.threat_type,
-            reputation: r.reputation_score,
-            confidence: r.confidence,
-            lastSeen: r.last_seen,
-            tags: JSON.parse(r.tags),
-        }));
-        return {
-            generatedAt: new Date().toISOString(),
-            totalEntries: entries.length,
-            entries,
-        };
-    }
-    /**
-     * Generate agent update package (rules + IoCs since a given timestamp).
-     * 產生 Agent 更新包
-     */
-    getAgentUpdate(since) {
-        const sinceDate = since ?? new Date(Date.now() - 24 * 60 * 60 * 1000).toISOString();
-        // Fetch new rules
-        const rules = this.db
-            .prepare(`SELECT rule_id as ruleId, rule_content as ruleContent, published_at as publishedAt, source
-         FROM rules
-         WHERE published_at > ?
-         ORDER BY published_at ASC`)
-            .all(sinceDate);
-        // Fetch high-reputation IoCs updated since
-        const iocRows = this.db
-            .prepare(`SELECT type, normalized_value, threat_type, reputation_score, confidence, last_seen, tags
-         FROM iocs
-         WHERE status = 'active' AND reputation_score >= 60 AND updated_at > ?
-         ORDER BY reputation_score DESC
-         LIMIT 500`)
-            .all(sinceDate);
-        const iocs = iocRows.map((r) => ({
-            type: r.type,
-            value: r.normalized_value,
-            threatType: r.threat_type,
-            reputation: r.reputation_score,
-            confidence: r.confidence,
-            lastSeen: r.last_seen,
-            tags: JSON.parse(r.tags),
-        }));
-        const totalActiveIoCs = this.db.prepare("SELECT COUNT(*) as count FROM iocs WHERE status = 'active'").get().count;
-        return {
-            generatedAt: new Date().toISOString(),
-            rules,
-            iocs,
-            stats: {
-                newRules: rules.length,
-                newIoCs: iocs.length,
-                totalActiveIoCs,
-            },
-        };
-    }
-}
-//# sourceMappingURL=feed-distributor.js.map

package/dist/feed-distributor.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"feed-distributor.js","sourceRoot":"","sources":["../src/feed-distributor.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAUH,MAAM,OAAO,eAAe;IACG;IAA7B,YAA6B,EAAqB;QAArB,OAAE,GAAF,EAAE,CAAmB;IAAG,CAAC;IAEtD;;;;OAIG;IACH,cAAc,CAAC,gBAAwB,EAAE;QACvC,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE;aACjB,OAAO,CACN;;;;;;wCAMgC,CACjC;aACA,GAAG,CAAC,aAAa,CAAwC,CAAC;QAE7D,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACxD,CAAC;IAED;;;OAGG;IACH,kBAAkB,CAAC,gBAAwB,EAAE;QAC3C,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE;aACjB,OAAO,CACN;;;;;;wCAMgC,CACjC;aACA,GAAG,CAAC,aAAa,CAAwC,CAAC;QAE7D,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACxD,CAAC;IAED;;;OAGG;IACH,UAAU,CAAC,gBAAwB,EAAE,EAAE,QAAgB,IAAI,EAAE,KAAc;QACzE,MAAM,UAAU,GAAG,CAAC,mBAAmB,EAAE,uBAAuB,CAAC,CAAC;QAClE,MAAM,MAAM,GAAc,CAAC,aAAa,CAAC,CAAC;QAE1C,IAAI,KAAK,EAAE,CAAC;YACV,UAAU,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;YACjC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACrB,CAAC;QAED,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,EAAE,KAAK,CAAC,CAAC;QACtD,MAAM,KAAK,GAAG,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAEvC,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE;aACjB,OAAO,CACN;;iBAES,KAAK;;iBAEL,CACV;aACA,GAAG,CAAC,GAAG,MAAM,EAAE,SAAS,CAQzB,CAAC;QAEH,MAAM,OAAO,GAAmB,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC/C,IAAI,EAAE,CAAC,CAAC,IAA4B;YACpC,KAAK,EAAE,CAAC,CAAC,gBAAgB;YACzB,UAAU,EAAE,CAAC,CAAC,WAAW;YACzB,UAAU,EAAE,CAAC,CAAC,gBAAgB;YAC9B,UAAU,EAAE,CAAC,CAAC,UAAU;YACxB,QAAQ,EAAE,CAAC,CAAC,SAAS;YACrB,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAa;SACrC,CAAC,CAAC,CAAC;QAEJ,OAAO;YACL,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACrC,YAAY,EAAE,OAAO,CAAC,MAAM;YAC5B,OAAO;SACR,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,cAAc,CAAC,KAAc;QAC3B,MAAM,SAAS,GAAG,KAAK,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;QAEpF,kBAAkB;QAClB,MAAM,KAAK,GAAG,IAAI,CAAC,EAAE;aAClB,OAAO,CACN;;;mCAG2B,CAC5B;aACA,GAAG,CAAC,SAAS,CAAsB,CAAC;QAEvC,2CAA2C;QAC3C,MAAM,OAAO,GAAG,IAAI,CAAC,EAAE;aACpB,OAAO,CACN;;;;mBAIW,CACZ;aACA,GAAG,CAAC,SAAS,CAQd,CAAC;QAEH,MAAM,IAAI,GAAmB,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC/C,IAAI,EAAE,CAAC,CAAC,IAA4B;YACpC,KAAK,EAAE,CAAC,CAAC,gBAAgB;YACzB,UAAU,EAAE,CAAC,CAAC,WAAW;YACzB,UAAU,EAAE,CAAC,CAAC,gBAAgB;YAC9B,UAAU,EAAE,CAAC,CAAC,UAAU;YACxB,QAAQ,EAAE,CAAC,CAAC,SAAS;YACrB,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAa;SACrC,CAAC,CAAC,CAAC;QAEJ,MAAM,eAAe,GACnB,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,4DAA4D,CAAC,CAAC,GAAG,EAGlF,CAAC,KAAK,CAAC;QAER,OAAO;YACL,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACrC,KAAK;YACL,IAAI;YACJ,KAAK,EAAE;gBACL,QAAQ,EAAE,KAAK,CAAC,MAAM;gBACtB,OAAO,EAAE,IAAI,CAAC,MAAM;gBACpB,eAAe;aAChB;SACF,CAAC;IACJ,CAAC;CACF"}