UNPKG

@iota-big3/sdk-security

Version:

Advanced security features including zero trust, quantum-safe crypto, and ML threat detection

86 lines 2.39 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
/** * Security Orchestration, Automation and Response (SOAR) * Automates security workflows and incident response */ import { EventEmitter } from 'events'; import { ThreatEvent } from '../threat-detection/ml-threat-detector'; export interface SecurityPlaybook { id: string; name: string; description: string; triggers: PlaybookTrigger[]; actions: PlaybookAction[]; conditions?: PlaybookCondition[]; enabled: boolean; } export interface PlaybookTrigger { type: 'threat' | 'alert' | 'schedule' | 'manual'; criteria: Record<string, any>; } export interface PlaybookAction { id: string; type: ActionType; parameters: Record<string, any>; order: number; continueOnError?: boolean; } export interface PlaybookCondition { field: string; operator: 'equals' | 'contains' | 'greater' | 'less'; value: any; } export declare enum ActionType { BLOCK_IP = "block_ip", ISOLATE_USER = "isolate_user", ROTATE_CREDENTIALS = "rotate_credentials", SCALE_INFRASTRUCTURE = "scale_infrastructure", NOTIFY_TEAM = "notify_team", CREATE_TICKET = "create_ticket", COLLECT_FORENSICS = "collect_forensics", APPLY_PATCH = "apply_patch", UPDATE_RULES = "update_rules", QUARANTINE_FILE = "quarantine_file" } export interface IncidentResponse { incidentId: string; threatEvent: ThreatEvent; playbook: SecurityPlaybook; actions: ActionResult[]; startTime: Date; endTime: Date; status: 'success' | 'partial' | 'failed'; } export interface ActionResult { actionId: string; type: ActionType; status: 'success' | 'failed' | 'skipped'; message?: string; executedAt: Date; } export declare class SecurityOrchestrator extends EventEmitter { private playbooks; private activeIncidents; private actionHandlers; constructor(); /** * Register a security playbook */ registerPlaybook(): void; /** * Handle threat event with automated response */ handleThreatEvent(threat: ThreatEvent): Promise<IncidentResponse[]>; /** * Execute a security playbook */ private executePlaybook; /** * Execute a single action */ private executeAction; /** * Initialize default security playbooks */ private initializeDefaultPlaybooks; } //# sourceMappingURL=security-orchestrator.d.ts.map