UNPKG

@iota-big3/sdk-security

Version:

Advanced security features including zero trust, quantum-safe crypto, and ML threat detection

148 lines 4.03 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
/** * Enhanced Security Scanner * Integrates SIEM platforms, vulnerability scanners, and security orchestration */ import { Scan, ScanType, SecurityScanner } from './security-scanner'; import { SecurityAction, SIEMConfig, SIEMEvent, ThreatIndicator, VulnerabilityScanResult } from './siem/types'; export interface EnhancedScannerConfig { siemConfigs?: SIEMConfig[]; vulnerabilityScanners?: Array<{ type: 'QUALYS' | 'NESSUS' | 'RAPID7' | 'OPENVAS'; enabled: boolean; apiEndpoint?: string; credentials?: any; }>; orchestration?: { enabled: boolean; autoRemediate: boolean; playbooks: SecurityPlaybook[]; }; threatIntelFeeds?: Array<{ name: string; url: string; apiKey?: string; refreshInterval: number; }>; waf?: { enabled: boolean; provider: 'CLOUDFLARE' | 'AWS_WAF' | 'AZURE_WAF' | 'CUSTOM'; rules: WAFRule[]; }; ddosProtection?: { enabled: boolean; thresholds: { requestsPerSecond: number; connectionLimit: number; bandwidthLimit: number; }; }; } export interface SecurityPlaybook { id: string; name: string; trigger: PlaybookTrigger; actions: SecurityAction[]; enabled: boolean; } export interface PlaybookTrigger { type: 'FINDING' | 'THRESHOLD' | 'PATTERN' | 'SCHEDULE'; condition: any; } export interface WAFRule { id: string; name: string; action: 'BLOCK' | 'ALLOW' | 'CHALLENGE' | 'LOG'; condition: { field: string; operator: string; value: any; }; priority: number; } export interface EnhancedScanResult extends Scan { correlatedEvents?: SIEMEvent[]; vulnerabilityResults?: VulnerabilityScanResult[]; threatMatches?: ThreatIndicator[]; actionsExecuted?: SecurityAction[]; riskScore?: number; } export declare class EnhancedSecurityScanner extends SecurityScanner { private config; private siemConnectors; private vulnerabilityScanners; private threatIntelFeeds; private activePlaybooks; private wafRules; private ddosMetrics; constructor(config?: EnhancedScannerConfig); /** * Initialize all security components */ private initializeComponents; /** * Enhanced scan with SIEM correlation and vulnerability scanning */ scan(type: ScanType, target: string, context?: string): Promise<EnhancedScanResult>; /** * Perform vulnerability scans across all configured scanners */ private performVulnerabilityScans; /** * Check threat intelligence feeds */ private checkThreatIntelligence; /** * Calculate overall risk score */ private calculateRiskScore; /** * Execute security playbooks based on findings */ private executePlaybooks; /** * WAF request filtering */ filterRequest(request: any): Promise<{ allowed: boolean; rule?: WAFRule; }>; /** * DDoS protection monitoring */ private startDDoSMonitoring; /** * Send event to all configured SIEM platforms */ private sendToSIEM; /** * Initialize threat intelligence feed */ private initializeThreatIntelFeed; /** * Update threat intelligence feed */ private updateThreatIntelFeed; /** * Helper methods */ private mapFindingsToSIEMSeverity; private mapThreatSeverityToSIEM; private matchesIndicator; private shouldTriggerPlaybook; private executeAction; private matchesWAFRule; private triggerDDoSMitigation; /** * Update DDoS metrics (would be called by network layer) */ updateDDoSMetrics(metrics: Partial<typeof this.ddosMetrics>): void; /** * Get current security posture */ getSecurityPosture(): Promise<any>; /** * Cleanup resources */ dispose(): Promise<void>; } //# sourceMappingURL=enhanced-security-scanner.d.ts.map