@iota-big3/sdk-security
Version:
Advanced security features including zero trust, quantum-safe crypto, and ML threat detection
68 lines • 2.13 kB
TypeScript
/**
* Log Forensics Analyzer
* Analyzes logs for anomalies, suspicious patterns, and timeline reconstruction
*/
import { EventEmitter } from 'events';
import { AnalysisResult, Artifact, ForensicAnalysisType, ForensicAnalyzer, ForensicEvidence } from '../types';
export declare class LogAnalyzer extends EventEmitter implements ForensicAnalyzer {
readonly type = ForensicAnalysisType.LOG;
private suspiciousPatterns;
private anomalyDetectors;
constructor();
/**
* Analyze log files
*/
analyze(evidence: ForensicEvidence): Promise<AnalysisResult>;
/**
* Validate log file
*/
validate(evidence: ForensicEvidence): Promise<boolean>;
/**
* Extract artifacts from logs
*/
extract(evidence: ForensicEvidence, options?: any): Promise<Artifact[]>;
/**
* Generate report
*/
generateReport(analysis: AnalysisResult): Promise<string>;
/**
* Export findings
*/
exportFindings(analysis: AnalysisResult, format: string): Promise<Buffer>;
/**
* Private helper methods
*/
private parseLogFile;
private detectAnomalies;
private analyzePatterns;
private analyzeTimeline;
private analyzeStatistics;
private extractSuspiciousLogs;
private runAnomalyDetection;
private detectVolumeSpike;
private detectTimeGaps;
private detectUnusualSources;
private detectErrorBursts;
private detectAfterHoursActivity;
private identifyPatterns;
private calculateStatistics;
private normalizeLogMessage;
private isPatternSuspicious;
private detectLogFormat;
private mapAnomalyToFindingType;
private getPatternSeverity;
private getPatternFindingType;
private formatPatternName;
private isPublicIP;
private generateConclusion;
private exportToSIEMFormat;
private exportToCSV;
private severityToNumber;
private extractSuspiciousEntries;
private extractIOCsFromLogs;
private extractTimelineData;
private generateMockLogEvents;
private generateLogMessage;
private parseLogMessage;
}
//# sourceMappingURL=log-analyzer.d.ts.map