@iota-big3/sdk-security/dist/siem/types.d.ts

Advanced security features including zero trust, quantum-safe crypto, and ML threat detection

/**
 * SIEM (Security Information and Event Management) Integration Types
 * Comprehensive types for enterprise SIEM platform integration
 */
import { SecuritySeverity } from '../types';
/**
 * Supported SIEM platforms
 */
export declare enum SIEMPlatform {
    SPLUNK = "SPLUNK",
    ELASTIC = "ELASTIC",
    QRADAR = "QRADAR",
    SENTINEL = "SENTINEL",
    SECURITY_HUB = "SECURITY_HUB",
    SUMO_LOGIC = "SUMO_LOGIC",
    DATADOG = "DATADOG",
    CUSTOM = "CUSTOM"
}
/**
 * SIEM event types
 */
export declare enum SIEMEventType {
    AUTHENTICATION = "AUTHENTICATION",
    AUTHORIZATION = "AUTHORIZATION",
    ACCESS = "ACCESS",
    THREAT = "THREAT",
    VULNERABILITY = "VULNERABILITY",
    COMPLIANCE = "COMPLIANCE",
    NETWORK = "NETWORK",
    APPLICATION = "APPLICATION",
    DATA = "DATA",
    SYSTEM = "SYSTEM"
}
/**
 * SIEM event severity matching CEF standards
 */
export declare enum SIEMSeverity {
    EMERGENCY = 0,// System is unusable
    ALERT = 1,// Action must be taken immediately
    CRITICAL = 2,// Critical conditions
    ERROR = 3,// Error conditions
    WARNING = 4,// Warning conditions
    NOTICE = 5,// Normal but significant condition
    INFORMATIONAL = 6,// Informational messages
    DEBUG = 7
}
/**
 * SIEM event structure (CEF compliant)
 */
export interface SIEMEvent {
    version: string;
    deviceVendor: string;
    deviceProduct: string;
    deviceVersion: string;
    signatureId: string;
    name: string;
    severity: SIEMSeverity;
    timestamp: Date;
    eventType: SIEMEventType;
    sourceAddress?: string;
    destinationAddress?: string;
    sourcePort?: number;
    destinationPort?: number;
    protocol?: string;
    userName?: string;
    userId?: string;
    sourceUserName?: string;
    destinationUserName?: string;
    message: string;
    action?: string;
    outcome?: 'SUCCESS' | 'FAILURE' | 'UNKNOWN';
    reason?: string;
    customFields?: Record<string, any>;
    correlationId?: string;
    sessionId?: string;
    transactionId?: string;
}
/**
 * SIEM connection configuration
 */
export interface SIEMConfig {
    platform: SIEMPlatform;
    enabled: boolean;
    endpoint: string;
    authentication: SIEMAuthentication;
    batchSize?: number;
    flushInterval?: number;
    retryAttempts?: number;
    timeout?: number;
    tls?: {
        enabled: boolean;
        certificate?: string;
        key?: string;
        ca?: string;
        rejectUnauthorized?: boolean;
    };
    filters?: SIEMEventFilter[];
    transformation?: SIEMTransformation;
}
/**
 * SIEM authentication methods
 */
export interface SIEMAuthentication {
    type: 'API_KEY' | 'BASIC' | 'OAUTH2' | 'TOKEN' | 'CERTIFICATE';
    credentials: {
        apiKey?: string;
        username?: string;
        password?: string;
        token?: string;
        clientId?: string;
        clientSecret?: string;
        certificatePath?: string;
        privateKeyPath?: string;
    };
}
/**
 * Event filtering configuration
 */
export interface SIEMEventFilter {
    field: keyof SIEMEvent;
    operator: 'equals' | 'contains' | 'startsWith' | 'endsWith' | 'regex' | 'in' | 'notIn';
    value: any;
    action: 'include' | 'exclude';
}
/**
 * Event transformation configuration
 */
export interface SIEMTransformation {
    format: 'CEF' | 'LEEF' | 'JSON' | 'SYSLOG' | 'CUSTOM';
    customTransformer?: (event: SIEMEvent) => any;
    fieldMapping?: Record<string, string>;
    enrichment?: Array<{
        field: string;
        source: 'ENV' | 'CONFIG' | 'FUNCTION';
        value: string | ((event: SIEMEvent) => any);
    }>;
}
/**
 * SIEM connector interface
 */
export interface SIEMConnector {
    platform: SIEMPlatform;
    connect(): Promise<void>;
    disconnect(): Promise<void>;
    sendEvent(event: SIEMEvent): Promise<void>;
    sendBatch(events: SIEMEvent[]): Promise<void>;
    query(query: SIEMQuery): Promise<SIEMQueryResult>;
    testConnection(): Promise<boolean>;
    getStatus(): SIEMConnectionStatus;
}
/**
 * SIEM query structure
 */
export interface SIEMQuery {
    query: string;
    timeRange?: {
        start: Date;
        end: Date;
    };
    limit?: number;
    fields?: string[];
}
/**
 * SIEM query result
 */
export interface SIEMQueryResult {
    total: number;
    events: SIEMEvent[];
    aggregations?: Record<string, any>;
}
/**
 * Connection status
 */
export interface SIEMConnectionStatus {
    connected: boolean;
    lastConnected?: Date;
    eventsSent: number;
    eventsQueued: number;
    errors: number;
    lastError?: string;
}
/**
 * Vulnerability scanner integration
 */
export interface VulnerabilityScanner {
    name: string;
    type: 'QUALYS' | 'NESSUS' | 'RAPID7' | 'OPENVAS' | 'CUSTOM';
    scan(target: string, options?: ScanOptions): Promise<VulnerabilityScanResult>;
    getReport(scanId: string): Promise<VulnerabilityReport>;
    scheduleScan(config: ScanScheduleConfig): Promise<string>;
}
/**
 * Scan options
 */
export interface ScanOptions {
    scanType: 'DISCOVERY' | 'VULNERABILITY' | 'COMPLIANCE' | 'WEB_APP' | 'MALWARE';
    profile?: string;
    credentials?: Record<string, any>;
    excludeHosts?: string[];
    ports?: string;
    intensity?: 'LIGHT' | 'NORMAL' | 'DEEP';
}
/**
 * Vulnerability scan result
 */
export interface VulnerabilityScanResult {
    scanId: string;
    status: 'QUEUED' | 'RUNNING' | 'COMPLETED' | 'FAILED';
    startTime: Date;
    endTime?: Date;
    hostsScanned: number;
    vulnerabilitiesFound: number;
    summary: {
        critical: number;
        high: number;
        medium: number;
        low: number;
        info: number;
    };
}
/**
 * Vulnerability report
 */
export interface VulnerabilityReport {
    scanId: string;
    generatedAt: Date;
    vulnerabilities: Vulnerability[];
    hosts: VulnerableHost[];
    compliance?: ComplianceStatus[];
}
/**
 * Vulnerability details
 */
export interface Vulnerability {
    id: string;
    cve?: string;
    cvss?: {
        version: string;
        score: number;
        vector: string;
    };
    severity: SecuritySeverity;
    title: string;
    description: string;
    solution?: string;
    references?: string[];
    affectedHosts: string[];
    firstDetected: Date;
    lastDetected: Date;
    exploitAvailable?: boolean;
    patchAvailable?: boolean;
}
/**
 * Vulnerable host information
 */
export interface VulnerableHost {
    hostname: string;
    ipAddress: string;
    operatingSystem?: string;
    vulnerabilities: string[];
    lastScanned: Date;
    riskScore: number;
}
/**
 * Compliance status
 */
export interface ComplianceStatus {
    standard: string;
    compliant: boolean;
    findings: number;
    checkedControls: number;
    totalControls: number;
}
/**
 * Scan schedule configuration
 */
export interface ScanScheduleConfig {
    name: string;
    targets: string[];
    scanType: string;
    schedule: string;
    enabled: boolean;
    notifications?: {
        email?: string[];
        webhook?: string;
    };
}
/**
 * Security orchestration action
 */
export interface SecurityAction {
    id: string;
    type: 'BLOCK' | 'ALLOW' | 'QUARANTINE' | 'ALERT' | 'REMEDIATE' | 'INVESTIGATE';
    target: string;
    reason: string;
    automated: boolean;
    status: 'PENDING' | 'EXECUTED' | 'FAILED';
    executedAt?: Date;
    executedBy?: string;
    result?: any;
}
/**
 * Threat intelligence feed
 */
export interface ThreatIntelFeed {
    name: string;
    type: 'IP' | 'DOMAIN' | 'URL' | 'FILE_HASH' | 'EMAIL';
    source: string;
    lastUpdated: Date;
    indicators: ThreatIndicator[];
}
/**
 * Threat indicator
 */
export interface ThreatIndicator {
    value: string;
    type: string;
    severity: SecuritySeverity;
    confidence: number;
    firstSeen: Date;
    lastSeen: Date;
    tags: string[];
    description?: string;
    references?: string[];
}
//# sourceMappingURL=types.d.ts.map