secure-kit
Version:
Production-grade security + performance toolkit for backend frameworks with OWASP Top 10 compliance
133 lines • 3.99 kB
TypeScript
/// <reference types="node" />
import { EventEmitter } from 'events';
export interface SecurityEvent {
id: string;
timestamp: number;
type: SecurityEventType;
severity: 'low' | 'medium' | 'high' | 'critical';
source: string;
details: Record<string, any>;
metadata: {
userAgent?: string;
ip?: string;
userId?: string;
sessionId?: string;
requestId?: string;
};
}
export declare enum SecurityEventType {
RATE_LIMIT_EXCEEDED = "rate_limit_exceeded",
SUSPICIOUS_INPUT = "suspicious_input",
AUTHENTICATION_FAILURE = "authentication_failure",
UNAUTHORIZED_ACCESS = "unauthorized_access",
SQL_INJECTION_ATTEMPT = "sql_injection_attempt",
XSS_ATTEMPT = "xss_attempt",
CSRF_TOKEN_MISMATCH = "csrf_token_mismatch",
FILE_UPLOAD_VIOLATION = "file_upload_violation",
SECURITY_HEADER_MISSING = "security_header_missing",
MALFORMED_REQUEST = "malformed_request",
BRUTE_FORCE_ATTEMPT = "brute_force_attempt",
ANOMALOUS_BEHAVIOR = "anomalous_behavior"
}
export interface SecurityMetrics {
totalEvents: number;
eventsByType: Record<SecurityEventType, number>;
eventsBySeverity: Record<string, number>;
recentEvents: SecurityEvent[];
topSources: Array<{
source: string;
count: number;
}>;
alertThresholds: {
rateLimit: number;
authFailures: number;
injectionAttempts: number;
};
}
export interface ThreatDetectionRule {
id: string;
name: string;
description: string;
eventTypes: SecurityEventType[];
condition: (events: SecurityEvent[]) => boolean;
action: 'log' | 'alert' | 'block';
severity: 'low' | 'medium' | 'high' | 'critical';
cooldown: number;
}
export declare class SecurityMonitor extends EventEmitter {
private events;
private metrics;
private threatRules;
private lastRuleTrigger;
private maxEventsHistory;
constructor(config?: {
maxEventsHistory?: number;
threatDetectionRules?: ThreatDetectionRule[];
});
/**
* Record a security event
*/
recordEvent(event: Omit<SecurityEvent, 'id' | 'timestamp'>): SecurityEvent;
/**
* Get current security metrics
*/
getMetrics(): SecurityMetrics;
/**
* Get recent security events
*/
getRecentEvents(limit?: number): SecurityEvent[];
/**
* Get events by type
*/
getEventsByType(type: SecurityEventType, limit?: number): SecurityEvent[];
/**
* Get events by severity
*/
getEventsBySeverity(severity: SecurityEvent['severity'], limit?: number): SecurityEvent[];
/**
* Get events in time range
*/
getEventsInRange(startTime: number, endTime: number): SecurityEvent[];
/**
* Add a threat detection rule
*/
addThreatRule(rule: ThreatDetectionRule): void;
/**
* Remove a threat detection rule
*/
removeThreatRule(ruleId: string): void;
/**
* Check if IP/source is currently exhibiting suspicious behavior
*/
isSuspiciousSource(source: string, timeWindow?: number): boolean;
/**
* Generate security report for a time period
*/
generateReport(startTime: number, endTime: number): {
summary: {
totalEvents: number;
criticalEvents: number;
highSeverityEvents: number;
uniqueSources: number;
};
topThreats: Array<{
type: SecurityEventType;
count: number;
}>;
suspiciousSources: string[];
recommendations: string[];
};
/**
* Clear all events and reset metrics
*/
clear(): void;
private initializeMetrics;
private updateMetrics;
private updateTopSources;
private generateEventId;
private checkThreatRules;
private handleThreatDetection;
private loadDefaultThreatRules;
private generateRecommendations;
}
//# sourceMappingURL=security-monitor.d.ts.map