trojanhorse-js/dist/correlation/ThreatCorrelationEngine.d.ts

A comprehensive JavaScript library for fetching, managing, and analyzing global threat intelligence from multiple open-source feeds and security news sources. Unlike its mythological namesake, this Trojan protects your digital fortress.

import { ThreatIndicator } from '../types';
interface CorrelatedThreatData {
    relatedIndicators: ThreatIndicator[];
    crossReferences: CrossReference[];
    enrichmentData: EnrichmentData;
    riskFactors: RiskFactor[];
    patterns?: string[];
    correlationScore?: number;
    consensusLevel?: 'weak' | 'moderate' | 'strong' | 'consensus';
    riskScore?: number;
    sources?: string[];
    indicators?: ThreatIndicator[];
}
interface CrossReference {
    source: string;
    referenceType: 'similar_behavior' | 'same_campaign' | 'related_infrastructure';
    relatedValue: string;
    confidence: number;
}
interface EnrichmentData {
    asn?: {
        number: number;
        name: string;
        country: string;
    };
    geolocation?: {
        country: string;
        city: string;
        latitude?: number;
        longitude?: number;
    };
    dns?: {
        domain: string;
        reverseDns: string[];
    };
    reputation?: {
        overall: number;
        categories: string[];
    };
}
interface RiskFactor {
    factor: string;
    impact: 'low' | 'medium' | 'high' | 'critical';
    description: string;
    evidence: string[];
}
interface CorrelationConfig {
    minimumSources: number;
    consensusThreshold: number;
    temporalWindowDays: number;
    confidenceWeighting: Record<string, number>;
    enableGeolocationAnalysis: boolean;
    enablePatternDetection: boolean;
    riskScoreWeights: {
        consensus: number;
        recency: number;
        severity: number;
        sourceReliability: number;
    };
}
export declare class ThreatCorrelationEngine {
    private config;
    constructor(config?: Partial<CorrelationConfig>);
    correlate(indicators: ThreatIndicator[]): Promise<CorrelatedThreatData>;
    exportResult(result: CorrelatedThreatData, format?: 'json' | 'stix' | 'csv'): string;
    addIntegration(_name: string, _integration: any): void;
    shareResult(_result: CorrelatedThreatData, _platform: string): Promise<void>;
}
export {};
//# sourceMappingURL=ThreatCorrelationEngine.d.ts.map