trojanhorse-js/dist/integrations/SIEMConnector.d.ts

A comprehensive JavaScript library for fetching, managing, and analyzing global threat intelligence from multiple open-source feeds and security news sources. Unlike its mythological namesake, this Trojan protects your digital fortress.

/// <reference types="node" />
import { EventEmitter } from 'events';
import { AxiosInstance } from 'axios';
export interface SIEMConfig {
    type: 'splunk' | 'qradar' | 'elastic' | 'sentinel' | 'generic';
    endpoint: string;
    apiKey?: string;
    username?: string;
    password?: string;
    timeout?: number;
    retries?: number;
    batchSize?: number;
    flushInterval?: number;
}
export interface SIEMEvent {
    timestamp: Date;
    source: string;
    eventType: 'threat_detected' | 'indicator_added' | 'alert_generated';
    severity: 'low' | 'medium' | 'high' | 'critical';
    data: any;
    metadata?: Record<string, any>;
}
declare abstract class BaseSIEMConnector extends EventEmitter {
    protected config: SIEMConfig;
    protected httpClient: AxiosInstance;
    protected eventQueue: SIEMEvent[];
    constructor(config: SIEMConfig);
    private setupAuthentication;
    private setupInterceptors;
    abstract sendEvent(event: SIEMEvent): Promise<void>;
    abstract formatEvent(event: SIEMEvent): any;
    abstract validateConnection(): Promise<boolean>;
    sendEvents(events: SIEMEvent[]): Promise<void>;
    queueEvent(event: SIEMEvent): void;
    flushQueue(): Promise<void>;
    getQueueSize(): number;
}
declare class SplunkConnector extends BaseSIEMConnector {
    sendEvent(event: SIEMEvent): Promise<void>;
    formatEvent(event: SIEMEvent): any;
    validateConnection(): Promise<boolean>;
}
declare class QRadarConnector extends BaseSIEMConnector {
    sendEvent(event: SIEMEvent): Promise<void>;
    formatEvent(event: SIEMEvent): any;
    private mapSeverity;
    validateConnection(): Promise<boolean>;
}
declare class ElasticConnector extends BaseSIEMConnector {
    sendEvent(event: SIEMEvent): Promise<void>;
    formatEvent(event: SIEMEvent): any;
    validateConnection(): Promise<boolean>;
}
declare class SIEMManager extends EventEmitter {
    private connectors;
    addConnector(name: string, config: SIEMConfig): void;
    sendEvent(event: SIEMEvent, connectorNames?: string[]): Promise<void>;
    validateConnections(): Promise<Record<string, boolean>>;
    getConnector(name: string): BaseSIEMConnector | undefined;
    listConnectors(): string[];
}
export { BaseSIEMConnector, SplunkConnector, QRadarConnector, ElasticConnector, SIEMManager };
//# sourceMappingURL=SIEMConnector.d.ts.map