/** * @fileoverview Attack Pattern Matcher with MITRE ATT&CK Integration * @module @nahisaho/musubix-security/intelligence/attack-pattern-matcher * * Provides MITRE ATT&CK framework integration, attack pattern recognition, * and technique mapping for security analysis. */ import type { Vulnerability, SourceLocation } from '../types/index.js'; /** * MITRE ATT&CK Tactic */ export type MitreTactic = 'reconnaissance' | 'resource-development' | 'initial-access' | 'execution' | 'persistence' | 'privilege-escalation' | 'defense-evasion' | 'credential-access' | 'discovery' | 'lateral-movement' | 'collection' | 'command-and-control' | 'exfiltration' | 'impact'; /** * MITRE ATT&CK Platform */ export type MitrePlatform = 'windows' | 'macos' | 'linux' | 'cloud' | 'containers' | 'network' | 'saas' | 'iaas' | 'office-365' | 'azure-ad' | 'google-workspace'; /** * MITRE ATT&CK Technique */ export interface MitreTechnique { /** Technique ID (e.g., T1059) */ id: string; /** Technique name */ name: string; /** Description */ description: string; /** Parent tactic(s) */ tactics: MitreTactic[]; /** Applicable platforms */ platforms: MitrePlatform[]; /** Detection methods */ detection: string[]; /** Mitigation strategies */ mitigations: string[]; /** Sub-techniques */ subTechniques?: MitreTechnique[]; /** Data sources for detection */ dataSources: string[]; /** External references */ references: string[]; } /** * Attack pattern definition */ export interface AttackPattern { /** Pattern ID */ id: string; /** Pattern name */ name: string; /** Description */ description: string; /** Code patterns (regex) */ patterns: string[]; /** Mapped MITRE technique IDs */ techniques: string[]; /** Severity */ severity: 'critical' | 'high' | 'medium' | 'low'; /** Confidence when matched */ confidence: number; /** Tags */ tags: string[]; /** Example code */ examples?: string[]; } /** * Pattern match result */ export interface PatternMatch { /** Match ID */ id: string; /** Matched pattern */ pattern: AttackPattern; /** Location in code */ location: SourceLocation; /** Matched code snippet */ codeSnippet: string; /** Match confidence (0-1) */ confidence: number; /** Mapped techniques */ techniques: MitreTechnique[]; /** Kill chain phase */ killChainPhase: string; /** Recommendations */ recommendations: string[]; } /** * Attack chain analysis */ export interface AttackChain { /** Chain ID */ id: string; /** Chain name */ name: string; /** Involved patterns */ patterns: PatternMatch[]; /** Kill chain stages covered */ killChainStages: string[]; /** Overall risk score */ riskScore: number; /** Attack narrative */ narrative: string; /** Detection gaps */ detectionGaps: string[]; /** Recommended mitigations */ mitigations: string[]; } /** * Attack Pattern Matcher options */ export interface AttackPatternMatcherOptions { /** Enable MITRE ATT&CK mapping */ enableMitreMapping?: boolean; /** Minimum confidence threshold */ minConfidence?: number; /** Enable attack chain analysis */ enableChainAnalysis?: boolean; /** Custom patterns */ customPatterns?: AttackPattern[]; /** Target platforms */ platforms?: MitrePlatform[]; } /** * Attack Pattern Matcher with MITRE ATT&CK integration */ export declare class AttackPatternMatcher { private options; private patterns; private techniques; constructor(options?: AttackPatternMatcherOptions); /** * Load built-in attack patterns */ private loadBuiltinPatterns; /** * Load MITRE ATT&CK techniques */ private loadMitreTechniques; /** * Add custom pattern */ addPattern(pattern: AttackPattern): void; /** * Remove pattern */ removePattern(patternId: string): boolean; /** * Get all patterns */ getPatterns(): AttackPattern[]; /** * Get pattern by ID */ getPattern(id: string): AttackPattern | undefined; /** * Get MITRE technique by ID */ getTechnique(id: string): MitreTechnique | undefined; /** * Get all techniques */ getAllTechniques(): MitreTechnique[]; /** * Get techniques by tactic */ getTechniquesByTactic(tactic: MitreTactic): MitreTechnique[]; /** * Match code against patterns */ matchCode(code: string, filePath: string): PatternMatch[]; /** * Generate recommendations based on pattern and techniques */ private generateRecommendations; /** * Map vulnerability to MITRE ATT&CK */ mapVulnerabilityToMitre(vulnerability: Vulnerability): MitreTechnique[]; /** * Analyze attack chain from multiple matches */ analyzeAttackChain(matches: PatternMatch[]): AttackChain | null; /** * Generate attack narrative */ private generateAttackNarrative; /** * Identify detection gaps */ private identifyDetectionGaps; /** * Get statistics */ getStatistics(): { totalPatterns: number; byCategory: Record; bySeverity: Record; totalTechniques: number; byTactic: Record; }; } /** * Create an AttackPatternMatcher instance */ export declare function createAttackPatternMatcher(options?: AttackPatternMatcherOptions): AttackPatternMatcher; /** * Quick pattern match */ export declare function quickPatternMatch(code: string, filePath: string): PatternMatch[]; /** * Map vulnerability to MITRE techniques */ export declare function mapToMitre(vulnerability: Vulnerability): MitreTechnique[]; /** * Get MITRE technique by ID */ export declare function getMitreTechnique(id: string): MitreTechnique | undefined; //# sourceMappingURL=attack-pattern-matcher.d.ts.map