import { AttackTechnique } from '../ioc/types'; import { CampaignThreatActor, CampaignThreatFamily, CampaignVictims } from '../apt/types'; /** * File hash information in feed */ export interface FeedFileHash { sha256: string; md5: string; sha1: string; } /** * Similar file in feed */ export interface FeedSimilarFile { hash: FeedFileHash; fileSize: number; fileType: string; detect: string; } /** * Related file in feed IoC relation */ export interface FeedRelatedFile { hash: FeedFileHash; fileSize: number; fileType: string; detect: string; } /** * Contacted IP in feed */ export interface FeedContactedIP { ipv4: string; firstSeen: string; lastSeen: string; countryCode: string; detect: string; } /** * Contacted domain in feed */ export interface FeedContactedDomain { domain: string; firstSeen: string; lastSeen: string; detect: string; } /** * Contacted URL in feed */ export interface FeedContactedURL { url: string; firstSeen: string; lastSeen: string; } /** * IoC relation data in feed */ export interface FeedIoCRelation { droppedFiles: FeedRelatedFile[]; downloadedFiles: FeedRelatedFile[]; modifiedFiles: FeedRelatedFile[]; contactedIPs: FeedContactedIP[]; contactedDomains: FeedContactedDomain[]; contactedURLs: FeedContactedURL[]; } /** * APT IoC indicator lists in feed */ export interface FeedAPTIoCIndicator { files: string[]; domains: string[]; ips: string[]; urls: string[]; } /** * Campaign indicator file in feed */ export interface FeedCampaignIndicatorFile { hash: FeedFileHash; fileSize: number; fileType: string; tags: string[]; detect: string; firstSeen: string; lastSeen: string; threatTypes: string[]; } /** * Campaign indicator IP in feed */ export interface FeedCampaignIndicatorIP { ipv4: string; firstSeen: string; lastSeen: string; countryCode: string; detect: string; } /** * Campaign indicator domain in feed */ export interface FeedCampaignIndicatorDomain { domain: string; firstSeen: string; lastSeen: string; detect: string; } /** * Campaign indicator URL in feed */ export interface FeedCampaignIndicatorURL { url: string; firstSeen: string; lastSeen: string; } /** * Campaign indicators statistics in feed */ export interface FeedCampaignIndicatorsStatistics { files: number; ips: number; domains: number; urls: number; } /** * Campaign detailed indicators in feed */ export interface FeedCampaignDetailedIndicators { statistics: FeedCampaignIndicatorsStatistics; files: FeedCampaignIndicatorFile[]; ips: FeedCampaignIndicatorIP[]; domains: FeedCampaignIndicatorDomain[]; urls: FeedCampaignIndicatorURL[]; } /** * Campaign detail in feed */ export interface FeedCampaignDetail { ctxId: string; threatActors: CampaignThreatActor[]; threatFamilies: CampaignThreatFamily[]; timestamp: string; discovered: string; tags: string[]; victims: CampaignVictims; indicators: FeedCampaignDetailedIndicators; } /** * Threat actor with campaigns in feed */ export interface FeedThreatActorWithCampaigns { name: string; aliases: string[]; countryCode: string; campaigns: FeedCampaignDetail[]; } /** * APT campaign statistics in feed */ export interface FeedAPTCampaignStatistics { campaignCount: number; threatActorCount: number; files: number; ips: number; domains: number; urls: number; campaignCountTotal: number; } /** * File feed item - represents a single malicious file entry */ export interface FileFeedItem { collectionTime: string; firstSeen: string; lastSeen: string; hash: FeedFileHash; fileSize: number; fileType: string; tags: string[]; detect: string; fileNames: string[]; ssdeep?: string; cve: string[]; threatTypes: string[]; attackTechniques: AttackTechnique[]; similarFiles: FeedSimilarFile[]; iocRelation: FeedIoCRelation; aptIocIndicator: FeedAPTIoCIndicator; aptThreatActors: FeedThreatActorWithCampaigns[]; aptCampaignStatistics: FeedAPTCampaignStatistics; aptCampaigns: FeedCampaignDetail[]; } /** * File feed result - array of file feed items */ export interface FileFeedResult { /** Array of malicious file entries */ items: FileFeedItem[]; /** Total count of items returned */ count: number; } /** * Resolved IP in domain feed IoC relation */ export interface FeedResolvedIP { ipv4: string; firstSeen: string; lastSeen: string; countryCode: string; detect: string; } /** * IoC relation data in domain feed */ export interface FeedDomainIoCRelation { communicatingFiles: FeedRelatedFile[]; downloadedFiles: FeedRelatedFile[]; resolvedIPs: FeedResolvedIP[]; } /** * Domain feed item - represents a single malicious domain entry */ export interface DomainFeedItem { collectionTime: string; firstSeen: string; lastSeen: string; domain: string; detect: string; whois: string; hostIps: string[]; urls: string[]; iocRelation: FeedDomainIoCRelation; aptIocIndicator: FeedAPTIoCIndicator; aptThreatActors: FeedThreatActorWithCampaigns[]; aptCampaignStatistics: FeedAPTCampaignStatistics; aptCampaigns: FeedCampaignDetail[]; } /** * Domain feed result - array of domain feed items */ export interface DomainFeedResult { /** Array of malicious domain entries */ items: DomainFeedItem[]; /** Total count of items returned */ count: number; } /** * Simple threat actor info (without campaigns) for URL feed */ export interface FeedSimpleThreatActor { name: string; aliases: string[]; countryCode: string; } /** * Content data from downloaded file in URL feed */ export interface URLFeedContentData { firstSeen: string; lastSeen: string; hash: FeedFileHash; fileSize: number; fileType: string; tags: string[]; detect: string; fileNames: string[]; ssdeep?: string; cve: string[]; threatTypes: string[]; attackTechniques: AttackTechnique[]; similarFiles: FeedSimilarFile[]; aptIocIndicator: FeedAPTIoCIndicator; aptThreatActors: FeedSimpleThreatActor[]; aptCampaignStatistics: FeedAPTCampaignStatistics; aptCampaigns: FeedCampaignDetail[]; } /** * URL feed item - represents a single malicious URL entry */ export interface URLFeedItem { collectionTime: string; detectionDate: string; detectionUrl: string; contentsSha256: string; contentsData: URLFeedContentData; } /** * URL feed result - array of URL feed items */ export interface URLFeedResult { /** Array of malicious URL entries */ items: URLFeedItem[]; /** Total count of items returned */ count: number; } /** * Threat Actor Feed campaign item */ export interface ThreatActorFeedCampaign { collectionTime: string; ctxId: string; threatActors: CampaignThreatActor[]; threatFamilies: CampaignThreatFamily[]; timestamp: string; discovered: string; tags: string[]; victims: CampaignVictims; indicators: FeedCampaignDetailedIndicators; } /** * Threat Actor feed result - array of campaign items for a specific threat actor */ export interface ThreatActorFeedResult { /** Array of campaign entries for the threat actor */ items: ThreatActorFeedCampaign[]; /** Total count of items returned */ count: number; } /** * Attacker Country Feed campaign item (same structure as Threat Actor Feed) */ export type AttackerCountryFeedCampaign = ThreatActorFeedCampaign; /** * Attacker Country feed result - array of campaign items for a specific attacker country */ export interface AttackerCountryFeedResult { /** Array of campaign entries for the attacker country */ items: AttackerCountryFeedCampaign[]; /** Total count of items returned */ count: number; } /** * Victim Country Feed campaign item (same structure as Threat Actor Feed) */ export type VictimCountryFeedCampaign = ThreatActorFeedCampaign; /** * Victim Country feed result - array of campaign items for a specific victim country */ export interface VictimCountryFeedResult { /** Array of campaign entries for the victim country */ items: VictimCountryFeedCampaign[]; /** Total count of items returned */ count: number; } /** * Campaign Tag Feed campaign item (same structure as Threat Actor Feed) */ export type CampaignTagFeedCampaign = ThreatActorFeedCampaign; /** * Campaign Tag feed result - array of campaign items for a specific tag */ export interface CampaignTagFeedResult { /** Array of campaign entries for the tag */ items: CampaignTagFeedCampaign[]; /** Total count of items returned */ count: number; } //# sourceMappingURL=types.d.ts.map