import Database from 'better-sqlite3'; import type { Detection, IndexStats, AnalyticStory } from './types.js'; export declare function getDbPath(): string; export declare function initDb(): Database.Database; export declare function clearDb(): void; export declare function recreateDb(): void; export declare function insertDetection(detection: Detection): void; export declare function searchDetections(query: string, limit?: number): Detection[]; export declare function getDetectionById(id: string): Detection | null; export declare function listDetections(limit?: number, offset?: number): Detection[]; export declare function listBySource(sourceType: 'sigma' | 'splunk_escu' | 'elastic' | 'kql' | 'sublime' | 'crowdstrike_cql' | 'jamf_protect', limit?: number, offset?: number): Detection[]; export declare function listByMitre(techniqueId: string, limit?: number, offset?: number): Detection[]; export declare function listByLogsource(category?: string, product?: string, service?: string, limit?: number, offset?: number): Detection[]; export declare function listBySeverity(level: string, limit?: number, offset?: number): Detection[]; export declare function listByCve(cveId: string, limit?: number, offset?: number): Detection[]; export declare function listByAnalyticStory(story: string, limit?: number, offset?: number): Detection[]; export declare function listByProcessName(processName: string, limit?: number, offset?: number): Detection[]; export declare function listByDetectionType(detectionType: string, limit?: number, offset?: number): Detection[]; export declare function listByDataSource(dataSource: string, limit?: number, offset?: number): Detection[]; export declare function listByKqlCategory(category: string, limit?: number, offset?: number): Detection[]; export declare function listByKqlTag(tag: string, limit?: number, offset?: number): Detection[]; export declare function listByKqlDatasource(dataSource: string, limit?: number, offset?: number): Detection[]; export declare function listByMitreTactic(tactic: string, limit?: number, offset?: number): Detection[]; export declare function getStats(): IndexStats; export declare function getRawYaml(id: string): string | null; export declare function dbExists(): boolean; export declare function getDetectionCount(): number; export declare function insertStory(story: AnalyticStory): void; export declare function getStoryByName(name: string): AnalyticStory | null; export declare function getStoryById(id: string): AnalyticStory | null; export declare function searchStories(query: string, limit?: number): AnalyticStory[]; export declare function listStories(limit?: number, offset?: number): AnalyticStory[]; export declare function listStoriesByCategory(category: string, limit?: number, offset?: number): AnalyticStory[]; export declare function getStoryCount(): number; export declare function getDistinctTechniqueIds(prefix: string, limit?: number): string[]; export declare function getDistinctCves(prefix: string, limit?: number): string[]; export declare function getDistinctProcessNames(prefix: string, limit?: number): string[]; export interface ValidationResult { valid: boolean; error?: string; suggestion?: string; similar?: string[]; } export declare function validateTechniqueId(id: string): ValidationResult; export interface TechniqueIdFilters { source_type?: 'sigma' | 'splunk_escu' | 'elastic'; tactic?: string; severity?: string; } export declare function getTechniqueIds(filters?: TechniqueIdFilters): string[]; export interface CoverageReport { summary: { total_techniques: number; total_detections: number; coverage_by_tactic: Record; }; top_covered: Array<{ technique: string; detection_count: number; }>; weak_coverage: Array<{ technique: string; detection_count: number; }>; } export declare function analyzeCoverage(sourceType?: 'sigma' | 'splunk_escu' | 'elastic'): CoverageReport; export interface GapAnalysis { threat_profile: string; total_gaps: number; critical_gaps: Array<{ technique: string; priority: string; reason: string; }>; covered: string[]; recommendations: string[]; } export declare function identifyGaps(threatProfile: string, sourceType?: 'sigma' | 'splunk_escu' | 'elastic'): GapAnalysis; export interface DetectionSuggestion { technique_id: string; existing_detections: Array<{ id: string; name: string; source: string; }>; data_sources_needed: string[]; detection_ideas: string[]; } export declare function suggestDetections(techniqueId: string, sourceType?: 'sigma' | 'splunk_escu' | 'elastic'): DetectionSuggestion; export interface NavigatorLayerOptions { name: string; description?: string; source_type?: 'sigma' | 'splunk_escu' | 'elastic'; tactic?: string; severity?: string; actor_name?: string; } export declare function generateNavigatorLayer(options: NavigatorLayerOptions): object; export interface DetectionListItem { name: string; id: string; source_type: string; mitre_ids: string[]; severity: string | null; } export interface SourceComparisonResult { topic: string; total_found: number; by_source: Record; by_tactic: Record>; summary: { source_counts: Record; tactic_coverage: Record; }; } export declare function searchDetectionList(query: string, limit?: number): DetectionListItem[]; export declare function listDetectionsBySourceLight(sourceType: 'sigma' | 'splunk_escu' | 'elastic' | 'kql' | 'sublime' | 'crowdstrike_cql' | 'jamf_protect', nameFilter?: string, limit?: number): DetectionListItem[]; export declare function compareDetectionsBySource(topic: string, limit?: number): SourceComparisonResult; export declare function getDetectionNamesByPattern(pattern: string, sourceType?: 'sigma' | 'splunk_escu' | 'elastic' | 'kql' | 'sublime' | 'crowdstrike_cql' | 'jamf_protect'): { source: string; detections: Array<{ name: string; id: string; }>; }[]; export declare function countDetectionsBySource(topic: string): Record; export declare function initSavedQueriesTable(): void; export declare function saveQueryResult(name: string, queryType: string, queryParams: Record, result: unknown, ttlMinutes?: number): string; export declare function getSavedQuery(name: string): unknown | null; export declare function listSavedQueries(queryType?: string): Array<{ id: string; name: string; query_type: string; created_at: string; }>; export declare function deleteSavedQuery(name: string): boolean;