/** * ATT&CK Data Access Layer * * Query functions for MITRE ATT&CK STIX-sourced data: * threat actors, software, technique coverage, and actor-based gap analysis. */ export interface AttackActor { actor_id: string; name: string; aliases: string[]; description: string | null; external_references: unknown[]; created: string | null; modified: string | null; } export interface AttackTechnique { technique_id: string; name: string; description: string | null; platforms: string[]; data_sources: string[]; is_subtechnique: boolean; parent_technique_id: string | null; url: string | null; } export interface AttackSoftware { software_id: string; name: string; software_type: string; description: string | null; platforms: string[]; aliases: string[]; } export interface ActorTechnique { technique_id: string; technique_name: string; description: string | null; detection_count: number; tactics: string[]; } export interface ActorCoverageResult { actor: AttackActor; total_techniques: number; covered_count: number; gap_count: number; coverage_percentage: number; covered_techniques: ActorTechnique[]; gap_techniques: ActorTechnique[]; by_tactic: Record; } export interface ActorListItem { actor_id: string; name: string; aliases: string[]; technique_count: number; } /** * Check if STIX data has been loaded into the database. */ export declare function isStixLoaded(): boolean; /** * Find a threat actor by name or alias (case-insensitive). */ export declare function getActorByName(name: string): AttackActor | null; /** * List all threat actors, optionally filtered by search term. */ export declare function listActors(search?: string, limit?: number): ActorListItem[]; /** * Get all techniques used by a specific actor, with detection coverage info. */ export declare function getActorTechniques(actorId: string): ActorTechnique[]; /** * Get full detection coverage analysis for a threat actor. */ export declare function getActorCoverage(actorId: string, sourceType?: string): ActorCoverageResult; /** * Get all software used by a specific actor. */ export declare function getSoftwareForActor(actorId: string): AttackSoftware[]; /** * Get all threat actors that use a specific technique. */ export declare function getTechniqueActors(techniqueId: string): AttackActor[]; /** * Get a technique from the ATT&CK catalog. */ export declare function getAttackTechnique(techniqueId: string): AttackTechnique | null; /** * Get total counts for ATT&CK data. */ export declare function getAttackStats(): { techniques: number; actors: number; software: number; actor_technique_links: number; software_technique_links: number; };