/** * Detection Pattern Extraction and Storage * * Extracts patterns from indexed detections to enable: * - Query pattern learning by technique * - Field usage reference by data model * - Style/convention learning * - Template generation based on learned patterns */ export declare function initPatternsSchema(): void; export interface PatternData { uses_tstats: boolean; uses_datamodel: string | null; macros_used: string[]; fields_used: string[]; aggregations: string[]; where_patterns: string[]; join_patterns: string[]; } export interface FieldReference { data_model: string; field_name: string; field_type: string | null; common_values: string[]; usage_examples: string[]; description: string | null; usage_count: number; } export interface StyleConvention { convention_type: string; convention_key: string; convention_value: string; source: string; confidence: number; } export interface TechniquePatterns { technique_id: string; count: number; spl_structure: PatternData[]; data_models: string[]; macros: string[]; fields: string[]; most_common_data_model: string | null; } export declare function storePattern(patternType: string, techniqueId: string | null, dataModel: string | null, sourceType: string, patternContent: PatternData, exampleDetectionId: string): string; export declare function storeFieldReference(dataModel: string, fieldName: string, fieldType: string | null, commonValues: string[], usageExamples: string[], description: string | null): void; export declare function storeStyleConvention(conventionType: string, conventionKey: string, conventionValue: string, source?: string, confidence?: number): void; export declare function getPatternsByTechnique(techniqueId: string, sourceType?: string): TechniquePatterns; export declare function getFieldReference(dataModel: string): FieldReference[]; export declare function getStyleConventions(conventionType?: string): StyleConvention[]; export declare function getMacroReference(): Map; export declare function extractSPLPatterns(): { extracted: number; techniques: number; }; export declare function extractSigmaPatterns(): { extracted: number; techniques: number; }; export declare function extractKQLPatterns(): { extracted: number; techniques: number; }; export declare function extractElasticPatterns(): { extracted: number; techniques: number; }; export declare function extractFieldUsage(): { fields: number; dataModels: number; }; export declare function extractMacroUsage(): { macros: number; }; export declare function extractNamingConventions(): { conventions: number; }; export interface ExtractionResult { spl_patterns: { extracted: number; techniques: number; }; sigma_patterns: { extracted: number; techniques: number; }; kql_patterns: { extracted: number; techniques: number; }; elastic_patterns: { extracted: number; techniques: number; }; field_usage: { fields: number; dataModels: number; }; macro_usage: { macros: number; }; naming_conventions: { conventions: number; }; total_patterns: number; } export declare function extractAllPatterns(): ExtractionResult; export declare function getPatternStats(): { total_patterns: number; by_source: Record; by_technique: number; fields_indexed: number; conventions_stored: number; };