BehaviorMonitor API

Runtime behavioral analysis for humans and agents.

from trusthub import BehaviorMonitor, BehaviorEvent
from trusthub.constants import BehaviorEventType, EntityType

monitor = BehaviorMonitor(
    window_seconds=300,        # 5-minute sliding window
    anomaly_threshold=0.7,     # anomaly score threshold
    max_events_per_window=100, # rate limit
)

# Record event (returns ThreatAlert or None)
alert = monitor.record_event(event)

# Get profile
profile = monitor.get_profile("did:trusthub:acme:abc123")

# Get alerts
alerts = monitor.get_alerts(identity_did="did:...", limit=50)

# Quarantine / unquarantine
monitor.quarantine("did:...", reason="Compromised")
monitor.unquarantine("did:...")

# Update baseline from historical data
baseline = monitor.update_baseline("did:...")

# Stats
stats = monitor.get_stats()

IncidentResponder

from trusthub import IncidentResponder

responder = IncidentResponder(monitor=monitor)

# Auto-respond with escalation logic
incident = responder.auto_respond(alert)

# Resolve an incident
responder.resolve_incident(
    incident.incident_id,
    notes="False positive",
    unquarantine=True,
)