Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AlertSeverity ¶
type AlertSeverity string
AlertSeverity represents the severity level of an alert
const ( SeverityLow AlertSeverity = "low" SeverityMedium AlertSeverity = "medium" SeverityHigh AlertSeverity = "high" SeverityCritical AlertSeverity = "critical" )
type Engine ¶
type Engine struct {
// contains filtered or unexported fields
}
Engine wraps the sigma rule evaluation with security protections
func (*Engine) Evaluate ¶
func (e *Engine) Evaluate(fields map[string]string) []RuleResult
Evaluate evaluates an event against all loaded rules. Returns only rules that matched the input fields.
func (*Engine) GetLoadedRules ¶
func (e *Engine) GetLoadedRules() []RuleResult
GetLoadedRules returns information about currently loaded rules
type LoadedRule ¶
type LoadedRule struct {
// contains filtered or unexported fields
}
LoadedRule represents a loaded Sigma rule with metadata
type RuleResult ¶
type RuleResult struct {
RuleID string `json:"rule_id"`
RuleName string `json:"rule_name"`
Severity AlertSeverity `json:"severity"`
Description string `json:"description"`
Matched bool `json:"matched"`
MatchedFields map[string]string `json:"matched_fields,omitempty"`
}
RuleResult represents the result of evaluating a rule
Source Files
Click to show internal directories.
Click to hide internal directories.