clawdstrike_ocsf/lib.rs
1#![cfg_attr(test, allow(clippy::expect_used, clippy::unwrap_used))]
2
3//! OCSF v1.4.0 compliant event types and converters for ClawdStrike.
4//!
5//! This crate provides strongly-typed OCSF event classes, objects, and conversion
6//! utilities. It has **no dependency** on the `clawdstrike` engine crate to keep it
7//! lightweight and avoid circular dependencies. Wiring code in `hushd` or `hunt-query`
8//! maps internal types to these OCSF structures.
9//!
10//! # Supported OCSF classes
11//!
12//! | Class | `class_uid` | Category |
13//! |--------------------|-------------|-------------------|
14//! | Detection Finding | 2004 | Findings (2) |
15//! | Process Activity | 1007 | System Activity (1) |
16//! | File Activity | 1001 | System Activity (1) |
17//! | Network Activity | 4001 | Network Activity (4) |
18
19pub mod base;
20pub mod classes;
21pub mod convert;
22pub mod decision;
23pub mod objects;
24pub mod severity;
25pub mod validate;
26
27/// OCSF schema version this crate targets.
28pub const OCSF_VERSION: &str = "1.4.0";
29
30// Re-exports for convenience.
31pub use base::{ActionId, CategoryUid, ClassUid, DispositionId, SeverityId, StatusId};
32pub use classes::detection_finding::DetectionFinding;
33pub use classes::file_activity::FileActivity;
34pub use classes::network_activity::NetworkActivity;
35pub use classes::process_activity::ProcessActivity;
36pub use objects::metadata::{Metadata, Product};
37pub use severity::map_severity;
38pub use validate::{validate_ocsf_json, OcsfValidationError};