Struct PostgresBackend 

pub struct PostgresBackend {
    pub config: &'static TextQueryConfig,
    pub table: String,
    pub timestamp_field: String,
    pub json_field: Option<String>,
    pub case_sensitive_re: bool,
    pub schema: Option<String>,
    pub database: Option<String>,
    pub timescaledb: bool,
}

PostgreSQL/TimescaleDB backend for Sigma rule conversion.

Fields

config: &'static TextQueryConfig

table: String

Default table name (overridden by pipeline state table key).

timestamp_field: String

Timestamp column name for time-windowed queries.

json_field: Option<String>

If set, fields are accessed via JSONB extraction (metadata->>'fieldName').

case_sensitive_re: bool

Use case-sensitive regex (~) instead of case-insensitive (~*).

schema: Option<String>

PostgreSQL schema name (e.g. public).

database: Option<String>

PostgreSQL database name (connection-level metadata, not used in queries).

timescaledb: bool

Enable TimescaleDB-specific features.

Implementations

impl PostgresBackend

pub fn new() -> Self

pub fn from_options(options: &HashMap<String, String>) -> Self

Create a backend from CLI-style key=value option pairs.

Recognized keys: table, schema, database, timestamp_field, json_field, case_sensitive_re (true/false). Unknown keys are silently ignored so forward-compatible options can be added without breaking existing invocations.

Trait Implementations

impl Backend for PostgresBackend

fn name(&self) -> &str

fn formats(&self) -> &[(&str, &str)]

fn requires_pipeline(&self) -> bool

fn convert_rule( &self, rule: &SigmaRule, output_format: &str, pipeline_state: &PipelineState, ) -> Result<Vec<String>>

fn convert_condition( &self, expr: &ConditionExpr, detections: &HashMap<String, Detection>, state: &mut ConversionState, ) -> Result<String>

fn convert_condition_and(&self, exprs: &[String]) -> Result<String>

fn convert_condition_or(&self, exprs: &[String]) -> Result<String>

fn convert_condition_not(&self, expr: &str) -> Result<String>

fn convert_detection( &self, det: &Detection, state: &mut ConversionState, ) -> Result<String>

fn convert_detection_item( &self, item: &DetectionItem, state: &mut ConversionState, ) -> Result<String>

fn escape_and_quote_field(&self, field: &str) -> String

fn convert_value_str( &self, value: &SigmaString, _state: &ConversionState, ) -> String

fn convert_value_re(&self, regex: &str, _state: &ConversionState) -> String

fn convert_field_eq_str( &self, field: &str, value: &SigmaString, modifiers: &[Modifier], _state: &mut ConversionState, ) -> Result<ConvertResult>

fn convert_field_eq_str_case_sensitive( &self, field: &str, value: &SigmaString, modifiers: &[Modifier], state: &mut ConversionState, ) -> Result<ConvertResult>

fn convert_field_eq_num( &self, field: &str, value: f64, _state: &mut ConversionState, ) -> Result<String>

fn convert_field_eq_bool( &self, field: &str, value: bool, _state: &mut ConversionState, ) -> Result<String>

fn convert_field_eq_null( &self, field: &str, _state: &mut ConversionState, ) -> Result<String>

fn convert_field_eq_re( &self, field: &str, pattern: &str, flags: &[Modifier], _state: &mut ConversionState, ) -> Result<ConvertResult>

fn convert_field_eq_cidr( &self, field: &str, cidr: &str, _state: &mut ConversionState, ) -> Result<ConvertResult>

fn convert_field_compare( &self, field: &str, op: &Modifier, value: f64, _state: &mut ConversionState, ) -> Result<String>

fn convert_field_exists( &self, field: &str, exists: bool, _state: &mut ConversionState, ) -> Result<String>

fn convert_field_eq_query_expr( &self, field: &str, expr: &str, _id: &str, _state: &mut ConversionState, ) -> Result<String>

fn convert_field_ref( &self, field1: &str, field2: &str, _state: &mut ConversionState, ) -> Result<ConvertResult>

fn convert_keyword( &self, value: &SigmaValue, _state: &mut ConversionState, ) -> Result<String>

fn convert_condition_as_in_expression( &self, field: &str, values: &[&SigmaValue], is_or: bool, _state: &mut ConversionState, ) -> Result<String>

fn finish_query( &self, rule: &SigmaRule, query: String, state: &ConversionState, ) -> Result<String>

fn finalize_query( &self, rule: &SigmaRule, query: String, _index: usize, _state: &ConversionState, output_format: &str, ) -> Result<String>

fn finalize_output( &self, queries: Vec<String>, output_format: &str, ) -> Result<String>

fn supports_correlation(&self) -> bool

fn convert_correlation_rule( &self, rule: &CorrelationRule, output_format: &str, pipeline_state: &PipelineState, ) -> Result<Vec<String>>

fn default_format(&self) -> &str

impl Default for PostgresBackend

fn default() -> Self

Returns the “default value” for a type.