pub struct TextQueryTestBackend {
pub config: &'static TextQueryConfig,
}Fields§
§config: &'static TextQueryConfigImplementations§
Trait Implementations§
Source§impl Backend for TextQueryTestBackend
impl Backend for TextQueryTestBackend
fn name(&self) -> &str
fn formats(&self) -> &[(&str, &str)]
fn requires_pipeline(&self) -> bool
fn convert_rule( &self, rule: &SigmaRule, output_format: &str, pipeline_state: &PipelineState, ) -> Result<Vec<String>>
fn convert_condition( &self, expr: &ConditionExpr, detections: &HashMap<String, Detection>, state: &mut ConversionState, ) -> Result<String>
fn convert_condition_and(&self, exprs: &[String]) -> Result<String>
fn convert_condition_or(&self, exprs: &[String]) -> Result<String>
fn convert_condition_not(&self, expr: &str) -> Result<String>
fn convert_detection( &self, det: &Detection, state: &mut ConversionState, ) -> Result<String>
fn convert_detection_item( &self, item: &DetectionItem, state: &mut ConversionState, ) -> Result<String>
fn escape_and_quote_field(&self, field: &str) -> String
fn convert_value_str( &self, value: &SigmaString, _state: &ConversionState, ) -> String
fn convert_value_re(&self, regex: &str, _state: &ConversionState) -> String
fn convert_field_eq_str( &self, field: &str, value: &SigmaString, modifiers: &[Modifier], state: &mut ConversionState, ) -> Result<ConvertResult>
fn convert_field_eq_str_case_sensitive( &self, field: &str, value: &SigmaString, modifiers: &[Modifier], state: &mut ConversionState, ) -> Result<ConvertResult>
fn convert_field_eq_num( &self, field: &str, value: f64, _state: &mut ConversionState, ) -> Result<String>
fn convert_field_eq_bool( &self, field: &str, value: bool, _state: &mut ConversionState, ) -> Result<String>
fn convert_field_eq_null( &self, field: &str, _state: &mut ConversionState, ) -> Result<String>
fn convert_field_eq_re( &self, field: &str, pattern: &str, _flags: &[Modifier], _state: &mut ConversionState, ) -> Result<ConvertResult>
fn convert_field_eq_cidr( &self, field: &str, cidr: &str, _state: &mut ConversionState, ) -> Result<ConvertResult>
fn convert_field_compare( &self, field: &str, op: &Modifier, value: f64, _state: &mut ConversionState, ) -> Result<String>
fn convert_field_exists( &self, field: &str, exists: bool, _state: &mut ConversionState, ) -> Result<String>
fn convert_field_eq_query_expr( &self, field: &str, expr: &str, _id: &str, _state: &mut ConversionState, ) -> Result<String>
fn convert_field_ref( &self, field1: &str, field2: &str, _state: &mut ConversionState, ) -> Result<ConvertResult>
fn convert_keyword( &self, value: &SigmaValue, _state: &mut ConversionState, ) -> Result<String>
fn convert_condition_as_in_expression( &self, field: &str, values: &[&SigmaValue], is_or: bool, _state: &mut ConversionState, ) -> Result<String>
fn finish_query( &self, rule: &SigmaRule, query: String, state: &ConversionState, ) -> Result<String>
fn finalize_query( &self, _rule: &SigmaRule, query: String, _index: usize, state: &ConversionState, output_format: &str, ) -> Result<String>
fn finalize_output( &self, queries: Vec<String>, output_format: &str, ) -> Result<String>
fn default_format(&self) -> &str
fn supports_correlation(&self) -> bool
fn convert_correlation_rule( &self, _rule: &CorrelationRule, _output_format: &str, _pipeline_state: &PipelineState, ) -> Result<Vec<String>>
Auto Trait Implementations§
impl Freeze for TextQueryTestBackend
impl RefUnwindSafe for TextQueryTestBackend
impl Send for TextQueryTestBackend
impl Sync for TextQueryTestBackend
impl Unpin for TextQueryTestBackend
impl UnsafeUnpin for TextQueryTestBackend
impl UnwindSafe for TextQueryTestBackend
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more