pub mod compiler;
pub mod correlation;
pub mod correlation_engine;
pub mod engine;
pub mod error;
pub mod event;
pub mod explain;
pub mod field_observer;
pub mod fields;
pub mod logsource;
pub mod matcher;
pub mod pipeline;
pub mod result;
pub mod router;
pub mod rule_index;
pub mod schema;
pub use compiler::{
CompiledDetection, CompiledDetectionItem, CompiledRule, compile_rule, evaluate_rule,
};
pub use correlation::{
CompiledCondition, CompiledCorrelation, EventBuffer, EventRef, EventRefBuffer, GroupByField,
GroupKey, WindowState,
};
pub use correlation_engine::{
CorrelationAction, CorrelationConfig, CorrelationEngine, CorrelationEventMode, CorrelationInfo,
CorrelationSnapshot, CorrelationStateSnapshot, GroupKeyPart, GroupStateInfo, ProcessResult,
TimestampFallback,
};
pub use engine::Engine;
pub use error::{EvalError, Result};
pub use event::{Event, EventValue, JsonEvent, KvEvent, MapEvent, MappedEvent, PlainEvent};
pub use explain::{
ConditionTrace, DetectionTrace, ItemTrace, MatchReason, RuleExplanation, SelectionBranch,
explain_rule,
};
pub use field_observer::{FieldCoverage, FieldObservation, FieldObservationEntry, FieldObserver};
pub use fields::{FieldOrigin, FieldSource, RuleFieldSet};
pub use logsource::LogSourceExtractor;
pub use matcher::{CompiledMatcher, MatchDescriptor};
pub use pipeline::{
Pipeline, TransformationItem, apply_pipelines, apply_pipelines_with_state,
builtin::{
builtin_names as builtin_pipeline_names, resolve_builtin as resolve_builtin_pipeline,
},
merge_pipelines, parse_pipeline, parse_pipeline_file, parse_sources_dir, parse_sources_file,
parse_transformation_items, validate_source_refs,
};
pub use result::{
CorrelationBody, DetectionBody, EvaluationResult, FieldMatch, MatchDetailLevel, MatcherKind,
ProcessResultExt, ResultBody, RuleHeader,
};
pub use router::{RouteOutcome, RouteResult, SchemaRouter};
pub use schema::{
FieldValueConfig, OnUnknown, RouteDecision, RoutingConfig, RoutingPlan, SchemaBinding,
SchemaClassifier, SchemaCountEntry, SchemaError, SchemaMatch, SchemaObservation,
SchemaObserver, SchemaPredicate, SchemaPredicateConfig, SchemaSignature, SchemaSignatureConfig,
SchemaSignaturesFile, builtin_schema_names, load_schema_config, load_schema_signatures,
parse_schema_config, parse_schema_signatures,
};