Expand description
Shared reference data for Sigma detection rules.
Centralises field-modifier descriptions and MITRE ATT&CK tactic metadata so that every consumer — the LSP’s hover/completion, the MCP server’s reference resources, and any future tooling — draws from one source of truth.
§Example
use rsigma_parser::reference::{MODIFIERS, MITRE_TACTICS};
assert!(MODIFIERS.iter().any(|(name, _)| *name == "contains"));
assert!(MITRE_TACTICS.iter().any(|(tag, _)| *tag == "attack.execution"));Constants§
- MITRE_
TACTICS - MITRE ATT&CK tactics:
(tag, description). - MODIFIERS
- Sigma field modifiers:
(name, description).