Skip to main content

Module reference

Module reference 

Source
Expand description

Shared reference data for Sigma detection rules.

Centralises field-modifier descriptions and MITRE ATT&CK tactic metadata so that every consumer — the LSP’s hover/completion, the MCP server’s reference resources, and any future tooling — draws from one source of truth.

§Example

use rsigma_parser::reference::{MODIFIERS, MITRE_TACTICS};

assert!(MODIFIERS.iter().any(|(name, _)| *name == "contains"));
assert!(MITRE_TACTICS.iter().any(|(tag, _)| *tag == "attack.execution"));

Constants§

MITRE_TACTICS
MITRE ATT&CK tactics: (tag, description).
MODIFIERS
Sigma field modifiers: (name, description).