[package]
name = "rsigma-runtime"
description = "Streaming runtime for rsigma — event sources, sinks, and log processing pipeline"
readme = "README.md"
version.workspace = true
edition.workspace = true
rust-version.workspace = true
license.workspace = true
repository.workspace = true
homepage.workspace = true
[features]
default = []
nats = ["async-nats", "tokio-stream", "time", "futures"]
otlp = ["opentelemetry-proto", "prost"]
logfmt = []
cef = []
evtx = ["dep:evtx"]
daachorse-index = ["rsigma-eval/daachorse-index"]
[dependencies]
rsigma-parser = { path = "../rsigma-parser", version = "0.12.0" }
rsigma-eval = { path = "../rsigma-eval", version = "0.12.0", features = ["parallel"] }
tokio = { version = "1", features = ["rt-multi-thread", "sync", "macros", "io-util", "io-std", "process", "fs"] }
serde_json = "1"
yaml_serde = "0.10"
thiserror = "2"
tracing = "0.1"
arc-swap = "1"
parking_lot = "0.12"
syslog_loose = "0.23"
chrono = { version = "0.4", default-features = false, features = ["std"] }
async-trait = "0.1"
regex = "1"
csv = "1"
jaq-interpret = "1.5.0"
jaq-parse = "1.0.3"
jsonpath-rust = "1"
cel = "0.13"
reqwest = { version = "0.12", default-features = false, features = ["rustls-tls", "json"] }
rusqlite = { version = "0.39", features = ["bundled"] }
notify = "8.2"
tokio-stream = { version = "0.1", optional = true }
async-nats = { version = "0.48", optional = true }
futures = { version = "0.3", optional = true }
time = { version = "0.3", optional = true }
evtx = { version = "0.11", optional = true, default-features = false }
opentelemetry-proto = { version = "0.32", default-features = false, features = ["gen-tonic", "logs", "with-serde"], optional = true }
prost = { version = "0.14", optional = true }
[dev-dependencies]
tokio = { version = "1", features = ["full"] }
tempfile = "3"
criterion = "0.8"
rand = "0.10"
testcontainers = "0.27"
testcontainers-modules = { version = "0.15", features = ["nats"] }
[[bench]]
name = "runtime_throughput"
harness = false
[[bench]]
name = "dynamic_pipelines"
harness = false