rsigma 0.14.0

CLI for parsing, validating, linting and evaluating Sigma detection rules
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

//! Daemon-side enrichment configuration loader.
//!
//! Parses the `enrichers:` block from the daemon's enrichers config file
//! (loaded via `--enrichers <path>`), validates template-namespace
//! references at load time, and produces an
//! [`EnrichmentPipeline`](rsigma_runtime::EnrichmentPipeline) that the
//! daemon's sink task uses to enrich each result before sink delivery.
//!
//! Splitting this module out from `enrichment` in `rsigma-runtime` keeps
//! YAML parsing (a CLI-shaped concern) out of the runtime crate, which
//! must stay deserialization-agnostic so library consumers can build
//! enrichers programmatically.

pub mod config;

pub use config::{build_enrichers_full, load_enrichers_file};