u-siem 0.7.0

A framework for building custom SIEMs
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41

use dyn_clone::{clone_trait_object, DynClone};

use crate::components::dataset::holder::DatasetHolder;
use crate::events::SiemLog;

/// A simple object with the logic to enrich Logs
pub trait LogEnrichment: Send + DynClone {
    /// Enrich the log with information from datasets
    fn enrich(&self, log: SiemLog, datasets: &DatasetHolder) -> SiemLog;
    /// Name of the enricher
    fn name(&self) -> &'static str;
    /// Description of the enricher
    fn description(&self) -> &'static str;
}
clone_trait_object!(LogEnrichment);

#[test]
fn check_basic_enricher_clone() {
    #[derive(Clone)]
    struct BasicLogEnricher {}
    impl LogEnrichment for BasicLogEnricher {
        fn enrich(&self, log: SiemLog, _datasets: &DatasetHolder) -> SiemLog {
            log
        }

        fn name(&self) -> &'static str {
            "a"
        }

        fn description(&self) -> &'static str {
            "a"
        }
    }
    fn test_boxed_enricher(enricher: &Box<dyn LogEnrichment>) -> Box<dyn LogEnrichment> {
        let _ = enricher.name();
        let enricher2 = enricher.clone();
        enricher2
    }
    let enricher1: Box<dyn LogEnrichment> = Box::new(BasicLogEnricher {});
    let _enricher2 = test_boxed_enricher(&enricher1);
}