usiem/components/
alert.rs

1use super::mitre::MitreTechniques;
2use super::SiemLog;
3use serde::{Deserialize, Serialize};
4
5#[derive(Serialize, Deserialize, Debug, Clone)]
6pub enum AlertSeverity {
7    INFORMATIONAL,
8    LOW,
9    MEDIUM,
10    HIGH,
11    CRITICAL,
12}
13
14/// Basic Alert format
15#[derive(Serialize, Deserialize, Debug, Clone)]
16pub struct SiemAlert {
17    pub title: String,
18    pub description: String,
19    /// Severity of the alert
20    pub severity: AlertSeverity,
21    /// When the alert was generated
22    pub date: i64,
23    /// List of tags to be added to the alert
24    pub tags: Vec<String>,
25    /// List of MitreAtack Techniques
26    pub techniques: Vec<MitreTechniques>,
27    /// Name of the rule that generated the alert
28    pub rule: String,
29    /// The log that triggered this alert
30    pub log: SiemLog,
31    pub aggregation: Option<AlertAggregation>,
32}
33#[derive(Serialize, Deserialize, Debug, Clone)]
34pub struct AlertAggregation {
35    /// Time at witch the Alert system must create a new case
36    pub limit: i64,
37    /// Key to be used in the aggregation of alerts as to join multiple alerts into one
38    pub key: String,
39}
usiem/components/alert.rs

usiem/components/
alert.rs
