dfirtk_eventdata/
session_event_info.rs

1use evtx::SerializedEvtxRecord;
2use serde_json::Value;
3
4use crate::{SessionId, EventId, EventProvider};
5
6pub trait SessionEventInfo {
7    fn event_id(&self) -> EventId;
8    fn description(&self) -> &'static str;
9    fn provider(&self) -> EventProvider;
10    fn generate_id(&self, record: &SerializedEvtxRecord<Value>) -> SessionId;
11    fn username(&self, record: &SerializedEvtxRecord<Value>) -> Option<String>;
12    fn domain(&self, record: &SerializedEvtxRecord<Value>) -> Option<String>;
13    fn client_address(&self, record: &SerializedEvtxRecord<Value>) -> Option<String>;
14    fn client_hostname(&self, record: &SerializedEvtxRecord<Value>) -> Option<String>;
15    fn server_address(&self, record: &SerializedEvtxRecord<Value>) -> Option<String>;
16    fn server_hostname(&self, record: &SerializedEvtxRecord<Value>) -> Option<String>;
17
18}

dfirtk_eventdata/session_event_info.rs

dfirtk_eventdata/
session_event_info.rs