pub struct File { /* private fields */ }Expand description
A file is defined as a set of information that has been created on, or has existed on a filesystem.
File objects can be associated with host events, network events, and/or file events (e.g., those produced by File Integrity Monitoring [FIM] products or services). File fields provide details about the affected file associated with the event or metric.
Implementations§
Source§impl File
impl File
Sourcepub fn get_name(&self) -> Option<&String>
pub fn get_name(&self) -> Option<&String>
Name of the file including the extension, without the directory.
Sourcepub fn get_attributes(&self) -> &Vec<String>
pub fn get_attributes(&self) -> &Vec<String>
Array of file attributes.
Attributes names will vary by platform. Here’s a non-exhaustive list of values that are expected in this field: archive, compressed, directory, encrypted, execute, hidden, read, readonly, system, write.
Sourcepub fn add_attribute(&mut self, attribute_arg: String)
pub fn add_attribute(&mut self, attribute_arg: String)
Array of file attributes.
Attributes names will vary by platform. Here’s a non-exhaustive list of values that are expected in this field: archive, compressed, directory, encrypted, execute, hidden, read, readonly, system, write.
§Example
["readonly", "system"]
Sourcepub fn get_directory(&self) -> Option<&String>
pub fn get_directory(&self) -> Option<&String>
Directory where the file is located. It should include the drive letter, when appropriate.
Sourcepub fn set_directory(&mut self, directory_arg: String)
pub fn set_directory(&mut self, directory_arg: String)
Directory where the file is located. It should include the drive letter, when appropriate.
§Example
/home/alice
Sourcepub fn get_drive_letter(&self) -> Option<&String>
pub fn get_drive_letter(&self) -> Option<&String>
Drive letter where the file is located. This field is only relevant on Windows.
The value should be uppercase, and not include the colon.
Sourcepub fn set_drive_letter(&mut self, drive_letter_arg: String)
pub fn set_drive_letter(&mut self, drive_letter_arg: String)
Drive letter where the file is located. This field is only relevant on Windows.
The value should be uppercase, and not include the colon.
§Example
C
Sourcepub fn get_path(&self) -> Option<&String>
pub fn get_path(&self) -> Option<&String>
Full path to the file, including the file name. It should include the drive letter, when appropriate.
Sourcepub fn set_path(&mut self, path_arg: String)
pub fn set_path(&mut self, path_arg: String)
Full path to the file, including the file name. It should include the drive letter, when appropriate.
§Example
/home/alice/example.png
Sourcepub fn get_target_path(&self) -> Option<&String>
pub fn get_target_path(&self) -> Option<&String>
Target path for symlinks.
Sourcepub fn set_target_path(&mut self, target_path_arg: String)
pub fn set_target_path(&mut self, target_path_arg: String)
Target path for symlinks.
Sourcepub fn get_extension(&self) -> Option<&String>
pub fn get_extension(&self) -> Option<&String>
File extension, excluding the leading dot.
Note that when the file name has multiple extensions (example.tar.gz), only the last one should be captured (“gz”, not “tar.gz”).
Sourcepub fn set_extension(&mut self, extension_arg: String)
pub fn set_extension(&mut self, extension_arg: String)
File extension, excluding the leading dot.
Note that when the file name has multiple extensions (example.tar.gz), only the last one should be captured (“gz”, not “tar.gz”).
§Example
png
Sourcepub fn get_device(&self) -> Option<&String>
pub fn get_device(&self) -> Option<&String>
Device that is the source of the file.
Sourcepub fn set_device(&mut self, device_arg: String)
pub fn set_device(&mut self, device_arg: String)
Sourcepub fn get_uid(&self) -> Option<&String>
pub fn get_uid(&self) -> Option<&String>
The user ID (UID) or security identifier (SID) of the file owner.
Sourcepub fn get_size(&self) -> Option<&u64>
pub fn get_size(&self) -> Option<&u64>
File size in bytes.
Only relevant when file.type is “file”.
Sourcepub fn get_ctime(&self) -> Option<&Timestamp>
pub fn get_ctime(&self) -> Option<&Timestamp>
Last time the file attributes or metadata changed.
Note that changes to the file content will update mtime. This implies ctime will be adjusted at the same time, since mtime is an attribute of the file.
Sourcepub fn set_ctime(&mut self, ctime_arg: Timestamp)
pub fn set_ctime(&mut self, ctime_arg: Timestamp)
Last time the file attributes or metadata changed.
Note that changes to the file content will update mtime. This implies ctime will be adjusted at the same time, since mtime is an attribute of the file.
Sourcepub fn get_created(&self) -> Option<&Timestamp>
pub fn get_created(&self) -> Option<&Timestamp>
File creation time.
Note that not all filesystems store the creation time.
Sourcepub fn set_created(&mut self, created_arg: Timestamp)
pub fn set_created(&mut self, created_arg: Timestamp)
File creation time.
Note that not all filesystems store the creation time.
Sourcepub fn get_accessed(&self) -> Option<&Timestamp>
pub fn get_accessed(&self) -> Option<&Timestamp>
Last time the file was accessed.
Note that not all filesystems keep track of access time.
Sourcepub fn set_accessed(&mut self, accessed_arg: Timestamp)
pub fn set_accessed(&mut self, accessed_arg: Timestamp)
Last time the file was accessed.
Note that not all filesystems keep track of access time.
Sourcepub fn get_mime_type(&self) -> Option<&String>
pub fn get_mime_type(&self) -> Option<&String>
MIME type should identify the format of the file or stream of bytes using IANA official types, where possible. When more than one type is applicable, the most specific type should be used.
Sourcepub fn set_mime_type(&mut self, mime_type_arg: String)
pub fn set_mime_type(&mut self, mime_type_arg: String)
MIME type should identify the format of the file or stream of bytes using IANA official types, where possible. When more than one type is applicable, the most specific type should be used.
Sourcepub fn get_fork_name(&self) -> Option<&String>
pub fn get_fork_name(&self) -> Option<&String>
A fork is additional data associated with a filesystem object.
On Linux, a resource fork is used to store additional data with a filesystem object. A file always has at least one fork for the data portion, and additional forks may exist.
On NTFS, this is analogous to an Alternate Data Stream (ADS), and the default data stream for a file is just called $DATA. Zone.Identifier is commonly used by Windows to track contents downloaded from the Internet. An ADS is typically of the form: C:\path\to\filename.extension:some_fork_name, and some_fork_name is the value that should populate fork_name. filename.extension should populate file.name, and extension should populate file.extension. The full path, file.path, will include the fork name.
Sourcepub fn set_fork_name(&mut self, fork_name_arg: String)
pub fn set_fork_name(&mut self, fork_name_arg: String)
A fork is additional data associated with a filesystem object.
On Linux, a resource fork is used to store additional data with a filesystem object. A file always has at least one fork for the data portion, and additional forks may exist.
On NTFS, this is analogous to an Alternate Data Stream (ADS), and the default data stream for a file is just called $DATA. Zone.Identifier is commonly used by Windows to track contents downloaded from the Internet. An ADS is typically of the form: C:\path\to\filename.extension:some_fork_name, and some_fork_name is the value that should populate fork_name. filename.extension should populate file.name, and extension should populate file.extension. The full path, file.path, will include the fork name.
§Example
Zone.Identifer