endpoint_sec/event/
event_xp_malware_remediated.rs

1//! [`EventXpMalwareRemediated`]
2
3use std::ffi::OsStr;
4
5use endpoint_sec_sys::es_event_xp_malware_remediated_t;
6
7use crate::AuditToken;
8
9/// XProtect remediated malware.
10#[doc(alias = "es_event_xp_malware_remediated_t")]
11pub struct EventXpMalwareRemediated<'a> {
12    /// Raw event
13    pub(crate) raw: &'a es_event_xp_malware_remediated_t,
14}
15
16impl<'a> EventXpMalwareRemediated<'a> {
17    /// Version of the signatures used for detection. Currently corresponds to XProtect version.
18    #[inline(always)]
19    pub fn signature_version(&self) -> &'a OsStr {
20        // Safety: 'a tied to self, object obtained through ES
21        unsafe { self.raw.signature_version.as_os_str() }
22    }
23
24    /// String identifying the malware that was remediated.
25    #[inline(always)]
26    pub fn malware_identifier(&self) -> &'a OsStr {
27        // Safety: 'a tied to self, object obtained through ES
28        unsafe { self.raw.malware_identifier.as_os_str() }
29    }
30
31    /// String identifying the incident, intended for linking multiple malware remediated and
32    /// remediated events.
33    #[inline(always)]
34    pub fn incident_identifier(&self) -> &'a OsStr {
35        // Safety: 'a tied to self, object obtained through ES
36        unsafe { self.raw.incident_identifier.as_os_str() }
37    }
38
39    /// String indicating the type of action that was taken, e.g. "path_delete".
40    #[inline(always)]
41    pub fn action_type(&self) -> &'a OsStr {
42        // Safety: 'a tied to self, object obtained through ES
43        unsafe { self.raw.action_type.as_os_str() }
44    }
45
46    /// True only if remediation was successful.
47    #[inline(always)]
48    pub fn success(&self) -> bool {
49        self.raw.success
50    }
51
52    /// String describing specific reasons for failure or success.
53    #[inline(always)]
54    pub fn result_description(&self) -> &'a OsStr {
55        // Safety: 'a tied to self, object obtained through ES
56        unsafe { self.raw.result_description.as_os_str() }
57    }
58
59    /// Optional. Path that was subject to remediation, if any. This path is not necessarily
60    /// a malicious binary, it can also be a legitimate file containing a malicious portion.
61    /// Specifically, the file at this path may still exist after successful remediation.
62    #[inline(always)]
63    pub fn remediated_path(&self) -> &'a OsStr {
64        // Safety: 'a tied to self, object obtained through ES
65        unsafe { self.raw.remediated_path.as_os_str() }
66    }
67
68    /// Audit token of process that was subject to remediation, if any.
69    #[inline(always)]
70    pub fn remediated_process_audit_token(&self) -> Option<AuditToken> {
71        // Safety: 'a tied to self, object obtained through ES
72        let at = unsafe { self.raw.remediated_process_audit_token()? };
73        Some(AuditToken::new(*at))
74    }
75}
76
77// Safety: safe to send across threads: does not contain any interior mutability nor depend on current thread state
78unsafe impl Send for EventXpMalwareRemediated<'_> {}
79// Safety: safe to share across threads: does not contain any interior mutability nor depend on current thread state
80unsafe impl Sync for EventXpMalwareRemediated<'_> {}
81
82impl_debug_eq_hash_with_functions!(
83    EventXpMalwareRemediated<'a>;
84    signature_version, malware_identifier, incident_identifier, action_type,
85    success, result_description, remediated_path, remediated_process_audit_token,
86);