pub struct MandatoryPipelineTestBackend(/* private fields */);Expand description
Variant that requires a pipeline (for testing the pipeline-required error path).
Implementations§
Trait Implementations§
Source§impl Backend for MandatoryPipelineTestBackend
impl Backend for MandatoryPipelineTestBackend
fn name(&self) -> &str
fn formats(&self) -> &[(&str, &str)]
fn requires_pipeline(&self) -> bool
fn convert_rule( &self, rule: &SigmaRule, output_format: &str, pipeline_state: &PipelineState, ) -> Result<Vec<String>>
fn convert_condition( &self, expr: &ConditionExpr, detections: &HashMap<String, Detection>, state: &mut ConversionState, ) -> Result<String>
fn convert_condition_and(&self, exprs: &[String]) -> Result<String>
fn convert_condition_or(&self, exprs: &[String]) -> Result<String>
fn convert_condition_not(&self, expr: &str) -> Result<String>
fn convert_detection( &self, det: &Detection, state: &mut ConversionState, ) -> Result<String>
fn convert_detection_item( &self, item: &DetectionItem, state: &mut ConversionState, ) -> Result<String>
fn escape_and_quote_field(&self, field: &str) -> String
fn convert_value_str( &self, value: &SigmaString, state: &ConversionState, ) -> String
fn convert_value_re(&self, regex: &str, state: &ConversionState) -> String
fn convert_field_eq_str( &self, field: &str, value: &SigmaString, modifiers: &[Modifier], state: &mut ConversionState, ) -> Result<ConvertResult>
fn convert_field_eq_str_case_sensitive( &self, field: &str, value: &SigmaString, modifiers: &[Modifier], state: &mut ConversionState, ) -> Result<ConvertResult>
fn convert_field_eq_num( &self, field: &str, value: f64, state: &mut ConversionState, ) -> Result<String>
fn convert_field_eq_bool( &self, field: &str, value: bool, state: &mut ConversionState, ) -> Result<String>
fn convert_field_eq_null( &self, field: &str, state: &mut ConversionState, ) -> Result<String>
fn convert_field_eq_re( &self, field: &str, pattern: &str, flags: &[Modifier], state: &mut ConversionState, ) -> Result<ConvertResult>
fn convert_field_eq_cidr( &self, field: &str, cidr: &str, state: &mut ConversionState, ) -> Result<ConvertResult>
fn convert_field_compare( &self, field: &str, op: &Modifier, value: f64, state: &mut ConversionState, ) -> Result<String>
fn convert_field_exists( &self, field: &str, exists: bool, state: &mut ConversionState, ) -> Result<String>
fn convert_field_eq_query_expr( &self, field: &str, expr: &str, id: &str, state: &mut ConversionState, ) -> Result<String>
fn convert_field_ref( &self, field1: &str, field2: &str, state: &mut ConversionState, ) -> Result<ConvertResult>
fn convert_keyword( &self, value: &SigmaValue, state: &mut ConversionState, ) -> Result<String>
fn finish_query( &self, rule: &SigmaRule, query: String, state: &ConversionState, ) -> Result<String>
fn finalize_query( &self, rule: &SigmaRule, query: String, index: usize, state: &ConversionState, output_format: &str, ) -> Result<String>
fn finalize_output( &self, queries: Vec<String>, output_format: &str, ) -> Result<String>
fn default_format(&self) -> &str
fn convert_condition_as_in_expression( &self, _field: &str, _values: &[&SigmaValue], _is_or: bool, _state: &mut ConversionState, ) -> Result<String>
fn supports_correlation(&self) -> bool
fn convert_correlation_rule( &self, _rule: &CorrelationRule, _output_format: &str, _pipeline_state: &PipelineState, ) -> Result<Vec<String>>
Auto Trait Implementations§
impl Freeze for MandatoryPipelineTestBackend
impl RefUnwindSafe for MandatoryPipelineTestBackend
impl Send for MandatoryPipelineTestBackend
impl Sync for MandatoryPipelineTestBackend
impl Unpin for MandatoryPipelineTestBackend
impl UnsafeUnpin for MandatoryPipelineTestBackend
impl UnwindSafe for MandatoryPipelineTestBackend
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more