rsigma_convert/lib.rs
1//! # rsigma-convert
2//!
3//! Sigma rule conversion engine for transforming parsed Sigma rules into
4//! backend-native query strings (SQL, SPL, KQL, Lucene, etc.).
5//!
6//! This crate provides:
7//!
8//! - A [`Backend`] trait that backends implement to produce query strings.
9//! - A [`TextQueryConfig`] struct carrying tokens, operators, and expressions
10//! for text-based query backends (the vast majority).
11//! - A condition-expression tree walker that recurses over [`ConditionExpr`]
12//! and dispatches to the backend's conversion methods.
13//! - An orchestrator ([`convert_collection`]) that applies pipelines, converts
14//! each rule, and collects results/errors.
15//! - Deferred-expression support for backends that need post-query appendages
16//! (e.g. Splunk `| regex`, `| where`).
17//!
18//! [`ConditionExpr`]: rsigma_parser::ConditionExpr
19
20pub mod backend;
21pub mod backends;
22pub mod condition;
23pub mod convert;
24pub mod error;
25pub mod output;
26pub mod state;
27
28pub use backend::{Backend, TextQueryConfig, TokenType};
29pub use condition::convert_condition_expr;
30pub use convert::convert_collection;
31pub use error::{ConvertError, Result};
32pub use output::{ConversionOutput, ConversionResult};
33pub use state::{ConversionState, ConvertResult, DeferredExpression, DeferredTextExpression};