List of all items
Structs
- compiler::CompiledDetectionItem
- compiler::CompiledRule
- correlation::CompiledCondition
- correlation::CompiledCorrelation
- correlation::EventBuffer
- correlation::EventRef
- correlation::EventRefBuffer
- correlation::GroupKey
- correlation_engine::CorrelationConfig
- correlation_engine::CorrelationEngine
- correlation_engine::CorrelationInfo
- correlation_engine::CorrelationSnapshot
- correlation_engine::CorrelationStateSnapshot
- correlation_engine::GroupKeyPart
- correlation_engine::GroupStateInfo
- engine::Engine
- event::JsonEvent
- event::KvEvent
- event::MapEvent
- event::MappedEvent
- event::PlainEvent
- explain::ItemTrace
- explain::RuleExplanation
- explain::SelectionBranch
- field_observer::FieldCoverage
- field_observer::FieldObservation
- field_observer::FieldObservationEntry
- field_observer::FieldObserver
- fields::FieldOrigin
- fields::RuleFieldSet
- logsource::LogSourceExtractor
- matcher::MatchDescriptor
- pipeline::Pipeline
- pipeline::TransformationItem
- pipeline::conditions::NamedRuleCondition
- pipeline::sources::DynamicSource
- pipeline::sources::SourceRef
- pipeline::state::PipelineState
- result::CorrelationBody
- result::DetectionBody
- result::EvaluationResult
- result::FieldMatch
- result::RuleHeader
- router::RouteResult
- router::SchemaRouter
- schema::FieldValueConfig
- schema::RoutingConfig
- schema::RoutingPlan
- schema::SchemaBinding
- schema::SchemaClassifier
- schema::SchemaCountEntry
- schema::SchemaMatch
- schema::SchemaObservation
- schema::SchemaObserver
- schema::SchemaPredicateConfig
- schema::SchemaSignature
- schema::SchemaSignatureConfig
- schema::SchemaSignaturesFile
Enums
- compiler::CompiledDetection
- correlation::GroupByField
- correlation::WindowDecision
- correlation::WindowState
- correlation_engine::CorrelationAction
- correlation_engine::CorrelationEventMode
- correlation_engine::TimestampFallback
- error::EvalError
- event::EventValue
- explain::ConditionTrace
- explain::DetectionTrace
- explain::MatchReason
- fields::FieldSource
- matcher::CompiledMatcher
- matcher::ExpandPart
- matcher::GroupMode
- matcher::TimePart
- pipeline::conditions::DetectionItemCondition
- pipeline::conditions::FieldMatchType
- pipeline::conditions::FieldMatcher
- pipeline::conditions::FieldNameCondition
- pipeline::conditions::RuleCondition
- pipeline::finalizers::Finalizer
- pipeline::sources::DataFormat
- pipeline::sources::ErrorPolicy
- pipeline::sources::ExtractExpr
- pipeline::sources::RefLocation
- pipeline::sources::RefreshPolicy
- pipeline::sources::SourceStatus
- pipeline::sources::SourceType
- pipeline::transformations::Transformation
- result::MatchDetailLevel
- result::MatcherKind
- result::ResultBody
- router::RouteOutcome
- schema::OnUnknown
- schema::RouteDecision
- schema::SchemaError
- schema::SchemaPredicate
Traits
Functions
- compiler::compile_detection
- compiler::compile_rule
- compiler::eval_condition
- compiler::evaluate_rule
- correlation::apply_window_open
- correlation::compile_correlation
- explain::explain_rule
- matcher::ascii_lowercase_cow
- matcher::parse_expand_template
- matcher::sigma_string_to_regex
- pipeline::apply_pipelines
- pipeline::apply_pipelines_to_correlation
- pipeline::apply_pipelines_with_state
- pipeline::builtin::builtin_names
- pipeline::builtin::resolve_builtin
- pipeline::conditions::all_rule_conditions_match
- pipeline::conditions::eval_condition_expr
- pipeline::merge_pipelines
- pipeline::parse_pipeline
- pipeline::parse_pipeline_file
- pipeline::parse_sources_dir
- pipeline::parse_sources_file
- pipeline::parse_transformation_items
- pipeline::validate_source_refs
- schema::builtin_schema_names
- schema::load_schema_config
- schema::load_schema_signatures
- schema::parse_schema_config
- schema::parse_schema_signatures