Skip to main content

Event

rsigma_eval::event

Trait Event 

Source 
pub trait Event {
    // Required methods
    fn get_field(&self, path: &str) -> Option<EventValue<'_>>;
    fn any_string_value(&self, pred: &dyn Fn(&str) -> bool) -> bool;
    fn all_string_values(&self) -> Vec<Cow<'_, str>>;
    fn to_json(&self) -> Value;
}
Expand description

Generic interface for accessing event data during Sigma rule evaluation.

Implementations provide field lookup (with dot-notation), keyword search over all string values, and serialization to JSON for correlation storage.

Required Methods§

Source

fn get_field(&self, path: &str) -> Option<EventValue<'_>>

Look up a field by name. Supports dot-notation for nested access.

Returns None if the field is absent. Returns Some(EventValue::Null) if the field exists but is null.

Source

fn any_string_value(&self, pred: &dyn Fn(&str) -> bool) -> bool

Check if any string value anywhere in the event satisfies a predicate. Used by keyword detection.

Source

fn all_string_values(&self) -> Vec<Cow<'_, str>>

Collect all string values in the event.

Source

fn to_json(&self) -> Value

Materialize the event as a serde_json::Value.

Implementations on Foreign Types§

Source§

impl<T: Event + ?Sized> Event for &T

Source§

fn get_field(&self, path: &str) -> Option<EventValue<'_>>

Source§

fn any_string_value(&self, pred: &dyn Fn(&str) -> bool) -> bool

Source§

fn all_string_values(&self) -> Vec<Cow<'_, str>>

Source§

fn to_json(&self) -> Value

Implementors§

Source§

impl Event for KvEvent

Source§

impl Event for PlainEvent

Source§

impl<'a> Event for JsonEvent<'a>

Source§

impl<K, V> Event for MapEvent<K, V>
where K: AsRef<str> + Debug + Clone, V: AsRef<str> + Debug + Clone,