pub struct SchemaSignature {
pub name: String,
pub predicates: Vec<SchemaPredicate>,
pub specificity: u32,
}Expand description
A named schema recognizer: every predicate must hold for the signature to
match. Higher specificity wins when several signatures match the same
event. Multiple signatures may share a name (for example several distinct
ways to recognize Sysmon); the classifier reports the name.
Fields§
§name: StringSchema label reported on a match (for example ecs, sysmon).
predicates: Vec<SchemaPredicate>Conditions that must all hold (logical AND). An empty predicate set
matches every event; prefer SchemaPredicate::HasAnyField for a
structured-event fallback.
specificity: u32Tie-breaking weight; the highest-specificity matching signature wins.
Trait Implementations§
Source§impl Clone for SchemaSignature
impl Clone for SchemaSignature
Source§fn clone(&self) -> SchemaSignature
fn clone(&self) -> SchemaSignature
Returns a duplicate of the value. Read more
1.0.0 (const: unstable) · Source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
Performs copy-assignment from
source. Read moreAuto Trait Implementations§
impl Freeze for SchemaSignature
impl RefUnwindSafe for SchemaSignature
impl Send for SchemaSignature
impl Sync for SchemaSignature
impl Unpin for SchemaSignature
impl UnsafeUnpin for SchemaSignature
impl UnwindSafe for SchemaSignature
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more