pub struct SigmaCollection {
pub rules: Vec<SigmaRule>,
pub correlations: Vec<CorrelationRule>,
pub filters: Vec<FilterRule>,
pub errors: Vec<String>,
}Expand description
A collection of parsed Sigma documents from one or more YAML files.
Fields§
§rules: Vec<SigmaRule>§correlations: Vec<CorrelationRule>§filters: Vec<FilterRule>§errors: Vec<String>Per-document parse errors accumulated while building the
collection. Populated by parse_sigma_yaml
and friends; one entry per document the parser could not
produce a SigmaRule, CorrelationRule, or FilterRule
from. The collection is still returned on Ok(_) so callers
can decide whether a partial parse is acceptable; the
SigmaCollection::has_errors / SigmaCollection::error_count
/ SigmaCollection::into_result helpers cover the common
“treat any error as a failure” path.
Implementations§
Source§impl SigmaCollection
impl SigmaCollection
pub fn new() -> Self
pub fn is_empty(&self) -> bool
Sourcepub fn has_errors(&self) -> bool
pub fn has_errors(&self) -> bool
True when the parser recorded one or more per-document parse errors while building this collection.
Sourcepub fn error_count(&self) -> usize
pub fn error_count(&self) -> usize
Number of per-document parse errors recorded while building
this collection. Equivalent to self.errors.len().
Sourcepub fn into_result(self) -> Result<Self, Vec<String>>
pub fn into_result(self) -> Result<Self, Vec<String>>
Promote the accumulated errors to a hard failure. Returns the
collection when SigmaCollection::has_errors is false;
otherwise returns the collection’s errors so
callers can format them. The original collection is consumed
either way so the success path can move out of self without
re-cloning the documents.
Trait Implementations§
Source§impl Clone for SigmaCollection
impl Clone for SigmaCollection
Source§fn clone(&self) -> SigmaCollection
fn clone(&self) -> SigmaCollection
1.0.0 (const: unstable) · Source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source. Read more