Skip to main content

has_categorization

Function has_categorization 

Source
pub fn has_categorization(rule: &SigmaRule, extra_namespaces: &[String]) -> bool
Expand description

Whether the rule carries an ATT&CK categorization: an attack.* tag, or a tag in any of the extra_namespaces (a private ATT&CK-adjacent taxonomy a team recognises via the linter’s tag_namespaces setting).

AdsSection::Categorization’s own content and is_present consider only attack.*; this is the config-aware variant the linter, rule doc, and the author_ads tool use so the three agree on whether a rule is categorized.