Skip to main content

Module scope

Module scope 

Source
Expand description

Scope filtering for post-evaluation stages.

A Scope decides, on a per-result basis, whether a post-engine stage should act on a given EvaluationResult. Enrichers apply it after the kind-vs-body filter and before Enricher::enrich runs, so a stage pays no I/O cost for results it would have ignored anyway.

Three independent axes:

  • rules: rule-id exact match or rule-title glob (via globset).
  • tags: tag-set intersection with prefix wildcard support (attack.* matches attack.t1059.001).
  • levels: severity membership.

All three axes are AND-ed when configured: a stage acts only when every populated axis matches. Empty axes are not filters (an empty tags: [] does not exclude every result; it means “no tag constraint”).

Structs§

Scope
Scope filter applied per result before a post-engine stage acts.