1pub mod alert_pipeline;
46pub mod dispositions;
47pub mod egress;
48pub mod engine;
49pub mod enrichment;
50pub mod error;
51pub mod input;
52pub mod io;
53pub mod metrics;
54pub mod parse;
55pub mod pipeline_deprecation;
56pub mod processor;
57pub mod risk;
58pub mod scope;
59pub mod selector;
60pub mod sources;
61pub mod tap;
62
63pub use alert_pipeline::{
64 AlertPipeline, AlertPipelineConfigError, AlertPipelineFile, AlertPipelineSnapshot,
65 AlertPipelineState, DEFAULT_MAX_DYNAMIC_SILENCES, DedupStore, GroupMode, IncidentRef,
66 IncidentResult, IncidentStore, IncludeMode, MatchOp, Matcher, MatcherError, MatcherSet,
67 MatcherSpec, SNAPSHOT_VERSION, Silence, SilenceError, SilenceOrigin, SilenceSpec, SilenceState,
68 SilenceStore, SilenceView, TickOutput, build_alert_pipeline, load_alert_pipeline_file,
69 parse_alert_pipeline_config,
70};
71pub use dispositions::{
72 Disposition, DispositionConfig, DispositionError, DispositionScope, DispositionSnapshot,
73 DispositionStore, IngestOutcome, Numerator, RawDisposition, RuleSummary, Verdict,
74 parse_dispositions, triage_feed,
75};
76pub use egress::{
77 EgressDenial, EgressFilteredResolver, EgressPolicy, default_egress_policy,
78 set_default_egress_policy,
79};
80pub use engine::{EngineStats, RoutingSpec, RuntimeEngine};
81pub use enrichment::config::{
82 EnricherConfig, EnrichersConfigError, EnrichersFile, build_enrichers, build_enrichers_full,
83 load_enrichers_file,
84};
85pub use enrichment::{
86 CacheKey, CacheOutcome, CommandEnricher, EnrichError, EnrichErrorKind, Enricher,
87 EnricherFactory, EnricherKind, EnrichmentPipeline, HttpEnricher, HttpEnricherClient,
88 HttpResponseCache, LookupEnricher, OnError, OutputFormat, Scope, TemplateEnricher,
89 TemplateError, build_default_http_client, lookup_builtin, register_builtin,
90 validate_template_namespace,
91};
92pub use error::RuntimeError;
93pub use input::{EventInputDecoded, InputFormat, parse_line};
94pub use io::webhook::{
95 BuiltWebhook, WebhookConfig, WebhookConfigError, WebhookKind, WebhookSink, WebhooksFile,
96 build_webhooks, load_webhooks_file,
97};
98pub use io::{
99 AckToken, DeliveryConfig, DeliveryContext, DeliveryFailure, DeliverySink, Dispatcher,
100 EventSource, FileSink, IncidentEnvelope, OnFull, RawEvent, Sink, StdinSource, StdoutSink,
101 spawn_source,
102};
103#[cfg(all(unix, feature = "uds"))]
104pub use io::{
105 UnixSocketGuard, UnixSocketSink, UnixSocketSource, bind_unix_listener, parse_unix_scheme,
106};
107pub use metrics::{MetricsHook, NoopMetrics};
108pub use pipeline_deprecation::warn_pipeline_inline_sources;
109pub use processor::{EventFilter, LogProcessor};
110pub use risk::{
111 IncidentConfig as RiskIncidentConfig, RiskCaps, RiskConfigError, RiskEntityView, RiskFile,
112 RiskIncidentResult, RiskLayer, RiskObject, RiskOutput, RiskRef, RiskState, RiskStateSnapshot,
113 SNAPSHOT_VERSION as RISK_SNAPSHOT_VERSION, build_risk_layer, load_risk_file, parse_risk_config,
114};
115pub use selector::{Selector, SelectorParseError};
116pub use tap::{TapPayload, TapRegistry, TapSessionHandle, TapStage};
117
118pub use rsigma_eval::{
119 FieldCoverage, FieldObservation, FieldObservationEntry, FieldObserver, ProcessResult,
120 ProcessResultExt, SchemaClassifier, SchemaCountEntry, SchemaError, SchemaObservation,
121 SchemaObserver, load_schema_signatures,
122};
123pub use sources::refresh::{RefreshResult, RefreshScheduler, RefreshTrigger, SourceSubscription};
124pub use sources::{
125 DefaultSourceResolver, ResolvedValue, SourceCache, SourceError, SourceErrorKind,
126 SourceResolver, TemplateExpander,
127};
128
129#[cfg(feature = "nats")]
130pub use io::{NatsConnectConfig, NatsSink, NatsSource, ReplayPolicy};
131
132#[cfg(feature = "evtx")]
133pub use input::evtx::{EvtxError, EvtxFileReader};
134
135#[cfg(feature = "otlp")]
136pub use io::otlp::{
137 ExportLogsServiceRequest, ExportLogsServiceResponse, LogsService, LogsServiceServer,
138 OtlpClientTls, OtlpProtocol, OtlpSink, evaluation_results_to_logs_request,
139 logs_request_to_raw_events,
140};