pub struct RiskFile {
pub strip_event: bool,
pub scope: Option<ScopeConfig>,
pub score: ScoreFile,
pub objects: Vec<ObjectFile>,
pub emit_risk_events: bool,
pub nats_subject: Option<String>,
pub incident: Option<IncidentFile>,
}Expand description
Top-level risk config file.
scope:
levels: [low, medium, high, critical]
score:
tag_scores:
"attack.*": 10
crown-jewel: 50
tag_reducer: sum
level_scores:
high: 40
critical: 80
default_score: 1
objects:
- type: user
selector: enrichment.user
- type: src_ip
selector: match.SourceIp
emit_risk_events: falseFields§
§strip_event: boolRetain the event for selector resolution but drop raw event payloads before sink delivery.
scope: Option<ScopeConfig>Restrict which results the layer acts on. Out-of-scope results pass through untouched.
score: ScoreFileRisk-score sourcing.
objects: Vec<ObjectFile>Risk-object (entity) selectors. At least one is required.
emit_risk_events: boolEmit a compact risk event per (detection, risk object) pair.
nats_subject: Option<String>Optional NATS subject override for emitted risk events.
incident: Option<IncidentFile>Per-entity risk-incident accumulator. Omitted means annotation only.
Trait Implementations§
Source§impl<'de> Deserialize<'de> for RiskFile
impl<'de> Deserialize<'de> for RiskFile
Source§fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
Deserialize this value from the given Serde deserializer. Read more
Auto Trait Implementations§
impl Freeze for RiskFile
impl RefUnwindSafe for RiskFile
impl Send for RiskFile
impl Sync for RiskFile
impl Unpin for RiskFile
impl UnsafeUnpin for RiskFile
impl UnwindSafe for RiskFile
Blanket Implementations§
Source§impl<T> AnyExt for T
impl<T> AnyExt for T
Source§fn downcast_ref<T>(this: &Self) -> Option<&T>where
T: Any,
fn downcast_ref<T>(this: &Self) -> Option<&T>where
T: Any,
Attempts to downcast this to
T behind referenceSource§fn downcast_mut<T>(this: &mut Self) -> Option<&mut T>where
T: Any,
fn downcast_mut<T>(this: &mut Self) -> Option<&mut T>where
T: Any,
Attempts to downcast this to
T behind mutable referenceSource§fn downcast_rc<T>(this: Rc<Self>) -> Result<Rc<T>, Rc<Self>>where
T: Any,
fn downcast_rc<T>(this: Rc<Self>) -> Result<Rc<T>, Rc<Self>>where
T: Any,
Attempts to downcast this to
T behind Rc pointerSource§fn downcast_arc<T>(this: Arc<Self>) -> Result<Arc<T>, Arc<Self>>where
T: Any,
fn downcast_arc<T>(this: Arc<Self>) -> Result<Arc<T>, Arc<Self>>where
T: Any,
Attempts to downcast this to
T behind Arc pointerSource§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more
Source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
Source§impl<T, X> CoerceTo<T> for Xwhere
T: CoerceFrom<X> + ?Sized,
impl<T, X> CoerceTo<T> for Xwhere
T: CoerceFrom<X> + ?Sized,
fn coerce_rc_to(self: Rc<X>) -> Rc<T>
fn coerce_box_to(self: Box<X>) -> Box<T>
fn coerce_ref_to(&self) -> &T
fn coerce_mut_to(&mut self) -> &mut T
impl<T> DeserializeOwned for Twhere
T: for<'de> Deserialize<'de>,
Source§impl<T> Instrument for T
impl<T> Instrument for T
Source§fn instrument(self, span: Span) -> Instrumented<Self>
fn instrument(self, span: Span) -> Instrumented<Self>
Source§fn in_current_span(self) -> Instrumented<Self>
fn in_current_span(self) -> Instrumented<Self>
Source§impl<T> IntoEither for T
impl<T> IntoEither for T
Source§fn into_either(self, into_left: bool) -> Either<Self, Self>
fn into_either(self, into_left: bool) -> Either<Self, Self>
Converts
self into a Left variant of Either<Self, Self>
if into_left is true.
Converts self into a Right variant of Either<Self, Self>
otherwise. Read moreSource§fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
Converts
self into a Left variant of Either<Self, Self>
if into_left(&self) returns true.
Converts self into a Right variant of Either<Self, Self>
otherwise. Read more