Crate rust_threat_detector 

Rust Threat Detector v2.0

An advanced memory-safe SIEM threat detection component with ML-based scoring, automated incident response, and proactive threat hunting capabilities.

What’s New in v2.0

• ML-Based Scoring: Feature-engineered threat scoring with statistical models
• Automated Incident Response: Playbook-driven response workflows
• Threat Hunting: Hypothesis-driven hunting with IOC sweeps
• Enhanced Detection: Improved pattern matching and behavioral analysis

Features

• Memory Safety: Built with Rust to prevent vulnerabilities in security tools
• Real-time Analysis: Fast pattern matching and threat detection
• MITRE ATT&CK Framework: 10+ technique detection patterns
• Pattern Library: Pre-configured threat patterns
• Behavioral Analytics: User and Entity Behavior Analytics (UEBA) for anomaly detection
• Threat Intelligence: IOC matching against known malicious indicators
• Anomaly Detection: Statistical and machine learning-based anomaly detection
• Alert Generation: Structured alert output for SIEM integration
• SIEM Export: Multiple export formats (CEF, LEEF, JSON, Syslog)
• Incident Response: Automated playbooks and response actions
• Threat Hunting: Proactive hunting capabilities with templates

Quick Start

use rust_threat_detector::{ThreatDetector, LogEntry};
use chrono::Utc;
use std::collections::HashMap;

let mut detector = ThreatDetector::new();

let log = LogEntry {
    timestamp: Utc::now(),
    source_ip: Some("192.168.1.100".to_string()),
    user: Some("admin".to_string()),
    event_type: "auth".to_string(),
    message: "Failed login attempt for admin".to_string(),
    metadata: HashMap::new(),
};

let alerts = detector.analyze(&log);
for alert in alerts {
    println!("Alert: {} (Score: {})", alert.description, alert.threat_score);
}

Alignment with Federal Guidance

Implements memory-safe security monitoring tools, aligning with 2024-2025 CISA/FBI/NSA guidance for critical infrastructure protection.

Re-exports

pub use mitre_attack::AttackTactic;

pub use mitre_attack::AttackTechnique;

pub use mitre_attack::MitreAttackDetector;

pub use mitre_attack::ThreatDetection;

pub use behavioral_analytics::BehavioralAnalytics;

pub use behavioral_analytics::EntityProfile;

pub use behavioral_analytics::UserProfile;

pub use threat_intelligence::IOCType;

pub use threat_intelligence::ThreatIntelligence;

pub use threat_intelligence::IOC;

pub use siem_formats::BatchExporter;

pub use siem_formats::SIEMExporter;

pub use siem_formats::SIEMFormat;

pub use anomaly_detection::AnomalyDetector;

pub use anomaly_detection::AnomalyResult;

pub use anomaly_detection::DetectionMethod;

pub use anomaly_detection::TimeSeries;

pub use ml_scoring::MLThreatScorer;

pub use ml_scoring::ThreatFeatures;

pub use ml_scoring::ThreatScore;

pub use ml_scoring::RiskLevel;

pub use ml_scoring::ContributingFactor;

pub use ml_scoring::ModelWeights;

pub use ml_scoring::BaselineStats;

pub use incident_response::IncidentResponseManager;

pub use incident_response::Incident;

pub use incident_response::IncidentStatus;

pub use incident_response::Playbook;

pub use incident_response::PlaybookAction;

pub use incident_response::ResponseAction;

pub use incident_response::ActionResult;

pub use incident_response::IncidentStatistics;

pub use threat_hunting::ThreatHuntingEngine;

pub use threat_hunting::ThreatHunt;

pub use threat_hunting::HuntStatus;

pub use threat_hunting::HuntQuery;

pub use threat_hunting::HuntFinding;

pub use threat_hunting::HuntTemplate;

pub use threat_hunting::HuntIOC;

pub use threat_hunting::IOCType as HuntIOCType;

pub use threat_hunting::HuntStatistics;

pub use threat_hunting::QueryMatch;

pub use threat_hunting::IOCSweepResult;

Modules

anomaly_detection

Anomaly Detection Engine

behavioral_analytics

Behavioral Analytics Module

incident_response

Automated Incident Response Module v2.0

mitre_attack

MITRE ATT&CK framework pattern detection

ml_scoring

Machine Learning-based Threat Scoring v2.0

siem_formats

SIEM Export Formats

threat_hunting

Threat Hunting Module v2.0

threat_intelligence

Threat Intelligence Module

Structs

LogEntry

Log entry for analysis

ThreatAlert

Detected threat

ThreatDetector

Threat detector

ThreatPattern

Threat detection pattern

Enums

DetectionError

Threat detection errors

ThreatCategory

Threat categories

ThreatSeverity

Threat severity levels