sigma_rust/
lib.rs

1#![forbid(unsafe_code)]
2//! `sigma-rust` is a library for parsing and checking Sigma rules against log events.
3
4mod basevalue;
5mod detection;
6mod error;
7mod event;
8mod field;
9mod rule;
10mod selection;
11mod wildcard;
12
13pub use event::Event;
14pub use rule::Rule;
15
16/// Parse a rule from a YAML string
17pub fn rule_from_yaml(yaml: &str) -> Result<Rule, serde_yml::Error> {
18    serde_yml::from_str(yaml)
19}
20
21/// Parse an event from a JSON string
22#[cfg(feature = "serde_json")]
23pub fn event_from_json(json: &str) -> Result<Event, serde_json::Error> {
24    serde_json::from_str(json)
25}
26
27/// Parse a list of events from a JSON string
28#[cfg(feature = "serde_json")]
29pub fn events_from_json(json: &str) -> Result<Vec<Event>, serde_json::Error> {
30    serde_json::from_str(json)
31}
32
33/// Check if a rule matches an event
34pub fn check_rule(rule: &Rule, event: &Event) -> bool {
35    rule.is_match(event)
36}