Struct usiem::components::alert::SiemRule

pub struct SiemRule {
    pub name: &'static str,
    pub service: &'static str,
    pub description: &'static str,
    pub templates: &'static BTreeMap<&'static str, &'static str>,
    pub tenants: &'static BTreeMap<&'static str, &'static str>,
    pub mitre: (&'static Vec<MitreTactics>, &'static Vec<MitreTechniques>),
    pub datasets: BTreeMap<SiemDatasetType, SiemDataset>,
    pub needed_datasets: &'static Vec<SiemDatasetType>,
    pub rule: SiemRuleMatchSync,
}

Fields

name: &'static str

Name of the rule

service: &'static str

Name of the Service applied to match this rule

description: &'static str

A description of the rule to be showed in the UI

templates: &'static BTreeMap<&'static str, &'static str>

Includes templateS for this rule. used to generate the alert description

tenants: &'static BTreeMap<&'static str, &'static str>

Sets the mapping of languages to be used in each tenant

mitre: (&'static Vec<MitreTactics>, &'static Vec<MitreTechniques>)

tactics and techniques covered by this rule

datasets: BTreeMap<SiemDatasetType, SiemDataset>

Datasets to be used by the rules

needed_datasets: &'static Vec<SiemDatasetType>

List of datasets needed by this rule

rule: SiemRuleMatchSync

Checks if the log matches this rule. It can return an alert and/or an action to be executed by the SOAR

Implementations

impl SiemRule

pub fn match_log(
&self,
log: &SiemLog
) -> Option<(Option<SiemAlert>, Option<SiemTask>)>

pub fn set_dataset(&mut self, dataset: SiemDataset)

Updates the references for the datasets

pub fn get_dataset(&self, typ: SiemDatasetType) -> Option<&SiemDataset>

To be used by the SiemRuleMatch

pub fn get_template_for_log(&self, log: &SiemLog) -> &'static str

To be used by the SiemRuleMatch

Trait Implementations

impl Clone for SiemRule

fn clone(&self) -> SiemRule

Returns a copy of the value. Read more

1.0.0 · source

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more

Auto Trait Implementations

impl RefUnwindSafe for SiemRule

impl Send for SiemRule

impl Sync for SiemRule

impl Unpin for SiemRule

impl UnwindSafe for SiemRule

Blanket Implementations

impl<T> Any for Twhere
T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for Twhere
T: ?Sized,

const: unstable · source

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for Twhere
T: ?Sized,

const: unstable · source

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> DynClone for Twhere
T: Clone,

fn __clone_box(&self, _: Private) -> *mut ()

impl<T> From<T> for T

const: unstable · source

fn from(t: T) -> T

Returns the argument unchanged.

impl<T, U> Into<U> for Twhere
U: From<T>,

const: unstable · source

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T> ToOwned for Twhere
T: Clone,

type Owned = T

The resulting type after obtaining ownership.

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more

impl<T, U> TryFrom<U> for Twhere
U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

const: unstable · source

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for Twhere
U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

const: unstable · source

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.