Versions in this module Expand all Collapse all v0 v0.6.2 Apr 21, 2023 Changes in this version + func FuzzRuleMatches(data []byte) int + type Event interface + type GroupedByValues struct + ConditionID int + EventValues map[string]interface{} + func (a GroupedByValues) Key() string + type Option func(*RuleEvaluator) + func AverageImplementation(...) Option + func CountImplementation(count func(ctx context.Context, key GroupedByValues) (float64, error)) Option + func SumImplementation(...) Option + func WithConfig(config ...sigma.Config) Option + func WithPlaceholderExpander(f func(ctx context.Context, placeholderName string) ([]string, error)) Option + type Result struct + ConditionResults []bool + Match bool + SearchResults map[string]bool + type RuleEvaluator struct + func ForRule(rule sigma.Rule, options ...Option) *RuleEvaluator + func (rule *RuleEvaluator) GetFieldValuesFromEvent(field string, event Event) ([]interface{}, error) + func (rule RuleEvaluator) Indexes() []string + func (rule RuleEvaluator) Matches(ctx context.Context, event Event) (Result, error) + func (rule RuleEvaluator) RelevantToEvent(ctx context.Context, eventIndex string, event Event) (bool, error)