Skip to content

update README sample code#10

Open
fukusuket wants to merge 1 commit intocrowdalert:mainfrom
fukusuket:update-readme-sample-code
Open

update README sample code#10
fukusuket wants to merge 1 commit intocrowdalert:mainfrom
fukusuket:update-readme-sample-code

Conversation

@fukusuket
Copy link
Contributor

@fukusuket fukusuket commented Apr 29, 2025

I tweaked the sample code in the README a bit so it compiles.
Would be great if you could take a look. If the original sample was intentional, feel free to just close this PR.
Thank you for your time :)

In my environment, the following code compiled successfully.

[package]
name = "sample"
version = "0.1.0"
edition = "2024"

[dependencies]
sigmars = "0.2.2"
serde_json = "*"
tokio = "1.44.2"

As a collection of simple detections:

use std::error::Error;
use serde_json::json;
use sigmars::SigmaCollection;

fn main() -> Result<(), Box<dyn Error>> {
    let rules: SigmaCollection = SigmaCollection::new_from_dir("/path/to/sigma/rules/").unwrap();
    let event = json!({"foo": "bar"});
    let matches = rules.get_detection_matches(&event.into());
    
    Ok(())
}

or with correlations (requires tokio) using an in-memory backend

use std::error::Error;
use serde_json::json;
use tokio;
use sigmars::{MemBackend, SigmaCollection};

#[tokio::main]
async fn main() -> Result<(), Box<dyn Error>> {
    let mut rules: SigmaCollection = SigmaCollection::new_from_dir("/path/to/sigma/rules/").unwrap();

    let mut backend = MemBackend::new().await;
    rules.init(&mut backend).await;

    let event = json!({"foo": "bar"});
    let matches = rules.get_matches(&event.into()).await?;
    
    Ok(())
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@fukusuket