Why Go
- Case Studies
  
  Common problems companies solve with Go
- Use Cases
  
  Stories about how and why companies use Go
- Security
  
  How Go can help keep you secure by default
Learn
Docs
- Effective Go
  
  Tips for writing clear, performant, and idiomatic Go code
- Go User Manual
  
  A complete introduction to building software with Go
- Standard library
  
  Reference documentation for Go's standard library
- Release Notes
  
  Learn what's new in each Go release
- API
  
  Reference documentation for the pkg.go.dev API
Packages
Community
- Recorded Talks
  
  Videos from prior events
- Meetups
  
  Meet other local Go developers
- Conferences
  
  Learn and network with Go developers from around the world
- Go blog
  
  The Go project's official blog.
- Go project
  
  Get help and stay informed from Go
- Get connected

rules

package

Go to main page

Versions in this module

v0

v0.9.1

May 1, 2026

v0.9.0

Apr 9, 2026

Changes in this version

+ func CompileRules(config *Config) error

+ func EvaluateRule(rule *Rule, record types.AuditRecord) (*types.Alert, error)

+ func GetEmbeddedRuleSetInfo() (map[string]EmbeddedRuleSetInfo, error)

+ func GetEmbeddedRuleSetNames() ([]string, error)

+ func ValidateSeverity(severity string) bool

+ type ActionStats struct

+ ActionsExecuted uint64

+ ActionsFailed uint64

+ ActionsSuccess uint64

+ IPsBlocked uint64

+ type AlertWriter interface

+ Close func() error

+ WriteAlert func(alert *types.Alert) error

+ type Config struct

+ Description string

+ Rules []*Rule

+ func LoadEmbeddedRules() (*Config, error)

+ func LoadRulesFromDirectory(dirPath string) (*Config, error)

+ func LoadRulesFromFile(path string) (*Config, error)

+ func LoadRulesWithEmbeddedDefaults(dirPath string) (*Config, error)

+ func MergeConfigs(base, override *Config) *Config

+ type EmbeddedRuleSetInfo struct

+ Description string

+ Name string

+ RuleCount int

+ type Engine struct

+ func NewEngine(rulesPath string, alertWriter AlertWriter) (*Engine, error)

+ func NewEngineFromConfig(config *Config, alertWriter AlertWriter) (*Engine, error)

+ func (e *Engine) Close() error

+ func (e *Engine) Evaluate(record types.AuditRecord) (int, error)

+ func (e *Engine) GetActionStats() map[string]uint64

+ func (e *Engine) GetFirewallManager() *firewall.Manager

+ func (e *Engine) GetStats() map[string]any

+ func (e *Engine) SetDeduplicationWindow(d time.Duration)

+ func (e *Engine) SetFirewallManager(manager *firewall.Manager)

+ func (e *Engine) SetPerformanceTracker(tracker *performance.Tracker)

+ func (e *Engine) SetRateLimit(limit int)

+ func (e *Engine) UpdateConfig(config *Config) error

+ type FileAlertWriter struct

+ func NewFileAlertWriter(outputDir string) (*FileAlertWriter, error)

+ func (w *FileAlertWriter) Close() error

+ func (w *FileAlertWriter) WriteAlert(alert *types.Alert) error

+ type ResponseAction struct

+ Config map[string]any

+ Enabled *bool

+ Type string

+ func (a *ResponseAction) IsEnabled() bool

+ func (a *ResponseAction) Validate() error

+ type Rule struct

+ Actions []*ResponseAction

+ Description string

+ Enabled bool

+ Expression string

+ MITRE []string

+ Name string

+ Severity string

+ Tags []string

+ Threshold int

+ ThresholdWindow int

+ Type string