/** * ATR-to-Elastic Query DSL Converter * * Converts ATR YAML rules into Elasticsearch Query DSL (JSON) that * a SOC analyst can use in Kibana or the Elasticsearch API. * * @module agent-threat-rules/converters/elastic */ import type { ATRRule } from '../types.js'; interface ElasticQuery { _meta: { rule_id: string; title: string; severity: string; category: string; source_type: string; condition_logic: string; }; query: { bool: { should?: unknown[]; must?: unknown[]; minimum_should_match?: number; }; }; } /** * Convert an ATR rule to an Elasticsearch Query DSL object. * * Returns a JSON-serializable object with _meta and query fields. * - "any" condition logic -> bool.should with minimum_should_match=1 * - "all" condition logic -> bool.must */ export declare function ruleToElastic(rule: ATRRule): ElasticQuery; export {}; //# sourceMappingURL=elastic.d.ts.map