/** * ATR SIEM Query Converter * * Converts ATR YAML rules into SIEM-specific query formats * (Splunk SPL and Elasticsearch Query DSL). * * @module agent-threat-rules/converters */ import type { ATRRule } from '../types.js'; export type SIEMFormat = 'splunk' | 'elastic'; export type OutputFormat = SIEMFormat | 'sarif' | 'generic-regex'; export interface ConvertedQuery { readonly ruleId: string; readonly title: string; readonly severity: string; readonly format: SIEMFormat; readonly query: string; } /** * Convert a single ATR rule to a SIEM query. */ export declare function convertRule(rule: ATRRule, format: SIEMFormat): ConvertedQuery; /** * Convert all ATR rules in a directory to SIEM queries. */ export declare function convertAllRules(rulesDir: string, format: SIEMFormat): readonly ConvertedQuery[]; export { ruleToSPL } from './splunk.js'; export { ruleToElastic } from './elastic.js'; export { scanResultToSARIF } from './sarif.js'; export { ruleToGenericRegex, rulesToGenericRegex } from './generic-regex.js'; export type { GenericRegexRule, GenericRegexPattern } from './generic-regex.js'; export { atrToSage, atrToSageBatch, sageRulesToYaml, SageIdAllocator } from './sage.js'; export type { SageRule, SageSeverity, SageAction, SageMatchOn, ConvertResult as SageConvertResult, ConversionWarning as SageConversionWarning, } from './sage.js'; export { sageToAtr, sageToAtrBatch } from './sage-reverse.js'; export type { ReverseConvertResult, ReverseWarning } from './sage-reverse.js'; //# sourceMappingURL=index.d.ts.map