/** * ATR-to-Splunk SPL Converter * * Converts ATR YAML rules into Splunk Search Processing Language (SPL) queries * that a SOC analyst can use as a starting point for threat hunting. * * @module agent-threat-rules/converters/splunk */ import type { ATRRule } from '../types.js'; /** * Convert an ATR rule to a Splunk SPL query string. * * The generated query includes: * - Comment header with rule metadata * - Index/sourcetype base search (generic, analyst should customize) * - Condition clauses joined with appropriate logic */ export declare function ruleToSPL(rule: ATRRule): string; //# sourceMappingURL=splunk.d.ts.map