enricher

A basic log enricher

Create log enrichers using the LogEnrichment trait:

```rust

[derive(Clone)]

struct MacEnricher {}

impl LogEnrichment for MacEnricher { fn enrich( &self, mut log: SiemLog, datasets: &usiem::components::dataset::holder::DatasetHolder, ) -> SiemLog { let mut fieldstoadd = vec![]; for (name, field) in log.fields() { if let SiemField::IP(ip) = field { let ipmac = match datasets.get(&SiemDatasetType::IpMac) { Some(ipmac) => match ipmac { SiemDataset::IpMac(ipmac) => ipmac, _ => { continue; } }, None => { continue; } }; match ipmac.get(ip) { Some(val) => { let fieldbasename = fieldname(name); fieldstoadd.push((format!("{}.mac", fieldbasename),SiemField::Text(val.clone()))); } None => {} } } } for (name,val) in fieldstoadd { log.addfield(&name, val); } log }

fn name(&self) -> &str {
    "MacEnricher"
}

fn description(&self) -> &str {
    "Adds a Mac to each IP field"
}

} ```