A basic log enricher
Create log enrichers using the LogEnrichment trait:
```rust
struct MacEnricher {}
impl LogEnrichment for MacEnricher { fn enrich(&self, mut log: SiemLog, datasets: &DatasetHolder) -> SiemLog { let mut fieldstoadd = vec![]; let macdataset : &IpMapSynDataset = match datasets.get(&SiemDatasetType::IpMac) { Some(dst) => match dst.tryinto() { Ok(v) => v, Err(_) => return log }, None => return log };
for (name, field) in log.fields() {
if let SiemField::IP(ip) = field {
match mac_dataset.get(ip) {
Some(val) => {
fields_to_add.push((
format!("{}.mac", field_name(name)),
SiemField::Text(val.clone()),
));
}
None => {}
}
}
}
for (name, val) in fields_to_add {
log.insert(LogString::Owned(name), val);
}
log
}
fn name(&self) -> &str {
"MacEnricher"
}
fn description(&self) -> &str {
"Adds a Mac to each IP field"
}
} ```