Added convenience iteration methods to SigmaCollection

sigma/collection.py

@@ -4,7 +4,7 @@
 from uuid import UUID
 from sigma.correlations import SigmaCorrelationRule
 
-from sigma.rule import SigmaRule
+from sigma.rule import SigmaRule, SigmaRuleBase
 from sigma.exceptions import (
     SigmaCollectionError,
     SigmaError,
@@ -208,6 +208,14 @@ def merge(cls, collections: Iterable["SigmaCollection"]) -> "SigmaCollection":
             errors=[error for collection in collections for error in collection.errors],
         )
 
+    def get_output_rules(self) -> Iterable[SigmaRuleBase]:
+        """Returns an iterator across all rules where the output property is set to true"""
+        return (rule for rule in self.rules if rule._output)
+
+    def get_unrefereced_rules(self) -> Iterable[SigmaRuleBase]:
+        """Returns an iterator across all rules that are not referenced by any other rule"""
+        return (rule for rule in self.rules if not rule._backreferences)
+
     def __iter__(self):
         return iter(self.rules)
 

tests/test_collection.py

@@ -377,6 +377,18 @@ def test_load_ruleset_with_correlation(rules_with_correlation):
     assert correlation_rule.rules[0].rule == rules_with_correlation.rules[0]
 
 
+def test_get_output_rules(rules_with_correlation):
+    output_rules = list(rules_with_correlation.get_output_rules())
+    assert len(output_rules) == 1
+    assert isinstance(output_rules[0], SigmaCorrelationRule)
+
+
+def test_get_unreferenced_rules(rules_with_correlation):
+    output_rules = list(rules_with_correlation.get_unrefereced_rules())
+    assert len(output_rules) == 1
+    assert isinstance(output_rules[0], SigmaCorrelationRule)
+
+
 def test_load_ruleset_with_correlation_referencing_nonexistent_rule():
     with pytest.raises(SigmaRuleNotFoundError, match="Rule 'rule-2' not found in rule collection"):
         SigmaCollection.from_yaml(