From ed5ce5d251ddce63e7a41f5ece6c98b0624ab92f Mon Sep 17 00:00:00 2001 From: fukusuket <41001169+fukusuket@users.noreply.github.com> Date: Thu, 13 Mar 2025 20:10:04 +0900 Subject: [PATCH] update --- .github/workflows/check-audit.yml | 2 +- config/WELA.ps1 => WELA.ps1 | 0 wela-extractor/src/main.rs | 15 --------------- 3 files changed, 1 insertion(+), 16 deletions(-) rename config/WELA.ps1 => WELA.ps1 (100%) diff --git a/.github/workflows/check-audit.yml b/.github/workflows/check-audit.yml index 0cbbf0b5..2c574602 100644 --- a/.github/workflows/check-audit.yml +++ b/.github/workflows/check-audit.yml @@ -49,7 +49,7 @@ jobs: - name: Run WELA.ps1 run: | - ./config/WELA.ps1 + ./WELA.ps1 - name: Output UsableRules.csv run: | diff --git a/config/WELA.ps1 b/WELA.ps1 similarity index 100% rename from config/WELA.ps1 rename to WELA.ps1 diff --git a/wela-extractor/src/main.rs b/wela-extractor/src/main.rs index 5927eed6..72a8a770 100644 --- a/wela-extractor/src/main.rs +++ b/wela-extractor/src/main.rs @@ -86,21 +86,6 @@ fn parse_yaml(doc: Yaml, eid_subcategory_pair: &Vec<(String, String)>) -> Option "event_ids": event_ids, "subcategory_guids": subcategories })); - } else if let Some(tags) = doc["tags"].as_vec() { - if !tags.contains(&Yaml::from_str("sysmon")) { - extract_event_ids(&doc, &mut event_ids); - subcategories.insert("00000000-0000-0000-0000-000000000000".to_string()); - let event_ids: Vec = event_ids.into_iter().collect(); - let subcategories: Vec = subcategories.into_iter().collect(); - return Some(json!({ - "id": uuid, - "title": title, - "description": desc, - "level": level, - "event_ids": event_ids, - "subcategory_guids": subcategories - })); - } } } }