changed Event ID Statistics wording to Metrics #706

src/detections/configs.rs

@@ -188,9 +188,9 @@ pub struct Config {
     #[clap(help_heading = Some("ADVANCED"), short, long = "thread-number", value_name = "NUMBER")]
     pub thread_number: Option<usize>,
 
-    /// Print statistics of event IDs
+    /// Print metrics of event IDs
     #[clap(help_heading = Some("OTHER-ACTIONS"), short, long)]
-    pub statistics: bool,
+    pub metrics: bool,
 
     /// Print a summary of successful and failed logons
     #[clap(help_heading = Some("OTHER-ACTIONS"), short = 'L', long = "logon-summary")]

src/detections/detection.rs

@@ -14,7 +14,7 @@ use crate::detections::message::DetectInfo;
 use crate::detections::message::ERROR_LOG_STACK;
 use crate::detections::message::{CH_CONFIG, DEFAULT_DETAILS, TAGS_CONFIG};
 use crate::detections::message::{
-    LOGONSUMMARY_FLAG, PIVOT_KEYWORD_LIST_FLAG, QUIET_ERRORS_FLAG, STATISTICS_FLAG,
+    LOGONSUMMARY_FLAG, PIVOT_KEYWORD_LIST_FLAG, QUIET_ERRORS_FLAG, METRICS_FLAG,
 };
 use crate::detections::pivot::insert_pivot_keyword;
 use crate::detections::rule;
@@ -599,7 +599,7 @@ impl Detection {
         st_rc: &HashMap<String, u128>,
         err_rc: &u128,
     ) {
-        if *STATISTICS_FLAG {
+        if *METRICS_FLAG {
             return;
         }
         let mut sorted_ld_rc: Vec<(&String, &u128)> = ld_rc.iter().collect();

src/detections/message.rs

@@ -46,7 +46,7 @@ lazy_static! {
     );
     pub static ref QUIET_ERRORS_FLAG: bool = configs::CONFIG.read().unwrap().args.quiet_errors;
     pub static ref ERROR_LOG_STACK: Mutex<Vec<String>> = Mutex::new(Vec::new());
-    pub static ref STATISTICS_FLAG: bool = configs::CONFIG.read().unwrap().args.statistics;
+    pub static ref METRICS_FLAG: bool = configs::CONFIG.read().unwrap().args.metrics;
     pub static ref LOGONSUMMARY_FLAG: bool = configs::CONFIG.read().unwrap().args.logon_summary;
     pub static ref TAGS_CONFIG: HashMap<String, String> = create_output_filter_config(
         utils::check_setting_path(&CURRENT_EXE_PATH.to_path_buf(), "config/mitre_tactics.txt", true)

src/main.rs

@@ -12,7 +12,7 @@ use hayabusa::detections::configs::{CONFIG, CURRENT_EXE_PATH};
 use hayabusa::detections::detection::{self, EvtxRecordInfo};
 use hayabusa::detections::message::{
     AlertMessage, ERROR_LOG_PATH, ERROR_LOG_STACK, LOGONSUMMARY_FLAG, PIVOT_KEYWORD_LIST_FLAG,
-    QUIET_ERRORS_FLAG, STATISTICS_FLAG,
+    QUIET_ERRORS_FLAG, METRICS_FLAG,
 };
 use hayabusa::detections::pivot::PivotKeyword;
 use hayabusa::detections::pivot::PIVOT_KEYWORD;
@@ -193,7 +193,7 @@ impl App {
             return;
         }
 
-        if *STATISTICS_FLAG {
+        if *METRICS_FLAG {
             write_color_buffer(
                 &BufferWriter::stdout(ColorChoice::Always),
                 None,
@@ -565,7 +565,7 @@ impl App {
         }
         println!();
         detection.add_aggcondition_msges(&self.rt);
-        if !(*STATISTICS_FLAG || *LOGONSUMMARY_FLAG || *PIVOT_KEYWORD_LIST_FLAG) {
+        if !(*METRICS_FLAG || *LOGONSUMMARY_FLAG || *PIVOT_KEYWORD_LIST_FLAG) {
             after_fact(total_records);
         }
     }
@@ -647,7 +647,7 @@ impl App {
             // timeline機能の実行
             tl.start(&records_per_detect);
 
-            if !(*STATISTICS_FLAG || *LOGONSUMMARY_FLAG) {
+            if !(*METRICS_FLAG || *LOGONSUMMARY_FLAG) {
                 // ruleファイルの検知
                 detection = detection.start(&self.rt, records_per_detect);
             }

src/timeline/statistics.rs

@@ -1,9 +1,9 @@
-use crate::detections::message::{LOGONSUMMARY_FLAG, STATISTICS_FLAG};
+use crate::detections::message::{LOGONSUMMARY_FLAG, METRICS_FLAG};
 use crate::detections::{detection::EvtxRecordInfo, utils};
 use hashbrown::HashMap;
 
 #[derive(Debug)]
-pub struct EventStatistics {
+pub struct EventMetrics {
     pub total: usize,
     pub filepath: String,
     pub start_time: String,
@@ -14,7 +14,7 @@ pub struct EventStatistics {
 /**
 * Windows Event Logの統計情報を出力する
 */
-impl EventStatistics {
+impl EventMetrics {
     pub fn new(
         total: usize,
         filepath: String,
@@ -22,8 +22,8 @@ impl EventStatistics {
         end_time: String,
         stats_list: HashMap<String, usize>,
         stats_login_list: HashMap<String, [usize; 2]>,
-    ) -> EventStatistics {
-        EventStatistics {
+    ) -> EventMetrics {
+        EventMetrics {
             total,
             filepath,
             start_time,
@@ -34,8 +34,8 @@ impl EventStatistics {
     }
 
     pub fn evt_stats_start(&mut self, records: &[EvtxRecordInfo]) {
-        // 引数でstatisticsオプションが指定されている時だけ、統計情報を出力する。
-        if !*STATISTICS_FLAG {
+        // 引数でmetricsオプションが指定されている時だけ、統計情報を出力する。
+        if !*METRICS_FLAG {
             return;
         }
 

src/timeline/timelines.rs

@@ -1,13 +1,13 @@
-use crate::detections::message::{LOGONSUMMARY_FLAG, STATISTICS_FLAG};
+use crate::detections::message::{LOGONSUMMARY_FLAG, METRICS_FLAG};
 use crate::detections::{configs::CONFIG, detection::EvtxRecordInfo};
 use prettytable::{Cell, Row, Table};
 
-use super::statistics::EventStatistics;
+use super::statistics::EventMetrics;
 use hashbrown::HashMap;
 
 #[derive(Debug)]
 pub struct Timeline {
-    pub stats: EventStatistics,
+    pub stats: EventMetrics,
 }
 
 impl Default for Timeline {
@@ -26,7 +26,7 @@ impl Timeline {
         let statsloginlst = HashMap::new();
 
         let statistic =
-            EventStatistics::new(totalcnt, filepath, starttm, endtm, statslst, statsloginlst);
+            EventMetrics::new(totalcnt, filepath, starttm, endtm, statslst, statsloginlst);
         Timeline { stats: statistic }
     }
 
@@ -36,7 +36,7 @@ impl Timeline {
     }
 
     pub fn tm_stats_dsp_msg(&mut self) {
-        if !*STATISTICS_FLAG {
+        if !*METRICS_FLAG {
             return;
         }
         // 出力メッセージ作成