diff --git a/src/detections/configs.rs b/src/detections/configs.rs index f1849a65..78fcd137 100644 --- a/src/detections/configs.rs +++ b/src/detections/configs.rs @@ -188,9 +188,9 @@ pub struct Config { #[clap(help_heading = Some("ADVANCED"), short, long = "thread-number", value_name = "NUMBER")] pub thread_number: Option, - /// Print statistics of event IDs + /// Print metrics of event IDs #[clap(help_heading = Some("OTHER-ACTIONS"), short, long)] - pub statistics: bool, + pub metrics: bool, /// Print a summary of successful and failed logons #[clap(help_heading = Some("OTHER-ACTIONS"), short = 'L', long = "logon-summary")] diff --git a/src/detections/detection.rs b/src/detections/detection.rs index 507a3ec8..7f5e2aa2 100644 --- a/src/detections/detection.rs +++ b/src/detections/detection.rs @@ -14,7 +14,7 @@ use crate::detections::message::DetectInfo; use crate::detections::message::ERROR_LOG_STACK; use crate::detections::message::{CH_CONFIG, DEFAULT_DETAILS, TAGS_CONFIG}; use crate::detections::message::{ - LOGONSUMMARY_FLAG, PIVOT_KEYWORD_LIST_FLAG, QUIET_ERRORS_FLAG, STATISTICS_FLAG, + LOGONSUMMARY_FLAG, PIVOT_KEYWORD_LIST_FLAG, QUIET_ERRORS_FLAG, METRICS_FLAG, }; use crate::detections::pivot::insert_pivot_keyword; use crate::detections::rule; @@ -599,7 +599,7 @@ impl Detection { st_rc: &HashMap, err_rc: &u128, ) { - if *STATISTICS_FLAG { + if *METRICS_FLAG { return; } let mut sorted_ld_rc: Vec<(&String, &u128)> = ld_rc.iter().collect(); diff --git a/src/detections/message.rs b/src/detections/message.rs index 74a48783..9f46e0bf 100644 --- a/src/detections/message.rs +++ b/src/detections/message.rs @@ -46,7 +46,7 @@ lazy_static! { ); pub static ref QUIET_ERRORS_FLAG: bool = configs::CONFIG.read().unwrap().args.quiet_errors; pub static ref ERROR_LOG_STACK: Mutex> = Mutex::new(Vec::new()); - pub static ref STATISTICS_FLAG: bool = configs::CONFIG.read().unwrap().args.statistics; + pub static ref METRICS_FLAG: bool = configs::CONFIG.read().unwrap().args.metrics; pub static ref LOGONSUMMARY_FLAG: bool = configs::CONFIG.read().unwrap().args.logon_summary; pub static ref TAGS_CONFIG: HashMap = create_output_filter_config( utils::check_setting_path(&CURRENT_EXE_PATH.to_path_buf(), "config/mitre_tactics.txt", true) diff --git a/src/main.rs b/src/main.rs index 5da1b162..6ecec3cc 100644 --- a/src/main.rs +++ b/src/main.rs @@ -12,7 +12,7 @@ use hayabusa::detections::configs::{CONFIG, CURRENT_EXE_PATH}; use hayabusa::detections::detection::{self, EvtxRecordInfo}; use hayabusa::detections::message::{ AlertMessage, ERROR_LOG_PATH, ERROR_LOG_STACK, LOGONSUMMARY_FLAG, PIVOT_KEYWORD_LIST_FLAG, - QUIET_ERRORS_FLAG, STATISTICS_FLAG, + QUIET_ERRORS_FLAG, METRICS_FLAG, }; use hayabusa::detections::pivot::PivotKeyword; use hayabusa::detections::pivot::PIVOT_KEYWORD; @@ -193,7 +193,7 @@ impl App { return; } - if *STATISTICS_FLAG { + if *METRICS_FLAG { write_color_buffer( &BufferWriter::stdout(ColorChoice::Always), None, @@ -565,7 +565,7 @@ impl App { } println!(); detection.add_aggcondition_msges(&self.rt); - if !(*STATISTICS_FLAG || *LOGONSUMMARY_FLAG || *PIVOT_KEYWORD_LIST_FLAG) { + if !(*METRICS_FLAG || *LOGONSUMMARY_FLAG || *PIVOT_KEYWORD_LIST_FLAG) { after_fact(total_records); } } @@ -647,7 +647,7 @@ impl App { // timeline機能の実行 tl.start(&records_per_detect); - if !(*STATISTICS_FLAG || *LOGONSUMMARY_FLAG) { + if !(*METRICS_FLAG || *LOGONSUMMARY_FLAG) { // ruleファイルの検知 detection = detection.start(&self.rt, records_per_detect); } diff --git a/src/timeline/statistics.rs b/src/timeline/statistics.rs index 6e6982e1..d04e2ddd 100644 --- a/src/timeline/statistics.rs +++ b/src/timeline/statistics.rs @@ -1,9 +1,9 @@ -use crate::detections::message::{LOGONSUMMARY_FLAG, STATISTICS_FLAG}; +use crate::detections::message::{LOGONSUMMARY_FLAG, METRICS_FLAG}; use crate::detections::{detection::EvtxRecordInfo, utils}; use hashbrown::HashMap; #[derive(Debug)] -pub struct EventStatistics { +pub struct EventMetrics { pub total: usize, pub filepath: String, pub start_time: String, @@ -14,7 +14,7 @@ pub struct EventStatistics { /** * Windows Event Logの統計情報を出力する */ -impl EventStatistics { +impl EventMetrics { pub fn new( total: usize, filepath: String, @@ -22,8 +22,8 @@ impl EventStatistics { end_time: String, stats_list: HashMap, stats_login_list: HashMap, - ) -> EventStatistics { - EventStatistics { + ) -> EventMetrics { + EventMetrics { total, filepath, start_time, @@ -34,8 +34,8 @@ impl EventStatistics { } pub fn evt_stats_start(&mut self, records: &[EvtxRecordInfo]) { - // 引数でstatisticsオプションが指定されている時だけ、統計情報を出力する。 - if !*STATISTICS_FLAG { + // 引数でmetricsオプションが指定されている時だけ、統計情報を出力する。 + if !*METRICS_FLAG { return; } diff --git a/src/timeline/timelines.rs b/src/timeline/timelines.rs index a0cad83a..97ecc2d1 100644 --- a/src/timeline/timelines.rs +++ b/src/timeline/timelines.rs @@ -1,13 +1,13 @@ -use crate::detections::message::{LOGONSUMMARY_FLAG, STATISTICS_FLAG}; +use crate::detections::message::{LOGONSUMMARY_FLAG, METRICS_FLAG}; use crate::detections::{configs::CONFIG, detection::EvtxRecordInfo}; use prettytable::{Cell, Row, Table}; -use super::statistics::EventStatistics; +use super::statistics::EventMetrics; use hashbrown::HashMap; #[derive(Debug)] pub struct Timeline { - pub stats: EventStatistics, + pub stats: EventMetrics, } impl Default for Timeline { @@ -26,7 +26,7 @@ impl Timeline { let statsloginlst = HashMap::new(); let statistic = - EventStatistics::new(totalcnt, filepath, starttm, endtm, statslst, statsloginlst); + EventMetrics::new(totalcnt, filepath, starttm, endtm, statslst, statsloginlst); Timeline { stats: statistic } } @@ -36,7 +36,7 @@ impl Timeline { } pub fn tm_stats_dsp_msg(&mut self) { - if !*STATISTICS_FLAG { + if !*METRICS_FLAG { return; } // 出力メッセージ作成