output fix logontype and change order #197 #198 (#217)

* changed output column order #198 * added eventkey alias #197 * fixed eventid double quatation #197 * fixed eventid double quatation #197 * fixed logontype not converted #197 * fixed WorkStation and added TargetDomainName #205 * fixed typo #205 * Fixed the problem that conversion for No-String types #197
2021-11-20 11:03:28 +09:00
parent 199a8231c1
commit 0b85a280f0
5 changed files with 28 additions and 14 deletions
--- a/src/detections/detection.rs
+++ b/src/detections/detection.rs
@@ -8,6 +8,7 @@ use crate::detections::print::AlertMessage;
 use crate::detections::print::MESSAGES;
 use crate::detections::rule;
 use crate::detections::rule::RuleNode;
+use crate::detections::utils::get_serde_number_to_string;
 use crate::yaml::ParseYaml;

 use std::sync::Arc;
@@ -156,11 +157,11 @@ impl Detection {
            record_info.evtx_filepath.to_string(),
            rule.rulepath.to_string(),
            &record_info.record,
-            rule.yaml["level"].as_str().unwrap_or("").to_string(),
+            rule.yaml["level"].as_str().unwrap_or("-").to_string(),
            record_info.record["Event"]["System"]["Computer"]
                .to_string()
                .replace("\"", ""),
-            record_info.record["Event"]["System"]["EventID"].to_string(),
+            get_serde_number_to_string(&record_info.record["Event"]["System"]["EventID"]),
            rule.yaml["title"].as_str().unwrap_or("").to_string(),
            rule.yaml["output"].as_str().unwrap_or("").to_string(),
        );