diff --git a/src/afterfact.rs b/src/afterfact.rs index a3b82fad..076b57a4 100644 --- a/src/afterfact.rs +++ b/src/afterfact.rs @@ -580,9 +580,7 @@ mod tests { #[test] fn test_emit_csv_output() { let mock_ch_filter = message::create_output_filter_config( - "rules/config/channel_abbreviations.txt", - true, - false, + "test_files/config/channel_abbreviations.txt", ); let test_filepath: &str = "test.evtx"; let test_rulepath: &str = "test-rule.yml"; diff --git a/src/detections/configs.rs b/src/detections/configs.rs index ab343d9f..a0ac1b74 100644 --- a/src/detections/configs.rs +++ b/src/detections/configs.rs @@ -93,10 +93,6 @@ pub struct Config { #[clap(short = 'o', long, value_name = "CSV_TIMELINE")] pub output: Option, - /// Output all tags when saving to a CSV file - #[clap(long = "all-tags")] - pub all_tags: bool, - /// Output verbose information #[clap(short = 'v', long)] pub verbose: bool, diff --git a/src/detections/message.rs b/src/detections/message.rs index 214d0e8a..b5c9c248 100644 --- a/src/detections/message.rs +++ b/src/detections/message.rs @@ -51,8 +51,6 @@ lazy_static! { utils::check_setting_path(&CURRENT_EXE_PATH.to_path_buf(), "config/mitre_tactics.txt") .to_str() .unwrap(), - true, - configs::CONFIG.read().unwrap().args.all_tags ); pub static ref CH_CONFIG: HashMap = create_output_filter_config( utils::check_setting_path( @@ -61,8 +59,6 @@ lazy_static! { ) .to_str() .unwrap(), - false, - configs::CONFIG.read().unwrap().args.all_tags ); pub static ref PIVOT_KEYWORD_LIST_FLAG: bool = configs::CONFIG.read().unwrap().args.pivot_keywords_list; @@ -96,13 +92,8 @@ lazy_static! { /// ex. attack.impact,Impact pub fn create_output_filter_config( path: &str, - read_tags: bool, - pass_flag: bool, ) -> HashMap { let mut ret: HashMap = HashMap::new(); - if read_tags && pass_flag { - return ret; - } let read_result = utils::read_csv(path); if read_result.is_err() { AlertMessage::alert(read_result.as_ref().unwrap_err()).ok(); @@ -594,7 +585,7 @@ mod tests { /// test of loading output filter config by mitre_tactics.txt fn test_load_mitre_tactics_log() { let actual = - create_output_filter_config("test_files/config/mitre_tactics.txt", true, false); + create_output_filter_config("test_files/config/mitre_tactics.txt"); let expected: HashMap = HashMap::from([ ("attack.impact".to_string(), "Impact".to_string()), ("xxx".to_string(), "yyy".to_string()), @@ -602,23 +593,13 @@ mod tests { _check_hashmap_element(&expected, actual); } - #[test] - /// test of loading pass by mitre_tactics.txt - fn test_no_load_output_tag() { - let actual = create_output_filter_config("test_files/config/mitre_tactics.txt", true, true); - let expected: HashMap = HashMap::new(); - _check_hashmap_element(&expected, actual); - } - #[test] /// loading test to channel_abbrevations.txt fn test_load_abbrevations() { let actual = - create_output_filter_config("test_files/config/channel_abbreviations.txt", false, true); + create_output_filter_config("test_files/config/channel_abbreviations.txt"); let actual2 = create_output_filter_config( "test_files/config/channel_abbreviations.txt", - false, - false, ); let expected: HashMap = HashMap::from([ ("Security".to_string(), "Sec".to_string()),