From 2830ee7b1ae6decfc67c513158577c48ae87303e Mon Sep 17 00:00:00 2001 From: DustInDark Date: Fri, 10 Jun 2022 16:49:22 +0900 Subject: [PATCH] changed display-record-id option to hide-record-id #579 --- src/afterfact.rs | 8 ++++---- src/detections/configs.rs | 2 +- src/detections/detection.rs | 6 +++--- src/detections/print.rs | 4 ++-- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/src/afterfact.rs b/src/afterfact.rs index bce27093..dd4d5a70 100644 --- a/src/afterfact.rs +++ b/src/afterfact.rs @@ -29,10 +29,10 @@ pub struct CsvFormat<'a> { event_i_d: &'a str, level: &'a str, mitre_attack: &'a str, - rule_title: &'a str, - details: &'a str, #[serde(skip_serializing_if = "Option::is_none")] record_i_d: Option<&'a str>, + rule_title: &'a str, + details: &'a str, #[serde(skip_serializing_if = "Option::is_none")] record_information: Option<&'a str>, rule_path: &'a str, @@ -47,10 +47,10 @@ pub struct DisplayFormat<'a> { pub channel: &'a str, pub event_i_d: &'a str, pub level: &'a str, - pub rule_title: &'a str, - pub details: &'a str, #[serde(skip_serializing_if = "Option::is_none")] record_i_d: Option<&'a str>, + pub rule_title: &'a str, + pub details: &'a str, #[serde(skip_serializing_if = "Option::is_none")] pub record_information: Option<&'a str>, } diff --git a/src/detections/configs.rs b/src/detections/configs.rs index 2b42bb8b..15b2e973 100644 --- a/src/detections/configs.rs +++ b/src/detections/configs.rs @@ -76,7 +76,7 @@ fn build_app<'a>() -> ArgMatches<'a> { -C, --config [RULE_CONFIG_DIRECTORY] 'Rule config folder. (Default: .\\rules\\config)' -o, --output [CSV_TIMELINE] 'Save the timeline in CSV format. (Ex: results.csv)' --all-tags 'Output all tags when saving to a CSV file.' - -R, --display-record-id 'Display event record ID.' + -R, --hide-record-id 'Do not display EventRecordID number.' -v, --verbose 'Output verbose information.' -V, --visualize-timeline 'Output event frequency timeline.' -D, --enable-deprecated-rules 'Enable rules marked as deprecated.' diff --git a/src/detections/detection.rs b/src/detections/detection.rs index 05ff4aa5..04a2a236 100644 --- a/src/detections/detection.rs +++ b/src/detections/detection.rs @@ -9,7 +9,7 @@ use crate::detections::print::MESSAGES; use crate::detections::print::PIVOT_KEYWORD_LIST_FLAG; use crate::detections::print::QUIET_ERRORS_FLAG; use crate::detections::print::STATISTICS_FLAG; -use crate::detections::print::{CH_CONFIG, IS_DISPLAY_RECORD_ID, TAGS_CONFIG}; +use crate::detections::print::{CH_CONFIG, IS_HIDE_RECORD_ID, TAGS_CONFIG}; use crate::detections::rule; use crate::detections::rule::AggResult; use crate::detections::rule::RuleNode; @@ -232,7 +232,7 @@ impl Detection { .record_information .as_ref() .map(|recinfo| recinfo.to_string()); - let rec_id = if *IS_DISPLAY_RECORD_ID { + let rec_id = if !*IS_HIDE_RECORD_ID { Some( get_serde_number_to_string(&record_info.record["Event"]["System"]["EventRecordID"]) .unwrap_or_default(), @@ -280,7 +280,7 @@ impl Detection { } else { Option::None }; - let rec_id = if *IS_DISPLAY_RECORD_ID { + let rec_id = if !*IS_HIDE_RECORD_ID { Some(String::default()) } else { None diff --git a/src/detections/print.rs b/src/detections/print.rs index 5680ab63..1ab92db4 100644 --- a/src/detections/print.rs +++ b/src/detections/print.rs @@ -79,11 +79,11 @@ lazy_static! { .unwrap() .args .is_present("pivot-keywords-list"); - pub static ref IS_DISPLAY_RECORD_ID: bool = configs::CONFIG + pub static ref IS_HIDE_RECORD_ID: bool = configs::CONFIG .read() .unwrap() .args - .is_present("display-record-id"); + .is_present("hide-record-id"); } impl Default for Message {