changed display-record-id option to hide-record-id #579

src/afterfact.rs

@@ -29,10 +29,10 @@ pub struct CsvFormat<'a> {
     event_i_d: &'a str,
     level: &'a str,
     mitre_attack: &'a str,
-    rule_title: &'a str,
-    details: &'a str,
     #[serde(skip_serializing_if = "Option::is_none")]
     record_i_d: Option<&'a str>,
+    rule_title: &'a str,
+    details: &'a str,
     #[serde(skip_serializing_if = "Option::is_none")]
     record_information: Option<&'a str>,
     rule_path: &'a str,
@@ -47,10 +47,10 @@ pub struct DisplayFormat<'a> {
     pub channel: &'a str,
     pub event_i_d: &'a str,
     pub level: &'a str,
-    pub rule_title: &'a str,
-    pub details: &'a str,
     #[serde(skip_serializing_if = "Option::is_none")]
     record_i_d: Option<&'a str>,
+    pub rule_title: &'a str,
+    pub details: &'a str,
     #[serde(skip_serializing_if = "Option::is_none")]
     pub record_information: Option<&'a str>,
 }

src/detections/configs.rs

@@ -76,7 +76,7 @@ fn build_app<'a>() -> ArgMatches<'a> {
     -C, --config [RULE_CONFIG_DIRECTORY] 'Rule config folder. (Default: .\\rules\\config)'
     -o, --output [CSV_TIMELINE] 'Save the timeline in CSV format. (Ex: results.csv)'
     --all-tags 'Output all tags when saving to a CSV file.'
-    -R, --display-record-id 'Display event record ID.'
+    -R, --hide-record-id 'Do not display EventRecordID number.'
     -v, --verbose 'Output verbose information.'
     -V, --visualize-timeline 'Output event frequency timeline.'
     -D, --enable-deprecated-rules 'Enable rules marked as deprecated.'

src/detections/detection.rs

@@ -9,7 +9,7 @@ use crate::detections::print::MESSAGES;
 use crate::detections::print::PIVOT_KEYWORD_LIST_FLAG;
 use crate::detections::print::QUIET_ERRORS_FLAG;
 use crate::detections::print::STATISTICS_FLAG;
-use crate::detections::print::{CH_CONFIG, IS_DISPLAY_RECORD_ID, TAGS_CONFIG};
+use crate::detections::print::{CH_CONFIG, IS_HIDE_RECORD_ID, TAGS_CONFIG};
 use crate::detections::rule;
 use crate::detections::rule::AggResult;
 use crate::detections::rule::RuleNode;
@@ -232,7 +232,7 @@ impl Detection {
             .record_information
             .as_ref()
             .map(|recinfo| recinfo.to_string());
-        let rec_id = if *IS_DISPLAY_RECORD_ID {
+        let rec_id = if !*IS_HIDE_RECORD_ID {
             Some(
                 get_serde_number_to_string(&record_info.record["Event"]["System"]["EventRecordID"])
                     .unwrap_or_default(),
@@ -280,7 +280,7 @@ impl Detection {
         } else {
             Option::None
         };
-        let rec_id = if *IS_DISPLAY_RECORD_ID {
+        let rec_id = if !*IS_HIDE_RECORD_ID {
             Some(String::default())
         } else {
             None

src/detections/print.rs

@@ -79,11 +79,11 @@ lazy_static! {
         .unwrap()
         .args
         .is_present("pivot-keywords-list");
-    pub static ref IS_DISPLAY_RECORD_ID: bool = configs::CONFIG
+    pub static ref IS_HIDE_RECORD_ID: bool = configs::CONFIG
         .read()
         .unwrap()
         .args
-        .is_present("display-record-id");
+        .is_present("hide-record-id");
 }
 
 impl Default for Message {