changed display-record-id option to hide-record-id #579

2022-06-10 16:49:22 +09:00
parent 6e966dcfd8
commit 2830ee7b1a
4 changed files with 10 additions and 10 deletions
--- a/src/afterfact.rs
+++ b/src/afterfact.rs
@@ -29,10 +29,10 @@ pub struct CsvFormat<'a> {
    event_i_d: &'a str,
    level: &'a str,
    mitre_attack: &'a str,
-    rule_title: &'a str,
-    details: &'a str,
    #[serde(skip_serializing_if = "Option::is_none")]
    record_i_d: Option<&'a str>,
+    rule_title: &'a str,
+    details: &'a str,
    #[serde(skip_serializing_if = "Option::is_none")]
    record_information: Option<&'a str>,
    rule_path: &'a str,
@@ -47,10 +47,10 @@ pub struct DisplayFormat<'a> {
    pub channel: &'a str,
    pub event_i_d: &'a str,
    pub level: &'a str,
-    pub rule_title: &'a str,
-    pub details: &'a str,
    #[serde(skip_serializing_if = "Option::is_none")]
    record_i_d: Option<&'a str>,
+    pub rule_title: &'a str,
+    pub details: &'a str,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub record_information: Option<&'a str>,
 }
--- a/src/detections/configs.rs
+++ b/src/detections/configs.rs
@@ -76,7 +76,7 @@ fn build_app<'a>() -> ArgMatches<'a> {
    -C, --config [RULE_CONFIG_DIRECTORY] 'Rule config folder. (Default: .\\rules\\config)'
    -o, --output [CSV_TIMELINE] 'Save the timeline in CSV format. (Ex: results.csv)'
    --all-tags 'Output all tags when saving to a CSV file.'
-    -R, --display-record-id 'Display event record ID.'
+    -R, --hide-record-id 'Do not display EventRecordID number.'
    -v, --verbose 'Output verbose information.'
    -V, --visualize-timeline 'Output event frequency timeline.'
    -D, --enable-deprecated-rules 'Enable rules marked as deprecated.'
--- a/src/detections/detection.rs
+++ b/src/detections/detection.rs
@@ -9,7 +9,7 @@ use crate::detections::print::MESSAGES;
 use crate::detections::print::PIVOT_KEYWORD_LIST_FLAG;
 use crate::detections::print::QUIET_ERRORS_FLAG;
 use crate::detections::print::STATISTICS_FLAG;
-use crate::detections::print::{CH_CONFIG, IS_DISPLAY_RECORD_ID, TAGS_CONFIG};
+use crate::detections::print::{CH_CONFIG, IS_HIDE_RECORD_ID, TAGS_CONFIG};
 use crate::detections::rule;
 use crate::detections::rule::AggResult;
 use crate::detections::rule::RuleNode;
@@ -232,7 +232,7 @@ impl Detection {
            .record_information
            .as_ref()
            .map(|recinfo| recinfo.to_string());
-        let rec_id = if *IS_DISPLAY_RECORD_ID {
+        let rec_id = if !*IS_HIDE_RECORD_ID {
            Some(
                get_serde_number_to_string(&record_info.record["Event"]["System"]["EventRecordID"])
                    .unwrap_or_default(),
@@ -280,7 +280,7 @@ impl Detection {
        } else {
            Option::None
        };
-        let rec_id = if *IS_DISPLAY_RECORD_ID {
+        let rec_id = if !*IS_HIDE_RECORD_ID {
            Some(String::default())
        } else {
            None
--- a/src/detections/print.rs
+++ b/src/detections/print.rs
@@ -79,11 +79,11 @@ lazy_static! {
        .unwrap()
        .args
        .is_present("pivot-keywords-list");
-    pub static ref IS_DISPLAY_RECORD_ID: bool = configs::CONFIG
+    pub static ref IS_HIDE_RECORD_ID: bool = configs::CONFIG
        .read()
        .unwrap()
        .args
-        .is_present("display-record-id");
+        .is_present("hide-record-id");
 }

 impl Default for Message {