CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

changed noisy and excluded rule output and output condition #596

Browse Source
This commit is contained in:
DustInDark
2022-06-24 22:38:24 +09:00
parent 965e2bb91c
commit 2a827d34ca
1 changed files with 31 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
src/detections/detection.rs
View File

@@ -1,6 +1,9 @@
extern crate csv; extern crate csv;
use crate::detections::configs; use crate::detections::configs;
use crate::detections::utils::write_color_buffer;
use termcolor::{BufferWriter, Color, ColorChoice};
use crate::detections::pivot::insert_pivot_keyword; use crate::detections::pivot::insert_pivot_keyword;
use crate::detections::print::AlertMessage; use crate::detections::print::AlertMessage;
use crate::detections::print::DetectInfo; use crate::detections::print::DetectInfo;
@@ -119,13 +122,11 @@ impl Detection {
.filter_map(return_if_success) .filter_map(return_if_success)
.collect(); .collect();
if !*LOGONSUMMARY_FLAG { if !*LOGONSUMMARY_FLAG {
let _ = &rulefile_loader
.rule_load_cnt
.insert(String::from("rule parsing error"), parseerror_count);
Detection::print_rule_load_info( Detection::print_rule_load_info(
&rulefile_loader.rulecounter, &rulefile_loader.rulecounter,
&rulefile_loader.rule_load_cnt, &rulefile_loader.rule_load_cnt,
&rulefile_loader.rule_status_cnt, &rulefile_loader.rule_status_cnt,
&parseerror_count,
); );
} }
ret ret
@@ -363,6 +364,7 @@ impl Detection {
rc: &HashMap<String, u128>, rc: &HashMap<String, u128>,
ld_rc: &HashMap<String, u128>, ld_rc: &HashMap<String, u128>,
st_rc: &HashMap<String, u128>, st_rc: &HashMap<String, u128>,
err_rc: &u128,
) { ) {
if *STATISTICS_FLAG { if *STATISTICS_FLAG {
return; return;
@@ -382,27 +384,40 @@ impl Detection {
let mut sorted_st_rc: Vec<(&String, &u128)> = st_rc.iter().collect(); let mut sorted_st_rc: Vec<(&String, &u128)> = st_rc.iter().collect();
let total_loaded_rule_cnt: u128 = sorted_st_rc.iter().map(|(_, v)| v.to_owned()).sum(); let total_loaded_rule_cnt: u128 = sorted_st_rc.iter().map(|(_, v)| v.to_owned()).sum();
sorted_st_rc.sort_by(|a, b| a.0.cmp(b.0)); sorted_st_rc.sort_by(|a, b| a.0.cmp(b.0));
let args = &configs::CONFIG.read().unwrap().args;
sorted_st_rc.into_iter().for_each(|(key, value)| { sorted_st_rc.into_iter().for_each(|(key, value)| {
let rate = if value == &0_u128 { if value != &0_u128 {
0 as f64 let rate = (*value as f64) / (total_loaded_rule_cnt as f64) * 100.0;
} else { let deprecated_flag = if (key == "deprecated" && !args.enable_deprecated_rules)|| (key == "noisy" && !args.enable_noisy_rules) {
(*value as f64) / (total_loaded_rule_cnt as f64) * 100.0 " (Disabled)"
}; } else { "" };
//タイトルに利用するものはascii文字であることを前提として1文字目を大文字にするように変更する //タイトルに利用するものはascii文字であることを前提として1文字目を大文字にするように変更する
println!( println!(
"{} rules: {} ({:.2}%)", "{} rules: {} ({:.2}%){}",
make_ascii_titlecase(key.clone().as_mut()), make_ascii_titlecase(key.clone().as_mut()),
value, value,
rate rate,
deprecated_flag,
); );
}
}); });
write_color_buffer(
BufferWriter::stdout(ColorChoice::Always),
Some(Color::Red),
&format!("Rule parsing errors: {}", err_rc)
).ok();
println!(); println!();
let mut sorted_rc: Vec<(&String, &u128)> = rc.iter().collect(); let mut sorted_rc: Vec<(&String, &u128)> = rc.iter().collect();
sorted_rc.sort_by(|a, b| a.0.cmp(b.0)); sorted_rc.sort_by(|a, b| a.0.cmp(b.0));
sorted_rc.into_iter().for_each(|(key, value)| { sorted_rc.into_iter().for_each(|(key, value)| {
println!("{} rules: {}", key, value); write_color_buffer(
BufferWriter::stdout(ColorChoice::Always),
None,
&format!("{} rules: {}", key, value)
).ok();
}); });
println!("Total enabled detection rules: {}", total_loaded_rule_cnt); println!("Total enabled detection rules: {}", total_loaded_rule_cnt);
println!(); println!();
} }