display default channel name if not defined (#555)

* displayed other channel data in Channel column #553 * updated changelog #553 * updated changelog * readme and channel abbreviataions update * changelog update Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
2022-06-01 13:01:14 +09:00
parent 7a7afe732c
commit 2dcf960d51
7 changed files with 69 additions and 67 deletions
--- a/src/detections/detection.rs
+++ b/src/detections/detection.rs
@@ -238,6 +238,8 @@ impl Detection {
        } else {
            None
        };
+        let ch_str = &get_serde_number_to_string(&record_info.record["Event"]["System"]["Channel"])
+            .unwrap_or_default();
        let detect_info = DetectInfo {
            filepath: record_info.evtx_filepath.to_string(),
            rulepath: rule.rulepath.to_string(),
@@ -247,13 +249,7 @@ impl Detection {
                .replace('\"', ""),
            eventid: get_serde_number_to_string(&record_info.record["Event"]["System"]["EventID"])
                .unwrap_or_else(|| "-".to_owned()),
-            channel: CH_CONFIG
-                .get(
-                    &get_serde_number_to_string(&record_info.record["Event"]["System"]["Channel"])
-                        .unwrap_or_default(),
-                )
-                .unwrap_or(&String::default())
-                .to_string(),
+            channel: CH_CONFIG.get(ch_str).unwrap_or(ch_str).to_string(),
            alert: rule.yaml["title"].as_str().unwrap_or("").to_string(),
            detail: String::default(),
            tag_info: tag_info.join(" | "),