CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor

Browse Source
This commit is contained in:
ichiichi11
2020-10-06 22:13:00 +09:00
parent 5f989da6b9
commit 32c6e13ccf
1 changed files with 14 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
src/detections/security.rs
View File

@@ -1,10 +1,6 @@
use crate::models::event; use crate::models::event;
use std::collections::HashMap; use std::collections::HashMap;
// eventlogが用意できていない
// 4674
// 4756
#[derive(Debug)] #[derive(Debug)]
pub struct Security { pub struct Security {
max_total_sensitive_privuse: i32, max_total_sensitive_privuse: i32,
@@ -47,7 +43,7 @@ impl Security {
if self.total_admin_logons > 0 { if self.total_admin_logons > 0 {
println!("total_admin_logons:{}", self.total_admin_logons); println!("total_admin_logons:{}", self.total_admin_logons);
println!("admin_logons:{:?}", self.admin_logons); println!("admin_logons:{:?}", self.admin_logons);
println!("multiple_admin_logons:{:?}\n", self.multiple_admin_logons); println!("multiple_admin_logons:{:?}\n\n", self.multiple_admin_logons);
} }
let exceed_failed_logons = self.total_failed_logons > self.max_failed_logons; let exceed_failed_logons = self.total_failed_logons > self.max_failed_logons;
@@ -58,7 +54,7 @@ impl Security {
"Total accounts: {}", "Total accounts: {}",
self.account_2_failedcnt.keys().count() self.account_2_failedcnt.keys().count()
); );
println!("Total logon failures: {}\n", self.total_failed_logons); println!("Total logon failures: {}\n\n", self.total_failed_logons);
} }
} }
@@ -150,11 +146,11 @@ impl Security {
println!("New User Created"); println!("New User Created");
println!( println!(
"Username: {}", "Username: {}",
event_data.get("TargetUserName").unwrap_or(&"".to_string()) event_data.get("TargetUserName").unwrap_or(&self.empty_str)
); );
println!( println!(
"User SID:: {}\n", "User SID:: {}\n\n",
event_data.get("TargetSid").unwrap_or(&"".to_string()) event_data.get("TargetSid").unwrap_or(&self.empty_str)
); );
} }
@@ -182,11 +178,11 @@ impl Security {
println!( println!(
"Username: {}", "Username: {}",
event_data.get("TargetUserName").unwrap_or(&"".to_string()) event_data.get("TargetUserName").unwrap_or(&self.empty_str)
); );
println!( println!(
"User SID:: {}\n", "User SID:: {}\n\n",
event_data.get("TargetSid").unwrap_or(&"".to_string()) event_data.get("TargetSid").unwrap_or(&self.empty_str)
); );
} }
@@ -221,7 +217,7 @@ impl Security {
event_data.get("SubjectUserName").unwrap_or(&self.empty_str) event_data.get("SubjectUserName").unwrap_or(&self.empty_str)
); );
println!( println!(
"Domain Name: {}", "Domain Name: {}\n\n",
event_data event_data
.get("SubjectDomainName") .get("SubjectDomainName")
.unwrap_or(&self.empty_str) .unwrap_or(&self.empty_str)
@@ -295,11 +291,10 @@ impl Security {
println!("Audit Log Clear"); println!("Audit Log Clear");
println!("The Audit log was cleared."); println!("The Audit log was cleared.");
let username = user_data.as_ref().and_then(|u| { let username = user_data
u.log_file_cleared .as_ref()
.as_ref() .and_then(|u| u.log_file_cleared.as_ref())
.and_then(|l| l.subject_user_name.as_ref()) .and_then(|l| l.subject_user_name.as_ref());
}); println!("Security ID: {}\n\n", username.unwrap_or(&self.empty_str));
println!("Security ID: {}", username.unwrap_or(&"".to_string()));
} }
} }