removed unnecessary field in struct to reduce memory use
This commit is contained in:
DastInDark
@@ -663,20 +663,12 @@ mod tests {
|
|||||||
&event,
|
&event,
|
||||||
output.to_string(),
|
output.to_string(),
|
||||||
DetectInfo {
|
DetectInfo {
|
||||||
filepath: test_filepath.to_string(),
|
|
||||||
rulepath: test_rulepath.to_string(),
|
rulepath: test_rulepath.to_string(),
|
||||||
level: test_level.to_string(),
|
level: test_level.to_string(),
|
||||||
computername: test_computername.to_string(),
|
computername: test_computername.to_string(),
|
||||||
eventid: test_eventid.to_string(),
|
eventid: test_eventid.to_string(),
|
||||||
channel: mock_ch_filter
|
|
||||||
.get("Security")
|
|
||||||
.unwrap_or(&String::default())
|
|
||||||
.to_string(),
|
|
||||||
alert: test_title.to_string(),
|
|
||||||
detail: String::default(),
|
detail: String::default(),
|
||||||
tag_info: test_attack.to_string(),
|
|
||||||
record_information: Option::Some(test_recinfo.to_string()),
|
record_information: Option::Some(test_recinfo.to_string()),
|
||||||
record_id: Option::Some(test_record_id.to_string()),
|
|
||||||
ext_field: output_profile,
|
ext_field: output_profile,
|
||||||
},
|
},
|
||||||
expect_time,
|
expect_time,
|
||||||
|
|||||||
@@ -331,19 +331,14 @@ impl Detection {
|
|||||||
}
|
}
|
||||||
|
|
||||||
let detect_info = DetectInfo {
|
let detect_info = DetectInfo {
|
||||||
filepath: record_info.evtx_filepath.to_string(),
|
|
||||||
rulepath: (&rule.rulepath).to_owned(),
|
rulepath: (&rule.rulepath).to_owned(),
|
||||||
level: LEVEL_ABBR.get(&level).unwrap_or(&level).to_string(),
|
level: LEVEL_ABBR.get(&level).unwrap_or(&level).to_string(),
|
||||||
computername: record_info.record["Event"]["System"]["Computer"]
|
computername: record_info.record["Event"]["System"]["Computer"]
|
||||||
.to_string()
|
.to_string()
|
||||||
.replace('\"', ""),
|
.replace('\"', ""),
|
||||||
eventid: eid,
|
eventid: eid,
|
||||||
channel: CH_CONFIG.get(ch_str).unwrap_or(ch_str).to_string(),
|
|
||||||
alert: rule.yaml["title"].as_str().unwrap_or("").to_string(),
|
|
||||||
detail: String::default(),
|
detail: String::default(),
|
||||||
tag_info: tag_info.join(" | "),
|
|
||||||
record_information: opt_record_info,
|
record_information: opt_record_info,
|
||||||
record_id: rec_id,
|
|
||||||
ext_field: PROFILES.as_ref().unwrap().to_owned(),
|
ext_field: PROFILES.as_ref().unwrap().to_owned(),
|
||||||
};
|
};
|
||||||
message::insert(
|
message::insert(
|
||||||
|
|||||||
@@ -23,17 +23,12 @@ use termcolor::{BufferWriter, ColorChoice};
|
|||||||
|
|
||||||
#[derive(Debug, Clone)]
|
#[derive(Debug, Clone)]
|
||||||
pub struct DetectInfo {
|
pub struct DetectInfo {
|
||||||
pub filepath: String,
|
|
||||||
pub rulepath: String,
|
pub rulepath: String,
|
||||||
pub level: String,
|
pub level: String,
|
||||||
pub computername: String,
|
pub computername: String,
|
||||||
pub eventid: String,
|
pub eventid: String,
|
||||||
pub channel: String,
|
|
||||||
pub alert: String,
|
|
||||||
pub detail: String,
|
pub detail: String,
|
||||||
pub tag_info: String,
|
|
||||||
pub record_information: Option<String>,
|
pub record_information: Option<String>,
|
||||||
pub record_id: Option<String>,
|
|
||||||
pub ext_field: LinkedHashMap<String, String>,
|
pub ext_field: LinkedHashMap<String, String>,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user