removed comment outted unnecessary line

2022-07-30 00:54:11 +09:00
parent 431b683bb3
commit 3ee8f6e68f
3 changed files with 15 additions and 11 deletions
--- a/src/afterfact.rs
+++ b/src/afterfact.rs
@@ -673,6 +673,7 @@ mod tests {
                },
                expect_time,
                &mut profile_converter,
+                false,
            );
        }
        let expect =
--- a/src/detections/detection.rs
+++ b/src/detections/detection.rs
@@ -330,6 +330,7 @@ impl Detection {
            detect_info,
            time,
            &mut profile_converter,
+            false,
        );
    }

@@ -398,7 +399,6 @@ impl Detection {
        }

        let detect_info = DetectInfo {
-            // filepath: "-".to_owned(),
            rulepath: (&rule.rulepath).to_owned(),
            level: rule.yaml["level"].as_str().unwrap_or("").to_owned(),
            computername: "-".to_owned(),
@@ -414,6 +414,7 @@ impl Detection {
            detect_info,
            agg_result.start_timedate,
            &mut profile_converter,
+            true,
        )
    }

--- a/src/detections/message.rs
+++ b/src/detections/message.rs
@@ -133,17 +133,19 @@ pub fn insert(
    mut detect_info: DetectInfo,
    time: DateTime<Utc>,
    profile_converter: &mut HashMap<String, String>,
+    is_agg: bool,
 ) {
+    if !is_agg {
        let parsed_detail = parse_message(event_record, &output)
            .chars()
            .filter(|&c| !c.is_control())
            .collect::<String>();
-
        detect_info.detail = if parsed_detail.is_empty() {
            "-".to_string()
        } else {
            parsed_detail
        };
+    }
    let mut exist_detail = false;
    PROFILES.as_ref().unwrap().iter().for_each(|(_k, v)| {
        if v.contains("%Details%") {