Changed MitreTechniques alias to MitreTags due to MitreTags is included

tags expect techniques.
2022-08-07 00:24:32 +09:00
parent 8ae2cf0bec
commit 3f25f951e7
3 changed files with 9 additions and 13 deletions
--- a/config/default_profile.yaml
+++ b/config/default_profile.yaml
@@ -5,8 +5,8 @@ Channel: "%Channel%"
 Level: "%Level%"
 EventID: "%EventID%"
 MitreAttack: "%MitreTactics%"
-MitreTechnique: "%MitreTechniques%"
-Tags: "%OtherTags%"
+MitreTags: "%MitreTags%"
+OtherTags: "%OtherTags%"
 RecordID: "%RecordID%"
 RuleTitle: "%RuleTitle%"
 Details: "%Details%"
--- a/src/detections/detection.rs
+++ b/src/detections/detection.rs
@@ -325,7 +325,7 @@ impl Detection {
                            .collect();
                        profile_converter.insert("%MitreTactics%".to_string(), tactics.join(" : "));
                    }
-                    "%MitreTechniques%" => {
+                    "%MitreTags%" => {
                        let techniques: &Vec<String> = &tag_info
                            .iter()
                            .filter(|x| {
@@ -336,13 +336,11 @@ impl Detection {
                            })
                            .map(|y| {
                                let mut replaced_tag = y.replace("attack.", "");
-                                let (head, _) = replaced_tag.split_at_mut(1);
-                                head.make_ascii_uppercase();
-                                replaced_tag.to_owned()
+                                make_ascii_titlecase(&mut replaced_tag)
                            })
                            .collect();
                        profile_converter
-                            .insert("%MitreTechniques%".to_string(), techniques.join(" : "));
+                            .insert("%MitreTags%".to_string(), techniques.join(" : "));
                    }
                    "%OtherTags%" => {
                        let tags: &Vec<String> = &tag_info
@@ -459,7 +457,7 @@ impl Detection {
                            .collect();
                        profile_converter.insert("%MitreTactics%".to_string(), tactics.join(" : "));
                    }
-                    "%MitreTechniques%" => {
+                    "%MitreTags%" => {
                        let techniques: &Vec<String> = &tag_info
                            .iter()
                            .filter(|x| {
@@ -470,13 +468,11 @@ impl Detection {
                            })
                            .map(|y| {
                                let mut replaced_tag = y.replace("attack.", "");
-                                let (head, _) = replaced_tag.split_at_mut(1);
-                                head.make_ascii_uppercase();
-                                replaced_tag.to_owned()
+                                make_ascii_titlecase(&mut replaced_tag)
                            })
                            .collect();
                        profile_converter
-                            .insert("%MitreTechniques%".to_string(), techniques.join(" : "));
+                            .insert("%MitreTags%".to_string(), techniques.join(" : "));
                    }
                    "%OtherTags%" => {
                        let tags: &Vec<String> = &tag_info
--- a/src/options/profile.rs
+++ b/src/options/profile.rs
@@ -42,7 +42,7 @@ lazy_static! {
        "%RuleFile%",
        "%EvtxFile%",
        "%MitreTactics%",
-        "%MitreTechniques%",
+        "%MitreTags%",
        "%OtherTags%"
    ];
    pub static ref PRELOAD_PROFILE_REGEX: RegexSet = RegexSet::new(&*PRELOAD_PROFILE).unwrap();