From 3f25f951e76adc82668012217585fc0c9b806a01 Mon Sep 17 00:00:00 2001 From: DastInDark <2350416+hitenkoku@users.noreply.github.com> Date: Sun, 7 Aug 2022 00:24:32 +0900 Subject: [PATCH] Changed MitreTechniques alias to MitreTags due to MitreTags is included tags expect techniques. --- config/default_profile.yaml | 4 ++-- src/detections/detection.rs | 16 ++++++---------- src/options/profile.rs | 2 +- 3 files changed, 9 insertions(+), 13 deletions(-) diff --git a/config/default_profile.yaml b/config/default_profile.yaml index 69b60f19..f8fc4100 100644 --- a/config/default_profile.yaml +++ b/config/default_profile.yaml @@ -5,8 +5,8 @@ Channel: "%Channel%" Level: "%Level%" EventID: "%EventID%" MitreAttack: "%MitreTactics%" -MitreTechnique: "%MitreTechniques%" -Tags: "%OtherTags%" +MitreTags: "%MitreTags%" +OtherTags: "%OtherTags%" RecordID: "%RecordID%" RuleTitle: "%RuleTitle%" Details: "%Details%" diff --git a/src/detections/detection.rs b/src/detections/detection.rs index 9f6d57ed..37772e35 100644 --- a/src/detections/detection.rs +++ b/src/detections/detection.rs @@ -325,7 +325,7 @@ impl Detection { .collect(); profile_converter.insert("%MitreTactics%".to_string(), tactics.join(" : ")); } - "%MitreTechniques%" => { + "%MitreTags%" => { let techniques: &Vec = &tag_info .iter() .filter(|x| { @@ -336,13 +336,11 @@ impl Detection { }) .map(|y| { let mut replaced_tag = y.replace("attack.", ""); - let (head, _) = replaced_tag.split_at_mut(1); - head.make_ascii_uppercase(); - replaced_tag.to_owned() + make_ascii_titlecase(&mut replaced_tag) }) .collect(); profile_converter - .insert("%MitreTechniques%".to_string(), techniques.join(" : ")); + .insert("%MitreTags%".to_string(), techniques.join(" : ")); } "%OtherTags%" => { let tags: &Vec = &tag_info @@ -459,7 +457,7 @@ impl Detection { .collect(); profile_converter.insert("%MitreTactics%".to_string(), tactics.join(" : ")); } - "%MitreTechniques%" => { + "%MitreTags%" => { let techniques: &Vec = &tag_info .iter() .filter(|x| { @@ -470,13 +468,11 @@ impl Detection { }) .map(|y| { let mut replaced_tag = y.replace("attack.", ""); - let (head, _) = replaced_tag.split_at_mut(1); - head.make_ascii_uppercase(); - replaced_tag.to_owned() + make_ascii_titlecase(&mut replaced_tag) }) .collect(); profile_converter - .insert("%MitreTechniques%".to_string(), techniques.join(" : ")); + .insert("%MitreTags%".to_string(), techniques.join(" : ")); } "%OtherTags%" => { let tags: &Vec = &tag_info diff --git a/src/options/profile.rs b/src/options/profile.rs index 89bfa56c..70e0e9cf 100644 --- a/src/options/profile.rs +++ b/src/options/profile.rs @@ -42,7 +42,7 @@ lazy_static! { "%RuleFile%", "%EvtxFile%", "%MitreTactics%", - "%MitreTechniques%", + "%MitreTags%", "%OtherTags%" ]; pub static ref PRELOAD_PROFILE_REGEX: RegexSet = RegexSet::new(&*PRELOAD_PROFILE).unwrap();