Feature/change level option#250 (#259)

* fixed level option #250

* changed output

src/afterfact.rs

@@ -113,7 +113,7 @@ fn emit_csv<W: std::io::Write>(writer: &mut W, displayflag: bool) -> io::Result<
 
     wtr.flush()?;
     println!("");
-    println!("Total events detected: {:?}", detect_count);
+    println!("Total events: {:?}", detect_count);
     Ok(())
 }
 

src/detections/configs.rs

@@ -56,7 +56,7 @@ fn build_app<'a>() -> ArgMatches<'a> {
     --verbose 'Output verbose information to target event file path and rule file'
     -q 'Quiet mode. Do not display the launch banner'
     -r --rules=[RULEDIRECTORY] 'Rule file directory (default: ./rules)'
-    -L --level=[LEVEL] 'Minimum level for rules (default: INFORMATIONAL)'
+    -m --min-level=[LEVEL] 'Minimum level for rules (default: informational)'
     -u --utc 'Output time in UTC format (default: local time)'
     -d --directory=[DIRECTORY] 'Directory of multiple .evtx files'
     -s --statistics 'Prints statistics of event IDs'

src/detections/detection.rs

@@ -181,7 +181,7 @@ impl Detection {
             println!("{} alerts: {}", levellabel[i], value);
             total_unique += value;
         }
-        println!("Unique events detected: {}", total_unique);
+        println!("Unique alerts detected: {}", total_unique);
     }
 
     // 複数のイベントレコードに対して、ルールを1個実行します。

src/detections/print.rs

@@ -165,7 +165,7 @@ impl Message {
             detect_count += detect_infos.len();
         }
         println!("");
-        println!("Total Events Detected:{:?}", detect_count);
+        println!("Total events:{:?}", detect_count);
     }
 
     pub fn iter(&self) -> &BTreeMap<DateTime<Utc>, Vec<DetectInfo>> {

src/main.rs

@@ -125,7 +125,7 @@ fn analysis_files(evtx_files: Vec<PathBuf>) {
         .read()
         .unwrap()
         .args
-        .value_of("level")
+        .value_of("min-level")
         .unwrap_or("informational")
         .to_uppercase();
     println!("Analyzing event files: {:?}", evtx_files.len());