finish (#136)

rules/bitsjobs/1197_bitsjob.yaml

@@ -1,6 +1,5 @@
 title: BitsJob
 description: Adversaries may abuse BITS jobs to persistently execute or clean up after malicious payloads.
-enabled: true
 author: Yea
 logsource: 
     product: windows

rules/deep_blue_cli/powershell/4103.yml

@@ -1,6 +1,5 @@
 title: PowerShell Execution Pipeline
 description: hogehoge
-enabled: true
 author: Yea
 logsource: 
     product: windows

rules/deep_blue_cli/powershell/4104.yml

@@ -1,6 +1,5 @@
 title: PowerShell Execution Remote Command
 description: hogehoge
-enabled: true
 author: Yea
 logsource: 
     product: windows

rules/deep_blue_cli/security/1102.yml

@@ -1,6 +1,5 @@
 title: The Audit log file was cleared
 description: hogehoge
-enabled: true
 author: Yea
 logsource: 
     product: windows

rules/deep_blue_cli/security/4673.yml

@@ -1,6 +1,5 @@
 title: Sensitive Privilede Use (Mimikatz)
 description: hogehoge
-enabled: true
 author: Yea
 logsource: 
     product: windows

rules/deep_blue_cli/security/4674.yml

@@ -1,6 +1,5 @@
 title: An Operation was attempted on a privileged object
 description: hogehoge
-enabled: true
 author: Yea
 logsource: 
     product: windows

rules/deep_blue_cli/security/4688.yml

@@ -1,6 +1,5 @@
 title: Command Line Logging
 description: hogehoge
-enabled: true
 author: Yea
 logsource: 
     product: windows

rules/deep_blue_cli/security/4720.yml

@@ -1,6 +1,5 @@
 title: A user account was created.
 description: hogehoge
-enabled: true
 author: Yea
 logsource: 
     product: windows

rules/deep_blue_cli/security/4728.yml

@@ -1,6 +1,5 @@
 title: A member was added to a security-enabled global group.
 description: hogehoge
-enabled: true
 author: Yea
 logsource: 
     product: windows

rules/deep_blue_cli/security/4732.yml

@@ -1,6 +1,5 @@
 title: A member was added to a security-enabled local group.
 description: hogehoge
-enabled: true
 author: Yea
 logsource: 
     product: windows

rules/deep_blue_cli/security/4756.yml

@@ -1,6 +1,5 @@
 title: A member was added to a security-enabled universal group.
 description: hogehoge
-enabled: true
 author: Yea
 logsource: 
     product: windows

rules/deep_blue_cli/security/_4625.yml

@@ -1,6 +1,6 @@
 title: An account failed to log on
 description: hogehoge
-enabled: false
+ignore: true
 author: Yea
 logsource: 
     product: windows

rules/deep_blue_cli/security/_4648.yml

@@ -1,6 +1,6 @@
 title: An account failed to log on
 description: hogehoge
-enabled: false
+ignore: true
 author: Yea
 logsource: 
     product: windows

rules/deep_blue_cli/security/_4672.yml

@@ -1,6 +1,6 @@
 title: Command Line Logging
 description: hogehoge
-enabled: false
+ignore: true
 author: Yea
 logsource: 
     product: windows

rules/deep_blue_cli/sysmon/1.yml

@@ -1,6 +1,5 @@
 title: Sysmon Check command lines
 description: hogehoge
-enabled: true
 author: Yea
 logsource: 
     product: windows

rules/deep_blue_cli/sysmon/7.yml

@@ -1,6 +1,5 @@
 title: Check for unsigned EXEs/DLLs
 description: hogehoge
-enabled: true
 author: Yea
 logsource: 
     product: windows

rules/deep_blue_cli/system/104.yml

@@ -1,6 +1,5 @@
 title: The System log file was cleared
 description: hogehoge
-enabled: true
 author: Yea
 logsource: 
     product: windows

rules/deep_blue_cli/system/7030.yml

@@ -1,6 +1,5 @@
 title: This service may not function properly
 description: hogehoge
-enabled: true
 author: Yea
 logsource: 
     product: windows

rules/deep_blue_cli/system/7036.yml

@@ -1,6 +1,5 @@
 title: The ... service entered the stopped|running state
 description: hogehoge
-enabled: true
 author: Yea
 logsource: 
     product: windows

rules/deep_blue_cli/system/7040.yml

@@ -1,6 +1,5 @@
 title: The start type of the Windows Event Log service was changed from auto start to disabled
 description: hogehoge
-enabled: true
 author: Yea
 logsource: 
     product: windows

rules/deep_blue_cli/system/7045.yml

@@ -1,6 +1,5 @@
 title: A service was installed in the system
 description: hogehoge
-enabled: true
 author: Yea
 logsource: 
     product: windows

rules/kerberoast/as-rep-roasting.yml

@@ -1,6 +1,5 @@
 title: AS-REP Roasting
 description: For each account found without preauthentication, an adversary may send an AS-REQ message without the encrypted timestamp and receive an AS-REP message with TGT data which may be encrypted with an insecure algorithm such as RC4.
-enabled: true
 author: Yea
 logsource: 
     product: windows

rules/kerberoast/kerberoasting.yml

@@ -1,6 +1,5 @@
 title: Kerberoasting
 description: Adversaries may abuse a valid Kerberos ticket-granting ticket (TGT) or sniff network traffic to obtain a ticket-granting service (TGS) ticket that may be vulnerable to Brute Force.
-enabled: true
 author: Yea
 logsource: 
     product: windows

rules/powershell/downgrade_attack.yml

@@ -1,6 +1,5 @@
 title: PowerShell DownGradeAttack
 description: hogehoge
-enabled: true
 author: Yea
 logsource: 
     product: windows

src/yaml.rs

@@ -43,9 +43,10 @@ impl ParseYaml {
                                 Ok(docs) => {
                                     for i in docs {
                                         // If there is no "enabled" it does not load
-                                        if i["enabled"].as_bool().unwrap_or(false) {
-                                            &self.files.push(i);
+                                        if i["ignore"].as_bool().unwrap_or(false) {
+                                            continue;
                                         }
+                                        &self.files.push(i);
                                     }
                                 }
                                 Err(e) => {