diff --git a/src/detections/configs.rs b/src/detections/configs.rs index 248d1c9b..dad74331 100644 --- a/src/detections/configs.rs +++ b/src/detections/configs.rs @@ -4,8 +4,7 @@ use crate::detections::pivot::PIVOT_KEYWORD; use crate::detections::utils; use chrono::{DateTime, Utc}; use clap::{App, CommandFactory, Parser}; -use hashbrown::HashMap; -use hashbrown::HashSet; +use std::collections::{HashSet, HashMap}; use lazy_static::lazy_static; use regex::Regex; use std::env::current_exe; @@ -102,10 +101,6 @@ pub struct Config { #[clap(long = "all-tags")] pub all_tags: bool, - /// Do not display EventRecordID numbers - #[clap(short = 'R', long = "hide-record-id")] - pub hide_record_id: bool, - /// Output verbose information #[clap(short = 'v', long)] pub verbose: bool, @@ -577,7 +572,7 @@ fn load_eventcode_info(path: &str) -> EventInfoConfig { mod tests { use crate::detections::configs; use chrono::{DateTime, Utc}; - use hashbrown::HashSet; + use std::collections::HashSet; // #[test] // #[ignore] diff --git a/src/detections/detection.rs b/src/detections/detection.rs index 3f587067..67a7a158 100644 --- a/src/detections/detection.rs +++ b/src/detections/detection.rs @@ -2,9 +2,7 @@ extern crate csv; use crate::detections::configs; use crate::detections::utils::write_color_buffer; -use crate::options::profile; use crate::options::profile::PROFILES; -use linked_hash_map::LinkedHashMap; use termcolor::{BufferWriter, Color, ColorChoice}; use crate::detections::message::AlertMessage; @@ -21,9 +19,8 @@ use crate::detections::rule::RuleNode; use crate::detections::utils::{get_serde_number_to_string, make_ascii_titlecase}; use crate::filter; use crate::yaml::ParseYaml; -use hashbrown; -use hashbrown::HashMap; use serde_json::Value; +use std::collections::HashMap; use std::fmt::Write; use std::path::Path; @@ -39,7 +36,7 @@ pub struct EvtxRecordInfo { pub evtx_filepath: String, // イベントファイルのファイルパス ログで出力するときに使う pub record: Value, // 1レコード分のデータをJSON形式にシリアライズしたもの pub data_string: String, - pub key_2_value: hashbrown::HashMap, + pub key_2_value: HashMap, pub record_information: Option, } diff --git a/src/detections/pivot.rs b/src/detections/pivot.rs index 040ab57e..bf98b764 100644 --- a/src/detections/pivot.rs +++ b/src/detections/pivot.rs @@ -1,5 +1,4 @@ -use hashbrown::HashMap; -use hashbrown::HashSet; +use std::collections::{HashMap, HashSet}; use lazy_static::lazy_static; use serde_json::Value; use std::sync::RwLock; diff --git a/src/detections/rule/count.rs b/src/detections/rule/count.rs index c6778934..8e086e90 100644 --- a/src/detections/rule/count.rs +++ b/src/detections/rule/count.rs @@ -499,7 +499,7 @@ mod tests { use crate::detections::rule::create_rule; use crate::detections::rule::AggResult; use crate::detections::utils; - use hashbrown::HashMap; + use std::collections::HashMap; use chrono::{TimeZone, Utc}; use yaml_rust::YamlLoader; diff --git a/src/detections/utils.rs b/src/detections/utils.rs index 40f2c14b..58104616 100644 --- a/src/detections/utils.rs +++ b/src/detections/utils.rs @@ -4,6 +4,7 @@ extern crate regex; use crate::detections::configs; use crate::detections::configs::CURRENT_EXE_PATH; +use std::collections::HashMap; use std::path::Path; use std::path::PathBuf; @@ -219,8 +220,8 @@ pub fn create_rec_info(data: Value, path: String, keys: &[String]) -> EvtxRecord // この処理を高速化するため、rec.key_2_valueというhashmapに"Event.System.EventID"というキーで値を設定しておく。 // これなら、"Event.System.EventID"というキーを1回指定するだけで値を取得できるようになるので、高速化されるはず。 // あと、serde_jsonのValueからvalue["Event"]みたいな感じで値を取得する処理がなんか遅いので、そういう意味でも早くなるかも - // それと、serde_jsonでは内部的に標準ライブラリのhashmapを使用しているが、hashbrownを使った方が早くなるらしい。 - let mut key_2_values = hashbrown::HashMap::new(); + // それと、serde_jsonでは内部的に標準ライブラリのhashmapを使用しているが、hashbrownを使った方が早くなるらしい。標準ライブラリがhashbrownを採用したためserde_jsonについても高速化した。 + let mut key_2_values = HashMap::new(); for key in keys { let val = get_event_value(key, &data); if val.is_none() { diff --git a/src/filter.rs b/src/filter.rs index c78b7880..168b307d 100644 --- a/src/filter.rs +++ b/src/filter.rs @@ -2,7 +2,7 @@ use crate::detections::configs; use crate::detections::message::AlertMessage; use crate::detections::message::ERROR_LOG_STACK; use crate::detections::message::QUIET_ERRORS_FLAG; -use hashbrown::HashMap; +use std::collections::HashMap; use regex::Regex; use std::fs::File; use std::io::{BufRead, BufReader}; diff --git a/src/options/update_rules.rs b/src/options/update_rules.rs index be3ca5db..87d0baf4 100644 --- a/src/options/update_rules.rs +++ b/src/options/update_rules.rs @@ -7,7 +7,7 @@ use git2::Repository; use std::fs::{self}; use std::path::Path; -use hashbrown::{HashMap, HashSet}; +use std::collections::{HashMap, HashSet}; use std::cmp::Ordering; use std::time::SystemTime; diff --git a/src/timeline/statistics.rs b/src/timeline/statistics.rs index 335f080a..0a6d9433 100644 --- a/src/timeline/statistics.rs +++ b/src/timeline/statistics.rs @@ -1,6 +1,6 @@ use crate::detections::message::{LOGONSUMMARY_FLAG, STATISTICS_FLAG}; use crate::detections::{detection::EvtxRecordInfo, utils}; -use hashbrown::HashMap; +use std::collections::HashMap; #[derive(Debug)] pub struct EventStatistics { @@ -111,7 +111,7 @@ impl EventStatistics { continue; } let username = utils::get_event_value("TargetUserName", &record.record); - let idnum = evtid.unwrap(); + let idnum = evtid.unwrap().as_i64().unwrap(); let countlist: [usize; 2] = [0, 0]; if idnum == 4624 { let count: &mut [usize; 2] = self diff --git a/src/timeline/timelines.rs b/src/timeline/timelines.rs index a0cad83a..41a9e38a 100644 --- a/src/timeline/timelines.rs +++ b/src/timeline/timelines.rs @@ -3,7 +3,7 @@ use crate::detections::{configs::CONFIG, detection::EvtxRecordInfo}; use prettytable::{Cell, Row, Table}; use super::statistics::EventStatistics; -use hashbrown::HashMap; +use std::collections::HashMap; #[derive(Debug)] pub struct Timeline { diff --git a/src/yaml.rs b/src/yaml.rs index 19ce2eef..0acc27b9 100644 --- a/src/yaml.rs +++ b/src/yaml.rs @@ -6,7 +6,7 @@ use crate::detections::configs::EXCLUDE_STATUS; use crate::detections::message::AlertMessage; use crate::detections::message::{ERROR_LOG_STACK, QUIET_ERRORS_FLAG}; use crate::filter::RuleExclude; -use hashbrown::HashMap; +use std::collections::HashMap; use std::ffi::OsStr; use std::fs; use std::io; @@ -321,7 +321,7 @@ mod tests { use crate::filter; use crate::yaml; use crate::yaml::RuleExclude; - use hashbrown::HashMap; + use std::collections::HashMap; use std::path::Path; use yaml_rust::YamlLoader;