add sysmon

src/detections/sysmon.rs

@@ -0,0 +1,37 @@
+use crate::models::event;
+use std::collections::HashMap;
+
+pub struct Sysmon {}
+
+impl Sysmon {
+    pub fn new() -> Sysmon {
+        Sysmon {}
+    }
+
+    pub fn detection(
+        &mut self,
+        event_id: String,
+        system: &event::System,
+        event_data: HashMap<String, String>,
+    ) {
+        if event_id == "1" {
+            &self.sysmon_event_1(event_data);
+        } else if event_id == "7" {
+            &self.sysmon_event_7(event_data);
+        }
+    }
+
+    fn sysmon_event_1(&mut self, event_data: HashMap<String, String>) {
+        println!("Message : Sysmon event 1");
+        if let Some(_image) = event_data.get("Image") {
+            println!("_image : {}",_image);
+        }
+        if let Some(_command_line) = event_data.get("CommandLine") {
+            println!("_command_line : {}",_command_line);
+        }
+    }
+
+    fn sysmon_event_7(&mut self, event_data: HashMap<String, String>) {
+        println!("Message : Sysmon event 7");
+    }
+}