cargo fmt
This commit is contained in:
DustInDark
@@ -6,7 +6,7 @@ use crate::detections::print::AlertMessage;
|
|||||||
use crate::detections::print::DetectInfo;
|
use crate::detections::print::DetectInfo;
|
||||||
use crate::detections::print::ERROR_LOG_STACK;
|
use crate::detections::print::ERROR_LOG_STACK;
|
||||||
use crate::detections::print::MESSAGES;
|
use crate::detections::print::MESSAGES;
|
||||||
use crate::detections::print::{CH_CONFIG, IS_HIDE_RECORD_ID, TAGS_CONFIG, DEFAULT_DETAILS};
|
use crate::detections::print::{CH_CONFIG, DEFAULT_DETAILS, IS_HIDE_RECORD_ID, TAGS_CONFIG};
|
||||||
use crate::detections::print::{
|
use crate::detections::print::{
|
||||||
LOGONSUMMARY_FLAG, PIVOT_KEYWORD_LIST_FLAG, QUIET_ERRORS_FLAG, STATISTICS_FLAG,
|
LOGONSUMMARY_FLAG, PIVOT_KEYWORD_LIST_FLAG, QUIET_ERRORS_FLAG, STATISTICS_FLAG,
|
||||||
};
|
};
|
||||||
@@ -236,8 +236,12 @@ impl Detection {
|
|||||||
};
|
};
|
||||||
let ch_str = &get_serde_number_to_string(&record_info.record["Event"]["System"]["Channel"])
|
let ch_str = &get_serde_number_to_string(&record_info.record["Event"]["System"]["Channel"])
|
||||||
.unwrap_or_default();
|
.unwrap_or_default();
|
||||||
let eid = get_serde_number_to_string(&record_info.record["Event"]["System"]["EventID"]).unwrap_or_else(|| "-".to_owned());
|
let eid = get_serde_number_to_string(&record_info.record["Event"]["System"]["EventID"])
|
||||||
let default_output = DEFAULT_DETAILS.get(&format!("{}_{}",ch_str, &eid)).unwrap_or(&"-".to_string()).to_string();
|
.unwrap_or_else(|| "-".to_owned());
|
||||||
|
let default_output = DEFAULT_DETAILS
|
||||||
|
.get(&format!("{}_{}", ch_str, &eid))
|
||||||
|
.unwrap_or(&"-".to_string())
|
||||||
|
.to_string();
|
||||||
let detect_info = DetectInfo {
|
let detect_info = DetectInfo {
|
||||||
filepath: record_info.evtx_filepath.to_string(),
|
filepath: record_info.evtx_filepath.to_string(),
|
||||||
rulepath: rule.rulepath.to_string(),
|
rulepath: rule.rulepath.to_string(),
|
||||||
@@ -255,7 +259,10 @@ impl Detection {
|
|||||||
};
|
};
|
||||||
MESSAGES.lock().unwrap().insert(
|
MESSAGES.lock().unwrap().insert(
|
||||||
&record_info.record,
|
&record_info.record,
|
||||||
rule.yaml["details"].as_str().unwrap_or(&default_output).to_string(),
|
rule.yaml["details"]
|
||||||
|
.as_str()
|
||||||
|
.unwrap_or(&default_output)
|
||||||
|
.to_string(),
|
||||||
detect_info,
|
detect_info,
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -228,35 +228,61 @@ impl Message {
|
|||||||
|
|
||||||
/// detailsのdefault値をファイルから読み取る関数
|
/// detailsのdefault値をファイルから読み取る関数
|
||||||
pub fn get_default_details() -> HashMap<String, String> {
|
pub fn get_default_details() -> HashMap<String, String> {
|
||||||
let read_result = utils::read_csv(&format!("{}/default_details.txt", configs::CONFIG.read().unwrap().args.config.as_path().display()));
|
let read_result = utils::read_csv(&format!(
|
||||||
|
"{}/default_details.txt",
|
||||||
|
configs::CONFIG
|
||||||
|
.read()
|
||||||
|
.unwrap()
|
||||||
|
.args
|
||||||
|
.config
|
||||||
|
.as_path()
|
||||||
|
.display()
|
||||||
|
));
|
||||||
match read_result {
|
match read_result {
|
||||||
Err(_e) => {
|
Err(_e) => {
|
||||||
AlertMessage::alert(&_e).ok();
|
AlertMessage::alert(&_e).ok();
|
||||||
HashMap::new()
|
HashMap::new()
|
||||||
},
|
}
|
||||||
Ok(lines) => {
|
Ok(lines) => {
|
||||||
let mut ret:HashMap<String, String> = HashMap::new();
|
let mut ret: HashMap<String, String> = HashMap::new();
|
||||||
lines.into_iter().try_for_each(|line| -> Result<(), String> {
|
lines
|
||||||
let provider = match line.get(0) {
|
.into_iter()
|
||||||
Some(_provider) => _provider.trim(),
|
.try_for_each(|line| -> Result<(), String> {
|
||||||
_ => return Result::Err("Failed to read provider in default_details.txt.".to_string())
|
let provider = match line.get(0) {
|
||||||
};
|
Some(_provider) => _provider.trim(),
|
||||||
let eid = match line.get(1) {
|
_ => {
|
||||||
Some(eid_str) => {
|
return Result::Err(
|
||||||
match eid_str.trim().parse::<i64>() {
|
"Failed to read provider in default_details.txt.".to_string(),
|
||||||
Ok(_eid) => _eid,
|
)
|
||||||
_ => return Result::Err("Parse Error EventID in default_details.txt.".to_string())
|
|
||||||
}
|
}
|
||||||
},
|
};
|
||||||
_ => return Result::Err("Failed to read EventID in default_details.txt.".to_string())
|
let eid = match line.get(1) {
|
||||||
};
|
Some(eid_str) => match eid_str.trim().parse::<i64>() {
|
||||||
let details = match line.get(2) {
|
Ok(_eid) => _eid,
|
||||||
Some(detail) => detail.trim(),
|
_ => {
|
||||||
_ => return Result::Err("Failed to read details in default_details.txt.".to_string())
|
return Result::Err(
|
||||||
};
|
"Parse Error EventID in default_details.txt.".to_string(),
|
||||||
ret.insert(format!("{}_{}", provider, eid), details.to_string());
|
)
|
||||||
Ok(())
|
}
|
||||||
}).ok();
|
},
|
||||||
|
_ => {
|
||||||
|
return Result::Err(
|
||||||
|
"Failed to read EventID in default_details.txt.".to_string(),
|
||||||
|
)
|
||||||
|
}
|
||||||
|
};
|
||||||
|
let details = match line.get(2) {
|
||||||
|
Some(detail) => detail.trim(),
|
||||||
|
_ => {
|
||||||
|
return Result::Err(
|
||||||
|
"Failed to read details in default_details.txt.".to_string(),
|
||||||
|
)
|
||||||
|
}
|
||||||
|
};
|
||||||
|
ret.insert(format!("{}_{}", provider, eid), details.to_string());
|
||||||
|
Ok(())
|
||||||
|
})
|
||||||
|
.ok();
|
||||||
ret
|
ret
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user