diff --git a/src/detections/detection.rs b/src/detections/detection.rs index f645ef5f..48abd6dc 100644 --- a/src/detections/detection.rs +++ b/src/detections/detection.rs @@ -127,11 +127,12 @@ impl Detection { .is_present("logon-summary") { let _ = &rulefile_loader - .rule_load_status_cnt + .rule_load_cnt .insert(String::from("rule parsing error"), parseerror_count); Detection::print_rule_load_info( &rulefile_loader.rulecounter, - &rulefile_loader.rule_load_status_cnt, + &rulefile_loader.rule_load_cnt, + &rulefile_loader.rule_status_cnt, ); } ret @@ -353,30 +354,46 @@ impl Detection { ret } - pub fn print_rule_load_info(rc: &HashMap, st_rc: &HashMap) { + pub fn print_rule_load_info( + rc: &HashMap, + ld_rc: &HashMap, + st_rc: &HashMap, + ) { if *STATISTICS_FLAG { return; } - let mut sorted_st_rc: Vec<(&String, &u128)> = st_rc.iter().collect(); - sorted_st_rc.sort_by(|a, b| a.0.cmp(b.0)); - sorted_st_rc.into_iter().for_each(|(key, value)| { + let mut sorted_ld_rc: Vec<(&String, &u128)> = ld_rc.iter().collect(); + sorted_ld_rc.sort_by(|a, b| a.0.cmp(b.0)); + sorted_ld_rc.into_iter().for_each(|(key, value)| { //タイトルに利用するものはascii文字であることを前提として1文字目を大文字にするように変更する println!( "{} rules: {}", make_ascii_titlecase(key.clone().as_mut()), - value + value, + ); + }); + println!(); + + let mut sorted_st_rc: Vec<(&String, &u128)> = st_rc.iter().collect(); + let total_loaded_rule_cnt: u128 = sorted_st_rc.iter().map(|(_, v)| v.to_owned()).sum(); + sorted_st_rc.sort_by(|a, b| a.0.cmp(b.0)); + sorted_st_rc.into_iter().for_each(|(key, value)| { + //タイトルに利用するものはascii文字であることを前提として1文字目を大文字にするように変更する + println!( + "{} rules: {} ({:.2}%)", + make_ascii_titlecase(key.clone().as_mut()), + value, + value / total_loaded_rule_cnt ); }); println!(); let mut sorted_rc: Vec<(&String, &u128)> = rc.iter().collect(); sorted_rc.sort_by(|a, b| a.0.cmp(b.0)); - let mut enable_total = 0; sorted_rc.into_iter().for_each(|(key, value)| { println!("{} rules: {}", key, value); - enable_total += value; }); - println!("Total enabled detection rules: {}", enable_total); + println!("Total enabled detection rules: {}", total_loaded_rule_cnt); println!(); } } diff --git a/src/yaml.rs b/src/yaml.rs index 842fb6d2..0c9ca327 100644 --- a/src/yaml.rs +++ b/src/yaml.rs @@ -18,7 +18,8 @@ use yaml_rust::YamlLoader; pub struct ParseYaml { pub files: Vec<(String, yaml_rust::Yaml)>, pub rulecounter: HashMap, - pub rule_load_status_cnt: HashMap, + pub rule_load_cnt: HashMap, + pub rule_status_cnt: HashMap, pub errorrule_count: u128, } @@ -33,11 +34,11 @@ impl ParseYaml { ParseYaml { files: Vec::new(), rulecounter: HashMap::new(), - rule_load_status_cnt: HashMap::from([ + rule_load_cnt: HashMap::from([ ("excluded".to_string(), 0_u128), ("noisy".to_string(), 0_u128), - ("deprecate".to_string(), 0_u128), ]), + rule_status_cnt: HashMap::from([("deprecated".to_string(), 0_u128)]), errorrule_count: 0, } } @@ -231,10 +232,7 @@ impl ParseYaml { } else { entry_key = "noisy"; } - let entry = self - .rule_load_status_cnt - .entry(entry_key.to_string()) - .or_insert(0); + let entry = self.rule_load_cnt.entry(entry_key.to_string()).or_insert(0); *entry += 1; return Option::None; } @@ -249,11 +247,11 @@ impl ParseYaml { ); let status_cnt = self - .rule_load_status_cnt + .rule_status_cnt .entry( yaml_doc["status"] .as_str() - .unwrap_or("Undefined") + .unwrap_or("undefined") .to_string(), ) .or_insert(0); @@ -284,7 +282,7 @@ impl ParseYaml { let rule_status = &yaml_doc["status"].as_str().unwrap_or_default(); if *rule_status == "deprecated" { let entry = self - .rule_load_status_cnt + .rule_status_cnt .entry(rule_status.to_string()) .or_insert(0); *entry += 1;