CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add: default output when no details are defined #606

Browse Source
This commit is contained in:
DastInDark
2022-06-29 20:36:44 +09:00
parent c5feae8bb1
commit 742465164a
1 changed files with 5 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/detections/detection.rs
View File

@@ -243,10 +243,11 @@ impl Detection {
.unwrap_or_default(); .unwrap_or_default();
let eid = get_serde_number_to_string(&record_info.record["Event"]["System"]["EventID"]) let eid = get_serde_number_to_string(&record_info.record["Event"]["System"]["EventID"])
.unwrap_or_else(|| "-".to_owned()); .unwrap_or_else(|| "-".to_owned());
let default_output = DEFAULT_DETAILS let default_output = match DEFAULT_DETAILS
.get(&format!("{}_{}", provider, &eid)) .get(&format!("{}_{}", provider, &eid)) {
.unwrap_or(&"-".to_string()) Some(str) => str.to_owned(),
.to_string(); None => recinfo.as_ref().unwrap_or(&"-".to_string()).to_string(),
};
let detect_info = DetectInfo { let detect_info = DetectInfo {
filepath: record_info.evtx_filepath.to_string(), filepath: record_info.evtx_filepath.to_string(),
rulepath: rule.rulepath.to_string(), rulepath: rule.rulepath.to_string(),