Merge pull request #344 from Yamato-Security/fix/-s_option_no_rule_load#343

changed no output rule parse result with -s option #343
2021-12-23 18:39:40 +09:00
parent acaae4b328 8f9ff165ec
commit 8b91c7c462
4 changed files with 13 additions and 5 deletions
--- a/src/detections/detection.rs
+++ b/src/detections/detection.rs
@@ -5,6 +5,7 @@ use crate::detections::print::AlertMessage;
 use crate::detections::print::ERROR_LOG_STACK;
 use crate::detections::print::MESSAGES;
 use crate::detections::print::QUIET_ERRORS_FLAG;
+use crate::detections::print::STATISTICS_FLAG;
 use crate::detections::rule;
 use crate::detections::rule::AggResult;
 use crate::detections::rule::RuleNode;
@@ -273,6 +274,9 @@ impl Detection {
        parseerror_count: &u128,
        ignore_count: &u128,
    ) {
+        if *STATISTICS_FLAG {
+            return;
+        }
        let mut total = parseerror_count + ignore_count;
        rc.into_iter().for_each(|(key, value)| {
            println!("{} rules: {}", key, value);
--- a/src/detections/print.rs
+++ b/src/detections/print.rs
@@ -228,11 +228,13 @@ impl AlertMessage {
        for error_log in ERROR_LOG_STACK.lock().unwrap().iter() {
            writeln!(error_log_writer, "{}", error_log).ok();
        }
+        println!("");
        println!(
            "Errors were generated. Please check {} for details.",
            ERROR_LOG_PATH.to_string()
        );
        println!("");
+        println!("");
    }

    /// ERRORメッセージを表示する関数
--- a/src/main.rs
+++ b/src/main.rs
@@ -70,6 +70,7 @@ impl App {
                "{}",
                configs::CONFIG.read().unwrap().args.usage().to_string()
            );
+            println!("");
            return;
        }
        if let Some(csv_path) = configs::CONFIG.read().unwrap().args.value_of("output") {
@@ -87,6 +88,7 @@ impl App {
        }
        if *STATISTICS_FLAG {
            println!("Generating Event ID Statistics");
+            println!("");
        }
        if let Some(filepath) = configs::CONFIG.read().unwrap().args.value_of("filepath") {
            if !filepath.ends_with(".evtx") {
--- a/src/timeline/timeline.rs
+++ b/src/timeline/timeline.rs
@@ -37,11 +37,11 @@ impl Timeline {
        //println!("map -> {:#?}", evtstat_map);
        let mut sammsges: Vec<String> = Vec::new();
        sammsges.push("---------------------------------------".to_string());
-        sammsges.push(format!("Evtx_File_Path:{}", self.stats.filepath));
-        sammsges.push(format!("Total_counts : {}\n", self.stats.total));
-        sammsges.push(format!("firstevent_time: {}", self.stats.start_time));
-        sammsges.push(format!("lastevent_time: {}\n", self.stats.end_time));
-        sammsges.push("count(rate)\tID\tevent\t\ttimeline".to_string());
+        sammsges.push(format!("Evtx File Path: {}", self.stats.filepath));
+        sammsges.push(format!("Total Event Records: {}\n", self.stats.total));
+        sammsges.push(format!("First Timestamp: {}", self.stats.start_time));
+        sammsges.push(format!("Last Timestamp: {}\n", self.stats.end_time));
+        sammsges.push("Count (Percent)\tID\tEvent\t\tTimeline".to_string());
        sammsges.push("--------------- ------- --------------- -------".to_string());

        // 集計件数でソート