From 716e0a182aef31239a7b8b7f2f1adba7fb8197b2 Mon Sep 17 00:00:00 2001 From: DustInDark Date: Thu, 23 Dec 2021 15:45:11 +0900 Subject: [PATCH 1/4] changed no outpu rule parse result with -s option #343 --- src/detections/detection.rs | 4 ++++ src/detections/print.rs | 2 ++ 2 files changed, 6 insertions(+) diff --git a/src/detections/detection.rs b/src/detections/detection.rs index 70225051..6aaa6179 100644 --- a/src/detections/detection.rs +++ b/src/detections/detection.rs @@ -5,6 +5,7 @@ use crate::detections::print::AlertMessage; use crate::detections::print::ERROR_LOG_STACK; use crate::detections::print::MESSAGES; use crate::detections::print::QUIET_ERRORS_FLAG; +use crate::detections::print::STATISTICS_FLAG; use crate::detections::rule; use crate::detections::rule::AggResult; use crate::detections::rule::RuleNode; @@ -273,6 +274,9 @@ impl Detection { parseerror_count: &u128, ignore_count: &u128, ) { + if *STATISTICS_FLAG { + return; + } let mut total = parseerror_count + ignore_count; rc.into_iter().for_each(|(key, value)| { println!("{} rules: {}", key, value); diff --git a/src/detections/print.rs b/src/detections/print.rs index 6c9ef6b8..3b20520b 100644 --- a/src/detections/print.rs +++ b/src/detections/print.rs @@ -228,11 +228,13 @@ impl AlertMessage { for error_log in ERROR_LOG_STACK.lock().unwrap().iter() { writeln!(error_log_writer, "{}", error_log).ok(); } + println!(""); println!( "Errors were generated. Please check {} for details.", ERROR_LOG_PATH.to_string() ); println!(""); + println!(""); } /// ERRORメッセージを表示する関数 From c43624dcb2b8ca3bf82faa8a710ce9ecd703b7c7 Mon Sep 17 00:00:00 2001 From: DustInDark Date: Thu, 23 Dec 2021 17:09:26 +0900 Subject: [PATCH 2/4] changed outputs #344 --- src/timeline/timeline.rs | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/timeline/timeline.rs b/src/timeline/timeline.rs index 890212af..1c3f7297 100644 --- a/src/timeline/timeline.rs +++ b/src/timeline/timeline.rs @@ -37,11 +37,11 @@ impl Timeline { //println!("map -> {:#?}", evtstat_map); let mut sammsges: Vec = Vec::new(); sammsges.push("---------------------------------------".to_string()); - sammsges.push(format!("Evtx_File_Path:{}", self.stats.filepath)); - sammsges.push(format!("Total_counts : {}\n", self.stats.total)); - sammsges.push(format!("firstevent_time: {}", self.stats.start_time)); - sammsges.push(format!("lastevent_time: {}\n", self.stats.end_time)); - sammsges.push("count(rate)\tID\tevent\t\ttimeline".to_string()); + sammsges.push(format!("Evtx File Path: {}", self.stats.filepath)); + sammsges.push(format!("Total Event Records : {}\n", self.stats.total)); + sammsges.push(format!("First Timestamp: {}", self.stats.start_time)); + sammsges.push(format!("Last Timestamp: {}\n", self.stats.end_time)); + sammsges.push("count(Percent)\tID\tEvent\t\tTimeline".to_string()); sammsges.push("--------------- ------- --------------- -------".to_string()); // 集計件数でソート From b4a66a8e6f0e5633ba9e09af057efab667d57aee Mon Sep 17 00:00:00 2001 From: DustInDark Date: Thu, 23 Dec 2021 17:16:48 +0900 Subject: [PATCH 3/4] inserted usage newline --- src/main.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/src/main.rs b/src/main.rs index 6bb33feb..7bb671cb 100644 --- a/src/main.rs +++ b/src/main.rs @@ -70,6 +70,7 @@ impl App { "{}", configs::CONFIG.read().unwrap().args.usage().to_string() ); + println!(""); return; } if let Some(csv_path) = configs::CONFIG.read().unwrap().args.value_of("output") { From 8f9ff165ec9b3dd1a53bfe9cb98f867e438fbed9 Mon Sep 17 00:00:00 2001 From: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com> Date: Thu, 23 Dec 2021 17:52:19 +0900 Subject: [PATCH 4/4] small format fix --- src/main.rs | 1 + src/timeline/timeline.rs | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/main.rs b/src/main.rs index 7bb671cb..1d932468 100644 --- a/src/main.rs +++ b/src/main.rs @@ -88,6 +88,7 @@ impl App { } if *STATISTICS_FLAG { println!("Generating Event ID Statistics"); + println!(""); } if let Some(filepath) = configs::CONFIG.read().unwrap().args.value_of("filepath") { if !filepath.ends_with(".evtx") { diff --git a/src/timeline/timeline.rs b/src/timeline/timeline.rs index 1c3f7297..5b0a9c57 100644 --- a/src/timeline/timeline.rs +++ b/src/timeline/timeline.rs @@ -38,10 +38,10 @@ impl Timeline { let mut sammsges: Vec = Vec::new(); sammsges.push("---------------------------------------".to_string()); sammsges.push(format!("Evtx File Path: {}", self.stats.filepath)); - sammsges.push(format!("Total Event Records : {}\n", self.stats.total)); + sammsges.push(format!("Total Event Records: {}\n", self.stats.total)); sammsges.push(format!("First Timestamp: {}", self.stats.start_time)); sammsges.push(format!("Last Timestamp: {}\n", self.stats.end_time)); - sammsges.push("count(Percent)\tID\tEvent\t\tTimeline".to_string()); + sammsges.push("Count (Percent)\tID\tEvent\t\tTimeline".to_string()); sammsges.push("--------------- ------- --------------- -------".to_string()); // 集計件数でソート