CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

merged variable and fixed to output csv in %RecordInformation% #165

Browse Source
This commit is contained in:
DustInDark
2022-08-01 19:34:20 +09:00
parent 1cf97a103c
commit 8f4eb848e3
2 changed files with 26 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
src/afterfact.rs
View File

@@ -1,7 +1,7 @@
use crate::detections::configs; use crate::detections::configs;
use crate::detections::configs::{CURRENT_EXE_PATH, TERM_SIZE}; use crate::detections::configs::{CURRENT_EXE_PATH, TERM_SIZE};
use crate::detections::message::AlertMessage;
use crate::detections::message::{self, LEVEL_ABBR}; use crate::detections::message::{self, LEVEL_ABBR};
use crate::detections::message::{AlertMessage, LEVEL_FULL};
use crate::detections::utils::{self, format_time}; use crate::detections::utils::{self, format_time};
use crate::detections::utils::{get_writable_color, write_color_buffer}; use crate::detections::utils::{get_writable_color, write_color_buffer};
use crate::options::profile::PROFILES; use crate::options::profile::PROFILES;
@@ -229,13 +229,19 @@ fn emit_csv<W: std::io::Write>(
} else { } else {
// csv output format // csv output format
if plus_header { if plus_header {
wtr.write_record(detect_info.ext_field.keys())?; wtr.write_record(detect_info.ext_field.keys().map(|x| x.trim()))?;
plus_header = false; plus_header = false;
} }
wtr.write_record(detect_info.ext_field.values())?; wtr.write_record(detect_info.ext_field.values().map(|x| x.trim()))?;
} }
let level_suffix = *configs::LEVELMAP let level_suffix = *configs::LEVELMAP
.get(&detect_info.level.to_uppercase()) .get(
&LEVEL_FULL
.get(&detect_info.level)
.unwrap_or(&"undefined".to_string())
.to_uppercase(),
)
.unwrap_or(&0) as usize; .unwrap_or(&0) as usize;
let time_str_date = format_time(time, true); let time_str_date = format_time(time, true);
let mut detect_counts_by_date = detect_counts_by_date_and_level let mut detect_counts_by_date = detect_counts_by_date_and_level
@@ -474,14 +480,6 @@ fn _print_detection_summary_by_date(
let mut wtr = buf_wtr.buffer(); let mut wtr = buf_wtr.buffer();
wtr.set_color(ColorSpec::new().set_fg(None)).ok(); wtr.set_color(ColorSpec::new().set_fg(None)).ok();
let level_full_map = std::collections::HashMap::from([
("crit", "critical"),
("high", "high"),
("med ", "medium"),
("low ", "low"),
("info", "informational"),
]);
for level in LEVEL_ABBR.values() { for level in LEVEL_ABBR.values() {
// output_levelsはlevelsからundefinedを除外した配列であり、各要素は必ず初期化されているのでSomeであることが保証されているのでunwrapをそのまま実施 // output_levelsはlevelsからundefinedを除外した配列であり、各要素は必ず初期化されているのでSomeであることが保証されているのでunwrapをそのまま実施
let detections_by_day = detect_counts_by_date.get(level).unwrap(); let detections_by_day = detect_counts_by_date.get(level).unwrap();
@@ -497,7 +495,7 @@ fn _print_detection_summary_by_date(
} }
wtr.set_color(ColorSpec::new().set_fg(_get_output_color( wtr.set_color(ColorSpec::new().set_fg(_get_output_color(
color_map, color_map,
level_full_map.get(level.as_str()).unwrap(), LEVEL_FULL.get(level.as_str()).unwrap(),
))) )))
.ok(); .ok();
if !exist_max_data { if !exist_max_data {
@@ -506,7 +504,7 @@ fn _print_detection_summary_by_date(
writeln!( writeln!(
wtr, wtr,
"Date with most total {} detections: {}", "Date with most total {} detections: {}",
level_full_map.get(level.as_str()).unwrap(), LEVEL_FULL.get(level.as_str()).unwrap(),
&max_detect_str &max_detect_str
) )
.ok(); .ok();
@@ -523,14 +521,6 @@ fn _print_detection_summary_by_computer(
let mut wtr = buf_wtr.buffer(); let mut wtr = buf_wtr.buffer();
wtr.set_color(ColorSpec::new().set_fg(None)).ok(); wtr.set_color(ColorSpec::new().set_fg(None)).ok();
let level_full_map = std::collections::HashMap::from([
("crit", "critical"),
("high", "high"),
("med ", "medium"),
("low ", "low"),
("info", "informational"),
]);
for level in LEVEL_ABBR.values() { for level in LEVEL_ABBR.values() {
// output_levelsはlevelsからundefinedを除外した配列であり、各要素は必ず初期化されているのでSomeであることが保証されているのでunwrapをそのまま実施 // output_levelsはlevelsからundefinedを除外した配列であり、各要素は必ず初期化されているのでSomeであることが保証されているのでunwrapをそのまま実施
let detections_by_computer = detect_counts_by_computer.get(level).unwrap(); let detections_by_computer = detect_counts_by_computer.get(level).unwrap();
@@ -554,13 +544,13 @@ fn _print_detection_summary_by_computer(
wtr.set_color(ColorSpec::new().set_fg(_get_output_color( wtr.set_color(ColorSpec::new().set_fg(_get_output_color(
color_map, color_map,
level_full_map.get(level.as_str()).unwrap(), LEVEL_FULL.get(level.as_str()).unwrap(),
))) )))
.ok(); .ok();
writeln!( writeln!(
wtr, wtr,
"Top 5 computers with most unique {} detections: {}", "Top 5 computers with most unique {} detections: {}",
level_full_map.get(level.as_str()).unwrap(), LEVEL_FULL.get(level.as_str()).unwrap(),
&result_str &result_str
) )
.ok(); .ok();

18
src/detections/message.rs
View File

@@ -77,13 +77,19 @@ lazy_static! {
.display() .display()
)); ));
pub static ref LEVEL_ABBR: HashMap<String, String> = HashMap::from([ pub static ref LEVEL_ABBR: HashMap<String, String> = HashMap::from([
(String::from("critical"), String::from("crit")), ("critical".to_string(), "crit".to_string()),
(String::from("high"), String::from("high")), ("high".to_string(), "high".to_string()),
(String::from("medium"), String::from("med ")), ("medium".to_string(), "med ".to_string()),
(String::from("low"), String::from("low ")), ("low".to_string(), "low ".to_string()),
(String::from("informational"), String::from("info")), ("informational".to_string(), "info".to_string()),
]);
pub static ref LEVEL_FULL: HashMap<String, String> = HashMap::from([
("crit".to_string(), "critical".to_string()),
("high".to_string(), "high".to_string()),
("med ".to_string(), "medium".to_string()),
("low ".to_string(), "low".to_string()),
("info".to_string(), "informational".to_string())
]); ]);
} }
/// ファイルパスで記載されたtagでのフル名、表示の際に置き換えられる文字列のHashMapを作成する関数。 /// ファイルパスで記載されたtagでのフル名、表示の際に置き換えられる文字列のHashMapを作成する関数。