Merge branch 'main' into feature/start_finish_time

src/detections/configs.rs

@@ -64,6 +64,7 @@ fn build_app<'a>() -> ArgMatches<'a> {
     -u --utc 'Output time in UTC format (default: local time)'
     -d --directory=[DIRECTORY] 'Directory of multiple .evtx files'
     -s --statistics 'Prints statistics of event IDs'
+    -n --show-noisyalerts 'do not exclude noisy rules'
     -t --threadnum=[NUM] 'Thread number (default: optimal number for performance)'
     --contributors 'Prints the list of contributors'";
     App::new(&program)

src/detections/detection.rs

@@ -11,6 +11,7 @@ use crate::detections::print::MESSAGES;
 use crate::detections::rule;
 use crate::detections::rule::RuleNode;
 use crate::detections::utils::get_serde_number_to_string;
+use crate::filter;
 use crate::yaml::ParseYaml;
 
 use std::sync::Arc;
@@ -51,10 +52,15 @@ impl Detection {
     }
 
     // ルールファイルをパースします。
-    pub fn parse_rule_files(level: String, rulespath: Option<&str>) -> Vec<RuleNode> {
+    pub fn parse_rule_files(
+        level: String,
+        rulespath: Option<&str>,
+        exclude_ids: &filter::RuleExclude,
+    ) -> Vec<RuleNode> {
         // ルールファイルのパースを実行
         let mut rulefile_loader = ParseYaml::new();
-        let result_readdir = rulefile_loader.read_dir(rulespath.unwrap_or(DIRPATH_RULES), &level);
+        let result_readdir =
+            rulefile_loader.read_dir(rulespath.unwrap_or(DIRPATH_RULES), &level, exclude_ids);
         if result_readdir.is_err() {
             AlertMessage::alert(
                 &mut std::io::stderr().lock(),
@@ -269,6 +275,6 @@ impl Detection {
 fn test_parse_rule_files() {
     let level = "informational";
     let opt_rule_path = Some("./test_files/rules/level_yaml");
-    let cole = Detection::parse_rule_files(level.to_owned(), opt_rule_path);
+    let cole = Detection::parse_rule_files(level.to_owned(), opt_rule_path, &filter::exclude_ids());
     assert_eq!(5, cole.len());
 }