output not found field to n/a (#531)

* changed no found placeholder output to n/a #528 * added n/a output to details when not found placeholder * added v1.3.0 changelog describe and #528 enhance * fixed typo and fixed markdown format * fixed test * readme, changelog, version update Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
2022-05-23 00:20:08 +09:00
parent 684c8a9688
commit 995aa1d75b
6 changed files with 39 additions and 9 deletions
--- a/README.md
+++ b/README.md
@@ -482,7 +482,7 @@ When hayabusa output is being displayed to the screen (the default), it will dis
 * `Event ID`: This comes from the `<Event><System><EventID>` field in the event log.
 * `Level`: This comes from the `level` field in the YML detection rule. (`informational`, `low`, `medium`, `high`, `critical`) By default, all level alerts will be displayed but you can set the minimum level with `-m`. For example, you can set `-m high`) in order to only scan for and display high and critical alerts.
 * `Title`: This comes from the `title` field in the YML detection rule.
-* `Details`: This comes from the `details` field in the YML detection rule, however, only hayabusa rules have this field. This field gives extra information about the alert or event and can extract useful data from the `<Event><System><EventData>` portion of the log. For example, usernames, command line information, process information, etc...
+* `Details`: This comes from the `details` field in the YML detection rule, however, only hayabusa rules have this field. This field gives extra information about the alert or event and can extract useful data from the `<Event><System><EventData>` portion of the log. For example, usernames, command line information, process information, etc... When a placeholder points to a field that does not exist or there is an incorrect alias mapping, it will be outputted as `n/a` (not available).

 The following additional columns will be added to the output when saving to a CSV file: