update wording to metrics

CHANGELOG.md

@@ -6,7 +6,8 @@
 
 **Enhancements:**
 
-- Changed Event ID Statistics option to metrics option. (old: -s -> new: -M) (#706) (@hitenkoku)
+- Changed Event ID Statistics option to Event ID Metrics option. (`-s, --statistics`  -> `-M, --metrics`) (#706) (@hitenkoku)
+  (Note: `statistics_event_info.txt` was changed to `event_id_info.txt`.)
 
 **Bug Fixes:**
 

README.md

@@ -170,7 +170,7 @@ You can learn how to import CSV files into Timesketch [here](doc/TimesketchImpor
 * Threat hunting based on IoC signatures written in easy to read/create/edit YML based hayabusa rules.
 * Sigma rule support to convert sigma rules to hayabusa rules.
 * Currently it supports the most sigma rules compared to other similar tools and even supports count rules and new aggregators such as `|equalsfield`.
-* Event log statistics. (Useful for getting a picture of what types of events there are and for tuning your log settings.)
+* Event ID metrics. (Useful for getting a picture of what types of events there are and for tuning your log settings.)
 * Rule tuning configuration by excluding unneeded or noisy rules.
 * MITRE ATT&CK mapping of tactics.
 * Rule level tuning.
@@ -361,7 +361,7 @@ You should now be able to run hayabusa.
 * `--level-tuning`: Custom tune the alerts' `level`.
 * `-L, --logon-summary`: Print a summary of logon events.
 * `-P, --pivot-keywords-list`: Print a list of suspicious keywords to pivot on.
-* `-M, --metrics`: Print metrics of the count and percentage of events based on Event ID.
+* `-M, --metrics`: Print metrics of the number and percentage of events based on Event ID.
 * `--set-default-profile`: Change the default profile.
 * `-u, --update`: Sync the rules to the latest rules in the [hayabusa-rules](https://github.com/Yamato-Security/hayabusa-rules) GitHub repository.
 
@@ -409,7 +409,7 @@ OTHER-ACTIONS:
         --contributors                     Print the list of contributors
     -L, --logon-summary                    Print a summary of successful and failed logons
         --level-tuning [<FILE>]            Tune alert levels (default: ./rules/config/level_tuning.txt)
-    -M, --metrics                          Print metrics of event IDs
+    -M, --metrics                          Print event ID metrics
     -p, --pivot-keywords-list              Create a list of pivot keywords
         --set-default-profile <PROFILE>    Set default output profile
     -u, --update-rules                     Update to the latest rules in the hayabusa-rules github repository
@@ -497,7 +497,7 @@ hayabusa-1.6.0-win-x64.exe -l -m low
 hayabusa-1.6.0-win-x64.exe -l -m critical -p -o keywords
 ```
 
-* Print Event ID statistics:
+* Print Event ID metrics:
 
 ```bash
 hayabusa-1.6.0-win-x64.exe -f Security.evtx -M

contributors.txt

@@ -2,7 +2,7 @@ Hayabusa was possible thanks to the following people (in alphabetical order):
 
 Akira Nishikawa (@nishikawaakira): Previous lead developer, core hayabusa rule support, etc...
 Fukusuke Takahashi (fukuseket): Static compiling for Windows, race condition and other bug fixes.
-Garigariganzy (@garigariganzy31): Developer, event ID statistics implementation, etc... 
+Garigariganzy (@garigariganzy31): Developer, event ID metrics implementation, etc... 
 ItiB (@itiB_S144) :  Core developer, sigmac hayabusa backend, rule creation, etc...
 James Takai / hachiyone(@hach1yon): Current lead developer, tokio multi-threading, sigma aggregation logic, sigmac backend, rule creation, sigma count implementation etc…
 Kazuminn (@k47_um1n): Core Developer

doc/ElasticStackImport/ElasticStackImport-English.md

@@ -51,7 +51,7 @@ As shown below, click on `Advanced` and perform the following settings before cl
 
 1. Title the `Index name` as `evtxlogs-hayabusa`.
 2. Under `Index settings`, add `, "number_of_replicas": 0` so that the index health status does not turn yellow.
-3. Under `Mappings`, change the `RuleTitle` type of `text` to `keyword` so that we can do statistics on the rule titles and change the `EventID` type of `long` to `keyword` in order to import without errors.
+3. Under `Mappings`, change the `RuleTitle` type of `text` to `keyword` so that we can calculate metrics on the rule titles and change the `EventID` type of `long` to `keyword` in order to import without errors.
 4. Under `Ingest pipeline`, add `, "field": "Timestamp"` under the `remove` section. Timestamps will be displayed as `@timestamp` so this duplicate field is not needed. Also, delete the following in order to import without errors:
    ```
     {

src/detections/configs.rs

@@ -188,7 +188,7 @@ pub struct Config {
     #[clap(help_heading = Some("ADVANCED"), short, long = "thread-number", value_name = "NUMBER")]
     pub thread_number: Option<usize>,
 
-    /// Print metrics of event IDs
+    /// Print event ID metrics
     #[clap(help_heading = Some("OTHER-ACTIONS"), short='M', long)]
     pub metrics: bool,
 
@@ -266,11 +266,11 @@ impl ConfigReader<'_> {
             args: parse.clone(),
             headless_help: String::default(),
             event_timeline_config: load_eventcode_info(
-                utils::check_setting_path(&parse.config, "statistics_event_info.txt", false)
+                utils::check_setting_path(&parse.config, "event_id_info.txt", false)
                     .unwrap_or_else(|| {
                         utils::check_setting_path(
                             &CURRENT_EXE_PATH.to_path_buf(),
-                            "rules/config/statistics_event_info.txt",
+                            "rules/config/event_id_info.txt",
                             true,
                         )
                         .unwrap()
@@ -581,7 +581,7 @@ fn load_eventcode_info(path: &str) -> EventInfoConfig {
         return config;
     }
 
-    // statistics_event_infoが読み込めなかったらエラーで終了とする。
+    // event_id_info.txtが読み込めなかったらエラーで終了とする。
     read_result.unwrap().into_iter().for_each(|line| {
         if line.len() != 2 {
             return;

src/detections/utils.rs

@@ -410,7 +410,7 @@ pub fn check_rule_config() -> Result<(), String> {
         "target_event_IDs.txt",
         "default_details.txt",
         "level_tuning.txt",
-        "statistics_event_info.txt",
+        "event_id_info.txt",
         "eventkey_alias.txt",
     ];
     let mut not_exist_file = vec![];

src/main.rs

@@ -197,7 +197,7 @@ impl App {
             write_color_buffer(
                 &BufferWriter::stdout(ColorChoice::Always),
                 None,
-                "Generating Event ID Statistics",
+                "Generating Event ID Metrics",
                 true,
             )
             .ok();

src/timeline/timelines.rs

@@ -98,7 +98,7 @@ impl Timeline {
                 .event_timeline_config
                 .get_event_id(*event_id)
                 .is_some();
-            // statistics_event_info.txtに登録あるものは情報設定
+            // event_id_info.txtに登録あるものは情報設定
             if conf {
                 // 出力メッセージ1行作成
                 msges.push(format!(