diff --git a/src/detections/application.rs b/src/detections/application.rs index 9622b359..a73b9300 100644 --- a/src/detections/application.rs +++ b/src/detections/application.rs @@ -17,11 +17,12 @@ impl Application { system: &event::System, event_data: HashMap, ) { - let _emet = String::from("EMET"); if event_id == "2" { match &system.provider.name { - Some(_emet) => { - &self.emet(system, event_data); + Some(name) => { + if (name == "EMET") { + &self.emet(system, event_data); + } } None => (), } @@ -32,16 +33,18 @@ impl Application { match &system.message { Some(message) => { let message_split: Vec<&str> = message.split("\n").collect(); - let text = message_split[0]; - let application = message_split[3]; - let re = Regex::new(r"^Application: ").unwrap(); - let command = re.replace_all(application, ""); - let username = message_split[4]; + if !message_split.is_empty() { + let text = message_split[0]; + let application = message_split[3]; + let re = Regex::new(r"^Application: ").unwrap(); + let command = re.replace_all(application, ""); + let username = message_split[4]; - println!("Message EMET Block"); - println!("Command {}", command); - println!("Results {}", text); - println!("Results {}", username); + println!("Message EMET Block"); + println!("Command {}", command); + println!("Results {}", text); + println!("Results {}", username); + } } None => { println!("Warning: EMET Message field is blank. Install EMET locally to see full details of this alert");