CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Feature/improve parallel processing (#622)

Browse Source 
* WIP until imple debug trait for dashmap

* change filename print.rs to message.rs

* implement debug for DashMap but member is private. So I cannot Implemented.

* I deleted debug for DashMap

* sorted datetime of dashmap

* delete the unnessesary comment
This commit is contained in:
kazuminn
2022-07-14 12:33:58 +09:00
committed by GitHub
parent 2eaa9fb19b
commit bb6717f7cc
16 changed files with 668 additions and 813 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
src/detections/detection.rs
View File

@@ -4,15 +4,14 @@ use crate::detections::configs;
use crate::detections::utils::write_color_buffer;
use termcolor::{BufferWriter, Color, ColorChoice};
use crate::detections::pivot::insert_pivot_keyword;
use crate::detections::print::AlertMessage;
use crate::detections::print::DetectInfo;
use crate::detections::print::ERROR_LOG_STACK;
use crate::detections::print::MESSAGES;
use crate::detections::print::{CH_CONFIG, DEFAULT_DETAILS, IS_HIDE_RECORD_ID, TAGS_CONFIG};
use crate::detections::print::{
use crate::detections::message::AlertMessage;
use crate::detections::message::DetectInfo;
use crate::detections::message::ERROR_LOG_STACK;
use crate::detections::message::{CH_CONFIG, DEFAULT_DETAILS, IS_HIDE_RECORD_ID, TAGS_CONFIG};
use crate::detections::message::{
LOGONSUMMARY_FLAG, PIVOT_KEYWORD_LIST_FLAG, QUIET_ERRORS_FLAG, STATISTICS_FLAG,
};
use crate::detections::pivot::insert_pivot_keyword;
use crate::detections::rule;
use crate::detections::rule::AggResult;
use crate::detections::rule::RuleNode;
@@ -27,6 +26,8 @@ use std::path::Path;
use std::sync::Arc;
use tokio::{runtime::Runtime, spawn, task::JoinHandle};
use super::message;
// イベントファイルの1レコード分の情報を保持する構造体
#[derive(Clone, Debug)]
pub struct EvtxRecordInfo {
@@ -268,7 +269,7 @@ impl Detection {
record_information: opt_record_info,
record_id: rec_id,
};
MESSAGES.lock().unwrap().insert(
message::insert(
&record_info.record,
rule.yaml["details"]
.as_str()
@@ -312,10 +313,7 @@ impl Detection {
record_id: rec_id,
};
MESSAGES
.lock()
.unwrap()
.insert_message(detect_info, agg_result.start_timedate)
message::insert_message(detect_info, agg_result.start_timedate)
}
///aggregation conditionのcount部分の検知出力文の文字列を返す関数