From bd483ee6b69c01d117f3dc4f2b7b7b694b114631 Mon Sep 17 00:00:00 2001 From: siamease Date: Sun, 25 Oct 2020 01:01:19 +0900 Subject: [PATCH] fix --- src/detections/sysmon.rs | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/src/detections/sysmon.rs b/src/detections/sysmon.rs index 7ce01b93..628bba17 100644 --- a/src/detections/sysmon.rs +++ b/src/detections/sysmon.rs @@ -1,5 +1,5 @@ -use crate::models::event; use crate::detections::utils::check_command; +use crate::models::event; use std::collections::HashMap; use std::fs::File; use std::io::prelude::*; @@ -12,7 +12,7 @@ impl Sysmon { pub fn new() -> Sysmon { Sysmon { //checkunsigned: 0, // DeepBlueでは0固定 - checkunsigned: 1, // 開発用に1 + checkunsigned: 1, // 開発用に1 (configから設定可能になる予定) } } @@ -37,14 +37,16 @@ impl Sysmon { } println!("Log : Sysmon"); let minlength = 1000; - let mut f = File::open("whitelist.txt").expect("file not found"); - let mut contents = String::new(); - f.read_to_string(&mut contents); - let rdr = csv::Reader::from_reader(contents.as_bytes()); + //let mut f = File::open("whitelist.txt").expect("file not found"); + //let mut contents = String::new(); + //f.read_to_string(&mut contents); + //let rdr = csv::Reader::from_reader(contents.as_bytes()); if let Some(_creater) = event_data.get("ParentImage") { - check_command(1, _command_line, minlength, 0, "", _creater, rdr); + //check_command(1, _command_line, minlength, 0, "", _creater, rdr); + check_command(1, _command_line, minlength, 0, "", _creater); } else { - check_command(1, _command_line, minlength, 0, "", "", rdr); + //check_command(1, _command_line, minlength, 0, "", "", rdr); + check_command(1, _command_line, minlength, 0, "", ""); } } }