CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fixed level data when detected by aggregation rule

Browse Source
This commit is contained in:
DustInDark
2022-08-01 19:38:11 +09:00
parent 8f4eb848e3
commit bd8ae3101e
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/detections/detection.rs
View File

@@ -424,7 +424,7 @@ impl Detection {
let detect_info = DetectInfo { let detect_info = DetectInfo {
rulepath: (&rule.rulepath).to_owned(), rulepath: (&rule.rulepath).to_owned(),
level: rule.yaml["level"].as_str().unwrap_or("").to_owned(), level: LEVEL_ABBR.get(&level).unwrap_or(&level).to_string(),
computername: "-".to_owned(), computername: "-".to_owned(),
eventid: "-".to_owned(), eventid: "-".to_owned(),
detail: output, detail: output,

2
src/detections/message.rs
View File

@@ -165,7 +165,7 @@ pub fn insert(
for (k, v) in &detect_info.ext_field { for (k, v) in &detect_info.ext_field {
let converted_reserve_info = convert_profile_reserved_info(v, profile_converter); let converted_reserve_info = convert_profile_reserved_info(v, profile_converter);
if v == "%RecordInformation%" { if v == "%RecordInformation%" {
tmp_converted_info.insert(k.to_owned(), converted_reserve_info); tmp_converted_info.insert(k.to_owned(), v.to_owned());
} else { } else {
tmp_converted_info.insert( tmp_converted_info.insert(
k.to_owned(), k.to_owned(),