fixed level data when detected by aggregation rule

2022-08-01 19:38:11 +09:00
parent 8f4eb848e3
commit bd8ae3101e
2 changed files with 2 additions and 2 deletions
--- a/src/detections/detection.rs
+++ b/src/detections/detection.rs
@@ -424,7 +424,7 @@ impl Detection {

        let detect_info = DetectInfo {
            rulepath: (&rule.rulepath).to_owned(),
-            level: rule.yaml["level"].as_str().unwrap_or("").to_owned(),
+            level: LEVEL_ABBR.get(&level).unwrap_or(&level).to_string(),
            computername: "-".to_owned(),
            eventid: "-".to_owned(),
            detail: output,
--- a/src/detections/message.rs
+++ b/src/detections/message.rs
@@ -165,7 +165,7 @@ pub fn insert(
    for (k, v) in &detect_info.ext_field {
        let converted_reserve_info = convert_profile_reserved_info(v, profile_converter);
        if v == "%RecordInformation%" {
-            tmp_converted_info.insert(k.to_owned(), converted_reserve_info);
+            tmp_converted_info.insert(k.to_owned(), v.to_owned());
        } else {
            tmp_converted_info.insert(
                k.to_owned(),