CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fixed rulepath and evtxpath to adjust #625 change #165

Browse Source
This commit is contained in:
DastInDark
2022-07-31 13:30:56 +09:00
parent 3a8b58d048
commit c36e4e8e6f
4 changed files with 32 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
src/detections/detection.rs
View File

@@ -299,11 +299,26 @@ impl Detection {
);
}
"%RuleFile%" => {
profile_converter.insert(format!("%{}%", k), (&rule.rulepath).to_owned());
profile_converter.insert(
format!("%{}%", k),
Path::new(&rule.rulepath)
.file_name()
.unwrap_or_default()
.to_str()
.unwrap_or_default()
.to_string(),
);
}
"%EvtxFile%" => {
profile_converter
.insert(format!("%{}%", k), record_info.evtx_filepath.to_string());
profile_converter.insert(
format!("%{}%", k),
Path::new(&record_info.evtx_filepath)
.file_name()
.unwrap_or_default()
.to_str()
.unwrap_or_default()
.to_string(),
);
}
_ => {}
}
@@ -388,7 +403,15 @@ impl Detection {
profile_converter.insert(format!("%{}%", k), "-".to_owned());
}
"%RuleFile%" => {
profile_converter.insert(format!("%{}%", k), (&rule.rulepath).to_owned());
profile_converter.insert(
format!("%{}%", k),
Path::new(&rule.rulepath)
.file_name()
.unwrap_or_default()
.to_str()
.unwrap_or_default()
.to_string(),
);
}
"%EvtxFile%" => {
profile_converter.insert(format!("%{}%", k), "-".to_owned());