Security module Implemented without 4674

2020-10-04 18:37:05 +09:00
parent d883def462
commit ca56063f12
3 changed files with 330 additions and 94 deletions
@@ -39,7 +39,7 @@ pub struct System {
    #[serde(rename = "EventID")]
    pub event_id: String,
    #[serde(rename = "Version")]
-    version: Option<String>,
+    pub version: Option<String>,
    #[serde(rename = "Level")]
    level: String,
    #[serde(rename = "Task")]
@@ -72,12 +72,32 @@ pub struct EventData {
    pub data: Option<Vec<Data>>,
 }

+#[derive(Debug, Deserialize, PartialEq)]
+pub struct UserData {
+    #[serde(rename = "LogFileCleared")]
+    pub log_file_cleared: Option<LogFileCleared>,
+}
+
+#[derive(Debug, Deserialize, PartialEq)]
+pub struct LogFileCleared {
+    #[serde(rename = "SubjectUserSid")]
+    pub subject_user_sid: Option<String>,
+    #[serde(rename = "SubjectUserName")]
+    pub subject_user_name: Option<String>,
+    #[serde(rename = "SubjectDomainName")]
+    pub subject_domain_name: Option<String>,
+    #[serde(rename = "SubjectLogonId")]
+    pub subject_logon_id: Option<String>,
+}
+
 #[derive(Debug, Deserialize, PartialEq)]
 pub struct Evtx {
    #[serde(rename = "System")]
    pub system: System,
    #[serde(rename = "EventData")]
    pub event_data: Option<EventData>,
+    #[serde(rename = "UserData")]
+    pub user_data: Option<UserData>,
 }

 impl Evtx {