Unified output one table with -s and -d option #707

- 1. [x] Unified output one table with -s and -d option - 2. [] add channel column to table output - 3. [] Remove First Timestamp and Last Timestamp with -d option - 4. [] Output csv with -o and -s option - 5. [x] Separete two column Count and Percent - 6. [x] change table format output crate from prettytable-rs to comfy_table.
2022-09-28 22:48:52 +09:00
parent 06c4e56842
commit cdfdd62a5c
3 changed files with 14 additions and 10 deletions
--- a/src/main.rs
+++ b/src/main.rs
@@ -656,15 +656,22 @@ impl App {
        self.rule_keys = self.get_all_keys(&rule_files);
        let mut detection = detection::Detection::new(rule_files);
        let mut total_records: usize = 0;
+        let mut tl = Timeline::new();
        for evtx_file in evtx_files {
            if configs::CONFIG.read().unwrap().args.verbose {
                println!("Checking target evtx FilePath: {:?}", &evtx_file);
            }
            let cnt_tmp: usize;
-            (detection, cnt_tmp) = self.analysis_file(evtx_file, detection, time_filter);
+            (detection, cnt_tmp, tl) = self.analysis_file(evtx_file, detection, time_filter, tl.clone());
            total_records += cnt_tmp;
            pb.inc();
        }
+        if *METRICS_FLAG {
+            tl.tm_stats_dsp_msg();
+        } 
+        if *LOGONSUMMARY_FLAG {
+            tl.tm_logon_stats_dsp_msg();
+        }
        if configs::CONFIG.read().unwrap().args.output.is_some() {
            println!();
            println!();
@@ -683,15 +690,15 @@ impl App {
        evtx_filepath: PathBuf,
        mut detection: detection::Detection,
        time_filter: &TargetEventTime,
-    ) -> (detection::Detection, usize) {
+        mut tl: Timeline
+    ) -> (detection::Detection, usize, Timeline) {
        let path = evtx_filepath.display();
        let parser = self.evtx_to_jsons(evtx_filepath.clone());
        let mut record_cnt = 0;
        if parser.is_none() {
-            return (detection, record_cnt);
+            return (detection, record_cnt, tl);
        }

-        let mut tl = Timeline::new();
        let mut parser = parser.unwrap();
        let mut records = parser.records_json_value();

@@ -760,10 +767,7 @@ impl App {
            }
        }

-        tl.tm_stats_dsp_msg();
-        tl.tm_logon_stats_dsp_msg();
-
-        (detection, record_cnt)
+        (detection, record_cnt, tl)
    }

    async fn create_rec_infos(
--- a/src/timeline/metrics.rs
+++ b/src/timeline/metrics.rs
@@ -2,7 +2,7 @@ use crate::detections::message::{LOGONSUMMARY_FLAG, METRICS_FLAG};
 use crate::detections::{detection::EvtxRecordInfo, utils};
 use hashbrown::HashMap;

-#[derive(Debug)]
+#[derive(Debug, Clone)]
 pub struct EventMetrics {
    pub total: usize,
    pub filepath: String,
--- a/src/timeline/timelines.rs
+++ b/src/timeline/timelines.rs
@@ -7,7 +7,7 @@ use comfy_table::presets::UTF8_FULL;
 use super::metrics::EventMetrics;
 use hashbrown::HashMap;

-#[derive(Debug)]
+#[derive(Debug, Clone)]
 pub struct Timeline {
    pub stats: EventMetrics,
 }