add view event frequency timeline option (#567)

* added option visual-timeline option #566

* updated readme #566

* updated changelog #566

* updated rules

* cargo fmt

* change --visual-timeline to --visualize-timeline

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>

src/afterfact.rs

@@ -128,7 +128,6 @@ fn _print_timeline_hist(timestamps: Vec<i64>, length: usize, side_margin_size: u
 
     let title = "Event Frequency Timeline";
     let header_row_space = (length - title.len()) / 2;
-    println!();
     writeln!(wtr, "{}{}", " ".repeat(header_row_space), title).ok();
     println!();
 
@@ -354,9 +353,17 @@ fn emit_csv<W: std::io::Write>(
         Some((Width(w), _)) => w as usize,
         None => 100,
     };
-
-    _print_timeline_hist(timestamps, terminal_width, 3);
     println!();
+
+    if configs::CONFIG
+        .read()
+        .unwrap()
+        .args
+        .is_present("visualize-timeline")
+    {
+        _print_timeline_hist(timestamps, terminal_width, 3);
+        println!();
+    }
     let reducted_record_cnt: u128 = all_record_cnt - detected_record_idset.len() as u128;
     let reducted_percent = if all_record_cnt == 0 {
         0 as f64

src/detections/configs.rs

@@ -78,6 +78,7 @@ fn build_app<'a>() -> ArgMatches<'a> {
     --all-tags 'Output all tags when saving to a CSV file.'
     -R, --display-record-id 'Display EventRecordID.'
     -v, --verbose 'Output verbose information.'
+    -V, --visualize-timeline 'Output event frequency timeline.'
     -D, --enable-deprecated-rules 'Enable rules marked as deprecated.'
     -n, --enable-noisy-rules 'Enable rules marked as noisy.'
     -u, --update-rules 'Update to the latest rules in the hayabusa-rules github repository.'