added feature of tag output reducing to agg condition #477 (#488)

2022-04-14 21:32:22 +09:00
parent 9da46b90a8
commit d4aec68d3b
1 changed files with 2 additions and 1 deletions
--- a/src/detections/detection.rs
+++ b/src/detections/detection.rs
@@ -237,7 +237,8 @@ impl Detection {
            .as_vec()
            .unwrap_or(&Vec::default())
            .iter()
-            .map(|info| info.as_str().unwrap_or("").replace("attack.", ""))
+            .filter_map(|info| TAGS_CONFIG.get(info.as_str().unwrap_or(&String::default())))
+            .map(|str| str.to_owned())
            .collect();
        let output = Detection::create_count_output(rule, &agg_result);
        let rec_info = if configs::CONFIG.read().unwrap().args.is_present("full-data") {