CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fixed output format

Browse Source
This commit is contained in:
DustInDark
2022-08-03 09:22:46 +09:00
parent e54acfe24a
commit d60ed0e62c
2 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/detections/detection.rs
View File

@@ -276,12 +276,12 @@ impl Detection {
profile_converter.insert("%EventID%".to_string(), eid.to_owned()); profile_converter.insert("%EventID%".to_string(), eid.to_owned());
} }
"%MitreAttack%" => { "%MitreAttack%" => {
profile_converter.insert("%MitreAttack%".to_string(), tag_info.join(" | ")); profile_converter.insert("%MitreAttack%".to_string(), tag_info.join(" : "));
} }
"%RecordID%" => { "%RecordID%" => {
profile_converter.insert( profile_converter.insert(
"%RecordID%".to_string(), "%RecordID%".to_string(),
rec_id.as_ref().unwrap_or(&"-".to_string()).to_owned(), rec_id.as_ref().unwrap_or(&"".to_string()).to_owned(),
); );
} }
"%RuleTitle%" => { "%RuleTitle%" => {
@@ -387,10 +387,10 @@ impl Detection {
profile_converter.insert("%EventID%".to_string(), "-".to_owned()); profile_converter.insert("%EventID%".to_string(), "-".to_owned());
} }
"%MitreAttack%" => { "%MitreAttack%" => {
profile_converter.insert("%MitreAttack%".to_owned(), tag_info.join(" | ")); profile_converter.insert("%MitreAttack%".to_owned(), tag_info.join(" : "));
} }
"%RecordID%" => { "%RecordID%" => {
profile_converter.insert("%RecordID%".to_string(), "-".to_owned()); profile_converter.insert("%RecordID%".to_string(), "".to_owned());
} }
"%RuleTitle%" => { "%RuleTitle%" => {
profile_converter.insert( profile_converter.insert(

2
src/detections/message.rs
View File

@@ -164,7 +164,7 @@ pub fn insert(
let mut tmp_converted_info: LinkedHashMap<String, String> = LinkedHashMap::new(); let mut tmp_converted_info: LinkedHashMap<String, String> = LinkedHashMap::new();
for (k, v) in &detect_info.ext_field { for (k, v) in &detect_info.ext_field {
let converted_reserve_info = convert_profile_reserved_info(v, profile_converter); let converted_reserve_info = convert_profile_reserved_info(v, profile_converter);
if v == "%RecordInformation%" { if v.contains("%RecordInformation%") || v.contains("%Details%") {
tmp_converted_info.insert(k.to_owned(), converted_reserve_info); tmp_converted_info.insert(k.to_owned(), converted_reserve_info);
} else { } else {
tmp_converted_info.insert( tmp_converted_info.insert(