CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fixed output format

Browse Source
This commit is contained in:
DustInDark
2022-08-03 09:22:46 +09:00
parent e54acfe24a
commit d60ed0e62c
2 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/detections/detection.rs
View File

@@ -276,12 +276,12 @@ impl Detection {
profile_converter.insert("%EventID%".to_string(), eid.to_owned());
}
"%MitreAttack%" => {
profile_converter.insert("%MitreAttack%".to_string(), tag_info.join(" | "));
profile_converter.insert("%MitreAttack%".to_string(), tag_info.join(" : "));
}
"%RecordID%" => {
profile_converter.insert(
"%RecordID%".to_string(),
rec_id.as_ref().unwrap_or(&"-".to_string()).to_owned(),
rec_id.as_ref().unwrap_or(&"".to_string()).to_owned(),
);
}
"%RuleTitle%" => {
@@ -387,10 +387,10 @@ impl Detection {
profile_converter.insert("%EventID%".to_string(), "-".to_owned());
}
"%MitreAttack%" => {
profile_converter.insert("%MitreAttack%".to_owned(), tag_info.join(" | "));
profile_converter.insert("%MitreAttack%".to_owned(), tag_info.join(" : "));
}
"%RecordID%" => {
profile_converter.insert("%RecordID%".to_string(), "-".to_owned());
profile_converter.insert("%RecordID%".to_string(), "".to_owned());
}
"%RuleTitle%" => {
profile_converter.insert(

2
src/detections/message.rs
View File

@@ -164,7 +164,7 @@ pub fn insert(
let mut tmp_converted_info: LinkedHashMap<String, String> = LinkedHashMap::new();
for (k, v) in &detect_info.ext_field {
let converted_reserve_info = convert_profile_reserved_info(v, profile_converter);
if v == "%RecordInformation%" {
if v.contains("%RecordInformation%") || v.contains("%Details%") {
tmp_converted_info.insert(k.to_owned(), converted_reserve_info);
} else {
tmp_converted_info.insert(