Regex filename change (#291)

* update rule config files and art

* regexサンプルファイルの名前変更

* fixed test error due to filename change #291

Co-authored-by: DustInDark <nextsasasa@gmail.com>

src/detections/rule/matchers.rs

@@ -538,8 +538,8 @@ mod tests {
                     - ホスト アプリケーション
                 ImagePath:
                     min_length: 1234321
-                    regexes: ./config/regex/regexes_suspicous_service.txt
-                    allowlist: ./config/regex/allowlist_legimate_serviceimage.txt
+                    regexes: ./config/regex/detectlist_suspicous_services.txt
+                    allowlist: ./config/regex/allowlist_legitimate_services.txt
         falsepositives:
             - unknown
         level: medium
@@ -1165,7 +1165,7 @@ mod tests {
             selection:
                 EventID: 4103
                 Channel:
-                    - allowlist: ./config/regex/allowlist_legimate_serviceimage.txt
+                    - allowlist: ./config/regex/allowlist_legitimate_services.txt
         output: 'command=%CommandLine%'
         "#;
 
@@ -1202,7 +1202,7 @@ mod tests {
             selection:
                 EventID: 4103
                 Channel:
-                    - allowlist: ./config/regex/allowlist_legimate_serviceimage.txt
+                    - allowlist: ./config/regex/allowlist_legitimate_services.txt
         output: 'command=%CommandLine%'
         "#;
 
@@ -1239,7 +1239,7 @@ mod tests {
             selection:
                 EventID: 4103
                 Channel:
-                    - allowlist: ./config/regex/allowlist_legimate_serviceimage.txt
+                    - allowlist: ./config/regex/allowlist_legitimate_services.txt
         output: 'command=%CommandLine%'
         "#;
 

src/detections/utils.rs

@@ -192,7 +192,7 @@ mod tests {
 
     #[test]
     fn test_check_regex() {
-        let regexes = utils::read_txt("./config/regex/regexes_suspicous_service.txt")
+        let regexes = utils::read_txt("./config/regex/detectlist_suspicous_services.txt")
             .unwrap()
             .into_iter()
             .map(|regex_str| Regex::new(&regex_str).unwrap())
@@ -207,7 +207,7 @@ mod tests {
     #[test]
     fn test_check_allowlist() {
         let commandline = "\"C:\\Program Files\\Google\\Update\\GoogleUpdate.exe\"";
-        let allowlist = utils::read_txt("./config/regex/allowlist_legimate_serviceimage.txt")
+        let allowlist = utils::read_txt("./config/regex/allowlist_legitimate_services.txt")
             .unwrap()
             .into_iter()
             .map(|allow_str| Regex::new(&allow_str).unwrap())