From dc2e55cc9f3fdb8ab78553c71a2d09e6fe7178cb Mon Sep 17 00:00:00 2001
From: Your Name <you@example.com>
Date: Mon, 5 Oct 2020 09:08:32 +0900
Subject: [PATCH] refactor

---
 src/detections/detection.rs |  7 +------
 src/detections/security.rs  | 13 ++++++++-----
 2 files changed, 9 insertions(+), 11 deletions(-)

diff --git a/src/detections/detection.rs b/src/detections/detection.rs
index ae5899fb..25a6864b 100644
--- a/src/detections/detection.rs
+++ b/src/detections/detection.rs
@@ -38,12 +38,7 @@ impl Detection {
                     &common.detection(&event.system, &event_data);
                     //&common.detection(&event.system, &event_data);
                     if channel == "Security" {
-                        &security.detection(
-                            event_id,
-                            &event.system,
-                            &event.user_data.as_ref(),
-                            event_data,
-                        );
+                        &security.detection(event_id, &event.system, &event.user_data, event_data);
                     } else if channel == "System" {
                         &system.detection(event_id, &event.system, event_data);
                     } else if channel == "Application" {
diff --git a/src/detections/security.rs b/src/detections/security.rs
index 6dc4be1c..9c0eb7f4 100644
--- a/src/detections/security.rs
+++ b/src/detections/security.rs
@@ -66,7 +66,7 @@ impl Security {
         &mut self,
         event_id: String,
         _system: &event::System,
-        user_data: &Option<&event::UserData>,
+        user_data: &Option<event::UserData>,
         event_data: HashMap<String, String>,
     ) {
         self.process_craeted(&event_id, &event_data);
@@ -287,16 +287,19 @@ impl Security {
         self.passspray_2_user = HashMap::new();
     }
 
-    fn audit_log_cleared(&mut self, event_id: &String, user_data: &Option<&event::UserData>) {
+    fn audit_log_cleared(&mut self, event_id: &String, user_data: &Option<event::UserData>) {
         if event_id != "1102" {
             return;
         }
 
         println!("Audit Log Clear");
         println!("The Audit log was cleared.");
-        user_data.and_then(|u| u.log_file_cleared.as_ref());
 
-        let username = user_data.and_then(|u| u.log_file_cleared.and_then(|l| l.subject_user_name));
-        println!("Security ID: {}", username.unwrap_or("".to_string()));
+        let username = user_data.as_ref().and_then(|u| {
+            u.log_file_cleared
+                .as_ref()
+                .and_then(|l| l.subject_user_name.as_ref())
+        });
+        println!("Security ID: {}", username.unwrap_or(&"".to_string()));
     }
 }