From e207a9e7b298d859436efa1cb4cb5738e1d54532 Mon Sep 17 00:00:00 2001 From: DastInDark <2350416+hitenkoku@users.noreply.github.com> Date: Sun, 31 Jul 2022 12:11:44 +0900 Subject: [PATCH] To avoid confuse ,Unified quote of profile file in config folder to double quote #165 --- config/default_profile.yaml | 26 ++++----- config/profiles.yaml | 74 +++++++++++++------------- test_files/config/default_profile.yaml | 26 ++++----- test_files/config/profiles.yaml | 74 +++++++++++++------------- 4 files changed, 100 insertions(+), 100 deletions(-) diff --git a/config/default_profile.yaml b/config/default_profile.yaml index 3345562f..cafd59e9 100644 --- a/config/default_profile.yaml +++ b/config/default_profile.yaml @@ -1,14 +1,14 @@ --- -Timestamp: '%Timestamp%' -Computer: '%Computer%' -Channel: '%Channel%' -Level: '%Level%' -EventID: '%EventID%' -MitreAttack: '%MitreAttack%' -RecordID: '%RecordID%' -RuleTitle: '%RuleTitle%' -Details: '%Details%' -RecordInformation: '%RecordInformation%' -RuleFile: '%RuleFile%' -EvtxFile: '%EvtxFile%' -Tags: '%MitreAttack%' +Timestamp: "%Timestamp%" +Computer: "%Computer%" +Channel: "%Channel%" +Level: "%Level%" +EventID: "%EventID%" +MitreAttack: "%MitreAttack%" +RecordID: "%RecordID%" +RuleTitle: "%RuleTitle%" +Details: "%Details%" +RecordInformation: "%RecordInformation%" +RuleFile: "%RuleFile%" +EvtxFile: "%EvtxFile%" +Tags: "%MitreAttack%" \ No newline at end of file diff --git a/config/profiles.yaml b/config/profiles.yaml index 24ad1419..5229ccbb 100644 --- a/config/profiles.yaml +++ b/config/profiles.yaml @@ -1,44 +1,44 @@ minimal: - Timestamp: '%Timestamp%' - Computer: '%Computer%' - Channel: '%Channel%' - EventID: '%EventID%' - Level: '%Level%' - RuleTitle: '%RuleTitle%' - Details: '%Details%' + Timestamp: "%Timestamp%" + Computer: "%Computer%" + Channel: "%Channel%" + EventID: "%EventID%" + Level: "%Level%" + RuleTitle: "%RuleTitle%" + Details: "%Details%" default: - Timestamp: '%Timestamp%' - Computer: '%Computer%' - Channel: '%Channel%' - EventID: '%EventID%' - Level: '%Level%' - Tags: '%MitreAttack%' - RecordID: '%RecordID%' - RuleTitle: '%RuleTitle%' - Details: '%Details%' + Timestamp: "%Timestamp%" + Computer: "%Computer%" + Channel: "%Channel%" + EventID: "%EventID%" + Level: "%Level%" + Tags: "%MitreAttack%" + RecordID: "%RecordID%" + RuleTitle: "%RuleTitle%" + Details: "%Details%" verbose-1: - Timestamp: '%Timestamp%' - Computer: '%Computer%' - Channel: '%Channel%' - EventID: '%EventID%' - Level: '%Level%' - Tags: '%MitreAttack%' - RecordID: '%RecordID%' - RuleTitle: '%RuleTitle%' - Details: '%Details%' - RulePath: '%RulePath%' - FilePath: '%FilePath%' + Timestamp: "%Timestamp%" + Computer: "%Computer%" + Channel: "%Channel%" + EventID: "%EventID%" + Level: "%Level%" + Tags: "%MitreAttack%" + RecordID: "%RecordID%" + RuleTitle: "%RuleTitle%" + Details: "%Details%" + RulePath: "%RulePath%" + FilePath: "%FilePath%" verbose-2: - Timestamp: '%Timestamp%' - Computer: '%Computer%' - Channel: '%Channel%' - EventID: '%EventID%' - Level: '%Level%' - Tags: '%MitreAttack%' - RecordID: '%RecordID%' - RuleTitle: '%RuleTitle%' - Details: '%Details%' - AllFieldInfo: '%RecordInformation%' \ No newline at end of file + Timestamp: "%Timestamp%" + Computer: "%Computer%" + Channel: "%Channel%" + EventID: "%EventID%" + Level: "%Level%" + Tags: "%MitreAttack%" + RecordID: "%RecordID%" + RuleTitle: "%RuleTitle%" + Details: "%Details%" + AllFieldInfo: "%RecordInformation%" \ No newline at end of file diff --git a/test_files/config/default_profile.yaml b/test_files/config/default_profile.yaml index fc20bf69..a643554a 100644 --- a/test_files/config/default_profile.yaml +++ b/test_files/config/default_profile.yaml @@ -1,13 +1,13 @@ -Timestamp: '%Timestamp%' -Computer: '%Computer%' -Channel: '%Channel%' -Level: '%Level%' -EventID: '%EventID%' -MitreAttack: '%MitreAttack%' -RecordID: '%RecordID%' -RuleTitle: '%RuleTitle%' -Details: '%Details%' -RecordInformation: '%RecordInformation%' -RuleFile: '%RuleFile%' -EvtxFile: '%EvtxFile%' -Tags: '%MitreAttack%' +Timestamp: "%Timestamp%" +Computer: "%Computer%" +Channel: "%Channel%" +Level: "%Level%" +EventID: "%EventID%" +MitreAttack: "%MitreAttack%" +RecordID: "%RecordID%" +RuleTitle: "%RuleTitle%" +Details: "%Details%" +RecordInformation: "%RecordInformation%" +RuleFile: "%RuleFile%" +EvtxFile: "%EvtxFile%" +Tags: "%MitreAttack%" diff --git a/test_files/config/profiles.yaml b/test_files/config/profiles.yaml index 24ad1419..5229ccbb 100644 --- a/test_files/config/profiles.yaml +++ b/test_files/config/profiles.yaml @@ -1,44 +1,44 @@ minimal: - Timestamp: '%Timestamp%' - Computer: '%Computer%' - Channel: '%Channel%' - EventID: '%EventID%' - Level: '%Level%' - RuleTitle: '%RuleTitle%' - Details: '%Details%' + Timestamp: "%Timestamp%" + Computer: "%Computer%" + Channel: "%Channel%" + EventID: "%EventID%" + Level: "%Level%" + RuleTitle: "%RuleTitle%" + Details: "%Details%" default: - Timestamp: '%Timestamp%' - Computer: '%Computer%' - Channel: '%Channel%' - EventID: '%EventID%' - Level: '%Level%' - Tags: '%MitreAttack%' - RecordID: '%RecordID%' - RuleTitle: '%RuleTitle%' - Details: '%Details%' + Timestamp: "%Timestamp%" + Computer: "%Computer%" + Channel: "%Channel%" + EventID: "%EventID%" + Level: "%Level%" + Tags: "%MitreAttack%" + RecordID: "%RecordID%" + RuleTitle: "%RuleTitle%" + Details: "%Details%" verbose-1: - Timestamp: '%Timestamp%' - Computer: '%Computer%' - Channel: '%Channel%' - EventID: '%EventID%' - Level: '%Level%' - Tags: '%MitreAttack%' - RecordID: '%RecordID%' - RuleTitle: '%RuleTitle%' - Details: '%Details%' - RulePath: '%RulePath%' - FilePath: '%FilePath%' + Timestamp: "%Timestamp%" + Computer: "%Computer%" + Channel: "%Channel%" + EventID: "%EventID%" + Level: "%Level%" + Tags: "%MitreAttack%" + RecordID: "%RecordID%" + RuleTitle: "%RuleTitle%" + Details: "%Details%" + RulePath: "%RulePath%" + FilePath: "%FilePath%" verbose-2: - Timestamp: '%Timestamp%' - Computer: '%Computer%' - Channel: '%Channel%' - EventID: '%EventID%' - Level: '%Level%' - Tags: '%MitreAttack%' - RecordID: '%RecordID%' - RuleTitle: '%RuleTitle%' - Details: '%Details%' - AllFieldInfo: '%RecordInformation%' \ No newline at end of file + Timestamp: "%Timestamp%" + Computer: "%Computer%" + Channel: "%Channel%" + EventID: "%EventID%" + Level: "%Level%" + Tags: "%MitreAttack%" + RecordID: "%RecordID%" + RuleTitle: "%RuleTitle%" + Details: "%Details%" + AllFieldInfo: "%RecordInformation%" \ No newline at end of file