diff --git a/CHANGELOG-Japanese.md b/CHANGELOG-Japanese.md index 2dd03c60..43c343a0 100644 --- a/CHANGELOG-Japanese.md +++ b/CHANGELOG-Japanese.md @@ -9,6 +9,7 @@ **改善:** - 結果概要に各レベルで検知した上位5つのルールを表示するようにした。 (#667) (@hitenkoku) +- 結果概要を出力しないようにするために `--no-summary` オプションを追加した。 (#672) (@hitenkoku) **バグ修正:** diff --git a/CHANGELOG.md b/CHANGELOG.md index ecd86482..00cae0f8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,7 +8,8 @@ **Enhancements:** -- Added top alert rules to results summary. (#667) (@hitenkoku) +- Added top alerts to results summary. (#667) (@hitenkoku) +- Added `--no-summary` option to not display the results summary. (#672) (@hitenkoku) **Bug Fixes:** diff --git a/README-Japanese.md b/README-Japanese.md index e2303233..f3f19cb7 100644 --- a/README-Japanese.md +++ b/README-Japanese.md @@ -392,6 +392,7 @@ OUTPUT: DISPLAY-SETTINGS: --no-color カラー出力を無効にする + --no-summary 結果概要を出力しない -q, --quiet Quietモード: 起動バナーを表示しない -v, --verbose 詳細な情報を出力する -V, --visualize-timeline イベント頻度タイムラインを出力する diff --git a/README.md b/README.md index 2a6c529d..2f2231c1 100644 --- a/README.md +++ b/README.md @@ -384,6 +384,7 @@ OUTPUT: DISPLAY-SETTINGS: --no-color Disable color output + --no-summary Do not display result summary -q, --quiet Quiet mode: do not display the launch banner -v, --verbose Output verbose information -V, --visualize-timeline Output event frequency timeline diff --git a/src/afterfact.rs b/src/afterfact.rs index 8c072e29..5ccf2725 100644 --- a/src/afterfact.rs +++ b/src/afterfact.rs @@ -326,77 +326,79 @@ fn emit_csv( } }; - disp_wtr_buf.clear(); - write_color_buffer( - &disp_wtr, - get_writable_color(Some(Color::Rgb(0, 255, 0))), - "Results Summary:", - true, - ) - .ok(); + if !configs::CONFIG.read().unwrap().args.no_summary { + disp_wtr_buf.clear(); + write_color_buffer( + &disp_wtr, + get_writable_color(Some(Color::Rgb(0, 255, 0))), + "Results Summary:", + true, + ) + .ok(); - let terminal_width = match *TERM_SIZE { - Some((Width(w), _)) => w as usize, - None => 100, - }; - println!(); - - if configs::CONFIG.read().unwrap().args.visualize_timeline { - _print_timeline_hist(timestamps, terminal_width, 3); + let terminal_width = match *TERM_SIZE { + Some((Width(w), _)) => w as usize, + None => 100, + }; println!(); + + if configs::CONFIG.read().unwrap().args.visualize_timeline { + _print_timeline_hist(timestamps, terminal_width, 3); + println!(); + } + let reducted_record_cnt: u128 = all_record_cnt - detected_record_idset.len() as u128; + let reducted_percent = if all_record_cnt == 0 { + 0 as f64 + } else { + (reducted_record_cnt as f64) / (all_record_cnt as f64) * 100.0 + }; + write_color_buffer( + &disp_wtr, + get_writable_color(None), + &format!( + "Total events: {}", + all_record_cnt.to_formatted_string(&Locale::en) + ), + true, + ) + .ok(); + write_color_buffer( + &disp_wtr, + get_writable_color(None), + &format!( + "Data reduction: {} events ({:.2}%)", + reducted_record_cnt.to_formatted_string(&Locale::en), + reducted_percent + ), + true, + ) + .ok(); + println!(); + + _print_unique_results( + total_detect_counts_by_level, + "Total".to_string(), + "detections".to_string(), + &color_map, + ); + println!(); + + _print_unique_results( + unique_detect_counts_by_level, + "Unique".to_string(), + "detections".to_string(), + &color_map, + ); + println!(); + + _print_detection_summary_by_date(detect_counts_by_date_and_level, &color_map); + println!(); + + _print_detection_summary_by_computer(detect_counts_by_computer_and_level, &color_map); + println!(); + + _print_detection_summary_by_rule(detect_counts_by_rule_and_level, &color_map); } - let reducted_record_cnt: u128 = all_record_cnt - detected_record_idset.len() as u128; - let reducted_percent = if all_record_cnt == 0 { - 0 as f64 - } else { - (reducted_record_cnt as f64) / (all_record_cnt as f64) * 100.0 - }; - write_color_buffer( - &disp_wtr, - get_writable_color(None), - &format!( - "Total events: {}", - all_record_cnt.to_formatted_string(&Locale::en) - ), - true, - ) - .ok(); - write_color_buffer( - &disp_wtr, - get_writable_color(None), - &format!( - "Data reduction: {} events ({:.2}%)", - reducted_record_cnt.to_formatted_string(&Locale::en), - reducted_percent - ), - true, - ) - .ok(); - println!(); - - _print_unique_results( - total_detect_counts_by_level, - "Total".to_string(), - "detections".to_string(), - &color_map, - ); - println!(); - - _print_unique_results( - unique_detect_counts_by_level, - "Unique".to_string(), - "detections".to_string(), - &color_map, - ); - println!(); - - _print_detection_summary_by_date(detect_counts_by_date_and_level, &color_map); - println!(); - - _print_detection_summary_by_computer(detect_counts_by_computer_and_level, &color_map); - println!(); - - _print_detection_summary_by_rule(detect_counts_by_rule_and_level, &color_map); Ok(()) } diff --git a/src/detections/configs.rs b/src/detections/configs.rs index 80a6d322..feda62a4 100644 --- a/src/detections/configs.rs +++ b/src/detections/configs.rs @@ -223,6 +223,10 @@ pub struct Config { /// Set default output profile #[clap(help_heading = Some("OTHER-ACTIONS"), long = "set-default-profile", value_name = "PROFILE")] pub set_default_profile: Option, + + /// Do not display result summary + #[clap(help_heading = Some("DISPLAY-SETTINGS"), long = "no-summary")] + pub no_summary: bool, } impl ConfigReader<'_> {