CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #325 from Yamato-Security/fix/header_name_fix#320

Browse Source 
changed output header #320
This commit is contained in:
Yamato Security
2021-12-22 11:09:02 +09:00
committed by GitHub
parent feb1315ea0 a0cc36c67e
commit f54985075b
1 changed files with 22 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
src/afterfact.rs
View File

@@ -12,24 +12,24 @@ use std::process;
#[derive(Debug, Serialize)] #[derive(Debug, Serialize)]
#[serde(rename_all = "PascalCase")] #[serde(rename_all = "PascalCase")]
pub struct CsvFormat<'a> { pub struct CsvFormat<'a> {
time: &'a str, timestamp: &'a str,
computername: &'a str, computer: &'a str,
eventid: &'a str, event_i_d: &'a str,
level: &'a str, level: &'a str,
alert: &'a str, rule_title: &'a str,
details: &'a str, details: &'a str,
rulepath: &'a str, rule_path: &'a str,
filepath: &'a str, file_path: &'a str,
} }
#[derive(Debug, Serialize)] #[derive(Debug, Serialize)]
#[serde(rename_all = "PascalCase")] #[serde(rename_all = "PascalCase")]
pub struct DisplayFormat<'a> { pub struct DisplayFormat<'a> {
time: &'a str, timestamp: &'a str,
computername: &'a str, computer: &'a str,
eventid: &'a str, event_i_d: &'a str,
level: &'a str, level: &'a str,
alert: &'a str, rule_title: &'a str,
details: &'a str, details: &'a str,
} }
@@ -89,23 +89,23 @@ fn emit_csv<W: std::io::Write>(writer: &mut W, displayflag: bool) -> io::Result<
for detect_info in detect_infos { for detect_info in detect_infos {
if displayflag { if displayflag {
wtr.serialize(DisplayFormat { wtr.serialize(DisplayFormat {
time: &format!("{} ", &format_time(time)), timestamp: &format!("{} ", &format_time(time)),
level: &format!(" {} ", &detect_info.level), level: &format!(" {} ", &detect_info.level),
computername: &format!(" {} ", &detect_info.computername), computer: &format!(" {} ", &detect_info.computername),
eventid: &format!(" {} ", &detect_info.eventid), event_i_d: &format!(" {} ", &detect_info.eventid),
alert: &format!(" {} ", &detect_info.alert), rule_title: &format!(" {} ", &detect_info.alert),
details: &format!(" {}", &detect_info.detail), details: &format!(" {}", &detect_info.detail),
})?; })?;
} else { } else {
// csv出力時フォーマット // csv出力時フォーマット
wtr.serialize(CsvFormat { wtr.serialize(CsvFormat {
time: &format_time(time), timestamp: &format_time(time),
filepath: &detect_info.filepath, file_path: &detect_info.filepath,
rulepath: &detect_info.rulepath, rule_path: &detect_info.rulepath,
level: &detect_info.level, level: &detect_info.level,
computername: &detect_info.computername, computer: &detect_info.computername,
eventid: &detect_info.eventid, event_i_d: &detect_info.eventid,
alert: &detect_info.alert, rule_title: &detect_info.alert,
details: &detect_info.detail, details: &detect_info.detail,
})?; })?;
} }
@@ -243,7 +243,7 @@ mod tests {
.datetime_from_str("1996-02-27T01:05:01Z", "%Y-%m-%dT%H:%M:%SZ") .datetime_from_str("1996-02-27T01:05:01Z", "%Y-%m-%dT%H:%M:%SZ")
.unwrap(); .unwrap();
let expect_tz = expect_time.with_timezone(&Local); let expect_tz = expect_time.with_timezone(&Local);
let expect = "Time,Computername,Eventid,Level,Alert,Details,Rulepath,Filepath\n" let expect = "Timestamp,Computer,EventID,Level,RuleTitle,Details,RulePath,FilePath\n"
.to_string() .to_string()
+ &expect_tz + &expect_tz
.clone() .clone()
@@ -319,7 +319,7 @@ mod tests {
.datetime_from_str("1996-02-27T01:05:01Z", "%Y-%m-%dT%H:%M:%SZ") .datetime_from_str("1996-02-27T01:05:01Z", "%Y-%m-%dT%H:%M:%SZ")
.unwrap(); .unwrap();
let expect_tz = expect_time.with_timezone(&Local); let expect_tz = expect_time.with_timezone(&Local);
let expect = "Time|Computername|Eventid|Level|Alert|Details\n".to_string() let expect = "Timestamp|Computer|EventID|Level|RuleTitle|Details\n".to_string()
+ &expect_tz + &expect_tz
.clone() .clone()
.format("%Y-%m-%d %H:%M:%S%.3f %:z") .format("%Y-%m-%d %H:%M:%S%.3f %:z")