* removed no use alias #227
* changed case of object type return none #227
- serde json value is object type when alias key dont exist in detected record.
* adjust serde_number_to_string function return value change #227
* adjust yml rule to change of aliaskey_alias.txt #227
* merged same regex as static
* create new struct to reduce same output in rule and keyword warn message #227
* changed output position
* removed regression warnings #227
* removed output wanring
* Fixed a possible panic when None. #227
* added parse_message test #227
* added get_serde_number_to_string tests #227
* removed unnecessary test data part in get_serde_numuber_to_string test #227
* changed stdout result delimiter #244
* removed unnecessary space #244
* added display output test #244
- added static map clear function (only test use)
- added outputformat test case of stdout (change sequencial process in emit_csv test To prevent the contents of static variables from changing depending on the order of execution)
* fixed typo
* changed INFO to informational #237
- INFO in rule level is changed to informational
* changed level load default rule from LOW to INFORMATIONAL #238
* fixed level description in doc and help menu #238
* removed test files
* removed test check file
* Feature/call error message struct#66 (#69)
* change way to use write trait #66
* change call error message struct #66
* erase finished TODO #66
* erase comment in error message format test #66
* resolve conflict #66
* Feature/call error message struct#66 (#71)
* change ERROR writeln struct #66
* under constructing
* add statistics template
* fix
* add comment
* add condition impl #93
* fix erased get_descendants and remove unnecessaly struct #93
* erased finished TODO comment
* erased finished TODO comment
* Revert "fix erased get_descendants and remove unnecessaly struct #93"
This reverts commit 82e905e045.
Revert "add condition impl #93"
This reverts commit 19ecc87377.
* add doc comment to rule function
* fix and add test doc commet
* add doc to AggregaationParseInfo
* add struct count in aggregation condition. #93
* add evaluate aggregation condition func provisional architecture. #93
* add countup function #93
* fix key to count hashmap #93
* add judge aggregation condition function #93
* fix error #93
* fix test #93
* share compile error ver
* fix detection.rs compile error
* fix timeframe parse
* add countup process in select
* fix select argument
* add test countup
* add test count judge #93
* add SIGMA windows count field and by keyword #93
* fix reference record in countup/judgecount #93
* add timedata in countup schema #93
* Refact: split code for matcher from rule.rs
* Reafact: combine multiple declared functions
* Refact: split code for SelectionNode from rule.rs
* Refact: mv test code for SelectionNode from rule.rs
* Refact: mv condition's code from rule.rs
* add count to detection #93
* fix compile error
* fix source to test ng. #93
* erase unused variable #93
* fix count architecture #93
* fix comment and compile error
* erase dust (response to review)
* erase dust (response to review)
* reduce calling Rulenode function (response to review)
* add aggregation output func
* erase dust(response to review) and add agg condition String func
* change error output
* reduce call RuleNode function(response to review)
* To reduce call RuleNode function
* fix test name
* fix coflicted resolve miss
* add code comment in timeframe count.
* add sort record timedata in timeframe(response to review)
* fix unnecesasry result in ArgResult
* add no field and by value count test
* create count test no field and by with timeframe
* erase duplicated timeframe data in RuleNode
* fix test error no field and no by count with timeframe
* fix test name
* add test case of exist field and by count.
* fix by count test and add test count othervalue in timeframe
* add test
* fix judge_timeframe logic when indexout
* fix test name and add count test field and by with timeframe
* adjust #120
* move associated count function from rulenode
* fix error when resolve conflict
* fix no output bug if exist output
Co-authored-by: HajimeTakai <takai.wa.hajime@gmail.com>
Co-authored-by: itiB <is0312vx@ed.ritsumei.ac.jp>
* add function to get event id from rootnode.
* refactoring #76
* maybe fix bug.
* before test
* fix source files.
* cargo fmt --all
* add threadnum parameter
