* Feature/call error message struct#66 (#69)
* change way to use write trait #66
* change call error message struct #66
* erase finished TODO #66
* erase comment in error message format test #66
* resolve conflict #66
* Feature/call error message struct#66 (#71)
* change ERROR writeln struct #66
* under constructing
* add statistics template
* fix
* add comment
* add condition impl #93
* fix erased get_descendants and remove unnecessaly struct #93
* erased finished TODO comment
* erased finished TODO comment
* Revert "fix erased get_descendants and remove unnecessaly struct #93"
This reverts commit 82e905e045.
Revert "add condition impl #93"
This reverts commit 19ecc87377.
* add doc comment to rule function
* fix and add test doc commet
* add doc to AggregaationParseInfo
* add struct count in aggregation condition. #93
* add evaluate aggregation condition func provisional architecture. #93
* add countup function #93
* fix key to count hashmap #93
* add judge aggregation condition function #93
* fix error #93
* fix test #93
* share compile error ver
* fix detection.rs compile error
* fix timeframe parse
* add countup process in select
* fix select argument
* add test countup
* add test count judge #93
* add SIGMA windows count field and by keyword #93
* fix reference record in countup/judgecount #93
* add timedata in countup schema #93
* Refact: split code for matcher from rule.rs
* Reafact: combine multiple declared functions
* Refact: split code for SelectionNode from rule.rs
* Refact: mv test code for SelectionNode from rule.rs
* Refact: mv condition's code from rule.rs
* add count to detection #93
* fix compile error
* fix source to test ng. #93
* erase unused variable #93
* fix count architecture #93
* fix comment and compile error
* erase dust (response to review)
* erase dust (response to review)
* reduce calling Rulenode function (response to review)
* add aggregation output func
* erase dust(response to review) and add agg condition String func
* change error output
* reduce call RuleNode function(response to review)
* To reduce call RuleNode function
* fix test name
* fix coflicted resolve miss
* add code comment in timeframe count.
* add sort record timedata in timeframe(response to review)
* fix unnecesasry result in ArgResult
* add no field and by value count test
* create count test no field and by with timeframe
* erase duplicated timeframe data in RuleNode
* fix test error no field and no by count with timeframe
* fix test name
* add test case of exist field and by count.
* fix by count test and add test count othervalue in timeframe
* add test
* fix judge_timeframe logic when indexout
* fix test name and add count test field and by with timeframe
* adjust #120
* move associated count function from rulenode
* fix error when resolve conflict
* adjust T1197_bitsjob_started
* fix no output bug if exist output
* add alias to adapt SIGMA Rules #124
* add rule to bitsjob #130
* decilde sha1 is excepted #124
* prepare merge main
Co-authored-by: HajimeTakai <takai.wa.hajime@gmail.com>
Co-authored-by: itiB <is0312vx@ed.ritsumei.ac.jp>
* Feature/call error message struct#66 (#69)
* change way to use write trait #66
* change call error message struct #66
* erase finished TODO #66
* erase comment in error message format test #66
* resolve conflict #66
* Feature/call error message struct#66 (#71)
* change ERROR writeln struct #66
* under constructing
* add statistics template
* fix
* add comment
* add condition impl #93
* fix erased get_descendants and remove unnecessaly struct #93
* erased finished TODO comment
* erased finished TODO comment
* Revert "fix erased get_descendants and remove unnecessaly struct #93"
This reverts commit 82e905e045.
Revert "add condition impl #93"
This reverts commit 19ecc87377.
* add doc comment to rule function
* fix and add test doc commet
* add doc to AggregaationParseInfo
* add struct count in aggregation condition. #93
* add evaluate aggregation condition func provisional architecture. #93
* add countup function #93
* fix key to count hashmap #93
* add judge aggregation condition function #93
* fix error #93
* fix test #93
* share compile error ver
* fix detection.rs compile error
* fix timeframe parse
* add countup process in select
* fix select argument
* add test countup
* add test count judge #93
* add SIGMA windows count field and by keyword #93
* fix reference record in countup/judgecount #93
* add timedata in countup schema #93
* Refact: split code for matcher from rule.rs
* Reafact: combine multiple declared functions
* Refact: split code for SelectionNode from rule.rs
* Refact: mv test code for SelectionNode from rule.rs
* Refact: mv condition's code from rule.rs
* add count to detection #93
* fix compile error
* fix source to test ng. #93
* erase unused variable #93
* fix count architecture #93
* fix comment and compile error
* erase dust (response to review)
* erase dust (response to review)
* reduce calling Rulenode function (response to review)
* add aggregation output func
* erase dust(response to review) and add agg condition String func
* change error output
* reduce call RuleNode function(response to review)
* To reduce call RuleNode function
* fix test name
* fix coflicted resolve miss
* add code comment in timeframe count.
* add sort record timedata in timeframe(response to review)
* fix unnecesasry result in ArgResult
* add no field and by value count test
* create count test no field and by with timeframe
* erase duplicated timeframe data in RuleNode
* fix test error no field and no by count with timeframe
* fix test name
* add test case of exist field and by count.
* fix by count test and add test count othervalue in timeframe
* add test
* fix judge_timeframe logic when indexout
* fix test name and add count test field and by with timeframe
* adjust #120
* move associated count function from rulenode
* fix error when resolve conflict
* adjust T1197_bitsjob_started
* fix no output bug if exist output
* add rule to bitsjob #130
Co-authored-by: HajimeTakai <takai.wa.hajime@gmail.com>
Co-authored-by: itiB <is0312vx@ed.ritsumei.ac.jp>
* Feature/call error message struct#66 (#69)
* change way to use write trait #66
* change call error message struct #66
* erase finished TODO #66
* erase comment in error message format test #66
* resolve conflict #66
* Feature/call error message struct#66 (#71)
* change ERROR writeln struct #66
* under constructing
* add statistics template
* fix
* add comment
* add condition impl #93
* fix erased get_descendants and remove unnecessaly struct #93
* erased finished TODO comment
* erased finished TODO comment
* Revert "fix erased get_descendants and remove unnecessaly struct #93"
This reverts commit 82e905e045.
Revert "add condition impl #93"
This reverts commit 19ecc87377.
* add doc comment to rule function
* fix and add test doc commet
* add doc to AggregaationParseInfo
* add struct count in aggregation condition. #93
* add evaluate aggregation condition func provisional architecture. #93
* add countup function #93
* fix key to count hashmap #93
* add judge aggregation condition function #93
* fix error #93
* fix test #93
* share compile error ver
* fix detection.rs compile error
* fix timeframe parse
* add countup process in select
* fix select argument
* add test countup
* add test count judge #93
* add SIGMA windows count field and by keyword #93
* fix reference record in countup/judgecount #93
* add timedata in countup schema #93
* Refact: split code for matcher from rule.rs
* Reafact: combine multiple declared functions
* Refact: split code for SelectionNode from rule.rs
* Refact: mv test code for SelectionNode from rule.rs
* Refact: mv condition's code from rule.rs
* add count to detection #93
* fix compile error
* fix source to test ng. #93
* erase unused variable #93
* fix count architecture #93
* fix comment and compile error
* erase dust (response to review)
* erase dust (response to review)
* reduce calling Rulenode function (response to review)
* add aggregation output func
* erase dust(response to review) and add agg condition String func
* change error output
* reduce call RuleNode function(response to review)
* To reduce call RuleNode function
* fix test name
* fix coflicted resolve miss
* add code comment in timeframe count.
* add sort record timedata in timeframe(response to review)
* fix unnecesasry result in ArgResult
* add no field and by value count test
* create count test no field and by with timeframe
* erase duplicated timeframe data in RuleNode
* fix test error no field and no by count with timeframe
* fix test name
* add test case of exist field and by count.
* fix by count test and add test count othervalue in timeframe
* add test
* fix judge_timeframe logic when indexout
* fix test name and add count test field and by with timeframe
* adjust #120
* move associated count function from rulenode
* fix error when resolve conflict
* fix no output bug if exist output
Co-authored-by: HajimeTakai <takai.wa.hajime@gmail.com>
Co-authored-by: itiB <is0312vx@ed.ritsumei.ac.jp>
* add function to get event id from rootnode.
* refactoring #76
* maybe fix bug.
* before test
* fix source files.
* cargo fmt --all
* add threadnum parameter
