Skip to content

Commit

Permalink
feat: added low-memory-mode option #1298
Browse files Browse the repository at this point in the history
  • Loading branch information
@hitenkoku
hitenkoku committed Mar 7, 2024
1 parent ce04f24 commit 0e51b4a
Show file tree
Hide file tree
Showing 13 changed files with 57 additions and 2 deletions.
14 changes: 14 additions & 0 deletions src/afterfact.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2291,6 +2291,7 @@ mod tests {
remove_duplicate_detections: false,
no_wizard: true,
include_status: None,
low_memory_mode: false,
},
geo_ip: None,
output: Some(Path::new("./test_emit_csv.csv").to_path_buf()),
Expand Down Expand Up @@ -2381,6 +2382,7 @@ mod tests {
remove_duplicate_detections: false,
no_wizard: true,
include_status: None,
low_memory_mode: false,
};
let ch = mock_ch_filter
.get(&CompactString::from("security"))
Expand Down Expand Up @@ -2625,6 +2627,7 @@ mod tests {
remove_duplicate_detections: false,
no_wizard: true,
include_status: None,
low_memory_mode: false,
},
geo_ip: None,
output: Some(Path::new("./test_emit_csv_multiline.csv").to_path_buf()),
Expand Down Expand Up @@ -2725,6 +2728,7 @@ mod tests {
remove_duplicate_detections: false,
no_wizard: true,
include_status: None,
low_memory_mode: false,
};
let ch = mock_ch_filter
.get(&CompactString::from("security"))
Expand Down Expand Up @@ -2953,6 +2957,7 @@ mod tests {
remove_duplicate_detections: false,
no_wizard: true,
include_status: None,
low_memory_mode: false,
},
geo_ip: None,
output: Some(Path::new("./test_emit_csv_remove_duplicate.csv").to_path_buf()),
Expand Down Expand Up @@ -3043,6 +3048,7 @@ mod tests {
remove_duplicate_detections: false,
no_wizard: true,
include_status: None,
low_memory_mode: false,
};
let ch = mock_ch_filter
.get(&CompactString::from("security"))
Expand Down Expand Up @@ -3282,6 +3288,7 @@ mod tests {
remove_duplicate_detections: false,
no_wizard: true,
include_status: None,
low_memory_mode: false,
},
geo_ip: None,
output: Some(Path::new("./test_emit_csv_remove_duplicate.json").to_path_buf()),
Expand Down Expand Up @@ -3372,6 +3379,7 @@ mod tests {
remove_duplicate_detections: false,
no_wizard: true,
include_status: None,
low_memory_mode: false,
};
let ch = mock_ch_filter
.get(&CompactString::from("security"))
Expand Down Expand Up @@ -3684,6 +3692,7 @@ mod tests {
remove_duplicate_detections: false,
no_wizard: true,
include_status: None,
low_memory_mode: false,
},
geo_ip: None,
output: Some(Path::new("./test_multiple_data_in_details.json").to_path_buf()),
Expand Down Expand Up @@ -3775,6 +3784,7 @@ mod tests {
remove_duplicate_detections: false,
no_wizard: true,
include_status: None,
low_memory_mode: false,
};
let ch = mock_ch_filter
.get(&CompactString::from("security"))
Expand Down Expand Up @@ -4032,6 +4042,7 @@ mod tests {
remove_duplicate_detections: false,
no_wizard: true,
include_status: None,
low_memory_mode: false,
},
geo_ip: None,
output: Some(Path::new("./test_emit_csv_json.json").to_path_buf()),
Expand Down Expand Up @@ -4123,6 +4134,7 @@ mod tests {
remove_duplicate_detections: false,
no_wizard: true,
include_status: None,
low_memory_mode: false,
};
let ch = mock_ch_filter
.get(&CompactString::from("security"))
Expand Down Expand Up @@ -4305,6 +4317,7 @@ mod tests {
remove_duplicate_detections: false,
no_wizard: true,
include_status: None,
low_memory_mode: false,
},
geo_ip: None,
output: Some(Path::new("./test_emit_csv_jsonl.jsonl").to_path_buf()),
Expand Down Expand Up @@ -4396,6 +4409,7 @@ mod tests {
remove_duplicate_detections: false,
no_wizard: true,
include_status: None,
low_memory_mode: false,
};
let ch = mock_ch_filter
.get(&CompactString::from("security"))
Expand Down
21 changes: 19 additions & 2 deletions src/detections/configs.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -557,9 +557,12 @@ impl StoredStatic {
.collect(),
_ => HashSet::default(),
};

let is_low_memory = match &input_config.as_ref().unwrap().action {
Some(Action::CsvTimeline(opt)) => opt.output_options.low_memory_mode,
Some(Action::JsonTimeline(opt)) => opt.output_options.low_memory_mode,
_ => false,
};
let mut ret = StoredStatic {
is_low_memory: false,
config: input_config.as_ref().unwrap().to_owned(),
config_path: config_path.to_path_buf(),
ch_config: create_output_filter_config(
Expand Down Expand Up @@ -674,6 +677,7 @@ impl StoredStatic {
enable_recover_records,
timeline_offset,
include_status,
is_low_memory,
};
ret.profiles = load_profile(
check_setting_path(
Expand Down Expand Up @@ -1545,6 +1549,10 @@ pub struct OutputOption {
/// Do not ask questions. Scan for all events and alerts.
#[arg(help_heading = Some("General Options"), short = 'w', long = "no-wizard", display_order = 400)]
pub no_wizard: bool,

/// low-memory-mode
#[arg(help_heading = Some("General Options"), long = "low-memory-mode", display_order = 380)]
pub low_memory_mode: bool,
}

#[derive(Copy, Args, Clone, Debug)]
Expand Down Expand Up @@ -2218,6 +2226,7 @@ fn extract_output_options(config: &Config) -> Option<OutputOption> {
remove_duplicate_detections: false,
no_wizard: option.no_wizard,
include_status: option.include_status.clone(),
low_memory_mode: false,
}),
Action::EidMetrics(option) => Some(OutputOption {
input_args: option.input_args.clone(),
Expand Down Expand Up @@ -2258,6 +2267,7 @@ fn extract_output_options(config: &Config) -> Option<OutputOption> {
remove_duplicate_detections: false,
no_wizard: true,
include_status: None,
low_memory_mode: false,
}),
Action::LogonSummary(option) => Some(OutputOption {
input_args: option.input_args.clone(),
Expand Down Expand Up @@ -2298,6 +2308,7 @@ fn extract_output_options(config: &Config) -> Option<OutputOption> {
remove_duplicate_detections: false,
no_wizard: true,
include_status: None,
low_memory_mode: false,
}),
Action::ComputerMetrics(option) => Some(OutputOption {
input_args: option.input_args.clone(),
Expand Down Expand Up @@ -2347,6 +2358,7 @@ fn extract_output_options(config: &Config) -> Option<OutputOption> {
remove_duplicate_detections: false,
no_wizard: true,
include_status: None,
low_memory_mode: false,
}),
Action::Search(option) => Some(OutputOption {
input_args: option.input_args.clone(),
Expand Down Expand Up @@ -2396,6 +2408,7 @@ fn extract_output_options(config: &Config) -> Option<OutputOption> {
remove_duplicate_detections: false,
no_wizard: true,
include_status: None,
low_memory_mode: false,
}),
Action::SetDefaultProfile(option) => Some(OutputOption {
input_args: InputOption {
Expand Down Expand Up @@ -2451,6 +2464,7 @@ fn extract_output_options(config: &Config) -> Option<OutputOption> {
remove_duplicate_detections: false,
no_wizard: true,
include_status: None,
low_memory_mode: false,
}),
Action::UpdateRules(option) => Some(OutputOption {
input_args: InputOption {
Expand Down Expand Up @@ -2506,6 +2520,7 @@ fn extract_output_options(config: &Config) -> Option<OutputOption> {
remove_duplicate_detections: false,
no_wizard: true,
include_status: None,
low_memory_mode: false,
}),
_ => None,
}
Expand Down Expand Up @@ -2758,6 +2773,7 @@ mod tests {
remove_duplicate_detections: false,
no_wizard: true,
include_status: None,
low_memory_mode: false,
},
geo_ip: None,
output: None,
Expand Down Expand Up @@ -2833,6 +2849,7 @@ mod tests {
remove_duplicate_detections: false,
no_wizard: true,
include_status: None,
low_memory_mode: false,
},
geo_ip: None,
output: None,
Expand Down
5 changes: 5 additions & 0 deletions src/detections/detection.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1292,6 +1292,7 @@ mod tests {
remove_duplicate_detections: false,
no_wizard: true,
include_status: None,
low_memory_mode: false,
},
geo_ip: None,
output: None,
Expand Down Expand Up @@ -1553,6 +1554,7 @@ mod tests {
remove_duplicate_detections: false,
no_wizard: true,
include_status: None,
low_memory_mode: false,
},
geo_ip: Some(Path::new("test_files/mmdb").to_path_buf()),
output: Some(Path::new("./test_emit_csv.csv").to_path_buf()),
Expand Down Expand Up @@ -1689,6 +1691,7 @@ mod tests {
remove_duplicate_detections: false,
no_wizard: true,
include_status: None,
low_memory_mode: false,
},
geo_ip: Some(Path::new("test_files/mmdb").to_path_buf()),
output: Some(Path::new("./test_emit_csv.csv").to_path_buf()),
Expand Down Expand Up @@ -1820,6 +1823,7 @@ mod tests {
remove_duplicate_detections: false,
no_wizard: true,
include_status: None,
low_memory_mode: false,
},
geo_ip: None,
output: Some(Path::new("./test_emit_csv.csv").to_path_buf()),
Expand Down Expand Up @@ -1967,6 +1971,7 @@ mod tests {
remove_duplicate_detections: false,
no_wizard: true,
include_status: None,
low_memory_mode: false,
},
geo_ip: None,
output: Some(Path::new("./test_emit_csv.csv").to_path_buf()),
Expand Down
1 change: 1 addition & 0 deletions src/detections/rule/condition_parser.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -508,6 +508,7 @@ mod tests {
remove_duplicate_detections: false,
no_wizard: true,
include_status: None,
low_memory_mode: false,
},
geo_ip: None,
output: None,
Expand Down
1 change: 1 addition & 0 deletions src/detections/rule/count.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -636,6 +636,7 @@ mod tests {
remove_duplicate_detections: false,
no_wizard: true,
include_status: None,
low_memory_mode: false,
},
geo_ip: None,
output: None,
Expand Down
1 change: 1 addition & 0 deletions src/detections/rule/matchers.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -871,6 +871,7 @@ mod tests {
remove_duplicate_detections: false,
no_wizard: true,
include_status: None,
low_memory_mode: false,
},
geo_ip: None,
output: None,
Expand Down
1 change: 1 addition & 0 deletions src/detections/rule/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -453,6 +453,7 @@ mod tests {
remove_duplicate_detections: false,
no_wizard: true,
include_status: None,
low_memory_mode: false,
},
geo_ip: None,
output: None,
Expand Down
1 change: 1 addition & 0 deletions src/detections/rule/selectionnodes.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -576,6 +576,7 @@ mod tests {
remove_duplicate_detections: false,
no_wizard: true,
include_status: None,
low_memory_mode: false,
},
geo_ip: None,
output: None,
Expand Down
1 change: 1 addition & 0 deletions src/detections/utils.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1075,6 +1075,7 @@ mod tests {
remove_duplicate_detections: false,
no_wizard: true,
include_status: None,
low_memory_mode: false,
},
geo_ip: None,
output: None,
Expand Down
5 changes: 5 additions & 0 deletions src/main.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2234,6 +2234,7 @@ mod tests {
remove_duplicate_detections: false,
no_wizard: true,
include_status: None,
low_memory_mode: false,
},
geo_ip: None,
output: None,
Expand Down Expand Up @@ -2405,6 +2406,7 @@ mod tests {
remove_duplicate_detections: false,
no_wizard: true,
include_status: None,
low_memory_mode: false,
},
geo_ip: None,
output: Some(Path::new("overwrite.csv").to_path_buf()),
Expand Down Expand Up @@ -2490,6 +2492,7 @@ mod tests {
remove_duplicate_detections: false,
no_wizard: true,
include_status: None,
low_memory_mode: false,
},
geo_ip: None,
output: Some(Path::new("overwrite.csv").to_path_buf()),
Expand Down Expand Up @@ -2574,6 +2577,7 @@ mod tests {
remove_duplicate_detections: false,
no_wizard: true,
include_status: None,
low_memory_mode: false,
},
geo_ip: None,
output: Some(Path::new("overwrite.json").to_path_buf()),
Expand Down Expand Up @@ -2659,6 +2663,7 @@ mod tests {
remove_duplicate_detections: false,
no_wizard: true,
include_status: None,
low_memory_mode: false,
},
geo_ip: None,
output: Some(Path::new("overwrite.json").to_path_buf()),
Expand Down
4 changes: 4 additions & 0 deletions src/options/htmlreport.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -302,6 +302,7 @@ mod tests {
remove_duplicate_detections: false,
no_wizard: true,
include_status: None,
low_memory_mode: false,
},
geo_ip: None,
output: None,
Expand Down Expand Up @@ -369,6 +370,7 @@ mod tests {
remove_duplicate_detections: false,
no_wizard: true,
include_status: None,
low_memory_mode: false,
},
geo_ip: None,
output: None,
Expand Down Expand Up @@ -439,6 +441,7 @@ mod tests {
remove_duplicate_detections: false,
no_wizard: true,
include_status: None,
low_memory_mode: false,
},
jsonl_timeline: false,
geo_ip: None,
Expand Down Expand Up @@ -506,6 +509,7 @@ mod tests {
remove_duplicate_detections: false,
no_wizard: true,
include_status: None,
low_memory_mode: false,
},
jsonl_timeline: false,
geo_ip: None,
Expand Down
Loading

0 comments on commit 0e51b4a

Please sign in to comment.