fix: sort count result filed value

Yamato-Security · Nov 2, 2024 · 487a377 · 487a377
1 parent 2ebd810
commit 487a377
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/src/detections/detection.rs b/src/detections/detection.rs
@@ -1067,12 +1067,14 @@ impl Detection {
         // この関数が呼び出されている段階で既にaggregation conditionは存在する前提なのでagg_conditionの配列の長さは2となる
         let agg_condition = rule.get_agg_condition().unwrap();
         write!(ret, "Count:{}", agg_result.data).ok();
+        let mut sorted_filed_values = agg_result.field_values.clone();
+        sorted_filed_values.sort();
         if agg_condition._field_name.is_some() {
             write!(
                 ret,
                 " ¦ {}:{}",
                 agg_condition._field_name.as_ref().unwrap(),
-                agg_result.field_values.join("/")
+                sorted_filed_values.join("/")
             )
             .ok();
         }