Skip to content

Commit

Permalink
chg: if --enable-all-rules/--scan-all-evtx-files on skip filtering pr…
Browse files Browse the repository at this point in the history 
…ocess
  • Loading branch information
@fukusuket
fukusuket committed Apr 29, 2024
1 parent 36d3991 commit 502983a
Showing 1 changed file with 18 additions and 12 deletions.
30 changes: 18 additions & 12 deletions src/main.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1432,18 +1432,24 @@ impl App {
return;
}
let mut channel_filter = create_channel_filter(&evtx_files, &rule_files);
evtx_files.retain(|e| channel_filter.scanable_rule_exists(e));
let evtx_files_after_channel_filter = format!(
"Evtx files loaded after channel filter: {}",
(evtx_files.len()).to_formatted_string(&Locale::en)
);
println!("{evtx_files_after_channel_filter}");
rule_files.retain(|r| channel_filter.rulepathes.contains(&r.rulepath));
let rules_after_channel_filter = format!(
"Detection rules loaded after channel filter: {}",
(rule_files.len()).to_formatted_string(&Locale::en)
);
println!("{rules_after_channel_filter}");
if !stored_static.scan_all_evtx_files {
evtx_files.retain(|e| channel_filter.scanable_rule_exists(e));
let evtx_files_after_channel_filter = format!(
"Evtx files loaded after channel filter: {}",
(evtx_files.len()).to_formatted_string(&Locale::en)
);
println!("{evtx_files_after_channel_filter}");
}
if !stored_static.enable_all_rules
&& stored_static.output_option.as_ref().unwrap().rules == PathBuf::from("./rules")
{
rule_files.retain(|r| channel_filter.rulepathes.contains(&r.rulepath));
let rules_after_channel_filter = format!(
"Detection rules loaded after channel filter: {}",
(rule_files.len()).to_formatted_string(&Locale::en)
);
println!("{rules_after_channel_filter}");
}
println!();
output_profile_name(&stored_static.output_option, true);
println!();
Expand Down

0 comments on commit 502983a

Please sign in to comment.