From 502983adfdcfe4adff53b8f0b95e476eadace1d1 Mon Sep 17 00:00:00 2001 From: fukusuket <41001169+fukusuket@users.noreply.github.com> Date: Tue, 30 Apr 2024 00:30:24 +0900 Subject: [PATCH] chg: if --enable-all-rules/--scan-all-evtx-files on skip filtering process --- src/main.rs | 30 ++++++++++++++++++------------ 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/src/main.rs b/src/main.rs index cc59ab4f1..0db568582 100644 --- a/src/main.rs +++ b/src/main.rs @@ -1432,18 +1432,24 @@ impl App { return; } let mut channel_filter = create_channel_filter(&evtx_files, &rule_files); - evtx_files.retain(|e| channel_filter.scanable_rule_exists(e)); - let evtx_files_after_channel_filter = format!( - "Evtx files loaded after channel filter: {}", - (evtx_files.len()).to_formatted_string(&Locale::en) - ); - println!("{evtx_files_after_channel_filter}"); - rule_files.retain(|r| channel_filter.rulepathes.contains(&r.rulepath)); - let rules_after_channel_filter = format!( - "Detection rules loaded after channel filter: {}", - (rule_files.len()).to_formatted_string(&Locale::en) - ); - println!("{rules_after_channel_filter}"); + if !stored_static.scan_all_evtx_files { + evtx_files.retain(|e| channel_filter.scanable_rule_exists(e)); + let evtx_files_after_channel_filter = format!( + "Evtx files loaded after channel filter: {}", + (evtx_files.len()).to_formatted_string(&Locale::en) + ); + println!("{evtx_files_after_channel_filter}"); + } + if !stored_static.enable_all_rules + && stored_static.output_option.as_ref().unwrap().rules == PathBuf::from("./rules") + { + rule_files.retain(|r| channel_filter.rulepathes.contains(&r.rulepath)); + let rules_after_channel_filter = format!( + "Detection rules loaded after channel filter: {}", + (rule_files.len()).to_formatted_string(&Locale::en) + ); + println!("{rules_after_channel_filter}"); + } println!(); output_profile_name(&stored_static.output_option, true); println!();