chg: output channel/event_id/computer when agg/correlation result

Yamato-Security · Jul 9, 2024 · 932674d · 932674d
1 parent ff28335
commit 932674d
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/detections/rule/count.rs b/src/detections/rule/count.rs
@@ -69,7 +69,7 @@ pub fn countup(
         STORED_EKEY_ALIAS.read().unwrap().as_ref().unwrap(),
     )
     .unwrap();
-    let event_id = event_id.to_string();
+    let event_id = event_id.to_string().trim_matches('\"').to_string();
     let computer = utils::get_event_value(
         "Event.System.Computer",
         record,