fix: output agg result string when allfieldinfo profile

Yamato-Security · Oct 14, 2024 · e53e4da · e53e4da
1 parent 7aed9fe
commit e53e4da
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/src/detections/message.rs b/src/detections/message.rs
@@ -185,6 +185,12 @@ pub fn create_message(
                         key.to_owned(),
                         AllFieldInfo(detect_info.detail.clone().into()),
                     ));
+                    if is_json_timeline {
+                        record_details_info_map.insert(
+                            "#AllFieldInfo".into(),
+                            vec![CompactString::new(detect_info.detail.clone())],
+                        );
+                    }
                 } else {
                     let recinfos = if let Some(c) = record_details_info_map.get("#AllFieldInfo") {
                         c.to_owned()