From e65e1d40f02ae9317027b0063ebabf797d8d298d Mon Sep 17 00:00:00 2001 From: DastInDark <2350416+hitenkoku@users.noreply.github.com> Date: Thu, 23 Nov 2023 19:35:17 +0900 Subject: [PATCH] feat(main): no asking about deprecated and unsupported excluded when All alert or event selected #1206 --- src/main.rs | 70 +++++++++++++++++++++++++++-------------------------- 1 file changed, 36 insertions(+), 34 deletions(-) diff --git a/src/main.rs b/src/main.rs index ea27f9911..dddf8d8c8 100644 --- a/src/main.rs +++ b/src/main.rs @@ -1194,22 +1194,42 @@ impl App { exclude_tags.push("detection.threat_hunting".into()); } } - } - if let Some(dep_cnt) = exclude_noisy_cnt.get("deprecated") { - // deprecated rules load prompt - let prompt_fmt = format!("Include deprecated rules? ({} rules)", dep_cnt); - let dep_rules_load_flag = Confirm::with_theme(&ColorfulTheme::default()) - .with_prompt(prompt_fmt) - .default(false) - .show_default(true) - .interact() - .unwrap(); - if dep_rules_load_flag { - stored_static - .output_option - .as_mut() - .unwrap() - .enable_deprecated_rules = true; + } else { + // If "4. All alert rules" or "5. All event and alert rules" was selected, ask questions about deprecated and unsupported rules. + if let Some(dep_cnt) = exclude_noisy_cnt.get("deprecated") { + // deprecated rules load prompt + let prompt_fmt = format!("Include deprecated rules? ({} rules)", dep_cnt); + let dep_rules_load_flag = Confirm::with_theme(&ColorfulTheme::default()) + .with_prompt(prompt_fmt) + .default(false) + .show_default(true) + .interact() + .unwrap(); + if dep_rules_load_flag { + stored_static + .output_option + .as_mut() + .unwrap() + .enable_deprecated_rules = true; + } + } + if let Some(unsup_cnt) = exclude_noisy_cnt.get("unsupported") { + // unsupported rules load prompt + let prompt_fmt = format!("Include unsupported rules? ({} rules)", unsup_cnt); + let unsupported_rules_load_flag = + Confirm::with_theme(&ColorfulTheme::default()) + .with_prompt(prompt_fmt) + .default(false) + .show_default(true) + .interact() + .unwrap(); + if unsupported_rules_load_flag { + stored_static + .output_option + .as_mut() + .unwrap() + .enable_unsupported_rules = true; + } } } @@ -1231,24 +1251,6 @@ impl App { } } - if let Some(unsup_cnt) = exclude_noisy_cnt.get("unsupported") { - // unsupported rules load prompt - let prompt_fmt = format!("Include unsupported rules? ({} rules)", unsup_cnt); - let unsupported_rules_load_flag = Confirm::with_theme(&ColorfulTheme::default()) - .with_prompt(prompt_fmt) - .default(false) - .show_default(true) - .interact() - .unwrap(); - if unsupported_rules_load_flag { - stored_static - .output_option - .as_mut() - .unwrap() - .enable_unsupported_rules = true; - } - } - if let Some(sysmon_cnt) = tags_cnt.get("sysmon") { let prompt_fmt = format!("Include sysmon rules? ({} rules)", sysmon_cnt); let sysmon_rules_load_flag = Confirm::with_theme(&ColorfulTheme::default())