Skip to content

Commit

Permalink
Added for target %AllFieldInfo% alias to json object output #750
Browse files Browse the repository at this point in the history
  • Loading branch information
@hitenkoku
hitenkoku committed Oct 22, 2022
1 parent 204cf09 commit 1fb3440
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 5 deletions.
8 changes: 4 additions & 4 deletions config/profiles.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ all-field-info:
Level: "%Level%"
RecordID: "%RecordID%"
RuleTitle: "%RuleTitle%"
AllFieldInfo: "%RecordInformation%"
AllFieldInfo: "%AllFieldInfo%"
RuleFile: "%RuleFile%"
EvtxFile: "%EvtxFile%"

Expand All @@ -59,7 +59,7 @@ all-field-info-verbose:
OtherTags: "%OtherTags%"
RecordID: "%RecordID%"
RuleTitle: "%RuleTitle%"
AllFieldInfo: "%RecordInformation%"
AllFieldInfo: "%AllFieldInfo%"
RuleFile: "%RuleFile%"
EvtxFile: "%EvtxFile%"

Expand All @@ -82,7 +82,7 @@ super-verbose:
Details: "%Details%"
RuleFile: "%RuleFile%"
EvtxFile: "%EvtxFile%"
AllFieldInfo: "%RecordInformation%"
AllFieldInfo: "%AllFieldInfo%"

#Output that is compatible to import the CSV into Timesketch
timesketch-minimal:
Expand Down Expand Up @@ -117,4 +117,4 @@ timesketch-verbose:
Details: "%Details%"
RuleFile: "%RuleFile%"
EvtxFile: "%EvtxFile%"
AllFieldInfo: "%RecordInformation%"
AllFieldInfo: "%AllFieldInfo%"
2 changes: 1 addition & 1 deletion src/afterfact.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -933,7 +933,7 @@ fn _get_json_vec(target_alias_context: &str, target_data: &String) -> Vec<String
.map(|x| x.to_string())
.collect();
ret
} else if target_alias_context.contains("%Details%") {
} else if target_alias_context.contains("%Details%") || target_alias_context.contains("%AllFieldInfo%") {
let ret: Vec<String> = target_data
.to_owned()
.split(" ¦ ")
Expand Down

0 comments on commit 1fb3440

Please sign in to comment.