added feature of tag output reducing to agg condition #477

Yamato-Security · Apr 14, 2022 · 5f13b04 · 5f13b04
1 parent 9da46b9
commit 5f13b04
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/src/detections/detection.rs b/src/detections/detection.rs
@@ -237,7 +237,8 @@ impl Detection {
             .as_vec()
             .unwrap_or(&Vec::default())
             .iter()
-            .map(|info| info.as_str().unwrap_or("").replace("attack.", ""))
+            .filter_map(|info| TAGS_CONFIG.get(info.as_str().unwrap_or(&String::default())))
+            .map(|str| str.to_owned())
             .collect();
         let output = Detection::create_count_output(rule, &agg_result);
         let rec_info = if configs::CONFIG.read().unwrap().args.is_present("full-data") {