From 10a5e8f42646f381ce9f3bc7ebcdb2e029657a75 Mon Sep 17 00:00:00 2001 From: fukusuket <41001169+fukusuket@users.noreply.github.com> Date: Fri, 18 Nov 2022 21:38:14 +0900 Subject: [PATCH 1/2] fix: change TAGS_CONFIG.values iterator to vec. #807 --- src/detections/detection.rs | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/detections/detection.rs b/src/detections/detection.rs index 8c3622a17..1e1f5f7f6 100644 --- a/src/detections/detection.rs +++ b/src/detections/detection.rs @@ -260,7 +260,7 @@ impl Detection { let level = rule.yaml["level"].as_str().unwrap_or("-").to_string(); let mut profile_converter: HashMap = HashMap::new(); - let mut tags_config_values = TAGS_CONFIG.values(); + let tags_config_values: Vec<&String> = TAGS_CONFIG.values().collect(); for (key, profile) in PROFILES.as_ref().unwrap().iter() { match profile { Timestamp(_) => { @@ -344,7 +344,7 @@ impl Detection { let tactics = CompactString::from( &tag_info .iter() - .filter(|x| tags_config_values.contains(&x.to_string())) + .filter(|x| tags_config_values.contains(&&x.to_string())) .join(" ¦ "), ); @@ -355,7 +355,7 @@ impl Detection { &tag_info .iter() .filter(|x| { - !tags_config_values.contains(&x.to_string()) + !tags_config_values.contains(&&x.to_string()) && (x.starts_with("attack.t") || x.starts_with("attack.g") || x.starts_with("attack.s")) @@ -471,7 +471,7 @@ impl Detection { let mut profile_converter: HashMap = HashMap::new(); let level = rule.yaml["level"].as_str().unwrap_or("-").to_string(); - let mut tags_config_values = TAGS_CONFIG.values(); + let tags_config_values: Vec<&String> = TAGS_CONFIG.values().collect(); for (key, profile) in PROFILES.as_ref().unwrap().iter() { match profile { @@ -538,7 +538,7 @@ impl Detection { let tactics = CompactString::from( &tag_info .iter() - .filter(|x| tags_config_values.contains(&x.to_string())) + .filter(|x| tags_config_values.contains(&&x.to_string())) .join(" ¦ "), ); profile_converter.insert(key.to_string(), MitreTactics(tactics)); @@ -548,7 +548,7 @@ impl Detection { &tag_info .iter() .filter(|x| { - !tags_config_values.contains(&x.to_string()) + !tags_config_values.contains(&&x.to_string()) && (x.starts_with("attack.t") || x.starts_with("attack.g") || x.starts_with("attack.s")) @@ -566,7 +566,7 @@ impl Detection { &tag_info .iter() .filter(|x| { - !(tags_config_values.contains(&x.to_string()) + !(tags_config_values.contains(&&x.to_string()) || x.starts_with("attack.t") || x.starts_with("attack.g") || x.starts_with("attack.s")) From 8a187e3bb47d3ad4f229d59628651d7480ed371c Mon Sep 17 00:00:00 2001 From: DastInDark <2350416+hitenkoku@users.noreply.github.com> Date: Sat, 19 Nov 2022 00:17:27 +0900 Subject: [PATCH 2/2] updated rules --- CHANGELOG-Japanese.md | 1 + CHANGELOG.md | 1 + rules | 2 +- 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGELOG-Japanese.md b/CHANGELOG-Japanese.md index 0ba006b1e..ba273e36e 100644 --- a/CHANGELOG-Japanese.md +++ b/CHANGELOG-Japanese.md @@ -14,6 +14,7 @@ **バグ修正:** - `Data`フィールドを使ったルールが検知できていない問題を修正した。 (#775) (@hitenkoku) +- プロファイルの出力で`%MitreTags%` と`%MitreTactics%` の出力が抜け落ちてしまう問題を修正した。 (#780) (@fukusuket) ## 1.8.0 [2022/11/07] diff --git a/CHANGELOG.md b/CHANGELOG.md index e769c5c11..3d35d9c8c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,7 @@ **Bug Fixes:** - Fixed a problem where rules using the `Data` field were not being detected. (#775) (@hitenkoku) +- Fixed `%MitreTags%` and `%MitreTactics%` profile output randomly miss values. (#807) (@fukusuket) ## 1.8.0 [2022/11/07] diff --git a/rules b/rules index d54f59bbc..e84129920 160000 --- a/rules +++ b/rules @@ -1 +1 @@ -Subproject commit d54f59bbca82a96c2bf2dc286c0d2d8f73492134 +Subproject commit e841299209b3ffbc0766758a46f1fe901949f6f3