Merge pull request #1387 from Yamato-Security/1374-output-correlation…

…-rule-count

fix: output correlation(and referenced) rule count

CHANGELOG-Japanese.md

@@ -16,6 +16,7 @@
 
 **バグ修正:**
 - Sigmaの相関ルールのカウントが`Events with hits`に表示されていなかった。(#1373) (@fukusuket)
+- 相関ルールのカウントが`Events with hits`に表示されていなかった。(#1374) (@fukusuket)
 - 集計ルールのカウントが`Events with hits`に表示されていなかった。(#1375) (@fukusuket)
 
 ## 2.16.0 [2024/06/11]

CHANGELOG.md

@@ -16,6 +16,7 @@
 
 **Bug Fixes:**
 - Sigma correlation rule count was not showing up in `Events with hits`. (#1373) (@fukusuket)
+- Correlation rule count was not showing up in `Events with hits`. (#1374) (@fukusuket)
 - Aggregation condition rule count was not showing up in `Events with hits`. (#1375) (@fukusuket)
 
 ## 2.16.0 [2024/06/11]

src/detections/detection.rs

@@ -153,6 +153,8 @@ impl Detection {
                 &rulefile_loader.rulecounter,
                 &rulefile_loader.rule_load_cnt,
                 &rulefile_loader.rule_status_cnt,
+                &rulefile_loader.rule_cor_cnt,
+                &rulefile_loader.rule_cor_ref_cnt,
                 &parseerror_count,
                 stored_static,
             );
@@ -1104,6 +1106,8 @@ impl Detection {
         rc: &HashMap<CompactString, u128>,
         ld_rc: &HashMap<CompactString, u128>,
         st_rc: &HashMap<CompactString, u128>,
+        cor_rc: &HashMap<CompactString, u128>,
+        cor_ref_rc: &HashMap<CompactString, u128>,
         err_rc: &u128,
         stored_static: &StoredStatic,
     ) {
@@ -1146,8 +1150,9 @@ impl Detection {
             )
             .ok();
         }
-        println!();
-
+        if !ld_rc.is_empty() {
+            println!();
+        }
         let mut sorted_st_rc: Vec<(&CompactString, &u128)> = st_rc.iter().collect();
         let output_opt = stored_static.output_option.as_ref().unwrap();
         let enable_deprecated_flag = output_opt.enable_deprecated_rules;
@@ -1192,6 +1197,34 @@ impl Detection {
         });
         println!();
 
+        let cor_total: u128 = cor_rc.values().sum();
+        let cor_ref_total: u128 = cor_ref_rc.values().sum();
+        if cor_total != 0 {
+            let col = format!(
+                "Correlation rules: {} ({:.2}%)",
+                cor_total.to_formatted_string(&Locale::en),
+                (cor_total as f64) / (total_loaded_rule_cnt as f64) * 100.0
+            );
+            write_color_buffer(&BufferWriter::stdout(ColorChoice::Always), None, &col, true).ok();
+            let col_ref = format!(
+                "Correlation referenced rules: {} ({:.2}%)",
+                cor_ref_total.to_formatted_string(&Locale::en),
+                (cor_ref_total as f64) / (total_loaded_rule_cnt as f64) * 100.0
+            );
+            write_color_buffer(
+                &BufferWriter::stdout(ColorChoice::Always),
+                None,
+                &col_ref,
+                true,
+            )
+            .ok();
+            if stored_static.html_report_flag {
+                html_report_stock.push(format!("- {col}"));
+                html_report_stock.push(format!("- {col_ref}"));
+            }
+            println!();
+        }
+
         let mut sorted_rc: Vec<(&CompactString, &u128)> = rc.iter().collect();
         sorted_rc.sort_by(|a, b| a.0.cmp(b.0));
         sorted_rc.into_iter().for_each(|(key, value)| {