Merge pull request #1363 from Yamato-Security/add-support-correlation…

…-rule-name-lookup feat: add support for correlation `name` lookup
Yamato-Security · Jun 15, 2024 · 9da5db7 · 9da5db7
2 parents f0e9b7b + 1c37fed
commit 9da5db7
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 0 deletions.
diff --git a/CHANGELOG-Japanese.md b/CHANGELOG-Japanese.md
@@ -5,6 +5,7 @@
 **改善:**
 
 - `cidr-utils`クレートを新バージョン0.6.xに対応した。 (#1366) (@hitenkoku)
+- Sigma correlationルールの`name`ルックアップに対応した。 (#1363) (@fukusuket)
 
 ## 2.16.0 [2024/06/11]
 

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,7 @@
 **Enchancements:**
 
 - Support for the newer version 0.6.x `cidr-utils` crate. (#1366) (@hitenkoku)
+- Added support for Sigma correlation rule's `name` lookup. (#1363) (@fukusuket)
 
 ## 2.16.0 [2024/06/11]
 

diff --git a/src/detections/rule/correlation_parser.rs b/src/detections/rule/correlation_parser.rs
@@ -23,6 +23,11 @@ fn is_related_rule(rule_node: &RuleNode, id_or_title: &str) -> bool {
  return true;
  }
  }
+ if let Some(title) = hash.get(&Yaml::String("name".to_string())) {
+ if title.as_str() == Some(id_or_title) {
+ return true;
+ }
+ }
  }
  false
 }