From 478db5e1b2f8e8e978687aa71e012fcb83633471 Mon Sep 17 00:00:00 2001
From: DastInDark <2350416+hitenkoku@users.noreply.github.com>
Date: Wed, 28 Feb 2024 22:26:15 +0900
Subject: [PATCH] feat(detection): fixed missing Details field in JSON output
 when splunk JSON input is specified. #1083

---
 contributors.txt            | 1 -
 src/detections/detection.rs | 5 +++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/contributors.txt b/contributors.txt
index 73b4c30c9..0b88a8b24 100644
--- a/contributors.txt
+++ b/contributors.txt
@@ -1,7 +1,6 @@
 Hayabusa was possible thanks to the following people (in alphabetical order):
 
 Akira Nishikawa (@nishikawaakira): First lead developer (core hayabusa rule support, etc...)
-DustInDark/Hitenkoku: Current lead developer (Too many features to count.)
 Fukusuke Takahashi (fukusuket): Core developer (Too many bug fixes to count, hayabusa converter upgrades, new features, etc...)
 Garigariganzy (@garigariganzy31): Developer (Event ID metrics implementation, etc...)
 ItiB (@itiB_S144):  Core developer (sigmac hayabusa backend, search command, etc...)
diff --git a/src/detections/detection.rs b/src/detections/detection.rs
index 341282971..6d5233fd8 100644
--- a/src/detections/detection.rs
+++ b/src/detections/detection.rs
@@ -276,11 +276,12 @@ impl Detection {
         let ch_str =
             &get_serde_number_to_string(&record_info.record["Event"]["System"]["Channel"], false)
                 .unwrap_or_default();
-        let provider = &get_serde_number_to_string(
+        let provider = get_serde_number_to_string(
             &record_info.record["Event"]["System"]["Provider_attributes"]["Name"],
             false,
         )
-        .unwrap_or_default();
+        .unwrap_or_default()
+        .replace('\'', "");
         let eid =
             get_serde_number_to_string(&record_info.record["Event"]["System"]["EventID"], false)
                 .unwrap_or_else(|| "-".into());