From 7f1387b0b2afe3cbd8076b30a8d9e7916ae84496 Mon Sep 17 00:00:00 2001
From: Yamato Security <71482215+YamatoSecurity@users.noreply.github.com>
Date: Mon, 27 May 2024 10:04:54 +0900
Subject: [PATCH] update changelog

---
 CHANGELOG-Japanese.md | 3 +++
 CHANGELOG.md          | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/CHANGELOG-Japanese.md b/CHANGELOG-Japanese.md
index 39e783801..6a4edfc21 100644
--- a/CHANGELOG-Japanese.md
+++ b/CHANGELOG-Japanese.md
@@ -18,6 +18,9 @@
 - `count`で複数のグループを指定できるようにした。例: `count() by IpAddress,SubStatus,LogonType >= 2`。また、出力される結果を更新した。例: `[condition] count(TargetUserName) by IpAddress > 3 in timeframe [result] count: 4 TargetUserName:tanaka/Administrator/adsyncadmin/suzuki IpAddress:- timeframe:5m` -> `Count: 4 ¦ TargetUserName: tanaka/Administrator/adsyncadmin/suzuki ¦ IpAddress: -` (#1339) (@fukusuket)
 - リリースモードでのオーバーフローチェックを有効にした。(#1348) (@YamatoSecurity)
 - フィールドデータマッピングファイル(`rules/config/data_mapping/*.yaml`)で任意の`Provider_Name`フィールドを指定できるようにし、`Data[x]`表記に対応した。(#1350) (@fukusuket)
+- カウントルールのJSON出力で、フィールド情報が分離されるようになった。 (#1342) (@fukusuket)
+  - 以前: `"Details": "[condition] count() by IpAddress >= 5 in timeframe [result] count:3558 IpAddress:192.168.198.149 timeframe:5m"`
+  - 現在: `"Details": { "Count": 3558, "IpAddress": "192.168.198.149" }`
 
 ## 2.15.0 [2024/04/20] "Sonic Release"
 
diff --git a/CHANGELOG.md b/CHANGELOG.md
index ef1c1c7ce..6effd323d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -18,6 +18,9 @@
 - You can now specify multiple groups with `count`. Ex: `count() by IpAddress,SubStatus,LogonType >= 2` Also, the output has been updated. Ex: `[condition] count(TargetUserName) by IpAddress > 3 in timeframe [result] count: 4 TargetUserName:tanaka/Administrator/adsyncadmin/suzuki IpAddress:- timeframe:5m` -> `Count: 4 ¦ TargetUserName: tanaka/Administrator/adsyncadmin/suzuki ¦ IpAddress: -` (#1339) (@fukusuket)
 - Enabled overflow checks in release mode. (#1348) (@YamatoSecurity)
 - Added support for specifying an optional `Provider_Name` field in field data mapping files (`rules/config/data_mapping/*.yaml`) as well as support for `Data[x]` notation. (#1350) (@fukusuket)
+- JSON output in count rules now separates field information. (#1342) (@fukusuket)
+  - Before: `"Details": "[condition] count() by IpAddress >= 5 in timeframe [result] count:3558 IpAddress:192.168.198.149 timeframe:5m"`
+  - After: `"Details": { "Count": 3558, "IpAddress": "192.168.198.149" }`
 
 ## 2.15.0 [2024/04/20] "Sonic Release"