From 8781cc8aa69221ffd40b815d701921a9074a7316 Mon Sep 17 00:00:00 2001
From: fukusuket <41001169+fukusuket@users.noreply.github.com>
Date: Sat, 18 May 2024 09:49:59 +0900
Subject: [PATCH 1/2] fix: add - console output when no content

---
 src/afterfact.rs            | 8 ++++++--
 src/detections/detection.rs | 2 +-
 src/detections/message.rs   | 4 ++--
 3 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/src/afterfact.rs b/src/afterfact.rs
index d8efaf5f7..3a9bf8974 100644
--- a/src/afterfact.rs
+++ b/src/afterfact.rs
@@ -1231,7 +1231,11 @@ fn _get_serialized_disp_output(
                             output_str_char_pair.push(field_val_col_pair);
                         }
                     }
-                    output_str_char_pair
+                    if output_str_char_pair.is_empty() {
+                        vec![vec![(display_contents, None)]]
+                    } else {
+                        output_str_char_pair
+                    }
                 }
                 _ => {
                     vec![vec![(display_contents, None)]]
@@ -4544,4 +4548,4 @@ mod tests {
         };
         assert!(remove_file("./test_emit_csv_jsonl.jsonl").is_ok());
     }
-}
+}
\ No newline at end of file
diff --git a/src/detections/detection.rs b/src/detections/detection.rs
index 502c26ff0..862ff9a14 100644
--- a/src/detections/detection.rs
+++ b/src/detections/detection.rs
@@ -806,7 +806,7 @@ impl Detection {
                     profile_converter.insert(key.as_str(), EventID("-".into()));
                 }
                 RecordID(_) => {
-                    profile_converter.insert(key.as_str(), RecordID("".into()));
+                    profile_converter.insert(key.as_str(), RecordID("-".into()));
                 }
                 RuleTitle(_) => {
                     profile_converter.insert(
diff --git a/src/detections/message.rs b/src/detections/message.rs
index 284f69849..646b87eb6 100644
--- a/src/detections/message.rs
+++ b/src/detections/message.rs
@@ -194,7 +194,7 @@ pub fn create_message(
                     if is_json_timeline {
                         record_details_info_map
                             .insert("#ExtraFieldInfo".into(), vec![CompactString::from("-")]);
-                        replaced_profiles.push((key.to_owned(), ExtraFieldInfo("".into())));
+                        replaced_profiles.push((key.to_owned(), ExtraFieldInfo("-".into())));
                     } else {
                         replaced_profiles.push((key.to_owned(), ExtraFieldInfo("-".into())));
                     }
@@ -230,7 +230,7 @@ pub fn create_message(
                     .collect();
                 if is_json_timeline {
                     record_details_info_map.insert("#ExtraFieldInfo".into(), extra_field_vec);
-                    replaced_profiles.push((key.to_owned(), ExtraFieldInfo("".into())));
+                    replaced_profiles.push((key.to_owned(), ExtraFieldInfo("-".into())));
                 } else if extra_field_vec.is_empty() {
                     replaced_profiles.push((key.to_owned(), ExtraFieldInfo("-".into())));
                 } else {

From c7c471c7dd343863d1e76d2ce5cf1d50d81f5b27 Mon Sep 17 00:00:00 2001
From: fukusuket <41001169+fukusuket@users.noreply.github.com>
Date: Sat, 18 May 2024 13:00:24 +0900
Subject: [PATCH 2/2] fix: add - console output when no content

---
 src/afterfact.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/afterfact.rs b/src/afterfact.rs
index 3a9bf8974..ccfed9b88 100644
--- a/src/afterfact.rs
+++ b/src/afterfact.rs
@@ -4548,4 +4548,4 @@ mod tests {
         };
         assert!(remove_file("./test_emit_csv_jsonl.jsonl").is_ok());
     }
-}
\ No newline at end of file
+}