From 7e3e38d0548a738d36ff8d4e92567f2cab16863e Mon Sep 17 00:00:00 2001
From: Cesaryuan <35998162+cesaryuan@users.noreply.github.com>
Date: Sat, 6 Jan 2024 22:25:51 +0800
Subject: [PATCH] fix: SUB-RULE with PROCESS-NAME rule payload not working
 (#953)

---
 rules/logic/logic.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/rules/logic/logic.go b/rules/logic/logic.go
index fde96e199..af8c31a4b 100644
--- a/rules/logic/logic.go
+++ b/rules/logic/logic.go
@@ -217,6 +217,13 @@ func (logic *Logic) parsePayload(payload string, parseRule ParseRuleFunc) error
 				return err
 			}
 
+			if rule.ShouldResolveIP() {
+				logic.needIP = true
+			}
+			if rule.ShouldFindProcess() {
+				logic.needProcess = true
+			}
+
 			rules = append(rules, rule)
 		}