CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

display default channel name if not defined (#555)

Browse Source 
* displayed other channel data in Channel column #553

* updated changelog #553

* updated changelog

* readme and channel abbreviataions update

* changelog update

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
This commit is contained in:
DustInDark
2022-06-01 13:01:14 +09:00
committed by GitHub
parent 7a7afe732c
commit 2dcf960d51
7 changed files with 69 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+28 -28
View File
@@ -530,34 +530,34 @@ If you want to output all the tags defined in a rule, please specify the `--all-
In order to save space, we use the following abbreviations when displaying Channel.
You can freely edit these abbreviations in the `config/channel_abbreviations.txt` configuration file.
* `Application` : App
* `DNS Server` : DNS-Svr
* `Microsoft-ServiceBus-Client` : SvcBusCli
* `Microsoft-Windows-CodeIntegrity/Operational` : CodeInteg
* `Microsoft-Windows-LDAP-Client/Debug` : LDAP-Cli
* `Microsoft-Windows-AppLocker/MSI and Script` : AppLocker
* `Microsoft-Windows-AppLocker/EXE and DLL` : AppLocker
* `Microsoft-Windows-AppLocker/Packaged app-Deployment` : AppLocker
* `Microsoft-Windows-AppLocker/Packaged app-Execution` : AppLocker
* `Microsoft-Windows-Bits-Client/Operational` : BitsCli
* `Microsoft-Windows-DHCP-Server/Operational` : DHCP-Svr
* `Microsoft-Windows-DriverFrameworks-UserMode/Operational` : DvrFmwk
* `Microsoft-Windows-NTLM/Operational` : NTLM
* `Microsoft-Windows-Security-Mitigations/KernelMode` : SecMitigations
* `Microsoft-Windows-Security-Mitigations/UserMode` : SecMitigations
* `Microsoft-Windows-SmbClient/Security` : SmbCliSec
* `Microsoft-Windows-Sysmon/Operational` : Sysmon
* `Microsoft-Windows-TaskScheduler/Operational` : TaskSch
* `Microsoft-Windows-PrintService/Admin` : PrintAdm
* `Microsoft-Windows-PrintService/Operational` : PrintOp
* `Microsoft-Windows-PowerShell/Operational` : PwSh
* `Microsoft-Windows-Windows Defender/Operational` : Defender
* `Microsoft-Windows-Windows Firewall With Advanced Security/Firewall` : Firewall
* `Microsoft-Windows-WMI-Activity/Operational` : WMI
* `MSExchange Management` : Exchange
* `Security` : Sec
* `System` : Sys
* `Windows PowerShell` : WinPwSh
* `App` : `Application`
* `AppLocker` : `Microsoft-Windows-AppLocker/*`
* `BitsCli` : `Microsoft-Windows-Bits-Client/Operational`
* `CodeInteg` : `Microsoft-Windows-CodeIntegrity/Operational`
* `Defender` : `Microsoft-Windows-Windows Defender/Operational`
* `DHCP-Svr` : `Microsoft-Windows-DHCP-Server/Operational`
* `DNS-Svr` : `DNS Server`
* `DvrFmwk` : `Microsoft-Windows-DriverFrameworks-UserMode/Operational`
* `Exchange` : `MSExchange Management`
* `Firewall` : `Microsoft-Windows-Windows Firewall With Advanced Security/Firewall`
* `KeyMgtSvc` : `Key Management Service`
* `LDAP-Cli` : `Microsoft-Windows-LDAP-Client/Debug`
* `NTLM` `Microsoft-Windows-NTLM/Operational`
* `OpenSSH` : `OpenSSH/Operational`
* `PrintAdm` : `Microsoft-Windows-PrintService/Admin`
* `PrintOp` : `Microsoft-Windows-PrintService/Operational`
* `PwSh` : `Microsoft-Windows-PowerShell/Operational`
* `PwShClassic` : `Windows PowerShell`
* `RDP-Client` : `Microsoft-Windows-TerminalServices-RDPClient/Operational`
* `Sec` : `Security`
* `SecMitig` : `Microsoft-Windows-Security-Mitigations/*`
* `SmbCliSec` : `Microsoft-Windows-SmbClient/Security`
* `SvcBusCli` : `Microsoft-ServiceBus-Client`
* `Sys` : `System`
* `Sysmon` : `Microsoft-Windows-Sysmon/Operational`
* `TaskSch` : `Microsoft-Windows-TaskScheduler/Operational`
* `WinRM` : `Microsoft-Windows-WinRM/Operational`
* `WMI` : `Microsoft-Windows-WMI-Activity/Operational`
## Progress Bar