CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

exec from detection.rs

Browse Source
This commit is contained in:
kazuminn
2020-10-31 19:12:09 +09:00
parent 4649ff97b3
commit 481cbaa18e
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/detections/detection.rs
View File

@@ -2,6 +2,7 @@ extern crate csv;
extern crate quick_xml; extern crate quick_xml;
use crate::detections::application; use crate::detections::application;
use crate::detections::applocker;
use crate::detections::common; use crate::detections::common;
use crate::detections::powershell; use crate::detections::powershell;
use crate::detections::security; use crate::detections::security;
@@ -29,6 +30,7 @@ impl Detection {
let mut security = security::Security::new(); let mut security = security::Security::new();
let mut system = system::System::new(); let mut system = system::System::new();
let mut application = application::Application::new(); let mut application = application::Application::new();
let mut applocker = applocker::AppLocker::new();
let mut sysmon = sysmon::Sysmon::new(); let mut sysmon = sysmon::Sysmon::new();
let mut powershell = powershell::PowerShell::new(); let mut powershell = powershell::PowerShell::new();
@@ -41,7 +43,6 @@ impl Detection {
let event_data = event.parse_event_data(); let event_data = event.parse_event_data();
&common.detection(&event.system, &event_data); &common.detection(&event.system, &event_data);
//&common.detection(&event.system, &event_data);
if channel == "Security" { if channel == "Security" {
&security.detection(event_id, &event.system, &event.user_data, event_data); &security.detection(event_id, &event.system, &event.user_data, event_data);
} else if channel == "System" { } else if channel == "System" {
@@ -52,6 +53,8 @@ impl Detection {
&powershell.detection(event_id, &event.system, event_data); &powershell.detection(event_id, &event.system, event_data);
} else if channel == "Microsoft-Windows-Sysmon/Operational" { } else if channel == "Microsoft-Windows-Sysmon/Operational" {
&sysmon.detection(event_id, &event.system, event_data); &sysmon.detection(event_id, &event.system, event_data);
} else if channel == "Microsoft-Windows-Applocker/Operational" {
&applocker.detection(event_id, &event.system, event_data);
} else { } else {
//&other.detection(); //&other.detection();
} }