Merge pull request #739 from Yamato-Security/change-back-to-evtx-0.8.3

use evtx 0.8.3
2022-10-11 10:18:08 +09:00
parent 4f02fcba06 ff2f52811f
commit 4a82fe5dfa
9 changed files with 16 additions and 18180 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,7 +11,7 @@

 **Bug Fixes:**

- Fixed a bug where the same Channel and EID would be counted seperately with the `-M` option. (#729) (@hitenkoku)
+- Fixed a bug where the same Channel and EID would be counted separately with the `-M` option. (#729) (@hitenkoku)

 ## 1.7.0 [2022/09/29]

--- a/Cargo.lock
+++ b/Cargo.lock
@@ -594,8 +594,8 @@ dependencies = [

 [[package]]
 name = "evtx"
-version = "0.8.2"
-source = "git+https://github.com/Yamato-Security/hayabusa-evtx.git?rev=95b1c6a#95b1c6a1eebe6e2dc7be896974e92e912ddb6780"
+version = "0.8.3"
+source = "git+https://github.com/Yamato-Security/hayabusa-evtx.git?rev=5b0884d#5b0884dbc05a9dfd68d78063f9401eac14eea076"
 dependencies = [
 "anyhow",
 "bitflags",
@@ -1123,9 +1123,9 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"

 [[package]]
 name = "libc"
-version = "0.2.134"
+version = "0.2.135"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "329c933548736bc49fd575ee68c89e8be4d260064184389a5b77517cddd99ffb"
+checksum = "68783febc7782c6c5cb401fbda4de5a9898be1762314da0bb2c10ced61f18b0c"

 [[package]]
 name = "libgit2-sys"
@@ -1289,9 +1289,9 @@ dependencies = [

 [[package]]
 name = "num-format"
-version = "0.4.2"
+version = "0.4.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cc2a6559322ec7c5b7188ac5ca85865b187a46b03d30b00f0c0e3549eecadb1e"
+checksum = "54b862ff8df690cf089058c98b183676a7ed0f974cc08b426800093227cbff3b"
 dependencies = [
 "arrayvec",
 "itoa 1.0.4",
@@ -1525,9 +1525,9 @@ checksum = "a1d01941d82fa2ab50be1e79e6714289dd7cde78eba4c074bc5a4374f650dfe0"

 [[package]]
 name = "quick-xml"
-version = "0.23.1"
+version = "0.25.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "11bafc859c6815fbaffbbbf4229ecb767ac913fecb27f9ad4343662e9ef099ea"
+checksum = "58e21a144a0ffb5fad7b464babcdab934a325ad69b7c0373bcfef5cbd9799ca9"
 dependencies = [
 "memchr",
 "serde",
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -8,8 +8,8 @@ edition = "2021"
 itertools = "*"
 dashmap = "*"
 clap = { version = "3.*", features = ["derive", "cargo"]}
-evtx = { git = "https://github.com/Yamato-Security/hayabusa-evtx.git" , features = ["fast-alloc"] , rev = "95b1c6a" } #0.8.2. Using the older version as the newer versions won't compile on windows 32-bit.
-quick-xml = {version = "0.23.*", features = ["serialize"] }
+evtx = { git = "https://github.com/Yamato-Security/hayabusa-evtx.git" , features = ["fast-alloc"] , rev = "5b0884d" } # 0.8.3
+quick-xml = {version = "0.25.*", features = ["serialize"] }
 serde = { version = "1.*", features = ["derive"] }
 serde_json = { version = "1.0"}
 serde_derive = "1.*"
--- a/README-1.7.1-English.pdf
+++ b/README-1.7.1-English.pdf
--- a/README-Japanese.md
+++ b/README-Japanese.md
@@ -168,8 +168,6 @@ Hayabusaは従来のWindowsイベントログ分析解析と比較して、分

 # タイムラインのサンプル結果

-CSVのタイムライン結果のサンプルは[こちら](https://github.com/Yamato-Security/hayabusa/tree/main/sample-results)で確認できます。
-
 CSVのタイムラインをExcelやTimeline Explorerで分析する方法は[こちら](doc/CSV-AnalysisWithExcelAndTimelineExplorer-Japanese.pdf)で紹介しています。

 CSVのタイムラインをElastic Stackにインポートする方法は[こちら](doc/ElasticStackImport/ElasticStackImport-Japanese.md)で紹介しています。
@@ -260,6 +258,8 @@ rustup target add i686-pc-windows-msvc
 rustup run stable-i686-pc-windows-msvc cargo build --release
 ```

+> **注意: Rust の新しい安定版が出たときには必ず`rustup install stable-i686-pc-windows-msvc`を実行してください。`rustup update stable` はクロスコンパイル用のコンパイラを更新しないので、ビルドエラーが発生することがあります。**
+
 ## macOSでのコンパイルの注意点

 opensslについてのコンパイルエラーが表示される場合は、[Homebrew](https://brew.sh/)をインストールしてから、以下のパッケージをインストールする必要があります：
--- a/README.md
+++ b/README.md
@@ -160,8 +160,6 @@ Hayabusa hopes to let analysts get 80% of their work done in 20% of the time whe

 # Analyzing Sample Timeline Results

-You can check out a sample CSV timeline [here](https://github.com/Yamato-Security/hayabusa/tree/main/sample-results).
-
 You can learn how to analyze CSV timelines in Excel and Timeline Explorer [here](doc/CSV-AnalysisWithExcelAndTimelineExplorer-English.pdf).

 You can learn how to import CSV files into Elastic Stack [here](doc/ElasticStackImport/ElasticStackImport-English.md).
@@ -255,6 +253,8 @@ rustup target add i686-pc-windows-msvc
 rustup run stable-i686-pc-windows-msvc cargo build --release
 ```

+> **Warning: Be sure to run `rustup install stable-i686-pc-windows-msvc` whenever there is a new stable version of Rust as `rustup update stable` will not update the compiler for cross compiling and you may receive build errors.**
+
 ## macOS Compiling Notes

 If you receive compile errors about openssl, you will need to install [Homebrew](https://brew.sh/) and then install the following packages:
--- a/2
+++ b/2
--- a/sample-results/README.md
+++ b/sample-results/README.md
@@ -1,6 +0,0 @@
-`hayabusa-sample-results-2022-04-16.csv` was created by running:
-```bash
-hayabusa.exe -d ./hayabusa-sample-evtx -o hayabusa-sample-results-2022-04-16.csv -U
-```
-
-The sample evtx files used came from [this](https://github.com/Yamato-Security/hayabusa-sample-evtx) repository.
--- a/sample-results/hayabusa-sample-results-2022-04-16.csv
+++ b/sample-results/hayabusa-sample-results-2022-04-16.csv