From a68e3411359d803a6311fa1b8493a74ad1f0a8e7 Mon Sep 17 00:00:00 2001 From: DastInDark <2350416+hitenkoku@users.noreply.github.com> Date: Fri, 7 Oct 2022 12:49:59 +0900 Subject: [PATCH 1/6] excluded detections rules output when metrics and logon_summary #730 --- src/main.rs | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/main.rs b/src/main.rs index fa78a0cd..4f29e42d 100644 --- a/src/main.rs +++ b/src/main.rs @@ -623,8 +623,10 @@ impl App { let total_size_output = format!("Total file size: {}", total_file_size.to_string_as(false)); println!("{}", total_size_output); println!(); - println!("Loading detections rules. Please wait."); - println!(); + if !(configs::CONFIG.read().unwrap().args.metrics || configs::CONFIG.read().unwrap().args.logon_summary) { + println!("Loading detections rules. Please wait."); + println!(); + } if configs::CONFIG.read().unwrap().args.html_report.is_some() { let output_data = vec![ From 538469c25ef8bcf507db45431d10ceb58fe7b94e Mon Sep 17 00:00:00 2001 From: DastInDark <2350416+hitenkoku@users.noreply.github.com> Date: Fri, 7 Oct 2022 12:51:28 +0900 Subject: [PATCH 2/6] cargo fmt --- src/main.rs | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/main.rs b/src/main.rs index 4f29e42d..7de2a220 100644 --- a/src/main.rs +++ b/src/main.rs @@ -623,7 +623,9 @@ impl App { let total_size_output = format!("Total file size: {}", total_file_size.to_string_as(false)); println!("{}", total_size_output); println!(); - if !(configs::CONFIG.read().unwrap().args.metrics || configs::CONFIG.read().unwrap().args.logon_summary) { + if !(configs::CONFIG.read().unwrap().args.metrics + || configs::CONFIG.read().unwrap().args.logon_summary) + { println!("Loading detections rules. Please wait."); println!(); } From d3c59199ae2fba0fe366b5ce968d80ee6d63b315 Mon Sep 17 00:00:00 2001 From: DastInDark <2350416+hitenkoku@users.noreply.github.com> Date: Fri, 7 Oct 2022 13:05:38 +0900 Subject: [PATCH 3/6] updated changelog #730 --- CHANGELOG-Japanese.md | 4 ++++ CHANGELOG.md | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/CHANGELOG-Japanese.md b/CHANGELOG-Japanese.md index f3638a7d..b2220eb7 100644 --- a/CHANGELOG-Japanese.md +++ b/CHANGELOG-Japanese.md @@ -2,6 +2,10 @@ ## 1.7.1 [2022/xx/xx] +**改善:** + +- 検知ルールを利用しないオプション(`-M`と`-L`オプション)の時のメッセージの出力内容を修正した。 (#730) (@hitenkoku) + **バグ修正:** - より正確な結果を出力するために、チャンネルとEIDの情報を`rules/config/channel_eid_info.txt`に基づいてチェックするようにした。 (#463) (@garigariganzy) diff --git a/CHANGELOG.md b/CHANGELOG.md index f7dc5318..01d17cba 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ ## 1.7.1 [2022/xx/xx] +**Enhancements:** + +- Fixed Display contents with no use detection rule option. (`-M` and `-L` ) (#730) (@hitenkoku) + **Bug Fixes:** - Hayabusa now checks Channel and EID information based on `rules/config/channel_eid_info.txt` to provide more accurate results. (#463) (@garigariganzy) From 27a44918a824506101f2683ccece613fd6906979 Mon Sep 17 00:00:00 2001 From: DastInDark <2350416+hitenkoku@users.noreply.github.com> Date: Fri, 7 Oct 2022 13:05:51 +0900 Subject: [PATCH 4/6] updated rules --- rules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules b/rules index a8c20083..45262b36 160000 --- a/rules +++ b/rules @@ -1 +1 @@ -Subproject commit a8c200833146142246d72087438aa51ca6857185 +Subproject commit 45262b36120ea76cec441fb2fa13cae248b75dfb From fa1b971bf3d43c4359e341dec006367d52cdc731 Mon Sep 17 00:00:00 2001 From: Yamato Security <71482215+YamatoSecurity@users.noreply.github.com> Date: Fri, 7 Oct 2022 15:43:31 +0900 Subject: [PATCH 5/6] change slight wording --- src/main.rs | 2 +- src/timeline/timelines.rs | 7 +++---- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/src/main.rs b/src/main.rs index 7de2a220..f1213028 100644 --- a/src/main.rs +++ b/src/main.rs @@ -257,7 +257,7 @@ impl App { write_color_buffer( &BufferWriter::stdout(ColorChoice::Always), None, - "Generating Logons Summary", + "Generating Logon Summary", true, ) .ok(); diff --git a/src/timeline/timelines.rs b/src/timeline/timelines.rs index 3532ce50..dcf24770 100644 --- a/src/timeline/timelines.rs +++ b/src/timeline/timelines.rs @@ -48,7 +48,7 @@ impl Timeline { } // 出力メッセージ作成 let mut sammsges: Vec = Vec::new(); - let total_event_record = format!("\nTotal Event Records: {}\n", self.stats.total); + let total_event_record = format!("\n\nTotal Event Records: {}\n", self.stats.total); if CONFIG.read().unwrap().args.filepath.is_some() { sammsges.push(format!("Evtx File Path: {}", self.stats.filepath)); sammsges.push(total_event_record); @@ -112,7 +112,7 @@ impl Timeline { } // 出力メッセージ作成 let mut sammsges: Vec = Vec::new(); - let total_event_record = format!("\nTotal Event Records: {}\n", self.stats.total); + let total_event_record = format!("\n\nTotal Event Records: {}\n", self.stats.total); if CONFIG.read().unwrap().args.filepath.is_some() { sammsges.push(format!("Evtx File Path: {}", self.stats.filepath)); sammsges.push(total_event_record); @@ -184,7 +184,7 @@ impl Timeline { /// ユーザ毎のログイン統計情報出力メッセージ生成 fn tm_loginstats_tb_set_msg(&self) { - println!("Logon Summary"); + println!(" Logon Summary:"); if self.stats.stats_login_list.is_empty() { let mut loginmsges: Vec = Vec::new(); loginmsges.push("-----------------------------------------".to_string()); @@ -235,7 +235,6 @@ impl Timeline { logins_stats_tb.add_row(record_data); } println!("{logins_stats_tb}"); - println!(); } } } From 7e8695875b786ce210d02b160613846514ea2ef6 Mon Sep 17 00:00:00 2001 From: Yamato Security <71482215+YamatoSecurity@users.noreply.github.com> Date: Fri, 7 Oct 2022 15:45:14 +0900 Subject: [PATCH 6/6] update changelog --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 01d17cba..e7e694a5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ **Enhancements:** -- Fixed Display contents with no use detection rule option. (`-M` and `-L` ) (#730) (@hitenkoku) +- Do not display a message about loading detection rules when using the `-M` or `-L` options. (#730) (@hitenkoku) **Bug Fixes:**