diff --git a/Cargo.lock b/Cargo.lock index f9856a8b..b9bf94cd 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -74,9 +74,9 @@ checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" [[package]] name = "base-x" -version = "0.2.10" +version = "0.2.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dc19a4937b4fbd3fe3379793130e42060d10627a360f2127802b10b87e7baf74" +checksum = "4cbbc9d0964165b47557570cce6c952866c2678457aca742aafc9fb771d30270" [[package]] name = "base64" @@ -220,9 +220,9 @@ dependencies = [ [[package]] name = "clap" -version = "3.2.5" +version = "3.2.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d53da17d37dba964b9b3ecb5c5a1f193a2762c700e6829201e645b9381c99dc7" +checksum = "9f1fe12880bae935d142c8702d500c63a4e8634b6c3c57ad72bf978fc7b6249a" dependencies = [ "atty", "bitflags", @@ -237,9 +237,9 @@ dependencies = [ [[package]] name = "clap_derive" -version = "3.2.5" +version = "3.2.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c11d40217d16aee8508cc8e5fde8b4ff24639758608e5374e731b53f85749fb9" +checksum = "ed6db9e867166a43a53f7199b5e4d1f522a1e5bd626654be263c999ce59df39a" dependencies = [ "heck", "proc-macro-error", @@ -250,9 +250,9 @@ dependencies = [ [[package]] name = "clap_lex" -version = "0.2.2" +version = "0.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5538cd660450ebeb4234cfecf8f2284b844ffc4c50531e66d584ad5b91293613" +checksum = "87eba3c8c7f42ef17f6c659fc7416d0f4758cd3e58861ee63c5fa4a4dde649e4" dependencies = [ "os_str_bytes", ] @@ -330,9 +330,9 @@ dependencies = [ [[package]] name = "crossbeam-utils" -version = "0.8.9" +version = "0.8.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8ff1f980957787286a554052d03c7aee98d99cc32e09f6d45f0a814133c87978" +checksum = "7d82ee10ce34d7bc12c2122495e7593a9c41347ecdd64185af4ecf72cb1a7f83" dependencies = [ "cfg-if", "once_cell", @@ -496,7 +496,7 @@ dependencies = [ [[package]] name = "evtx" version = "0.7.3" -source = "git+https://github.com/Yamato-Security/hayabusa-evtx.git?rev=158d496#158d496e6f40a036fa30b35e245683c3f7981df6" +source = "git+https://github.com/Yamato-Security/hayabusa-evtx.git#825f8aa7ce3477cfb405f4f8041747db75382590" dependencies = [ "anyhow", "bitflags", @@ -673,12 +673,12 @@ dependencies = [ [[package]] name = "hayabusa" -version = "1.4.0-dev" +version = "1.4.0" dependencies = [ "base64", "bytesize", "chrono", - "clap 3.2.5", + "clap 3.2.6", "crossbeam-utils", "csv", "downcast-rs", @@ -819,9 +819,9 @@ dependencies = [ [[package]] name = "indexmap" -version = "1.9.0" +version = "1.9.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6c6392766afd7964e2531940894cffe4bd8d7d17dbc3c1c4857040fd4b33bdb3" +checksum = "10a35a97730320ffe8e2d410b5d3b69279b98d2c14bdb8b70ea89ecf7888d41e" dependencies = [ "autocfg", "hashbrown", @@ -877,9 +877,9 @@ checksum = "112c678d4050afce233f4f2852bb2eb519230b3cf12f33585275537d7e41578d" [[package]] name = "jemalloc-sys" -version = "0.5.0+5.3.0" +version = "0.5.1+5.3.0-patched" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f655c3ecfa6b0d03634595b4b54551d4bd5ac208b9e0124873949a7ab168f70b" +checksum = "b7c2b313609b95939cb0c5a5c6917fb9b7c9394562aa3ef44eb66ffa51736432" dependencies = [ "cc", "fs_extra", @@ -914,7 +914,7 @@ dependencies = [ "anyhow", "atty", "chrono", - "clap 3.2.5", + "clap 3.2.6", "file-chunker", "indicatif", "memmap2", @@ -980,9 +980,9 @@ dependencies = [ [[package]] name = "linked-hash-map" -version = "0.5.4" +version = "0.5.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7fb9b38af92608140b86b693604b9ffcc5824240a484d1ecd4795bacb2fe88f3" +checksum = "0717cef1bc8b636c6e1c1bbdefc09e6322da8a9321966e8928ef80d20f7f770f" [[package]] name = "lock_api" @@ -1044,9 +1044,9 @@ dependencies = [ [[package]] name = "mio" -version = "0.8.3" +version = "0.8.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "713d550d9b44d89174e066b7a6217ae06234c10cb47819a88290d2b353c31799" +checksum = "57ee1c23c7c63b0c9250c339ffdc69255f110b298b901b9f6c82547b7b87caaf" dependencies = [ "libc", "log", @@ -1140,9 +1140,9 @@ checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf" [[package]] name = "openssl-src" -version = "111.20.0+1.1.1o" +version = "111.21.0+1.1.1p" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "92892c4f87d56e376e469ace79f1128fdaded07646ddf73aa0be4706ff712dec" +checksum = "6d0a8313729211913936f1b95ca47a5fc7f2e04cd658c115388287f8a8361008" dependencies = [ "cc", ] @@ -1272,9 +1272,9 @@ checksum = "dbf0c48bc1d91375ae5c3cd81e3722dff1abcf81a30960240640d223f59fe0e5" [[package]] name = "proc-macro2" -version = "1.0.39" +version = "1.0.40" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c54b25569025b7fc9651de43004ae593a75ad88543b17178aa5e1b9c4f15f56f" +checksum = "dd96a1e8ed2596c337f8eae5f24924ec83f5ad5ab21ea8e455d3566c69fbcaf7" dependencies = [ "unicode-ident", ] @@ -1314,9 +1314,9 @@ dependencies = [ [[package]] name = "quote" -version = "1.0.19" +version = "1.0.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f53dc8cf16a769a6f677e09e7ff2cd4be1ea0f48754aac39520536962011de0d" +checksum = "3bcdf212e9776fbcb2d23ab029360416bb1706b1aea2d1a5ba002727cbcab804" dependencies = [ "proc-macro2", ] @@ -1572,9 +1572,9 @@ dependencies = [ [[package]] name = "smallvec" -version = "1.8.0" +version = "1.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f2dd574626839106c320a323308629dcb1acfc96e32a8cba364ddc61ac23ee83" +checksum = "cc88c725d61fc6c3132893370cac4a0200e3fedf5da8331c570664b1987f5ca2" [[package]] name = "socket2" @@ -1866,9 +1866,9 @@ dependencies = [ [[package]] name = "tracing-core" -version = "0.1.27" +version = "0.1.28" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7709595b8878a4965ce5e87ebf880a7d39c9afc6837721b21a5a816a8117d921" +checksum = "7b7358be39f2f274f322d2aaed611acc57f382e8eb1e5b48cb9ae30933495ce7" dependencies = [ "once_cell", ] @@ -1902,9 +1902,9 @@ checksum = "5bd2fe26506023ed7b5e1e315add59d6f584c621d037f9368fea9cfb988f368c" [[package]] name = "unicode-normalization" -version = "0.1.19" +version = "0.1.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d54590932941a9e9266f0832deed84ebe1bf2e4c9e4a3554d393d18f5e854bf9" +checksum = "81dee68f85cab8cf68dec42158baf3a79a1cdc065a8b103025965d6ccb7f6cbd" dependencies = [ "tinyvec", ] diff --git a/Cargo.toml b/Cargo.toml index a99e1da3..839be27c 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "hayabusa" -version = "1.4.0-dev" +version = "1.4.0" authors = ["Yamato Security @SecurityYamato"] edition = "2021" @@ -8,7 +8,7 @@ edition = "2021" [dependencies] clap = { version = "3.*", features = ["derive", "cargo"]} -evtx = { git = "https://github.com/Yamato-Security/hayabusa-evtx.git" , rev = "158d496" , features = ["fast-alloc"]} +evtx = { git = "https://github.com/Yamato-Security/hayabusa-evtx.git" , features = ["fast-alloc"]} quick-xml = {version = "0.*", features = ["serialize"] } serde = { version = "1.*", features = ["derive"] } serde_json = { version = "1.0"} diff --git a/README-Japanese.md b/README-Japanese.md index 11c842fe..3a2517ce 100644 --- a/README-Japanese.md +++ b/README-Japanese.md @@ -182,7 +182,7 @@ git clone https://github.com/Yamato-Security/hayabusa.git --recursive `git pull --recurse-submodules`コマンド、もしくは以下のコマンドで`rules`フォルダを同期し、Hayabusaの最新のルールを更新することができます: ```bash -hayabusa-1.3.2-win-x64.exe -u +hayabusa-1.4.0-win-x64.exe -u ``` アップデートが失敗した場合は、`rules`フォルダの名前を変更してから、もう一回アップデートしてみて下さい。 @@ -264,20 +264,20 @@ Hayabusa実行する際や、`.yml`ルールのダウンロードや実行時に ## Windows コマンドプロンプトやWindows Terminalから32ビットもしくは64ビットのWindowsバイナリをHayabusaのルートディレクトリから実行します。 -例: `hayabusa-1.3.2-windows-x64.exe` +例: `hayabusa-1.4.0-windows-x64.exe` ## Linux まず、バイナリに実行権限を与える必要があります。 ```bash -chmod +x ./hayabusa-1.3.2-linux-x64-gnu +chmod +x ./hayabusa-1.4.0-linux-x64-gnu ``` 次に、Hayabusaのルートディレクトリから実行します: ```bash -./hayabusa-1.3.2-linux-x64-gnu +./hayabusa-1.4.0-linux-x64-gnu ``` ## macOS @@ -285,13 +285,13 @@ chmod +x ./hayabusa-1.3.2-linux-x64-gnu まず、ターミナルやiTerm2からバイナリに実行権限を与える必要があります。 ```bash -chmod +x ./hayabusa-1.3.2-mac-intel +chmod +x ./hayabusa-1.4.0-mac-intel ``` 次に、Hayabusaのルートディレクトリから実行してみてください: ```bash -./hayabusa-1.3.2-mac-intel +./hayabusa-1.4.0-mac-intel ``` macOSの最新版では、以下のセキュリティ警告が出る可能性があります: @@ -305,7 +305,7 @@ macOSの環境設定から「セキュリティとプライバシー」を開き その後、ターミナルからもう一回実行してみてください: ```bash -./hayabusa-1.3.2-mac-intel +./hayabusa-1.4.0-mac-intel ``` 以下の警告が出るので、「開く」をクリックしてください。 @@ -366,79 +366,79 @@ OPTIONS: * 1つのWindowsイベントログファイルに対してHayabusaを実行します: ```bash -hayabusa-1.3.2-win-x64.exe -f eventlog.evtx +hayabusa-1.4.0-win-x64.exe -f eventlog.evtx ``` * 複数のWindowsイベントログファイルのあるsample-evtxディレクトリに対して、Hayabusaを実行します: ```bash -hayabusa-1.3.2-win-x64.exe -d .\hayabusa-sample-evtx +hayabusa-1.4.0-win-x64.exe -d .\hayabusa-sample-evtx ``` -* 全てのフィールド情報も含めて1つのCSVファイルにエクスポートして、Excel、Timeline Explorer、Elastic Stack等でさらに分析することができます: +* 全てのフィールド情報も含めて1つのCSVファイルにエクスポートして、Excel、Timeline Explorer、Elastic Stack等でさらに分析することができます(注意: `-F`を有効にすると、出力するファイルのサイズがとても大きくなります!): ```bash -hayabusa-1.3.2-win-x64.exe -d .\hayabusa-sample-evtx -o results.csv -F +hayabusa-1.4.0-win-x64.exe -d .\hayabusa-sample-evtx -o results.csv -F ``` * Hayabusaルールのみを実行します(デフォルトでは `-r .\rules` にあるすべてのルールが利用されます): ```bash -hayabusa-1.3.2-win-x64.exe -d .\hayabusa-sample-evtx -r .\rules\hayabusa -o results.csv +hayabusa-1.4.0-win-x64.exe -d .\hayabusa-sample-evtx -r .\rules\hayabusa -o results.csv ``` * Windowsでデフォルトで有効になっているログに対してのみ、Hayabusaルールを実行します: ```bash -hayabusa-1.3.2-win-x64.exe -d .\hayabusa-sample-evtx -r .\rules\hayabusa\default -o results.csv +hayabusa-1.4.0-win-x64.exe -d .\hayabusa-sample-evtx -r .\rules\hayabusa\default -o results.csv ``` * Sysmonログに対してのみHayabusaルールを実行します: ```bash -hayabusa-1.3.2-win-x64.exe -d .\hayabusa-sample-evtx -r .\rules\hayabusa\sysmon -o results.csv +hayabusa-1.4.0-win-x64.exe -d .\hayabusa-sample-evtx -r .\rules\hayabusa\sysmon -o results.csv ``` * Sigmaルールのみを実行します: ```bash -hayabusa-1.3.2-win-x64.exe -d .\hayabusa-sample-evtx -r .\rules\sigma -o results.csv +hayabusa-1.4.0-win-x64.exe -d .\hayabusa-sample-evtx -r .\rules\sigma -o results.csv ``` * 廃棄(deprecated)されたルール(`status`が`deprecated`になっているルール)とノイジールール(`.\rules\config\noisy_rules.txt`にルールIDが書かれているルール)を有効にします: ```bash -hayabusa-1.3.2-win-x64.exe -d .\hayabusa-sample-evtx --enable-deprecated-rules --enable-noisy-rules -o results.csv +hayabusa-1.4.0-win-x64.exe -d .\hayabusa-sample-evtx --enable-deprecated-rules --enable-noisy-rules -o results.csv ``` * ログオン情報を分析するルールのみを実行し、UTCタイムゾーンで出力します: ```bash -hayabusa-1.3.2-win-x64.exe -d .\hayabusa-sample-evtx -r .\rules\hayabusa\default\events\Security\Logons -U -o results.csv +hayabusa-1.4.0-win-x64.exe -d .\hayabusa-sample-evtx -r .\rules\hayabusa\default\events\Security\Logons -U -o results.csv ``` * 起動中のWindows端末上で実行し(Administrator権限が必要)、アラート(悪意のある可能性のある動作)のみを検知します: ```bash -hayabusa-1.3.2-win-x64.exe -l -m low +hayabusa-1.4.0-win-x64.exe -l -m low ``` * criticalレベルのアラートからピボットキーワードの一覧を作成します(結果は結果毎に`keywords-Ip Address.txt`や`keyworss-Users.txt`等に出力されます): ```bash -hayabusa-1.3.2-win-x64.exe -l -m critical -p -o keywords +hayabusa-1.4.0-win-x64.exe -l -m critical -p -o keywords ``` * イベントIDの統計情報を取得します: ```bash -hayabusa-1.3.2-win-x64.exe -f Security.evtx -s +hayabusa-1.4.0-win-x64.exe -f Security.evtx -s ``` * 詳細なメッセージを出力します(処理に時間がかかるファイル、パースエラー等を特定するのに便利): ```bash -hayabusa-1.3.2-win-x64.exe -d .\hayabusa-sample-evtx -v +hayabusa-1.4.0-win-x64.exe -d .\hayabusa-sample-evtx -v ``` * Verbose出力の例: @@ -659,7 +659,7 @@ Hayabusaルールは、Windowsのイベントログ解析専用に設計され ## 検知レベルのlevelチューニング Hayabusaルール、Sigmaルールはそれぞれの作者が検知した際のリスクレベルを決めています。 -ユーザが独自のリスクレベルに設定するには`./rules/config/level_tuning.txt`に変換情報を書き、`hayabusa-1.3.2-win-x64.exe --level-tuning`を実行することでルールファイルが書き換えられます。 +ユーザが独自のリスクレベルに設定するには`./rules/config/level_tuning.txt`に変換情報を書き、`hayabusa-1.4.0-win-x64.exe --level-tuning`を実行することでルールファイルが書き換えられます。 ルールファイルが直接書き換えられることに注意して使用してください。 `./rules/config/level_tuning.txt`の例: diff --git a/README.md b/README.md index f0d8df8a..a6e0bacc 100644 --- a/README.md +++ b/README.md @@ -175,7 +175,7 @@ Note: If you forget to use --recursive option, the `rules` folder, which is mana You can sync the `rules` folder and get latest Hayabusa rules with `git pull --recurse-submodules` or use the following command: ```bash -hayabusa-1.3.2-win-x64.exe -u +hayabusa-1.4.0-win-x64.exe -u ``` If the update fails, you may need to rename the `rules` folder and try again. @@ -260,20 +260,20 @@ If you are worried about malware or supply chain attacks, please check the hayab ## Windows In Command Prompt or Windows Terminal, just run the 32-bit or 64-bit Windows binary from the hayabusa root directory. -Example: `hayabusa-1.3.2-windows-x64.exe` +Example: `hayabusa-1.4.0-windows-x64.exe` ## Linux You first need to make the binary executable. ```bash -chmod +x ./hayabusa-1.3.2-linux-x64-gnu +chmod +x ./hayabusa-1.4.0-linux-x64-gnu ``` Then run it from the Hayabusa root directory: ```bash -./hayabusa-1.3.2-linux-x64-gnu +./hayabusa-1.4.0-linux-x64-gnu ``` ## macOS @@ -281,13 +281,13 @@ Then run it from the Hayabusa root directory: From Terminal or iTerm2, you first need to make the binary executable. ```bash -chmod +x ./hayabusa-1.3.2-mac-intel +chmod +x ./hayabusa-1.4.0-mac-intel ``` Then, try to run it from the Hayabusa root directory: ```bash -./hayabusa-1.3.2-mac-intel +./hayabusa-1.4.0-mac-intel ``` On the latest version of macOS, you may receive the following security error when you try to run it: @@ -301,7 +301,7 @@ Click "Cancel" and then from System Preferences, open "Security & Privacy" and f After that, try to run it again. ```bash -./hayabusa-1.3.2-mac-intel +./hayabusa-1.4.0-mac-intel ``` The following warning will pop up, so please click "Open". @@ -362,79 +362,79 @@ OPTIONS: * Run hayabusa against one Windows event log file: ```bash -hayabusa-1.3.2-win-x64.exe -f eventlog.evtx +hayabusa-1.4.0-win-x64.exe -f eventlog.evtx ``` * Run hayabusa against the sample-evtx directory with multiple Windows event log files: ```bash -hayabusa-1.3.2-win-x64.exe -d .\hayabusa-sample-evtx +hayabusa-1.4.0-win-x64.exe -d .\hayabusa-sample-evtx ``` -* Export to a single CSV file for further analysis with excel, timeline explorer, elastic stack, etc... and include all field information: +* Export to a single CSV file for further analysis with excel, timeline explorer, elastic stack, etc... and include all field information (Warning: your file output size will become much larger with `-F` enabled!): ```bash -hayabusa-1.3.2-win-x64.exe -d .\hayabusa-sample-evtx -o results.csv -F +hayabusa-1.4.0-win-x64.exe -d .\hayabusa-sample-evtx -o results.csv -F ``` * Only run hayabusa rules (the default is to run all the rules in `-r .\rules`): ```bash -hayabusa-1.3.2-win-x64.exe -d .\hayabusa-sample-evtx -r .\rules\hayabusa -o results.csv +hayabusa-1.4.0-win-x64.exe -d .\hayabusa-sample-evtx -r .\rules\hayabusa -o results.csv ``` * Only run hayabusa rules for logs that are enabled by default on Windows: ```bash -hayabusa-1.3.2-win-x64.exe -d .\hayabusa-sample-evtx -r .\rules\hayabusa\default -o results.csv +hayabusa-1.4.0-win-x64.exe -d .\hayabusa-sample-evtx -r .\rules\hayabusa\default -o results.csv ``` * Only run hayabusa rules for sysmon logs: ```bash -hayabusa-1.3.2-win-x64.exe -d .\hayabusa-sample-evtx -r .\rules\hayabusa\sysmon -o results.csv +hayabusa-1.4.0-win-x64.exe -d .\hayabusa-sample-evtx -r .\rules\hayabusa\sysmon -o results.csv ``` * Only run sigma rules: ```bash -hayabusa-1.3.2-win-x64.exe -d .\hayabusa-sample-evtx -r .\rules\sigma -o results.csv +hayabusa-1.4.0-win-x64.exe -d .\hayabusa-sample-evtx -r .\rules\sigma -o results.csv ``` * Enable deprecated rules (those with `status` marked as `deprecated`) and noisy rules (those whose rule ID is listed in `.\rules\config\noisy_rules.txt`): ```bash -hayabusa-1.3.2-win-x64.exe -d .\hayabusa-sample-evtx --enable-noisy-rules --enable-deprecated-rules -o results.csv +hayabusa-1.4.0-win-x64.exe -d .\hayabusa-sample-evtx --enable-noisy-rules --enable-deprecated-rules -o results.csv ``` * Only run rules to analyze logons and output in the UTC timezone: ```bash -hayabusa-1.3.2-win-x64.exe -d .\hayabusa-sample-evtx -r .\rules\hayabusa\default\events\Security\Logons -U -o results.csv +hayabusa-1.4.0-win-x64.exe -d .\hayabusa-sample-evtx -r .\rules\hayabusa\default\events\Security\Logons -U -o results.csv ``` * Run on a live Windows machine (requires Administrator privileges) and only detect alerts (potentially malicious behavior): ```bash -hayabusa-1.3.2-win-x64.exe -l -m low +hayabusa-1.4.0-win-x64.exe -l -m low ``` * Create a list of pivot keywords from critical alerts and save the results. (Results will be saved to `keywords-Ip Addresses.txt`, `keywords-Users.txt`, etc...): ```bash -hayabusa-1.3.2-win-x64.exe -l -m critical -p -o keywords +hayabusa-1.4.0-win-x64.exe -l -m critical -p -o keywords ``` * Print Event ID statistics: ```bash -hayabusa-1.3.2-win-x64.exe -f Security.evtx -s +hayabusa-1.4.0-win-x64.exe -f Security.evtx -s ``` * Print verbose information (useful for determining which files take long to process, parsing errors, etc...): ```bash -hayabusa-1.3.2-win-x64.exe -d .\hayabusa-sample-evtx -v +hayabusa-1.4.0-win-x64.exe -d .\hayabusa-sample-evtx -v ``` * Verbose output example: @@ -655,7 +655,7 @@ You can also add a rule ID to `rules/config/noisy_rules.txt` in order to ignore Hayabusa and Sigma rule authors will determine the risk level of the alert when writing their rules. However, the actual risk level will differ between environments. -You can tune the risk level of the rules by adding them to `./rules/config/level_tuning.txt` and executing `hayabusa-1.3.2-win-x64.exe --level-tuning` which will update the `level` line in the rule file. +You can tune the risk level of the rules by adding them to `./rules/config/level_tuning.txt` and executing `hayabusa-1.4.0-win-x64.exe --level-tuning` which will update the `level` line in the rule file. Please note that the rule file will be updated directly. `./rules/config/level_tuning.txt` sample line: diff --git a/screenshots/Hayabusa-Results.png b/screenshots/Hayabusa-Results.png index 026b686d..61c23587 100644 Binary files a/screenshots/Hayabusa-Results.png and b/screenshots/Hayabusa-Results.png differ diff --git a/screenshots/Hayabusa-Startup.png b/screenshots/Hayabusa-Startup.png index 72b5284b..ec3849cc 100644 Binary files a/screenshots/Hayabusa-Startup.png and b/screenshots/Hayabusa-Startup.png differ diff --git a/src/afterfact.rs b/src/afterfact.rs index 7e1047b1..e8e98755 100644 --- a/src/afterfact.rs +++ b/src/afterfact.rs @@ -428,7 +428,6 @@ fn emit_csv( ) .ok(); println!(); - println!(); _print_unique_results( total_detect_counts_by_level,