CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add regexes and whitelist functions

Browse Source
This commit is contained in:
akiranishikawa
2020-11-20 16:32:40 +09:00
parent a794e011a9
commit b183e61596
2 changed files with 99 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/detections/system.rs
View File

@@ -30,7 +30,7 @@ impl System {
let default = String::from("");
let servicename = &event_data.get("ServiceName").unwrap_or(&default);
let commandline = &event_data.get("ImagePath").unwrap_or(&default);
let text = utils::check_regex(&servicename, 1);
let text = utils::check_regex_old(&servicename, 1);
if !text.is_empty() {
println!("Message : New Service Created");
println!("Command : {}", commandline);
@@ -56,7 +56,7 @@ impl System {
println!("Message : Interactive service warning");
println!("Results : Service name: {}", servicename);
println!("Results : Malware (and some third party software) trigger this warning");
println!("{}", utils::check_regex(&servicename, 1));
println!("{}", utils::check_regex_old(&servicename, 1));
}
fn suspicious_service_name(&mut self, event_id: &String, event_data: &HashMap<String, String>) {
@@ -66,7 +66,7 @@ impl System {
let default = String::from("");
let servicename = &event_data.get("param1").unwrap_or(&default);
let text = utils::check_regex(&servicename, 1);
let text = utils::check_regex_old(&servicename, 1);
if !text.is_empty() {
println!("Message : Suspicious Service Name");
println!("Results : Service name: {}", servicename);