CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Feature/output elapsedtime153 (#172)

Browse Source 
* add output process count of detects events #151

* add output process count of detects event when output stdio #151

* add format enter

* add output elapsed time #153

* fixed output position #153
This commit is contained in:
DustInDark
2021-11-10 19:38:04 +09:00
committed by GitHub
parent 0c7ad547bf
commit b278f12cec
5 changed files with 207 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/afterfact.rs
+2 -2
View File
@@ -93,10 +93,10 @@ fn emit_csv<W: std::io::Write>(writer: &mut W) -> Result<(), Box<dyn Error>> {
detect_count += detect_infos.len();
}
println!("");
println!("Events Detected:{:?}", detect_count);
println!("");
wtr.flush()?;
println!("");
println!("Events Detected:{:?}", detect_count);
Ok(())
}
src/detections/print.rs
-1
View File
@@ -161,7 +161,6 @@ impl Message {
}
println!("");
println!("Events Detected:{:?}", detect_count);
println!("");
}
pub fn iter(&self) -> &BTreeMap<DateTime<Utc>, Vec<DetectInfo>> {
src/main.rs
+8 -1
View File
@@ -1,6 +1,7 @@
extern crate serde;
extern crate serde_derive;
use chrono::{DateTime, Utc};
use evtx::{EvtxParser, ParserSettings};
use hayabusa::detections::detection;
use hayabusa::detections::detection::EvtxRecordInfo;
@@ -8,6 +9,7 @@ use hayabusa::detections::print::AlertMessage;
use hayabusa::omikuji::Omikuji;
use hayabusa::{afterfact::after_fact, detections::utils};
use hayabusa::{detections::configs, timeline::timeline::Timeline};
use hhmmss::Hhmmss;
use std::{
fs::{self, File},
path::PathBuf,
@@ -25,7 +27,7 @@ fn main() {
);
return;
}
let analysis_start_time: DateTime<Utc> = Utc::now();
if let Some(filepath) = configs::CONFIG.read().unwrap().args.value_of("filepath") {
analysis_files(vec![PathBuf::from(filepath)]);
} else if let Some(directory) = configs::CONFIG.read().unwrap().args.value_of("directory") {
@@ -33,7 +35,12 @@ fn main() {
analysis_files(evtx_files);
} else if configs::CONFIG.read().unwrap().args.is_present("credits") {
print_credits();
return;
}
let analysis_end_time: DateTime<Utc> = Utc::now();
let analysis_duration = analysis_end_time.signed_duration_since(analysis_start_time);
println!("Elapsed Time: {}", &analysis_duration.hhmmssxxx());
println!("");
}
fn collect_evtxfiles(dirpath: &str) -> Vec<PathBuf> {