CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Feature/output logo#206 (#222)

Browse Source 
* add output logo #206

* added newline and orgnization name #206

* add output rule count #200

* Changed yml summarize the totals for each folder hierarchy. #157

* added analyzing evtx file count output #157

* added loaded rule count output #157

* added quiet option #206
This commit is contained in:
DustInDark
2021-11-21 15:16:44 +09:00
committed by GitHub
parent 86321a4502
commit b53342218c
5 changed files with 68 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/detections/configs.rs
+1
View File
@@ -52,6 +52,7 @@ fn build_app<'a>() -> ArgMatches<'a> {
--rfc-2822 'Output date and time in RFC 2822 format. Example: Mon, 07 Aug 2006 12:34:56 -0600'
--rfc-3339 'Output date and time in RFC 3339 format. Example: 2006-08-07T12:34:56.485214 -06:00'
--verbose 'Output check information to target event file path and rule file.'
-q 'Quiet Output Logo'
-r --rules=[RULEDIRECTORY] 'using target of rule file directory'
-L --level=[LEVEL] 'Specified execute rule level(default: LOW)'
-u --utc 'Output time in UTC format(default: local time)'
src/detections/detection.rs
+21
View File
@@ -2,6 +2,7 @@ extern crate csv;
use crate::detections::rule::AggResult;
use serde_json::Value;
use std::collections::HashMap;
use tokio::{runtime::Runtime, spawn, task::JoinHandle};
use crate::detections::print::AlertMessage;
@@ -51,6 +52,11 @@ impl Detection {
// ルールファイルのパースを実行
let mut rulefile_loader = ParseYaml::new();
let result_readdir = rulefile_loader.read_dir(rulespath.unwrap_or(DIRPATH_RULES), &level);
Detection::print_rule_load_info(
rulefile_loader.rulecounter,
rulefile_loader.parseerror_count,
rulefile_loader.ignore_count,
);
if result_readdir.is_err() {
AlertMessage::alert(
&mut std::io::stderr().lock(),
@@ -201,6 +207,21 @@ impl Detection {
));
return ret;
}
pub fn print_rule_load_info(
rc: HashMap<String, u128>,
parseerror_count: u128,
ignore_count: u128,
) {
let mut total = parseerror_count + ignore_count;
rc.into_iter().for_each(|(key, value)| {
println!("{} Rules: {}", key, value);
total += value;
});
println!("Ignored Rule Count: {}", ignore_count);
println!("Rule Parse Errors Count: {}", parseerror_count);
println!("Total Detection Rules: {}", total);
println!("");
}
}
#[test]