CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
siamease
2020-10-25 01:01:19 +09:00
parent bc031202ef
commit bd483ee6b6
1 changed files with 10 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/detections/sysmon.rs
View File

@@ -1,5 +1,5 @@
use crate::models::event;
use crate::detections::utils::check_command;
use crate::models::event;
use std::collections::HashMap;
use std::fs::File;
use std::io::prelude::*;
@@ -12,7 +12,7 @@ impl Sysmon {
pub fn new() -> Sysmon {
Sysmon {
//checkunsigned: 0, // DeepBlueでは0固定
checkunsigned: 1, // 開発用に1
checkunsigned: 1, // 開発用に1 (configから設定可能になる予定)
}
}
@@ -37,14 +37,16 @@ impl Sysmon {
}
println!("Log : Sysmon");
let minlength = 1000;
let mut f = File::open("whitelist.txt").expect("file not found");
let mut contents = String::new();
f.read_to_string(&mut contents);
let rdr = csv::Reader::from_reader(contents.as_bytes());
//let mut f = File::open("whitelist.txt").expect("file not found");
//let mut contents = String::new();
//f.read_to_string(&mut contents);
//let rdr = csv::Reader::from_reader(contents.as_bytes());
if let Some(_creater) = event_data.get("ParentImage") {
check_command(1, _command_line, minlength, 0, "", _creater, rdr);
//check_command(1, _command_line, minlength, 0, "", _creater, rdr);
check_command(1, _command_line, minlength, 0, "", _creater);
} else {
check_command(1, _command_line, minlength, 0, "", "", rdr);
//check_command(1, _command_line, minlength, 0, "", "", rdr);
check_command(1, _command_line, minlength, 0, "", "");
}
}
}