CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #4 from YamatoSecurity/feature/sysmon

Browse Source 
Feature/sysmon
This commit is contained in:
siamease
2020-10-07 01:02:22 +09:00
committed by GitHub
parent 5f989da6b9 1c2ec6e6dd
commit ce22a934c0
3 changed files with 87 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/detections/detection.rs
View File

@@ -3,6 +3,7 @@ extern crate quick_xml;
use crate::detections::application;
use crate::detections::common;
use crate::detections::security;
use crate::detections::sysmon;
use crate::detections::system;
use crate::models::event;
use evtx::EvtxParser;
@@ -26,6 +27,7 @@ impl Detection {
let mut security = security::Security::new();
let mut system = system::System::new();
let mut application = application::Application::new();
let mut sysmon = sysmon::Sysmon::new();
for record in parser.records() {
match record {
@@ -43,6 +45,8 @@ impl Detection {
&system.detection(event_id, &event.system, event_data);
} else if channel == "Application" {
&application.detection(event_id, &event.system, event_data);
} else if channel == "Microsoft-Windows-Sysmon/Operational" {
&sysmon.detection(event_id, &event.system, event_data);
} else {
//&other.detection();
}