From afcff30ce80ed18482cee24986a334b7b2a031b8 Mon Sep 17 00:00:00 2001 From: kazuminn Date: Sun, 18 Sep 2022 17:22:57 +0900 Subject: [PATCH 01/45] auto clear PIVOT_KEYWORE in every unit test --- src/detections/pivot.rs | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/detections/pivot.rs b/src/detections/pivot.rs index af2b0f59..ead8e4f0 100644 --- a/src/detections/pivot.rs +++ b/src/detections/pivot.rs @@ -91,9 +91,9 @@ mod tests { use crate::detections::pivot::PIVOT_KEYWORD; use serde_json; - //PIVOT_KEYWORDはグローバルなので、他の関数の影響も考慮する必要がある。 #[test] fn insert_pivot_keyword_local_ip4() { + PIVOT_KEYWORD.write().unwrap().clear(); load_pivot_keywords("test_files/config/pivot_keywords.txt"); let record_json_str = r#" { @@ -119,6 +119,7 @@ mod tests { #[test] fn insert_pivot_keyword_ip4() { + PIVOT_KEYWORD.write().unwrap().clear(); load_pivot_keywords("test_files/config/pivot_keywords.txt"); let record_json_str = r#" { @@ -144,6 +145,7 @@ mod tests { #[test] fn insert_pivot_keyword_ip_empty() { + PIVOT_KEYWORD.write().unwrap().clear(); load_pivot_keywords("test_files/config/pivot_keywords.txt"); let record_json_str = r#" { @@ -169,6 +171,7 @@ mod tests { #[test] fn insert_pivot_keyword_local_ip6() { + PIVOT_KEYWORD.write().unwrap().clear(); load_pivot_keywords("test_files/config/pivot_keywords.txt"); let record_json_str = r#" { @@ -194,6 +197,7 @@ mod tests { #[test] fn insert_pivot_keyword_level_infomational() { + PIVOT_KEYWORD.write().unwrap().clear(); load_pivot_keywords("test_files/config/pivot_keywords.txt"); let record_json_str = r#" { @@ -219,6 +223,7 @@ mod tests { #[test] fn insert_pivot_keyword_level_low() { + PIVOT_KEYWORD.write().unwrap().clear(); load_pivot_keywords("test_files/config/pivot_keywords.txt"); let record_json_str = r#" { @@ -244,6 +249,7 @@ mod tests { #[test] fn insert_pivot_keyword_level_none() { + PIVOT_KEYWORD.write().unwrap().clear(); load_pivot_keywords("test_files/config/pivot_keywords.txt"); let record_json_str = r#" { From 9c7fa0416db3c6952eb80269607a6e183d159193 Mon Sep 17 00:00:00 2001 From: kazuminn Date: Sun, 18 Sep 2022 18:16:09 +0900 Subject: [PATCH 02/45] add test threads 1 of ci test --- .github/workflows/rust.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index f4eb0331..34f2cec8 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -35,5 +35,4 @@ jobs: - name: Build run: cargo build --verbose - name: Run tests - run: cargo test --verbose - + run: cargo test --verbose -- --test-threads=1 \ No newline at end of file From 53f232657d0eda351ea77b0ad0c24497aceecb88 Mon Sep 17 00:00:00 2001 From: kazuminn Date: Sun, 18 Sep 2022 18:48:08 +0900 Subject: [PATCH 03/45] add test threads 1 of ci test --- .github/workflows/rust.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index 34f2cec8..efbd6044 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -35,4 +35,4 @@ jobs: - name: Build run: cargo build --verbose - name: Run tests - run: cargo test --verbose -- --test-threads=1 \ No newline at end of file + run: cargo test --verbose -- -- --test-threads=1 \ No newline at end of file From 784f02ee5ccac75d517f6dfb4c3799b363ada3a7 Mon Sep 17 00:00:00 2001 From: DastInDark <2350416+hitenkoku@users.noreply.github.com> Date: Wed, 21 Sep 2022 22:18:16 +0900 Subject: [PATCH 04/45] add various OS build to CI tests #703 --- .github/workflows/rust.yml | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index f4eb0331..63237a61 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -32,8 +32,23 @@ jobs: with: args: --all-targets -- -D warnings token: ${{ secrets.GITHUB_TOKEN }} - - name: Build + - name: Setup Cross Compile Environment + run: rustup target add x86_64-unknown-linux-musl x86_64-pc-windows-msvc aarch64-apple-darwin + x86_64-apple-darwin + - name: Linux gnu Build run: cargo build --verbose + - name: Linux musl Build + run: cargo check --verbose --target x86_64-unknown-linux-musl + - name: x86-64-windows(msvc) Build + run: cargo check --verbose --target x86_64-pc-windows-msvc + - name: m1 mac Build + run: cargo check --verbose --target aarch64-apple-darwin + - name: Intel mac Build + run: cargo check --verbose --target x86_64-apple-darwin + - name: i686-windows(msvc) Build + run: cargo check --verbose --target i686-pc-windows-msvc - name: Run tests + # env: + # RUST_TESTS_THREADS: 1 run: cargo test --verbose From 4559d9c687c88f499caa4993175fe4862eee1f6c Mon Sep 17 00:00:00 2001 From: DastInDark <2350416+hitenkoku@users.noreply.github.com> Date: Wed, 21 Sep 2022 22:21:52 +0900 Subject: [PATCH 05/45] added rust_tests_thread = 1 in ci --- .github/workflows/rust.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index 63237a61..cfe799ee 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -48,7 +48,7 @@ jobs: - name: i686-windows(msvc) Build run: cargo check --verbose --target i686-pc-windows-msvc - name: Run tests - # env: - # RUST_TESTS_THREADS: 1 + env: + RUST_TESTS_THREADS: 1 run: cargo test --verbose From b028d0cd8751dee3da1cfa3043dbf0d76297fdb0 Mon Sep 17 00:00:00 2001 From: DastInDark <2350416+hitenkoku@users.noreply.github.com> Date: Wed, 21 Sep 2022 22:44:51 +0900 Subject: [PATCH 06/45] fixed error --- .github/workflows/rust.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index cfe799ee..edf91909 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -33,8 +33,7 @@ jobs: args: --all-targets -- -D warnings token: ${{ secrets.GITHUB_TOKEN }} - name: Setup Cross Compile Environment - run: rustup target add x86_64-unknown-linux-musl x86_64-pc-windows-msvc aarch64-apple-darwin - x86_64-apple-darwin + run: rustup target add x86_64-unknown-linux-musl x86_64-pc-windows-msvc aarch64-apple-darwin x86_64-apple-darwin - name: Linux gnu Build run: cargo build --verbose - name: Linux musl Build From 8f1d31247cc4974253262b43e0921dab4aea86fd Mon Sep 17 00:00:00 2001 From: kazuminn Date: Thu, 22 Sep 2022 11:19:15 +0900 Subject: [PATCH 07/45] add RUST_TEST_THREADS=1 --- .github/workflows/rust.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index efbd6044..c50e8c73 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -35,4 +35,4 @@ jobs: - name: Build run: cargo build --verbose - name: Run tests - run: cargo test --verbose -- -- --test-threads=1 \ No newline at end of file + run: RUST_TEST_THREADS=1 cargo test --verbose \ No newline at end of file From bef4d080336bd51f41c3e84c5ac05305e0dee12c Mon Sep 17 00:00:00 2001 From: kazuminn Date: Thu, 22 Sep 2022 11:32:07 +0900 Subject: [PATCH 08/45] remove ignore for race_condition test --- src/detections/message.rs | 1 - 1 file changed, 1 deletion(-) diff --git a/src/detections/message.rs b/src/detections/message.rs index fa374282..74a48783 100644 --- a/src/detections/message.rs +++ b/src/detections/message.rs @@ -625,7 +625,6 @@ mod tests { } } - #[ignore] #[test] fn test_insert_message_race_condition() { MESSAGES.clear(); From a5dda8ca1b1e652fe4e16f09f821101701aa1b1c Mon Sep 17 00:00:00 2001 From: DastInDark <2350416+hitenkoku@users.noreply.github.com> Date: Thu, 22 Sep 2022 13:20:22 +0900 Subject: [PATCH 09/45] removed test env --- .github/workflows/rust.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index edf91909..cc766a4c 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -47,7 +47,5 @@ jobs: - name: i686-windows(msvc) Build run: cargo check --verbose --target i686-pc-windows-msvc - name: Run tests - env: - RUST_TESTS_THREADS: 1 run: cargo test --verbose From 7e9d82a2928d3bafc6cd04fd8752197c79daca70 Mon Sep 17 00:00:00 2001 From: DastInDark <2350416+hitenkoku@users.noreply.github.com> Date: Thu, 22 Sep 2022 13:31:25 +0900 Subject: [PATCH 10/45] fixed musl-gcc not found --- .github/workflows/rust.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index effc8171..f576649e 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -36,8 +36,6 @@ jobs: run: rustup target add x86_64-unknown-linux-musl x86_64-pc-windows-msvc aarch64-apple-darwin x86_64-apple-darwin - name: Linux gnu Build run: cargo build --verbose - - name: Linux musl Build - run: cargo check --verbose --target x86_64-unknown-linux-musl - name: x86-64-windows(msvc) Build run: cargo check --verbose --target x86_64-pc-windows-msvc - name: m1 mac Build @@ -46,5 +44,9 @@ jobs: run: cargo check --verbose --target x86_64-apple-darwin - name: i686-windows(msvc) Build run: cargo check --verbose --target i686-pc-windows-msvc + - name: musl build prepare + run: sudo apt install musl-gcc + - name: Linux musl Build + run: cargo check --verbose --target x86_64-unknown-linux-musl - name: Run tests run: RUST_TEST_THREADS=1 cargo test --verbose \ No newline at end of file From 528abfe50ba36c1e7a647b8fbf5e85007c202e18 Mon Sep 17 00:00:00 2001 From: DastInDark <2350416+hitenkoku@users.noreply.github.com> Date: Thu, 22 Sep 2022 13:47:44 +0900 Subject: [PATCH 11/45] added cross crate in workflow to do multi-compile more easy --- .github/workflows/rust.yml | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index f576649e..29fc0d74 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -33,20 +33,22 @@ jobs: args: --all-targets -- -D warnings token: ${{ secrets.GITHUB_TOKEN }} - name: Setup Cross Compile Environment - run: rustup target add x86_64-unknown-linux-musl x86_64-pc-windows-msvc aarch64-apple-darwin x86_64-apple-darwin + run: | + cargo install cross + rustup target add x86_64-unknown-linux-musl x86_64-pc-windows-msvc aarch64-apple-darwin x86_64-apple-darwin - name: Linux gnu Build run: cargo build --verbose - name: x86-64-windows(msvc) Build - run: cargo check --verbose --target x86_64-pc-windows-msvc + run: cross build --verbose --target x86_64-pc-windows-msvc - name: m1 mac Build - run: cargo check --verbose --target aarch64-apple-darwin + run: cross build --verbose --target aarch64-apple-darwin - name: Intel mac Build - run: cargo check --verbose --target x86_64-apple-darwin + run: cross build --verbose --target x86_64-apple-darwin - name: i686-windows(msvc) Build - run: cargo check --verbose --target i686-pc-windows-msvc + run: cross build --verbose --target i686-pc-windows-msvc - name: musl build prepare run: sudo apt install musl-gcc - name: Linux musl Build - run: cargo check --verbose --target x86_64-unknown-linux-musl + run: cross build --verbose --target x86_64-unknown-linux-musl - name: Run tests run: RUST_TEST_THREADS=1 cargo test --verbose \ No newline at end of file From 5608d1804245772d0519632d06ec2c9c7cf1a878 Mon Sep 17 00:00:00 2001 From: DastInDark <2350416+hitenkoku@users.noreply.github.com> Date: Thu, 22 Sep 2022 15:28:14 +0900 Subject: [PATCH 12/45] fixed not working pull-request CI --- .github/workflows/rust.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index 29fc0d74..5ffff67e 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -32,10 +32,10 @@ jobs: with: args: --all-targets -- -D warnings token: ${{ secrets.GITHUB_TOKEN }} + - name: Setup Cross Compile Crate + run: cargo install cross - name: Setup Cross Compile Environment - run: | - cargo install cross - rustup target add x86_64-unknown-linux-musl x86_64-pc-windows-msvc aarch64-apple-darwin x86_64-apple-darwin + run: rustup target add x86_64-unknown-linux-musl x86_64-pc-windows-msvc aarch64-apple-darwin x86_64-apple-darwin - name: Linux gnu Build run: cargo build --verbose - name: x86-64-windows(msvc) Build From 45b46f6574bc81458b8255cca113ab09b7597f06 Mon Sep 17 00:00:00 2001 From: DastInDark <2350416+hitenkoku@users.noreply.github.com> Date: Thu, 22 Sep 2022 15:42:04 +0900 Subject: [PATCH 13/45] added apt --- .github/workflows/rust.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index 5ffff67e..d9072693 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -38,16 +38,16 @@ jobs: run: rustup target add x86_64-unknown-linux-musl x86_64-pc-windows-msvc aarch64-apple-darwin x86_64-apple-darwin - name: Linux gnu Build run: cargo build --verbose - - name: x86-64-windows(msvc) Build - run: cross build --verbose --target x86_64-pc-windows-msvc - name: m1 mac Build run: cross build --verbose --target aarch64-apple-darwin - name: Intel mac Build run: cross build --verbose --target x86_64-apple-darwin + - name: Setup build lib + run: sudo apt install musl-gcc && mingw-w64 + - name: x86-64-windows(msvc) Build + run: cross build --verbose --target x86_64-pc-windows-msvc - name: i686-windows(msvc) Build run: cross build --verbose --target i686-pc-windows-msvc - - name: musl build prepare - run: sudo apt install musl-gcc - name: Linux musl Build run: cross build --verbose --target x86_64-unknown-linux-musl - name: Run tests From fa1ce618fb183641a1d9e8e0aa5304ecd3e8b2e6 Mon Sep 17 00:00:00 2001 From: DastInDark <2350416+hitenkoku@users.noreply.github.com> Date: Thu, 22 Sep 2022 15:54:21 +0900 Subject: [PATCH 14/45] temporary mac build comment out --- .github/workflows/rust.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index d9072693..65c0e78a 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -38,10 +38,10 @@ jobs: run: rustup target add x86_64-unknown-linux-musl x86_64-pc-windows-msvc aarch64-apple-darwin x86_64-apple-darwin - name: Linux gnu Build run: cargo build --verbose - - name: m1 mac Build - run: cross build --verbose --target aarch64-apple-darwin - - name: Intel mac Build - run: cross build --verbose --target x86_64-apple-darwin + # - name: m1 mac Build + # run: cross build --verbose --target aarch64-apple-darwin + # - name: Intel mac Build + # run: cross build --verbose --target x86_64-apple-darwin - name: Setup build lib run: sudo apt install musl-gcc && mingw-w64 - name: x86-64-windows(msvc) Build From d41f0af3df7765b523527a7bf3263662eac37024 Mon Sep 17 00:00:00 2001 From: DastInDark <2350416+hitenkoku@users.noreply.github.com> Date: Thu, 22 Sep 2022 15:55:00 +0900 Subject: [PATCH 15/45] used env --- .github/workflows/rust.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index 65c0e78a..e8d7d4c6 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -51,4 +51,6 @@ jobs: - name: Linux musl Build run: cross build --verbose --target x86_64-unknown-linux-musl - name: Run tests - run: RUST_TEST_THREADS=1 cargo test --verbose \ No newline at end of file + env: + RUST_TEST_THREADS: 1 + run: cargo test --verbose \ No newline at end of file From 5dd762948fd7e6d6f59e172e2a57299208a08919 Mon Sep 17 00:00:00 2001 From: DastInDark <2350416+hitenkoku@users.noreply.github.com> Date: Thu, 22 Sep 2022 16:06:39 +0900 Subject: [PATCH 16/45] fixed apt y option --- .github/workflows/rust.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index e8d7d4c6..cf767524 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -43,7 +43,7 @@ jobs: # - name: Intel mac Build # run: cross build --verbose --target x86_64-apple-darwin - name: Setup build lib - run: sudo apt install musl-gcc && mingw-w64 + run: sudo apt install -y musl-gcc && mingw-w64 - name: x86-64-windows(msvc) Build run: cross build --verbose --target x86_64-pc-windows-msvc - name: i686-windows(msvc) Build From 133dc8393dbf7e56d03e7d8a96a80e25b7e4ecd1 Mon Sep 17 00:00:00 2001 From: DastInDark <2350416+hitenkoku@users.noreply.github.com> Date: Thu, 22 Sep 2022 16:22:29 +0900 Subject: [PATCH 17/45] comment out temporary musl build --- .github/workflows/rust.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index cf767524..1e4098b6 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -43,13 +43,13 @@ jobs: # - name: Intel mac Build # run: cross build --verbose --target x86_64-apple-darwin - name: Setup build lib - run: sudo apt install -y musl-gcc && mingw-w64 + run: sudo apt install -y mingw-w64 - name: x86-64-windows(msvc) Build run: cross build --verbose --target x86_64-pc-windows-msvc - name: i686-windows(msvc) Build run: cross build --verbose --target i686-pc-windows-msvc - - name: Linux musl Build - run: cross build --verbose --target x86_64-unknown-linux-musl + # - name: Linux musl Build + # run: cross build --verbose --target x86_64-unknown-linux-musl - name: Run tests env: RUST_TEST_THREADS: 1 From bc0523dd5771694a88632327b12f0441fe14ffdb Mon Sep 17 00:00:00 2001 From: DastInDark <2350416+hitenkoku@users.noreply.github.com> Date: Thu, 22 Sep 2022 16:35:35 +0900 Subject: [PATCH 18/45] changed cross to cargo --- .github/workflows/rust.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index 1e4098b6..11b3fb5d 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -45,9 +45,9 @@ jobs: - name: Setup build lib run: sudo apt install -y mingw-w64 - name: x86-64-windows(msvc) Build - run: cross build --verbose --target x86_64-pc-windows-msvc + run: cargo build --verbose --target x86_64-pc-windows-msvc - name: i686-windows(msvc) Build - run: cross build --verbose --target i686-pc-windows-msvc + run: cargo build --verbose --target i686-pc-windows-msvc # - name: Linux musl Build # run: cross build --verbose --target x86_64-unknown-linux-musl - name: Run tests From 2e3b4a08ba220b4a823be9105f96b51be2b730a2 Mon Sep 17 00:00:00 2001 From: DastInDark <2350416+hitenkoku@users.noreply.github.com> Date: Thu, 22 Sep 2022 18:03:15 +0900 Subject: [PATCH 19/45] to test env rust test thread --- .github/workflows/rust.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index 11b3fb5d..8bfed025 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -42,12 +42,12 @@ jobs: # run: cross build --verbose --target aarch64-apple-darwin # - name: Intel mac Build # run: cross build --verbose --target x86_64-apple-darwin - - name: Setup build lib - run: sudo apt install -y mingw-w64 - - name: x86-64-windows(msvc) Build - run: cargo build --verbose --target x86_64-pc-windows-msvc - - name: i686-windows(msvc) Build - run: cargo build --verbose --target i686-pc-windows-msvc + # - name: Setup build lib + # run: sudo apt install -y mingw-w64 + # - name: x86-64-windows(msvc) Build + # run: cargo build --verbose --target x86_64-pc-windows-msvc + # - name: i686-windows(msvc) Build + # run: cargo build --verbose --target i686-pc-windows-msvc # - name: Linux musl Build # run: cross build --verbose --target x86_64-unknown-linux-musl - name: Run tests From 45a7b1516174ab6769b461c612b579006b3acc02 Mon Sep 17 00:00:00 2001 From: DastInDark <2350416+hitenkoku@users.noreply.github.com> Date: Thu, 22 Sep 2022 18:05:11 +0900 Subject: [PATCH 20/45] to test apple build in cargo build --- .github/workflows/rust.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index 8bfed025..fdeced00 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -38,10 +38,10 @@ jobs: run: rustup target add x86_64-unknown-linux-musl x86_64-pc-windows-msvc aarch64-apple-darwin x86_64-apple-darwin - name: Linux gnu Build run: cargo build --verbose - # - name: m1 mac Build - # run: cross build --verbose --target aarch64-apple-darwin - # - name: Intel mac Build - # run: cross build --verbose --target x86_64-apple-darwin + - name: m1 mac Build + run: cargo build --verbose --target aarch64-apple-darwin + - name: Intel mac Build + run: cargo build --verbose --target x86_64-apple-darwin # - name: Setup build lib # run: sudo apt install -y mingw-w64 # - name: x86-64-windows(msvc) Build From d70114c91e6d50269c3efd7a6f9203e02935d08a Mon Sep 17 00:00:00 2001 From: DastInDark <2350416+hitenkoku@users.noreply.github.com> Date: Thu, 22 Sep 2022 18:48:52 +0900 Subject: [PATCH 21/45] to check rus-musl-action workflow --- .github/workflows/rust.yml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index fdeced00..265ed9fd 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -41,15 +41,19 @@ jobs: - name: m1 mac Build run: cargo build --verbose --target aarch64-apple-darwin - name: Intel mac Build - run: cargo build --verbose --target x86_64-apple-darwin + uses: Shogan/rust-musl-action@v1.0.2 + with: + args: cargo build --verbose --target x86_64-apple-darwin # - name: Setup build lib # run: sudo apt install -y mingw-w64 # - name: x86-64-windows(msvc) Build # run: cargo build --verbose --target x86_64-pc-windows-msvc # - name: i686-windows(msvc) Build # run: cargo build --verbose --target i686-pc-windows-msvc - # - name: Linux musl Build - # run: cross build --verbose --target x86_64-unknown-linux-musl + - name: Linux musl Build + uses: Shogan/rust-musl-action@v1.0.2 + with: + run: cross build --verbose --target x86_64-unknown-linux-musl - name: Run tests env: RUST_TEST_THREADS: 1 From cf03d382e9d578c7953f66f2daddd94865444f5c Mon Sep 17 00:00:00 2001 From: DastInDark <2350416+hitenkoku@users.noreply.github.com> Date: Thu, 22 Sep 2022 19:32:10 +0900 Subject: [PATCH 22/45] to test matrix.os in github --- .github/workflows/rust.yml | 26 ++++++-------------------- 1 file changed, 6 insertions(+), 20 deletions(-) diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index 265ed9fd..c125d72e 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -10,10 +10,12 @@ env: jobs: build: - - runs-on: ubuntu-latest - - steps: + strategy: + matrix: + fail-fast: false + os: [ubuntu-latest, macos-latest, windows-latest] + runs-on: ${{ matrix.os }} + steps: - uses: actions/checkout@v2 with: submodules: recursive @@ -38,22 +40,6 @@ jobs: run: rustup target add x86_64-unknown-linux-musl x86_64-pc-windows-msvc aarch64-apple-darwin x86_64-apple-darwin - name: Linux gnu Build run: cargo build --verbose - - name: m1 mac Build - run: cargo build --verbose --target aarch64-apple-darwin - - name: Intel mac Build - uses: Shogan/rust-musl-action@v1.0.2 - with: - args: cargo build --verbose --target x86_64-apple-darwin - # - name: Setup build lib - # run: sudo apt install -y mingw-w64 - # - name: x86-64-windows(msvc) Build - # run: cargo build --verbose --target x86_64-pc-windows-msvc - # - name: i686-windows(msvc) Build - # run: cargo build --verbose --target i686-pc-windows-msvc - - name: Linux musl Build - uses: Shogan/rust-musl-action@v1.0.2 - with: - run: cross build --verbose --target x86_64-unknown-linux-musl - name: Run tests env: RUST_TEST_THREADS: 1 From 75c4650da3e2cfe473995ce134fb5961a2a1b55e Mon Sep 17 00:00:00 2001 From: DastInDark <2350416+hitenkoku@users.noreply.github.com> Date: Thu, 22 Sep 2022 19:36:01 +0900 Subject: [PATCH 23/45] fixed indent --- .github/workflows/rust.yml | 56 +++++++++++++++++++------------------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index c125d72e..839ca177 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -16,31 +16,31 @@ jobs: os: [ubuntu-latest, macos-latest, windows-latest] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v2 - with: - submodules: recursive - - uses: actions-rs/toolchain@v1 - with: - toolchain: stable - profile: minimal - components: rustfmt - override: true - - name: Fmt Check - run: cargo fmt -- --check - - name: Prepare Clippy - run: rustup component add clippy - - name: Run clippy action to produce annotations - uses: actions-rs/clippy-check@v1 - with: - args: --all-targets -- -D warnings - token: ${{ secrets.GITHUB_TOKEN }} - - name: Setup Cross Compile Crate - run: cargo install cross - - name: Setup Cross Compile Environment - run: rustup target add x86_64-unknown-linux-musl x86_64-pc-windows-msvc aarch64-apple-darwin x86_64-apple-darwin - - name: Linux gnu Build - run: cargo build --verbose - - name: Run tests - env: - RUST_TEST_THREADS: 1 - run: cargo test --verbose \ No newline at end of file + - uses: actions/checkout@v2 + with: + submodules: recursive + - uses: actions-rs/toolchain@v1 + with: + toolchain: stable + profile: minimal + components: rustfmt + override: true + - name: Fmt Check + run: cargo fmt -- --check + - name: Prepare Clippy + run: rustup component add clippy + - name: Run clippy action to produce annotations + uses: actions-rs/clippy-check@v1 + with: + args: --all-targets -- -D warnings + token: ${{ secrets.GITHUB_TOKEN }} + - name: Setup Cross Compile Crate + run: cargo install cross + - name: Setup Cross Compile Environment + run: rustup target add x86_64-unknown-linux-musl x86_64-pc-windows-msvc aarch64-apple-darwin x86_64-apple-darwin + - name: Linux gnu Build + run: cargo build --verbose + - name: Run tests + env: + RUST_TEST_THREADS: 1 + run: cargo test --verbose \ No newline at end of file From 4e4a6ae8b467576b8f86c2015c02b134dc85ce6b Mon Sep 17 00:00:00 2001 From: DastInDark <2350416+hitenkoku@users.noreply.github.com> Date: Thu, 22 Sep 2022 19:43:35 +0900 Subject: [PATCH 24/45] replaced ClementTsang/bottom repository ci.yml partically --- .github/workflows/rust.yml | 96 +++++++++++++++++++++++++------------- 1 file changed, 64 insertions(+), 32 deletions(-) diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index 839ca177..191bf313 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -10,37 +10,69 @@ env: jobs: build: + runs-on: ${{ matrix.info.os }} strategy: + fail-fast: false matrix: - fail-fast: false - os: [ubuntu-latest, macos-latest, windows-latest] - runs-on: ${{ matrix.os }} - steps: - - uses: actions/checkout@v2 - with: - submodules: recursive - - uses: actions-rs/toolchain@v1 - with: - toolchain: stable - profile: minimal - components: rustfmt - override: true - - name: Fmt Check - run: cargo fmt -- --check - - name: Prepare Clippy - run: rustup component add clippy - - name: Run clippy action to produce annotations - uses: actions-rs/clippy-check@v1 - with: - args: --all-targets -- -D warnings - token: ${{ secrets.GITHUB_TOKEN }} - - name: Setup Cross Compile Crate - run: cargo install cross - - name: Setup Cross Compile Environment - run: rustup target add x86_64-unknown-linux-musl x86_64-pc-windows-msvc aarch64-apple-darwin x86_64-apple-darwin - - name: Linux gnu Build - run: cargo build --verbose - - name: Run tests - env: - RUST_TEST_THREADS: 1 - run: cargo test --verbose \ No newline at end of file + info: + - { + os: "ubuntu-latest", + target: "x86_64-unknown-linux-gnu", + cross: false, + } + - { + os: "ubuntu-latest", + target: "aarch64-unknown-linux-gnu", + cross: true, + } + - { os: "macOS-latest", target: "x86_64-apple-darwin", cross: false } + - { + os: "windows-2019", + target: "x86_64-pc-windows-msvc", + cross: false, + } + steps: + - uses: actions/checkout@v2 + with: + submodules: recursive + - name: Set up Rust toolchain + if: ${{ steps.skip_check.outputs.should_skip != 'true' }} + uses: dtolnay/rust-toolchain@88e7c2e1da2693cf72d58fce9416206818e61dea # https://github.com/dtolnay/rust-toolchain/commit/88e7c2e1da2693cf72d58fce9416206818e61dea + with: + toolchain: stable + components: rustfmt, clippy + target: ${{ matrix.info.target }} + - name: Enable Rust cache + if: ${{ steps.skip_check.outputs.should_skip != 'true' }} + uses: Swatinem/rust-cache@cb2cf0cc7c5198d3364b9630e2c3d457f160790c # 1.4.0 + - name: Fmt Check + run: cargo fmt -- --check + - name: Run clippy action to produce annotations + uses: actions-rs/clippy-check@v1 + with: + args: --all-targets -- -D warnings + token: ${{ secrets.GITHUB_TOKEN }} + - name: Setup Cross Compile Environment + run: rustup target add x86_64-unknown-linux-musl x86_64-pc-windows-msvc aarch64-apple-darwin x86_64-apple-darwin + - name: Linux gnu Build + run: cargo build --verbose + - name: m1 mac Build + run: cargo build --verbose --target aarch64-apple-darwin + - name: Intel mac Build + uses: Shogan/rust-musl-action@v1.0.2 + with: + args: cargo build --verbose --target x86_64-apple-darwin + # - name: Setup build lib + # run: sudo apt install -y mingw-w64 + # - name: x86-64-windows(msvc) Build + # run: cargo build --verbose --target x86_64-pc-windows-msvc + # - name: i686-windows(msvc) Build + # run: cargo build --verbose --target i686-pc-windows-msvc + - name: Linux musl Build + uses: Shogan/rust-musl-action@v1.0.2 + with: + run: cross build --verbose --target x86_64-unknown-linux-musl + - name: Run tests + env: + RUST_TEST_THREADS: 1 + run: cargo test --verbose \ No newline at end of file From 3e043aaf2b9bfe98edc86701436537f9aed3699b Mon Sep 17 00:00:00 2001 From: DastInDark <2350416+hitenkoku@users.noreply.github.com> Date: Thu, 22 Sep 2022 19:52:38 +0900 Subject: [PATCH 25/45] fixed step --- .github/workflows/rust.yml | 30 ++++++++++-------------------- 1 file changed, 10 insertions(+), 20 deletions(-) diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index 191bf313..d5c404f7 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -52,27 +52,17 @@ jobs: with: args: --all-targets -- -D warnings token: ${{ secrets.GITHUB_TOKEN }} - - name: Setup Cross Compile Environment - run: rustup target add x86_64-unknown-linux-musl x86_64-pc-windows-msvc aarch64-apple-darwin x86_64-apple-darwin - - name: Linux gnu Build - run: cargo build --verbose - - name: m1 mac Build - run: cargo build --verbose --target aarch64-apple-darwin - - name: Intel mac Build - uses: Shogan/rust-musl-action@v1.0.2 + - name: Build tests + if: ${{ steps.skip_check.outputs.should_skip != 'true' }} + uses: ClementTsang/cargo-action@v0.0.2 with: - args: cargo build --verbose --target x86_64-apple-darwin - # - name: Setup build lib - # run: sudo apt install -y mingw-w64 - # - name: x86-64-windows(msvc) Build - # run: cargo build --verbose --target x86_64-pc-windows-msvc - # - name: i686-windows(msvc) Build - # run: cargo build --verbose --target i686-pc-windows-msvc - - name: Linux musl Build - uses: Shogan/rust-musl-action@v1.0.2 - with: - run: cross build --verbose --target x86_64-unknown-linux-musl - - name: Run tests + command: test + args: --no-run --locked ${{ matrix.features }} --target=${{ matrix.info.target }} + use-cross: ${{ matrix.info.cross }} + cross-version: 0.2.4 + env: + RUST_BACKTRACE: full + - name: Run tests env: RUST_TEST_THREADS: 1 run: cargo test --verbose \ No newline at end of file From d2bf3432decfdca9251549f7ef9a3ee0d60883f3 Mon Sep 17 00:00:00 2001 From: DastInDark <2350416+hitenkoku@users.noreply.github.com> Date: Thu, 22 Sep 2022 20:01:49 +0900 Subject: [PATCH 26/45] fixed indent --- .github/workflows/rust.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index d5c404f7..2b2a0ba0 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -52,7 +52,7 @@ jobs: with: args: --all-targets -- -D warnings token: ${{ secrets.GITHUB_TOKEN }} - - name: Build tests + - name: Build tests if: ${{ steps.skip_check.outputs.should_skip != 'true' }} uses: ClementTsang/cargo-action@v0.0.2 with: From 4ea6d26e3525d5fe5777e735f8c58df6ae341fec Mon Sep 17 00:00:00 2001 From: DastInDark <2350416+hitenkoku@users.noreply.github.com> Date: Fri, 23 Sep 2022 12:55:29 +0900 Subject: [PATCH 27/45] fixed parse error --- .github/workflows/rust.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index 2b2a0ba0..a625a0bd 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -10,7 +10,6 @@ env: jobs: build: - runs-on: ${{ matrix.info.os }} strategy: fail-fast: false matrix: @@ -31,6 +30,7 @@ jobs: target: "x86_64-pc-windows-msvc", cross: false, } + runs-on: ${{ matrix.info.os }} steps: - uses: actions/checkout@v2 with: @@ -62,7 +62,7 @@ jobs: cross-version: 0.2.4 env: RUST_BACKTRACE: full - - name: Run tests + - name: Run tests env: RUST_TEST_THREADS: 1 run: cargo test --verbose \ No newline at end of file From 11a93fa70496cd2000b5bacacaec7e13fd0ad14a Mon Sep 17 00:00:00 2001 From: DastInDark <2350416+hitenkoku@users.noreply.github.com> Date: Fri, 23 Sep 2022 13:02:50 +0900 Subject: [PATCH 28/45] reverted clippy prepare --- .github/workflows/rust.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index a625a0bd..8ebeebdb 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -47,6 +47,8 @@ jobs: uses: Swatinem/rust-cache@cb2cf0cc7c5198d3364b9630e2c3d457f160790c # 1.4.0 - name: Fmt Check run: cargo fmt -- --check + - name: Prepare Clippy + run: rustup component add clippy - name: Run clippy action to produce annotations uses: actions-rs/clippy-check@v1 with: From fd3f0d6c00d2e544d63f16e2ec14407b4c9eb083 Mon Sep 17 00:00:00 2001 From: DastInDark <2350416+hitenkoku@users.noreply.github.com> Date: Fri, 23 Sep 2022 13:12:59 +0900 Subject: [PATCH 29/45] fixed clippy error --- src/detections/detection.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/detections/detection.rs b/src/detections/detection.rs index f1b5af43..507a3ec8 100644 --- a/src/detections/detection.rs +++ b/src/detections/detection.rs @@ -364,7 +364,7 @@ impl Detection { } let detect_info = DetectInfo { - rulepath: (&rule.rulepath).to_owned(), + rulepath: rule.rulepath.to_owned(), ruletitle: rule.yaml["title"].as_str().unwrap_or("-").to_string(), level: LEVEL_ABBR.get(&level).unwrap_or(&level).to_string(), computername: record_info.record["Event"]["System"]["Computer"] @@ -495,7 +495,7 @@ impl Detection { } let detect_info = DetectInfo { - rulepath: (&rule.rulepath).to_owned(), + rulepath: rule.rulepath.to_owned(), ruletitle: rule.yaml["title"].as_str().unwrap_or("-").to_string(), level: LEVEL_ABBR.get(&level).unwrap_or(&level).to_string(), computername: "-".to_owned(), From 79f32d1f695ab0f5a720fd42d0e1c50d4b75c34c Mon Sep 17 00:00:00 2001 From: DastInDark <2350416+hitenkoku@users.noreply.github.com> Date: Fri, 23 Sep 2022 15:38:17 +0900 Subject: [PATCH 30/45] added i686-pc-windows-msvc and aarch64-apple-darwin aarch64-unknown-linux-musl --- .github/workflows/rust.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index 8ebeebdb..fb7d6562 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -24,12 +24,23 @@ jobs: target: "aarch64-unknown-linux-gnu", cross: true, } + - { + os: "ubuntu-latest", + target: "aarch64-unknown-linux-musl", + cross: true, + } - { os: "macOS-latest", target: "x86_64-apple-darwin", cross: false } + - { os: "macOS-latest", target: "aarch64-apple-darwin", cross: false } - { os: "windows-2019", target: "x86_64-pc-windows-msvc", cross: false, } + - { + os: "windows-2019", + target: "i686-pc-windows-msvc", + cross: true, + } runs-on: ${{ matrix.info.os }} steps: - uses: actions/checkout@v2 From 0a10272d143c67ea87035abdf962b117870a04c2 Mon Sep 17 00:00:00 2001 From: DastInDark <2350416+hitenkoku@users.noreply.github.com> Date: Fri, 23 Sep 2022 20:15:38 +0900 Subject: [PATCH 31/45] added changelog template to prepare next version --- CHANGELOG-Japanese.md | 8 ++++++++ CHANGELOG.md | 8 ++++++++ 2 files changed, 16 insertions(+) diff --git a/CHANGELOG-Japanese.md b/CHANGELOG-Japanese.md index e06b8a38..296b665b 100644 --- a/CHANGELOG-Japanese.md +++ b/CHANGELOG-Japanese.md @@ -1,5 +1,13 @@ # 変更点 +## 1.x.x [2022/XX/XX] + +**新機能:** + +**改善:** + +**バグ修正:** + ## v1.6.0 [2022/09/16] **新機能:** diff --git a/CHANGELOG.md b/CHANGELOG.md index 32092666..52eb2549 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,13 @@ # Changes +## 1.x.x [2022/XX/XX] + +**New Features:** + +**Enhancements:** + +**Bug Fixes:** + ## v1.6.0 [2022/09/16] **New Features:** From 20200c5beee08c72f5cb5f996e5f69aa88cead8f Mon Sep 17 00:00:00 2001 From: DastInDark <2350416+hitenkoku@users.noreply.github.com> Date: Fri, 23 Sep 2022 20:16:44 +0900 Subject: [PATCH 32/45] updated version number --- Cargo.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.lock b/Cargo.lock index ed2c707e..d3deec51 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -720,7 +720,7 @@ dependencies = [ [[package]] name = "hayabusa" -version = "1.6.0" +version = "1.6.1-dev" dependencies = [ "base64", "bytesize", From 338cff091493a4a743dddf746c5c4d53818bbfbe Mon Sep 17 00:00:00 2001 From: Yamato Security <71482215+YamatoSecurity@users.noreply.github.com> Date: Sat, 24 Sep 2022 10:05:20 +0900 Subject: [PATCH 33/45] update cargo and rust workflow --- .github/workflows/rust.yml | 13 ++---- Cargo.lock | 81 +++++++++++++------------------------- Cargo.toml | 2 +- 3 files changed, 32 insertions(+), 64 deletions(-) diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index fb7d6562..ccfd7a06 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -21,23 +21,18 @@ jobs: } - { os: "ubuntu-latest", - target: "aarch64-unknown-linux-gnu", - cross: true, - } - - { - os: "ubuntu-latest", - target: "aarch64-unknown-linux-musl", - cross: true, + target: "x86_64-unknown-linux-musl", + cross: false, } - { os: "macOS-latest", target: "x86_64-apple-darwin", cross: false } - { os: "macOS-latest", target: "aarch64-apple-darwin", cross: false } - { - os: "windows-2019", + os: "windows-latest", target: "x86_64-pc-windows-msvc", cross: false, } - { - os: "windows-2019", + os: "windows-latest", target: "i686-pc-windows-msvc", cross: true, } diff --git a/Cargo.lock b/Cargo.lock index d3deec51..e07add2c 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -193,9 +193,9 @@ dependencies = [ [[package]] name = "clap" -version = "3.2.21" +version = "3.2.22" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1ed5341b2301a26ab80be5cbdced622e80ed808483c52e45e3310a877d3b37d7" +checksum = "86447ad904c7fb335a790c9d7fe3d0d971dc523b8ccd1561a520de9a85302750" dependencies = [ "atty", "bitflags", @@ -720,7 +720,7 @@ dependencies = [ [[package]] name = "hayabusa" -version = "1.6.1-dev" +version = "1.7.0-dev" dependencies = [ "base64", "bytesize", @@ -860,14 +860,13 @@ dependencies = [ [[package]] name = "iana-time-zone" -version = "0.1.48" +version = "0.1.50" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "237a0714f28b1ee39ccec0770ccb544eb02c9ef2c82bb096230eefcffa6468b0" +checksum = "fd911b35d940d2bd0bea0f9100068e5b97b51a1cbe13d13382f132e0365257a0" dependencies = [ "android_system_properties", "core-foundation-sys", "js-sys", - "once_cell", "wasm-bindgen", "winapi", ] @@ -892,18 +891,6 @@ dependencies = [ "hashbrown", ] -[[package]] -name = "indicatif" -version = "0.16.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2d207dc617c7a380ab07ff572a6e52fa202a2a8f355860ac9c38e23f8196be1b" -dependencies = [ - "console", - "lazy_static", - "number_prefix", - "regex", -] - [[package]] name = "indoc" version = "1.0.7" @@ -936,9 +923,9 @@ dependencies = [ [[package]] name = "itertools" -version = "0.10.4" +version = "0.10.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d8bf247779e67a9082a4790b45e71ac7cfd1321331a5c856a74a9faebdab78d0" +checksum = "b0fd2260e829bddf4cb6ea802289de2f86d6a7a690192fbe91b3f46e0f2c8473" dependencies = [ "either", ] @@ -978,9 +965,9 @@ dependencies = [ [[package]] name = "jobserver" -version = "0.1.24" +version = "0.1.25" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "af25a77299a7f711a01975c35a6a424eb6862092cc2d6c72c4ed6cbc56dfc1fa" +checksum = "068b1ee6743e4d11fb9c6a1e6064b3693a1b600e7f5f5988047d98b3dc9fb90b" dependencies = [ "libc", ] @@ -996,19 +983,17 @@ dependencies = [ [[package]] name = "krapslog" -version = "0.4.0" +version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "70d4d54b2c8b875b6692487e5269cb66f12cd51af11fe1807f135ad0d6b771de" +checksum = "6a5e504b81adacf85c2e9e5c4e419a9e657a2a8ff4c5153f8586bfdd8b3083ab" dependencies = [ "anyhow", "atty", "chrono", "clap", "file-chunker", - "indicatif", "memmap2", "num_cpus", - "progress-streams", "rayon", "regex", "tempfile", @@ -1023,9 +1008,9 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" [[package]] name = "libc" -version = "0.2.132" +version = "0.2.133" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8371e4e5341c3a96db127eb2465ac681ced4c433e01dd0e938adbef26ba93ba5" +checksum = "c0f80d65747a3e43d1596c7c5492d95d5edddaabd45a7fcdb02b95f644164966" [[package]] name = "libgit2-sys" @@ -1081,9 +1066,9 @@ checksum = "d4d2456c373231a208ad294c33dc5bff30051eafd954cd4caae83a712b12854d" [[package]] name = "lock_api" -version = "0.4.8" +version = "0.4.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9f80bf5aacaf25cbfc8210d1cfb718f2bf3b11c4c54e5afe36c236853a8ec390" +checksum = "435011366fe56583b16cf956f9df0095b405b82d76425bc8981c0e22e60ec4df" dependencies = [ "autocfg", "scopeguard", @@ -1208,17 +1193,11 @@ dependencies = [ "libc", ] -[[package]] -name = "number_prefix" -version = "0.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "830b246a0e5f20af87141b25c173cd1b609bd7779a4617d6ec582abaf90870f3" - [[package]] name = "once_cell" -version = "1.14.0" +version = "1.15.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2f7254b99e31cad77da24b08ebf628882739a608578bb1bcdfc1f9c21260d7c0" +checksum = "e82dad04139b71a90c080c8463fe0dc7902db5192d939bd0950f074d014339e1" [[package]] name = "openssl" @@ -1399,12 +1378,6 @@ dependencies = [ "unicode-ident", ] -[[package]] -name = "progress-streams" -version = "1.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e965d96c8162c607b0cd8d66047ad3c9fd35273c134d994327882c6e47f986a7" - [[package]] name = "pulldown-cmark" version = "0.9.2" @@ -1578,9 +1551,9 @@ dependencies = [ [[package]] name = "rustix" -version = "0.35.9" +version = "0.35.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "72c825b8aa8010eb9ee99b75f05e10180b9278d161583034d7574c9d617aeada" +checksum = "af895b90e5c071badc3136fc10ff0bcfc98747eadbaf43ed8f214e07ba8f8477" dependencies = [ "bitflags", "errno", @@ -1643,18 +1616,18 @@ checksum = "388a1df253eca08550bef6c72392cfe7c30914bf41df5269b68cbd6ff8f570a3" [[package]] name = "serde" -version = "1.0.144" +version = "1.0.145" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0f747710de3dcd43b88c9168773254e809d8ddbdf9653b84e2554ab219f17860" +checksum = "728eb6351430bccb993660dfffc5a72f91ccc1295abaa8ce19b27ebe4f75568b" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.144" +version = "1.0.145" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "94ed3a816fb1d101812f83e789f888322c34e291f894f19590dc310963e87a00" +checksum = "81fa1584d3d1bcacd84c277a0dfe21f5b0f6accf4a23d04d4c6d61f1af522b4c" dependencies = [ "proc-macro2", "quote", @@ -1850,9 +1823,9 @@ dependencies = [ [[package]] name = "syn" -version = "1.0.99" +version = "1.0.100" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "58dbef6ec655055e20b86b15a8cc6d439cca19b667537ac6a1369572d151ab13" +checksum = "52205623b1b0f064a4e71182c3b18ae902267282930c6d5462c91b859668426e" dependencies = [ "proc-macro2", "quote", @@ -2108,9 +2081,9 @@ checksum = "dcc811dc4066ac62f84f11307873c4850cb653bfa9b1719cee2bd2204a4bc5dd" [[package]] name = "unicode-normalization" -version = "0.1.21" +version = "0.1.22" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "854cbdc4f7bc6ae19c820d44abdc3277ac3e1b2b93db20a636825d9322fb60e6" +checksum = "5c5713f0fc4b5db668a2ac63cdb7bb4469d8c9fed047b1d0292cc7b0ce2ba921" dependencies = [ "tinyvec", ] diff --git a/Cargo.toml b/Cargo.toml index b672d7c7..20401c76 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "hayabusa" -version = "1.6.0" +version = "1.7.0-dev" authors = ["Yamato Security @SecurityYamato"] edition = "2021" From 5ca49e1b772de328c1913e72f5d3ebf99b33f871 Mon Sep 17 00:00:00 2001 From: Yamato Security <71482215+YamatoSecurity@users.noreply.github.com> Date: Sat, 24 Sep 2022 10:14:40 +0900 Subject: [PATCH 34/45] cross compile musl --- .github/workflows/rust.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index ccfd7a06..9b62dd54 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -22,7 +22,7 @@ jobs: - { os: "ubuntu-latest", target: "x86_64-unknown-linux-musl", - cross: false, + cross: true, } - { os: "macOS-latest", target: "x86_64-apple-darwin", cross: false } - { os: "macOS-latest", target: "aarch64-apple-darwin", cross: false } From 40d57664fe4af9fc90ce5ecc0daf62281ef2709e Mon Sep 17 00:00:00 2001 From: Yamato Security <71482215+YamatoSecurity@users.noreply.github.com> Date: Sat, 24 Sep 2022 10:28:52 +0900 Subject: [PATCH 35/45] don't cross compile windows 64 bit --- .github/workflows/rust.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index 9b62dd54..bc95ffd3 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -34,7 +34,7 @@ jobs: - { os: "windows-latest", target: "i686-pc-windows-msvc", - cross: true, + cross: false, } runs-on: ${{ matrix.info.os }} steps: From db9ed210cfbd968cf60afcf3a59c6855a6bec4d9 Mon Sep 17 00:00:00 2001 From: Yamato Security <71482215+YamatoSecurity@users.noreply.github.com> Date: Sat, 24 Sep 2022 10:51:53 +0900 Subject: [PATCH 36/45] update rules link --- rules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules b/rules index fa75078d..fe99c87c 160000 --- a/rules +++ b/rules @@ -1 +1 @@ -Subproject commit fa75078de6763374a4a4efd10d0d74dfa35241b1 +Subproject commit fe99c87c886ca5b66b5e67242eeddfacc469d420 From 08c6dcfbff3533f0be87a3ed7e9c6a9e671c0cdb Mon Sep 17 00:00:00 2001 From: DastInDark <2350416+hitenkoku@users.noreply.github.com> Date: Sun, 25 Sep 2022 10:37:06 +0900 Subject: [PATCH 37/45] changed Event ID Statistics wording to Metrics #706 --- src/detections/configs.rs | 4 ++-- src/detections/detection.rs | 4 ++-- src/detections/message.rs | 2 +- src/main.rs | 8 ++++---- src/timeline/statistics.rs | 14 +++++++------- src/timeline/timelines.rs | 10 +++++----- 6 files changed, 21 insertions(+), 21 deletions(-) diff --git a/src/detections/configs.rs b/src/detections/configs.rs index f1849a65..78fcd137 100644 --- a/src/detections/configs.rs +++ b/src/detections/configs.rs @@ -188,9 +188,9 @@ pub struct Config { #[clap(help_heading = Some("ADVANCED"), short, long = "thread-number", value_name = "NUMBER")] pub thread_number: Option, - /// Print statistics of event IDs + /// Print metrics of event IDs #[clap(help_heading = Some("OTHER-ACTIONS"), short, long)] - pub statistics: bool, + pub metrics: bool, /// Print a summary of successful and failed logons #[clap(help_heading = Some("OTHER-ACTIONS"), short = 'L', long = "logon-summary")] diff --git a/src/detections/detection.rs b/src/detections/detection.rs index 507a3ec8..7f5e2aa2 100644 --- a/src/detections/detection.rs +++ b/src/detections/detection.rs @@ -14,7 +14,7 @@ use crate::detections::message::DetectInfo; use crate::detections::message::ERROR_LOG_STACK; use crate::detections::message::{CH_CONFIG, DEFAULT_DETAILS, TAGS_CONFIG}; use crate::detections::message::{ - LOGONSUMMARY_FLAG, PIVOT_KEYWORD_LIST_FLAG, QUIET_ERRORS_FLAG, STATISTICS_FLAG, + LOGONSUMMARY_FLAG, PIVOT_KEYWORD_LIST_FLAG, QUIET_ERRORS_FLAG, METRICS_FLAG, }; use crate::detections::pivot::insert_pivot_keyword; use crate::detections::rule; @@ -599,7 +599,7 @@ impl Detection { st_rc: &HashMap, err_rc: &u128, ) { - if *STATISTICS_FLAG { + if *METRICS_FLAG { return; } let mut sorted_ld_rc: Vec<(&String, &u128)> = ld_rc.iter().collect(); diff --git a/src/detections/message.rs b/src/detections/message.rs index 74a48783..9f46e0bf 100644 --- a/src/detections/message.rs +++ b/src/detections/message.rs @@ -46,7 +46,7 @@ lazy_static! { ); pub static ref QUIET_ERRORS_FLAG: bool = configs::CONFIG.read().unwrap().args.quiet_errors; pub static ref ERROR_LOG_STACK: Mutex> = Mutex::new(Vec::new()); - pub static ref STATISTICS_FLAG: bool = configs::CONFIG.read().unwrap().args.statistics; + pub static ref METRICS_FLAG: bool = configs::CONFIG.read().unwrap().args.metrics; pub static ref LOGONSUMMARY_FLAG: bool = configs::CONFIG.read().unwrap().args.logon_summary; pub static ref TAGS_CONFIG: HashMap = create_output_filter_config( utils::check_setting_path(&CURRENT_EXE_PATH.to_path_buf(), "config/mitre_tactics.txt", true) diff --git a/src/main.rs b/src/main.rs index 5da1b162..6ecec3cc 100644 --- a/src/main.rs +++ b/src/main.rs @@ -12,7 +12,7 @@ use hayabusa::detections::configs::{CONFIG, CURRENT_EXE_PATH}; use hayabusa::detections::detection::{self, EvtxRecordInfo}; use hayabusa::detections::message::{ AlertMessage, ERROR_LOG_PATH, ERROR_LOG_STACK, LOGONSUMMARY_FLAG, PIVOT_KEYWORD_LIST_FLAG, - QUIET_ERRORS_FLAG, STATISTICS_FLAG, + QUIET_ERRORS_FLAG, METRICS_FLAG, }; use hayabusa::detections::pivot::PivotKeyword; use hayabusa::detections::pivot::PIVOT_KEYWORD; @@ -193,7 +193,7 @@ impl App { return; } - if *STATISTICS_FLAG { + if *METRICS_FLAG { write_color_buffer( &BufferWriter::stdout(ColorChoice::Always), None, @@ -565,7 +565,7 @@ impl App { } println!(); detection.add_aggcondition_msges(&self.rt); - if !(*STATISTICS_FLAG || *LOGONSUMMARY_FLAG || *PIVOT_KEYWORD_LIST_FLAG) { + if !(*METRICS_FLAG || *LOGONSUMMARY_FLAG || *PIVOT_KEYWORD_LIST_FLAG) { after_fact(total_records); } } @@ -647,7 +647,7 @@ impl App { // timeline機能の実行 tl.start(&records_per_detect); - if !(*STATISTICS_FLAG || *LOGONSUMMARY_FLAG) { + if !(*METRICS_FLAG || *LOGONSUMMARY_FLAG) { // ruleファイルの検知 detection = detection.start(&self.rt, records_per_detect); } diff --git a/src/timeline/statistics.rs b/src/timeline/statistics.rs index 6e6982e1..d04e2ddd 100644 --- a/src/timeline/statistics.rs +++ b/src/timeline/statistics.rs @@ -1,9 +1,9 @@ -use crate::detections::message::{LOGONSUMMARY_FLAG, STATISTICS_FLAG}; +use crate::detections::message::{LOGONSUMMARY_FLAG, METRICS_FLAG}; use crate::detections::{detection::EvtxRecordInfo, utils}; use hashbrown::HashMap; #[derive(Debug)] -pub struct EventStatistics { +pub struct EventMetrics { pub total: usize, pub filepath: String, pub start_time: String, @@ -14,7 +14,7 @@ pub struct EventStatistics { /** * Windows Event Logの統計情報を出力する */ -impl EventStatistics { +impl EventMetrics { pub fn new( total: usize, filepath: String, @@ -22,8 +22,8 @@ impl EventStatistics { end_time: String, stats_list: HashMap, stats_login_list: HashMap, - ) -> EventStatistics { - EventStatistics { + ) -> EventMetrics { + EventMetrics { total, filepath, start_time, @@ -34,8 +34,8 @@ impl EventStatistics { } pub fn evt_stats_start(&mut self, records: &[EvtxRecordInfo]) { - // 引数でstatisticsオプションが指定されている時だけ、統計情報を出力する。 - if !*STATISTICS_FLAG { + // 引数でmetricsオプションが指定されている時だけ、統計情報を出力する。 + if !*METRICS_FLAG { return; } diff --git a/src/timeline/timelines.rs b/src/timeline/timelines.rs index a0cad83a..97ecc2d1 100644 --- a/src/timeline/timelines.rs +++ b/src/timeline/timelines.rs @@ -1,13 +1,13 @@ -use crate::detections::message::{LOGONSUMMARY_FLAG, STATISTICS_FLAG}; +use crate::detections::message::{LOGONSUMMARY_FLAG, METRICS_FLAG}; use crate::detections::{configs::CONFIG, detection::EvtxRecordInfo}; use prettytable::{Cell, Row, Table}; -use super::statistics::EventStatistics; +use super::statistics::EventMetrics; use hashbrown::HashMap; #[derive(Debug)] pub struct Timeline { - pub stats: EventStatistics, + pub stats: EventMetrics, } impl Default for Timeline { @@ -26,7 +26,7 @@ impl Timeline { let statsloginlst = HashMap::new(); let statistic = - EventStatistics::new(totalcnt, filepath, starttm, endtm, statslst, statsloginlst); + EventMetrics::new(totalcnt, filepath, starttm, endtm, statslst, statsloginlst); Timeline { stats: statistic } } @@ -36,7 +36,7 @@ impl Timeline { } pub fn tm_stats_dsp_msg(&mut self) { - if !*STATISTICS_FLAG { + if !*METRICS_FLAG { return; } // 出力メッセージ作成 From 345133d9036d3ffdc3854789ddaa49b747bd6512 Mon Sep 17 00:00:00 2001 From: DastInDark <2350416+hitenkoku@users.noreply.github.com> Date: Sun, 25 Sep 2022 10:39:48 +0900 Subject: [PATCH 38/45] renamed statistics.rs to metrics.rs #706 --- src/timeline/{statistics.rs => metrics.rs} | 0 src/timeline/mod.rs | 2 +- src/timeline/timelines.rs | 2 +- 3 files changed, 2 insertions(+), 2 deletions(-) rename src/timeline/{statistics.rs => metrics.rs} (100%) diff --git a/src/timeline/statistics.rs b/src/timeline/metrics.rs similarity index 100% rename from src/timeline/statistics.rs rename to src/timeline/metrics.rs diff --git a/src/timeline/mod.rs b/src/timeline/mod.rs index c6200b52..7557f9f8 100644 --- a/src/timeline/mod.rs +++ b/src/timeline/mod.rs @@ -1,2 +1,2 @@ -pub mod statistics; +pub mod metrics; pub mod timelines; diff --git a/src/timeline/timelines.rs b/src/timeline/timelines.rs index 97ecc2d1..389e4544 100644 --- a/src/timeline/timelines.rs +++ b/src/timeline/timelines.rs @@ -2,7 +2,7 @@ use crate::detections::message::{LOGONSUMMARY_FLAG, METRICS_FLAG}; use crate::detections::{configs::CONFIG, detection::EvtxRecordInfo}; use prettytable::{Cell, Row, Table}; -use super::statistics::EventMetrics; +use super::metrics::EventMetrics; use hashbrown::HashMap; #[derive(Debug)] From 1c1297b114719c79eebab4cb222dc0bec6b3c55f Mon Sep 17 00:00:00 2001 From: DastInDark <2350416+hitenkoku@users.noreply.github.com> Date: Sun, 25 Sep 2022 10:43:25 +0900 Subject: [PATCH 39/45] changed metric short option from m to M #706 --- src/detections/configs.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/detections/configs.rs b/src/detections/configs.rs index 78fcd137..3477b05b 100644 --- a/src/detections/configs.rs +++ b/src/detections/configs.rs @@ -189,7 +189,7 @@ pub struct Config { pub thread_number: Option, /// Print metrics of event IDs - #[clap(help_heading = Some("OTHER-ACTIONS"), short, long)] + #[clap(help_heading = Some("OTHER-ACTIONS"), short='M', long)] pub metrics: bool, /// Print a summary of successful and failed logons From 578b497a3f141a9502e267a6f2056ba89daff3ff Mon Sep 17 00:00:00 2001 From: DastInDark <2350416+hitenkoku@users.noreply.github.com> Date: Sun, 25 Sep 2022 10:57:58 +0900 Subject: [PATCH 40/45] updated changelog #706 --- CHANGELOG-Japanese.md | 2 ++ CHANGELOG.md | 2 ++ 2 files changed, 4 insertions(+) diff --git a/CHANGELOG-Japanese.md b/CHANGELOG-Japanese.md index 296b665b..ca7a6c4e 100644 --- a/CHANGELOG-Japanese.md +++ b/CHANGELOG-Japanese.md @@ -6,6 +6,8 @@ **改善:** +- EventID解析のオプションをmetricsオプションに変更した。(旧: -s -> 新: -M) (#706) (@hitenkoku) + **バグ修正:** ## v1.6.0 [2022/09/16] diff --git a/CHANGELOG.md b/CHANGELOG.md index 52eb2549..88045739 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,8 @@ **Enhancements:** +- Changed Event ID Statistics option to metrics option. (old: -s -> new: -M) (#706) (@hitenkoku) + **Bug Fixes:** ## v1.6.0 [2022/09/16] From 6d236202db5a16556aac5a1838ae874f7abddf10 Mon Sep 17 00:00:00 2001 From: DastInDark <2350416+hitenkoku@users.noreply.github.com> Date: Sun, 25 Sep 2022 10:59:02 +0900 Subject: [PATCH 41/45] updated readme to adjust changed -s option #706 --- README-Japanese.md | 9 +++++---- README.md | 2 +- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/README-Japanese.md b/README-Japanese.md index afef4813..bbd1ab02 100644 --- a/README-Japanese.md +++ b/README-Japanese.md @@ -370,7 +370,7 @@ macOSの環境設定から「セキュリティとプライバシー」を開き * `--level-tuning`: アラート`level`のカスタムチューニング * `-L, --logon-summary`: ログオンイベントのサマリを出力する。 * `-P, --pivot-keywords-list`: ピボットする不審なキーワードのリスト作成。 -* `-s, --statistics`: イベントIDに基づくイベントの合計と割合の集計を出力する。 +* `-M, --metrics`: イベントIDに基づくイベントの合計と割合の集計を出力する。 * `--set-default-profile`: デフォルトプロファイルを変更する。 * `-u, --update`: GitHubの[hayabusa-rules](https://github.com/Yamato-Security/hayabusa-rules)リポジトリにある最新のルールに同期させる。 @@ -418,8 +418,8 @@ OTHER-ACTIONS: --contributors コントリビュータの一覧表示 -L, --logon-summary 成功と失敗したログオン情報の要約を出力する --level-tuning [] ルールlevelのチューニング (デフォルト: ./rules/config/level_tuning.txt) + -M, --metrics イベントIDの統計情報を表示する -p, --pivot-keywords-list ピボットキーワードの一覧作成 - -s, --statistics イベントIDの統計情報を表示する --set-default-profile デフォルトの出力コンフィグを設定する -u, --update-rules rulesフォルダをhayabusa-rulesのgithubリポジトリの最新版に更新する @@ -509,12 +509,13 @@ hayabusa-1.6.0-win-x64.exe -l -m critical -p -o keywords * イベントIDの統計情報を出力する: ```bash -hayabusa-1.6.0-win-x64.exe -f Security.evtx -s +hayabusa-1.6.0-win-x64.exe -f Security.evtx -M ``` + * ログオンサマリを出力する: ```bash -hayabusa-1.6.0-win-x64.exe -L -f Security.evtx -s +hayabusa-1.6.0-win-x64.exe -L -f Security.evtx -M ``` * 詳細なメッセージを出力する(処理に時間がかかるファイル、パースエラー等を特定するのに便利): diff --git a/README.md b/README.md index 0bc30352..78ec307c 100644 --- a/README.md +++ b/README.md @@ -409,8 +409,8 @@ OTHER-ACTIONS: --contributors Print the list of contributors -L, --logon-summary Print a summary of successful and failed logons --level-tuning [] Tune alert levels (default: ./rules/config/level_tuning.txt) + -M, --metrics Print metrics of event IDs -p, --pivot-keywords-list Create a list of pivot keywords - -s, --statistics Print statistics of event IDs --set-default-profile Set default output profile -u, --update-rules Update to the latest rules in the hayabusa-rules github repository From a98eb516c7f78d6a2de73b2d6eb5cbf078a0a0fe Mon Sep 17 00:00:00 2001 From: DastInDark <2350416+hitenkoku@users.noreply.github.com> Date: Sun, 25 Sep 2022 10:59:49 +0900 Subject: [PATCH 42/45] updated rules --- rules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules b/rules index fe99c87c..2b0f88d1 160000 --- a/rules +++ b/rules @@ -1 +1 @@ -Subproject commit fe99c87c886ca5b66b5e67242eeddfacc469d420 +Subproject commit 2b0f88d1c09b5b9979b99686a29a244993508210 From 85694a8e73072e2ebb5285afe45abde7fda15f29 Mon Sep 17 00:00:00 2001 From: DastInDark <2350416+hitenkoku@users.noreply.github.com> Date: Sun, 25 Sep 2022 11:04:59 +0900 Subject: [PATCH 43/45] cargo fmt --- src/detections/detection.rs | 2 +- src/main.rs | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/detections/detection.rs b/src/detections/detection.rs index 7f5e2aa2..ef428b6f 100644 --- a/src/detections/detection.rs +++ b/src/detections/detection.rs @@ -14,7 +14,7 @@ use crate::detections::message::DetectInfo; use crate::detections::message::ERROR_LOG_STACK; use crate::detections::message::{CH_CONFIG, DEFAULT_DETAILS, TAGS_CONFIG}; use crate::detections::message::{ - LOGONSUMMARY_FLAG, PIVOT_KEYWORD_LIST_FLAG, QUIET_ERRORS_FLAG, METRICS_FLAG, + LOGONSUMMARY_FLAG, METRICS_FLAG, PIVOT_KEYWORD_LIST_FLAG, QUIET_ERRORS_FLAG, }; use crate::detections::pivot::insert_pivot_keyword; use crate::detections::rule; diff --git a/src/main.rs b/src/main.rs index 6ecec3cc..67c4ef22 100644 --- a/src/main.rs +++ b/src/main.rs @@ -11,8 +11,8 @@ use hayabusa::detections::configs::{load_pivot_keywords, TargetEventTime, TARGET use hayabusa::detections::configs::{CONFIG, CURRENT_EXE_PATH}; use hayabusa::detections::detection::{self, EvtxRecordInfo}; use hayabusa::detections::message::{ - AlertMessage, ERROR_LOG_PATH, ERROR_LOG_STACK, LOGONSUMMARY_FLAG, PIVOT_KEYWORD_LIST_FLAG, - QUIET_ERRORS_FLAG, METRICS_FLAG, + AlertMessage, ERROR_LOG_PATH, ERROR_LOG_STACK, LOGONSUMMARY_FLAG, METRICS_FLAG, + PIVOT_KEYWORD_LIST_FLAG, QUIET_ERRORS_FLAG, }; use hayabusa::detections::pivot::PivotKeyword; use hayabusa::detections::pivot::PIVOT_KEYWORD; From 9ed578550ac0d480b07051096899b6751f224e96 Mon Sep 17 00:00:00 2001 From: DastInDark <2350416+hitenkoku@users.noreply.github.com> Date: Sun, 25 Sep 2022 14:03:04 +0900 Subject: [PATCH 44/45] fixed english readme #706 --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 78ec307c..e0107b2d 100644 --- a/README.md +++ b/README.md @@ -361,7 +361,7 @@ You should now be able to run hayabusa. * `--level-tuning`: Custom tune the alerts' `level`. * `-L, --logon-summary`: Print a summary of logon events. * `-P, --pivot-keywords-list`: Print a list of suspicious keywords to pivot on. -* `-s, --statistics`: Print metrics of the count and percentage of events based on Event ID. +* `-M, --metrics`: Print metrics of the count and percentage of events based on Event ID. * `--set-default-profile`: Change the default profile. * `-u, --update`: Sync the rules to the latest rules in the [hayabusa-rules](https://github.com/Yamato-Security/hayabusa-rules) GitHub repository. @@ -500,13 +500,13 @@ hayabusa-1.6.0-win-x64.exe -l -m critical -p -o keywords * Print Event ID statistics: ```bash -hayabusa-1.6.0-win-x64.exe -f Security.evtx -s +hayabusa-1.6.0-win-x64.exe -f Security.evtx -M ``` * Print logon summary: ```bash -hayabusa-1.6.0-win-x64.exe -L -f Security.evtx -s +hayabusa-1.6.0-win-x64.exe -L -f Security.evtx -M ``` * Print verbose information (useful for determining which files take long to process, parsing errors, etc...): From a5529d22075c2268eea4bcd1ee484c1e1703bb44 Mon Sep 17 00:00:00 2001 From: Yamato Security <71482215+YamatoSecurity@users.noreply.github.com> Date: Sun, 25 Sep 2022 20:27:46 +0900 Subject: [PATCH 45/45] update wording to metrics --- CHANGELOG.md | 3 ++- README.md | 8 ++++---- contributors.txt | 2 +- doc/ElasticStackImport/ElasticStackImport-English.md | 2 +- src/detections/configs.rs | 8 ++++---- src/detections/utils.rs | 2 +- src/main.rs | 2 +- src/timeline/timelines.rs | 2 +- 8 files changed, 15 insertions(+), 14 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 88045739..abb4731a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,7 +6,8 @@ **Enhancements:** -- Changed Event ID Statistics option to metrics option. (old: -s -> new: -M) (#706) (@hitenkoku) +- Changed Event ID Statistics option to Event ID Metrics option. (`-s, --statistics` -> `-M, --metrics`) (#706) (@hitenkoku) + (Note: `statistics_event_info.txt` was changed to `event_id_info.txt`.) **Bug Fixes:** diff --git a/README.md b/README.md index e0107b2d..d0174604 100644 --- a/README.md +++ b/README.md @@ -170,7 +170,7 @@ You can learn how to import CSV files into Timesketch [here](doc/TimesketchImpor * Threat hunting based on IoC signatures written in easy to read/create/edit YML based hayabusa rules. * Sigma rule support to convert sigma rules to hayabusa rules. * Currently it supports the most sigma rules compared to other similar tools and even supports count rules and new aggregators such as `|equalsfield`. -* Event log statistics. (Useful for getting a picture of what types of events there are and for tuning your log settings.) +* Event ID metrics. (Useful for getting a picture of what types of events there are and for tuning your log settings.) * Rule tuning configuration by excluding unneeded or noisy rules. * MITRE ATT&CK mapping of tactics. * Rule level tuning. @@ -361,7 +361,7 @@ You should now be able to run hayabusa. * `--level-tuning`: Custom tune the alerts' `level`. * `-L, --logon-summary`: Print a summary of logon events. * `-P, --pivot-keywords-list`: Print a list of suspicious keywords to pivot on. -* `-M, --metrics`: Print metrics of the count and percentage of events based on Event ID. +* `-M, --metrics`: Print metrics of the number and percentage of events based on Event ID. * `--set-default-profile`: Change the default profile. * `-u, --update`: Sync the rules to the latest rules in the [hayabusa-rules](https://github.com/Yamato-Security/hayabusa-rules) GitHub repository. @@ -409,7 +409,7 @@ OTHER-ACTIONS: --contributors Print the list of contributors -L, --logon-summary Print a summary of successful and failed logons --level-tuning [] Tune alert levels (default: ./rules/config/level_tuning.txt) - -M, --metrics Print metrics of event IDs + -M, --metrics Print event ID metrics -p, --pivot-keywords-list Create a list of pivot keywords --set-default-profile Set default output profile -u, --update-rules Update to the latest rules in the hayabusa-rules github repository @@ -497,7 +497,7 @@ hayabusa-1.6.0-win-x64.exe -l -m low hayabusa-1.6.0-win-x64.exe -l -m critical -p -o keywords ``` -* Print Event ID statistics: +* Print Event ID metrics: ```bash hayabusa-1.6.0-win-x64.exe -f Security.evtx -M diff --git a/contributors.txt b/contributors.txt index dd3e8a57..e61924a1 100644 --- a/contributors.txt +++ b/contributors.txt @@ -2,7 +2,7 @@ Hayabusa was possible thanks to the following people (in alphabetical order): Akira Nishikawa (@nishikawaakira): Previous lead developer, core hayabusa rule support, etc... Fukusuke Takahashi (fukuseket): Static compiling for Windows, race condition and other bug fixes. -Garigariganzy (@garigariganzy31): Developer, event ID statistics implementation, etc... +Garigariganzy (@garigariganzy31): Developer, event ID metrics implementation, etc... ItiB (@itiB_S144) : Core developer, sigmac hayabusa backend, rule creation, etc... James Takai / hachiyone(@hach1yon): Current lead developer, tokio multi-threading, sigma aggregation logic, sigmac backend, rule creation, sigma count implementation etc… Kazuminn (@k47_um1n): Core Developer diff --git a/doc/ElasticStackImport/ElasticStackImport-English.md b/doc/ElasticStackImport/ElasticStackImport-English.md index 4a8c96a3..7a3219e9 100644 --- a/doc/ElasticStackImport/ElasticStackImport-English.md +++ b/doc/ElasticStackImport/ElasticStackImport-English.md @@ -51,7 +51,7 @@ As shown below, click on `Advanced` and perform the following settings before cl 1. Title the `Index name` as `evtxlogs-hayabusa`. 2. Under `Index settings`, add `, "number_of_replicas": 0` so that the index health status does not turn yellow. -3. Under `Mappings`, change the `RuleTitle` type of `text` to `keyword` so that we can do statistics on the rule titles and change the `EventID` type of `long` to `keyword` in order to import without errors. +3. Under `Mappings`, change the `RuleTitle` type of `text` to `keyword` so that we can calculate metrics on the rule titles and change the `EventID` type of `long` to `keyword` in order to import without errors. 4. Under `Ingest pipeline`, add `, "field": "Timestamp"` under the `remove` section. Timestamps will be displayed as `@timestamp` so this duplicate field is not needed. Also, delete the following in order to import without errors: ``` { diff --git a/src/detections/configs.rs b/src/detections/configs.rs index 3477b05b..0bd52d60 100644 --- a/src/detections/configs.rs +++ b/src/detections/configs.rs @@ -188,7 +188,7 @@ pub struct Config { #[clap(help_heading = Some("ADVANCED"), short, long = "thread-number", value_name = "NUMBER")] pub thread_number: Option, - /// Print metrics of event IDs + /// Print event ID metrics #[clap(help_heading = Some("OTHER-ACTIONS"), short='M', long)] pub metrics: bool, @@ -266,11 +266,11 @@ impl ConfigReader<'_> { args: parse.clone(), headless_help: String::default(), event_timeline_config: load_eventcode_info( - utils::check_setting_path(&parse.config, "statistics_event_info.txt", false) + utils::check_setting_path(&parse.config, "event_id_info.txt", false) .unwrap_or_else(|| { utils::check_setting_path( &CURRENT_EXE_PATH.to_path_buf(), - "rules/config/statistics_event_info.txt", + "rules/config/event_id_info.txt", true, ) .unwrap() @@ -581,7 +581,7 @@ fn load_eventcode_info(path: &str) -> EventInfoConfig { return config; } - // statistics_event_infoが読み込めなかったらエラーで終了とする。 + // event_id_info.txtが読み込めなかったらエラーで終了とする。 read_result.unwrap().into_iter().for_each(|line| { if line.len() != 2 { return; diff --git a/src/detections/utils.rs b/src/detections/utils.rs index 837da55d..259dc32b 100644 --- a/src/detections/utils.rs +++ b/src/detections/utils.rs @@ -410,7 +410,7 @@ pub fn check_rule_config() -> Result<(), String> { "target_event_IDs.txt", "default_details.txt", "level_tuning.txt", - "statistics_event_info.txt", + "event_id_info.txt", "eventkey_alias.txt", ]; let mut not_exist_file = vec![]; diff --git a/src/main.rs b/src/main.rs index 67c4ef22..c4454714 100644 --- a/src/main.rs +++ b/src/main.rs @@ -197,7 +197,7 @@ impl App { write_color_buffer( &BufferWriter::stdout(ColorChoice::Always), None, - "Generating Event ID Statistics", + "Generating Event ID Metrics", true, ) .ok(); diff --git a/src/timeline/timelines.rs b/src/timeline/timelines.rs index 389e4544..751643cd 100644 --- a/src/timeline/timelines.rs +++ b/src/timeline/timelines.rs @@ -98,7 +98,7 @@ impl Timeline { .event_timeline_config .get_event_id(*event_id) .is_some(); - // statistics_event_info.txtに登録あるものは情報設定 + // event_id_info.txtに登録あるものは情報設定 if conf { // 出力メッセージ1行作成 msges.push(format!(