CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor

Browse Source
This commit is contained in:
kazuminn
2020-10-24 16:10:55 +09:00
parent 4f1536409e
commit dfa9449f7b
1 changed files with 32 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
src/detections/system.rs
View File

@@ -16,11 +16,41 @@ impl System {
) { ) {
self.system_log_clear(&event_id); self.system_log_clear(&event_id);
self.windows_event_log(&event_id, event_data); self.windows_event_log(&event_id, event_data);
self.new_service_created(&event_id);
self.interactive_service_warning(&event_id);
self.suspicious_service_name(&event_id);
}
fn new_service_created(&mut self, event_id: &String) {
if event_id != "7045" {
return
}
println!("Message : System Log Clear");
println!("Results : The System log was cleared.");
}
fn interactive_service_warning(&mut self, event_id: &String) {
if event_id != "7030" {
return
}
println!("Message : System Log Clear");
println!("Results : The System log was cleared.");
}
fn suspicious_service_name(&mut self, event_id: &String) {
if event_id != "7036" {
return
}
println!("Message : System Log Clear");
println!("Results : The System log was cleared.");
} }
fn system_log_clear(&mut self, event_id: &String) { fn system_log_clear(&mut self, event_id: &String) {
if event_id != "104" { if event_id != "104" {
return; return
} }
println!("Message : System Log Clear"); println!("Message : System Log Clear");
@@ -29,7 +59,7 @@ impl System {
fn windows_event_log(&mut self, event_id: &String, event_data: HashMap<String, String>) { fn windows_event_log(&mut self, event_id: &String, event_data: HashMap<String, String>) {
if event_id != "7040" { if event_id != "7040" {
return; return
} }
if let Some(_param1) = event_data.get("param1") { if let Some(_param1) = event_data.get("param1") {