CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

To avoid confuse ,Unified quote of profile file in config folder to double quote #165

Browse Source
This commit is contained in:
DastInDark
2022-07-31 12:11:44 +09:00
parent fedbd57083
commit e207a9e7b2
4 changed files with 100 additions and 100 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
config/default_profile.yaml
View File

@@ -1,14 +1,14 @@
---
Timestamp: '%Timestamp%'
Computer: '%Computer%'
Channel: '%Channel%'
Level: '%Level%'
EventID: '%EventID%'
MitreAttack: '%MitreAttack%'
RecordID: '%RecordID%'
RuleTitle: '%RuleTitle%'
Details: '%Details%'
RecordInformation: '%RecordInformation%'
RuleFile: '%RuleFile%'
EvtxFile: '%EvtxFile%'
Tags: '%MitreAttack%'
Timestamp: "%Timestamp%"
Computer: "%Computer%"
Channel: "%Channel%"
Level: "%Level%"
EventID: "%EventID%"
MitreAttack: "%MitreAttack%"
RecordID: "%RecordID%"
RuleTitle: "%RuleTitle%"
Details: "%Details%"
RecordInformation: "%RecordInformation%"
RuleFile: "%RuleFile%"
EvtxFile: "%EvtxFile%"
Tags: "%MitreAttack%"

74
config/profiles.yaml
View File

@@ -1,44 +1,44 @@
minimal:
Timestamp: '%Timestamp%'
Computer: '%Computer%'
Channel: '%Channel%'
EventID: '%EventID%'
Level: '%Level%'
RuleTitle: '%RuleTitle%'
Details: '%Details%'
Timestamp: "%Timestamp%"
Computer: "%Computer%"
Channel: "%Channel%"
EventID: "%EventID%"
Level: "%Level%"
RuleTitle: "%RuleTitle%"
Details: "%Details%"
default:
Timestamp: '%Timestamp%'
Computer: '%Computer%'
Channel: '%Channel%'
EventID: '%EventID%'
Level: '%Level%'
Tags: '%MitreAttack%'
RecordID: '%RecordID%'
RuleTitle: '%RuleTitle%'
Details: '%Details%'
Timestamp: "%Timestamp%"
Computer: "%Computer%"
Channel: "%Channel%"
EventID: "%EventID%"
Level: "%Level%"
Tags: "%MitreAttack%"
RecordID: "%RecordID%"
RuleTitle: "%RuleTitle%"
Details: "%Details%"
verbose-1:
Timestamp: '%Timestamp%'
Computer: '%Computer%'
Channel: '%Channel%'
EventID: '%EventID%'
Level: '%Level%'
Tags: '%MitreAttack%'
RecordID: '%RecordID%'
RuleTitle: '%RuleTitle%'
Details: '%Details%'
RulePath: '%RulePath%'
FilePath: '%FilePath%'
Timestamp: "%Timestamp%"
Computer: "%Computer%"
Channel: "%Channel%"
EventID: "%EventID%"
Level: "%Level%"
Tags: "%MitreAttack%"
RecordID: "%RecordID%"
RuleTitle: "%RuleTitle%"
Details: "%Details%"
RulePath: "%RulePath%"
FilePath: "%FilePath%"
verbose-2:
Timestamp: '%Timestamp%'
Computer: '%Computer%'
Channel: '%Channel%'
EventID: '%EventID%'
Level: '%Level%'
Tags: '%MitreAttack%'
RecordID: '%RecordID%'
RuleTitle: '%RuleTitle%'
Details: '%Details%'
AllFieldInfo: '%RecordInformation%'
Timestamp: "%Timestamp%"
Computer: "%Computer%"
Channel: "%Channel%"
EventID: "%EventID%"
Level: "%Level%"
Tags: "%MitreAttack%"
RecordID: "%RecordID%"
RuleTitle: "%RuleTitle%"
Details: "%Details%"
AllFieldInfo: "%RecordInformation%"

26
test_files/config/default_profile.yaml
View File

@@ -1,13 +1,13 @@
Timestamp: '%Timestamp%'
Computer: '%Computer%'
Channel: '%Channel%'
Level: '%Level%'
EventID: '%EventID%'
MitreAttack: '%MitreAttack%'
RecordID: '%RecordID%'
RuleTitle: '%RuleTitle%'
Details: '%Details%'
RecordInformation: '%RecordInformation%'
RuleFile: '%RuleFile%'
EvtxFile: '%EvtxFile%'
Tags: '%MitreAttack%'
Timestamp: "%Timestamp%"
Computer: "%Computer%"
Channel: "%Channel%"
Level: "%Level%"
EventID: "%EventID%"
MitreAttack: "%MitreAttack%"
RecordID: "%RecordID%"
RuleTitle: "%RuleTitle%"
Details: "%Details%"
RecordInformation: "%RecordInformation%"
RuleFile: "%RuleFile%"
EvtxFile: "%EvtxFile%"
Tags: "%MitreAttack%"

74
test_files/config/profiles.yaml
View File

@@ -1,44 +1,44 @@
minimal:
Timestamp: '%Timestamp%'
Computer: '%Computer%'
Channel: '%Channel%'
EventID: '%EventID%'
Level: '%Level%'
RuleTitle: '%RuleTitle%'
Details: '%Details%'
Timestamp: "%Timestamp%"
Computer: "%Computer%"
Channel: "%Channel%"
EventID: "%EventID%"
Level: "%Level%"
RuleTitle: "%RuleTitle%"
Details: "%Details%"
default:
Timestamp: '%Timestamp%'
Computer: '%Computer%'
Channel: '%Channel%'
EventID: '%EventID%'
Level: '%Level%'
Tags: '%MitreAttack%'
RecordID: '%RecordID%'
RuleTitle: '%RuleTitle%'
Details: '%Details%'
Timestamp: "%Timestamp%"
Computer: "%Computer%"
Channel: "%Channel%"
EventID: "%EventID%"
Level: "%Level%"
Tags: "%MitreAttack%"
RecordID: "%RecordID%"
RuleTitle: "%RuleTitle%"
Details: "%Details%"
verbose-1:
Timestamp: '%Timestamp%'
Computer: '%Computer%'
Channel: '%Channel%'
EventID: '%EventID%'
Level: '%Level%'
Tags: '%MitreAttack%'
RecordID: '%RecordID%'
RuleTitle: '%RuleTitle%'
Details: '%Details%'
RulePath: '%RulePath%'
FilePath: '%FilePath%'
Timestamp: "%Timestamp%"
Computer: "%Computer%"
Channel: "%Channel%"
EventID: "%EventID%"
Level: "%Level%"
Tags: "%MitreAttack%"
RecordID: "%RecordID%"
RuleTitle: "%RuleTitle%"
Details: "%Details%"
RulePath: "%RulePath%"
FilePath: "%FilePath%"
verbose-2:
Timestamp: '%Timestamp%'
Computer: '%Computer%'
Channel: '%Channel%'
EventID: '%EventID%'
Level: '%Level%'
Tags: '%MitreAttack%'
RecordID: '%RecordID%'
RuleTitle: '%RuleTitle%'
Details: '%Details%'
AllFieldInfo: '%RecordInformation%'
Timestamp: "%Timestamp%"
Computer: "%Computer%"
Channel: "%Channel%"
EventID: "%EventID%"
Level: "%Level%"
Tags: "%MitreAttack%"
RecordID: "%RecordID%"
RuleTitle: "%RuleTitle%"
Details: "%Details%"
AllFieldInfo: "%RecordInformation%"