CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

cleanup

Browse Source
This commit is contained in:
siamease
2020-10-07 02:11:07 +09:00
parent 714e4b0038
commit f5edf867e2
1 changed files with 7 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
src/detections/sysmon.rs
View File

@@ -36,15 +36,15 @@ impl Sysmon {
println!("Date : {} (UTC)", _date);
}
println!("Log : Sysmon");
let minlength = 100; // TBD
let mut f = File::open("whitelist.txt").expect("file not found");
let mut contents = String::new();
f.read_to_string(&mut contents);
let rdr = csv::Reader::from_reader(contents.as_bytes());
if let Some(_creater) = event_data.get("ParentImage") {
//println!("_creater : {}", _image);
let minlength = 100; // TBD
let mut f = File::open("whitelist.txt").expect("file not found");
let mut contents = String::new();
f.read_to_string(&mut contents);
let rdr = csv::Reader::from_reader(contents.as_bytes());
//self.check_command("1".to_string(), _command_line.to_string());
check_command(1, _command_line, minlength, 0, "", _creater, rdr);
} else {
check_command(1, _command_line, minlength, 0, "", "", rdr);
}
println!("");
}
@@ -74,20 +74,4 @@ impl Sysmon {
}
}
}
/*
fn check_command(&mut self, _event_id: String, _command_line: String) {
let _result = "(TBD)";
let _decoded = "(TBD)";
// TBD
// Write-Output $obj
println!("EventID : {}", _event_id);
println!("Message : Suspicious Command Line");
println!("Result : {}", _result);
println!("Command : {}", _command_line);
println!("Decoded : {}", _decoded);
}
*/
}