From f7ff096ac9a736bbc10c88e067b703409b664c62 Mon Sep 17 00:00:00 2001 From: DustInDark Date: Mon, 13 Jun 2022 02:00:36 +0900 Subject: [PATCH] removed prev usage #413 --- src/detections/configs.rs | 71 --------------------------------------- 1 file changed, 71 deletions(-) diff --git a/src/detections/configs.rs b/src/detections/configs.rs index 11516a18..1b1b88fc 100644 --- a/src/detections/configs.rs +++ b/src/detections/configs.rs @@ -213,77 +213,6 @@ impl ConfigReader<'_> { } } } - -fn build_app<'a>() -> ArgMatches<'a> { - let program = std::env::args() - .next() - .and_then(|s| { - std::path::PathBuf::from(s) - .file_stem() - .map(|s| s.to_string_lossy().into_owned()) - }) - .unwrap(); - - if is_test_mode() { - return ArgMatches::default(); - } - - let usages = "-d, --directory [DIRECTORY] 'Directory of multiple .evtx files.' - -f, --filepath [FILE_PATH] 'File path to one .evtx file.' - -F, --full-data 'Print all field information.' - -r, --rules [RULE_DIRECTORY/RULE_FILE] 'Rule directory or file (Default: .\\rules)' - -C, --config [RULE_CONFIG_DIRECTORY] 'Rule config folder. (Default: .\\rules\\config)' - -o, --output [CSV_TIMELINE] 'Save the timeline in CSV format. (Ex: results.csv)' - --all-tags 'Output all tags when saving to a CSV file.' - -R, --hide-record-id 'Do not display EventRecordID number.' - -v, --verbose 'Output verbose information.' - -V, --visualize-timeline 'Output event frequency timeline.' - -D, --enable-deprecated-rules 'Enable rules marked as deprecated.' - -n, --enable-noisy-rules 'Enable rules marked as noisy.' - -u, --update-rules 'Update to the latest rules in the hayabusa-rules github repository.' - -m, --min-level [LEVEL] 'Minimum level for rules. (Default: informational)' - -l, --live-analysis 'Analyze the local C:\\Windows\\System32\\winevt\\Logs folder (Windows Only. Administrator privileges required.)' - --start-timeline [START_TIMELINE] 'Start time of the event logs to load. (Ex: \"2020-02-22 00:00:00 +09:00\")' - --end-timeline [END_TIMELINE] 'End time of the event logs to load. (Ex: \"2022-02-22 23:59:59 +09:00\")' - --rfc-2822 'Output timestamp in RFC 2822 format. (Ex: Fri, 22 Feb 2022 22:00:00 -0600)' - --rfc-3339 'Output timestamp in RFC 3339 format. (Ex: 2022-02-22 22:00:00.123456-06:00)' - --US-time 'Output timestamp in US time format. (Ex: 02-22-2022 10:00:00.123 PM -06:00)' - --US-military-time 'Output timestamp in US military time format. (Ex: 02-22-2022 22:00:00.123 -06:00)' - --European-time 'Output timestamp in European time format. (Ex: 22-02-2022 22:00:00.123 +02:00)' - -U, --utc 'Output time in UTC format. (Default: local time)' - --no-color 'Disable color output.' - -t, --thread-number [NUMBER] 'Thread number. (Default: Optimal number for performance.)' - -s, --statistics 'Prints statistics of event IDs.' - -L, --logon-summary 'Successful and failed logons summary.' - -q, --quiet 'Quiet mode. Do not display the launch banner.' - -Q, --quiet-errors 'Quiet errors mode. Do not save error logs.' - -p, --pivot-keywords-list 'Create a list of pivot keywords.' - --contributors 'Prints the list of contributors.'"; - App::new(&program) - .about("Hayabusa: Aiming to be the world's greatest Windows event log analysis tool!") - .version("1.3.1") - .author("Yamato Security (https://github.com/Yamato-Security/hayabusa) @SecurityYamato") - .setting(AppSettings::VersionlessSubcommands) - .arg( - // TODO: When update claps to 3.x, these can write in usage texts... - Arg::from_usage("--level-tuning [LEVEL_TUNING_FILE] 'Tune alert levels. (Default: .\\rules\\config\\level_tuning.txt)'") - .default_value("./rules/config/level_tuning.txt"), - ) - .usage(usages) - .args_from_usage(usages) - .get_matches() -} - -fn is_test_mode() -> bool { - for i in std::env::args() { - if i == "--test" { - return true; - } - } - - false -} - #[derive(Debug, Clone)] pub struct TargetEventIds { ids: HashSet,