CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add sysmon

Browse Source
This commit is contained in:
siamease
2020-10-02 00:14:33 +09:00
parent 42f8483485
commit fa9f3813ae
3 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/detections/detection.rs
View File

@@ -3,8 +3,8 @@ extern crate quick_xml;
use crate::detections::application; use crate::detections::application;
use crate::detections::common; use crate::detections::common;
use crate::detections::security; use crate::detections::security;
use crate::detections::system;
use crate::detections::sysmon; use crate::detections::sysmon;
use crate::detections::system;
use crate::models::event; use crate::models::event;
use evtx::EvtxParser; use evtx::EvtxParser;
use quick_xml::de::DeError; use quick_xml::de::DeError;

2
src/detections/mod.rs
View File

@@ -2,5 +2,5 @@ mod application;
mod common; mod common;
pub mod detection; pub mod detection;
mod security; mod security;
mod system;
mod sysmon; mod sysmon;
mod system;

4
src/detections/sysmon.rs
View File

@@ -24,10 +24,10 @@ impl Sysmon {
fn sysmon_event_1(&mut self, event_data: HashMap<String, String>) { fn sysmon_event_1(&mut self, event_data: HashMap<String, String>) {
println!("Message : Sysmon event 1"); println!("Message : Sysmon event 1");
if let Some(_image) = event_data.get("Image") { if let Some(_image) = event_data.get("Image") {
println!("_image : {}",_image); println!("_image : {}", _image);
} }
if let Some(_command_line) = event_data.get("CommandLine") { if let Some(_command_line) = event_data.get("CommandLine") {
println!("_command_line : {}",_command_line); println!("_command_line : {}", _command_line);
} }
} }