* added termcolor reset function #537
* added logo green output #537
* fixed test
* cargo fmt
* updated changelog #537
* fixed clippy error
* update logo screenshot
* updated rules
* changed no colored logo when --no-color option is enabled
* fixed colored reset bug when --update-rules option is enabled
* fixed color reset bug when --level-tuning option is enabled
* cargo fmt
Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
* add get_pivot_keyword() func
* change function name and call it's function
* [WIP] support config file
* compilete output
* cargo fmt
* [WIP] add test
* add test
* support -o option in pivot
* add pivot mod
* fix miss
* pass test in pivot.rs
* add comment
* pass all test
* add fast return
* fix output
* add test config file
* review
* rebase
* cargo fmt
* test pass
* fix clippy in my commit
* cargo fmt
* little refactor
* change file input logic and config format
* [WIP] change output
* [wip] change deta structure
* change output & change data structure
* pass test
* add config
* cargo fmt & clippy & rebase
* fix cllipy
* delete /rules/ in .gitignore
* clean comment
* clean
* clean
* fix rebase miss
* fix rebase miss
* fix clippy
* file name output on -o to stdout
* add pivot_keywords.txt to ./config
* updated english
* Documentation update
* cargo fmt and clean
* updated translate japanese
* readme update
* readme update
Co-authored-by: DustInDark <nextsasasa@gmail.com>
Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
* add no event key
* support not-register-alias search
* added checking EventData when key do not match in alias #290
- added checking key in Event.EventData, if key is not exist in eventkey_alias.txt.
* cargo fmt
* fixed panic when filter files does not exists
* fixed errorlog format when filter config files does not exist
Co-authored-by: DustInDark <nextsasasa@gmail.com>
* fixed no detected bug when enter and tab control character in record data #395
* added remove \r \n \t character in utils.rs
* added call of utils.rs function in selectionnodes.rs
* added tests #395
* changed space control character function args #395
* fixed test due to function args changes #395
* changed replace method using regex #395
* changed regex by record_data_filter.txt #395
* added record_data_filter.txt #395
* fixed test #395
* added record_data_filter
- add Properties regex
- add ScriptBlockText regex
- add Payload regex
* update rule config files and art
* regexサンプルファイルの名前変更
* fixed test error due to filename change #291
Co-authored-by: DustInDark <nextsasasa@gmail.com>
* removed no use alias #227
* changed case of object type return none #227
- serde json value is object type when alias key dont exist in detected record.
* adjust serde_number_to_string function return value change #227
* adjust yml rule to change of aliaskey_alias.txt #227
* merged same regex as static
* create new struct to reduce same output in rule and keyword warn message #227
* changed output position
* removed regression warnings #227
* removed output wanring
* Fixed a possible panic when None. #227
* added parse_message test #227
* added get_serde_number_to_string tests #227
* removed unnecessary test data part in get_serde_numuber_to_string test #227
