kazuminn
c8efa95447
Pivot Keyword List機能の追加 ( #412 )
...
* add get_pivot_keyword() func
* change function name and call it's function
* [WIP] support config file
* compilete output
* cargo fmt
* [WIP] add test
* add test
* support -o option in pivot
* add pivot mod
* fix miss
* pass test in pivot.rs
* add comment
* pass all test
* add fast return
* fix output
* add test config file
* review
* rebase
* cargo fmt
* test pass
* fix clippy in my commit
* cargo fmt
* little refactor
* change file input logic and config format
* [WIP] change output
* [wip] change deta structure
* change output & change data structure
* pass test
* add config
* cargo fmt & clippy & rebase
* fix cllipy
* delete /rules/ in .gitignore
* clean comment
* clean
* clean
* fix rebase miss
* fix rebase miss
* fix clippy
* file name output on -o to stdout
* add pivot_keywords.txt to ./config
* updated english
* Documentation update
* cargo fmt and clean
* updated translate japanese
* readme update
* readme update
Co-authored-by: DustInDark <nextsasasa@gmail.com >
Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com >
2022-04-05 21:17:23 +09:00
itiB
90822aa563
Cargo fmt
2022-04-05 02:04:10 +09:00
itiB
9f8f12ec2f
fix: level tuning's file name
2022-04-05 02:03:49 +09:00
itiB
015691e129
mv: IDS_REGEX to configs file
2022-04-05 01:59:56 +09:00
itiB
373dd0f8c7
Add: id, level validation
2022-04-05 01:53:24 +09:00
itiB
026d18a605
Add: Error handlings
2022-04-05 01:30:11 +09:00
itiB
6b08752120
Fix: Text overwrite was failed
2022-04-04 23:44:54 +09:00
itiB
5891a1aca1
WIP: Text overwrite failed...
2022-04-04 01:44:04 +09:00
itiB
6805bd6a0a
Reface: split to options file
2022-04-04 00:31:21 +09:00
itiB
9149500b40
Add: level-tuning function
2022-04-03 23:41:32 +09:00
itiB
814f5a61cb
cargo fmt
2022-04-03 22:01:40 +09:00
itiB
d38834e20e
Add: input rule_level.txt files & read rules
2022-04-03 21:58:33 +09:00
itiB
a15bef4b30
Add: read Rule files
2022-04-03 21:58:33 +09:00
itiB
276889338d
Add: --level-tuning option's outline
2022-04-03 21:57:50 +09:00
DustInDark
7c645010ee
fixed process when yml file exist in .git folder
...
* ignore when yml file exist in .git folder
2022-03-30 21:02:14 +09:00
DustInDark
425a629de7
Enhancement: add config config #456 ( #471 )
...
* added config option #456
* added process of option to speicifed config folder #456
following files adjust config option.
* noisy_rules.txt
* exclude_rules.txt
* fixed usage in readme
2022-03-30 15:26:58 +09:00
James / hach1yon
bca578b89e
add equalsfield pipe ( #467 )
2022-03-30 11:49:20 +09:00
garigariganzy
7861174a93
Remove unnecessary code from timeline_event_info and rename files for… ( #470 )
...
* Remove unnecessary code from timeline_event_info and rename files for issue462
* Remove unnecessary code #462
2022-03-30 09:46:18 +09:00
DustInDark
fa86a9a027
Fearture/ added output update result#410 ( #452 )
...
* add git2 crate #391
* added Update option #391
* updated readme #391
* fixed cargo.lock
* fixed option if-statement #391
* changed utc short option and rule-update short option #391
* updated readme
* updated readme
* fixed -u long option & version number update #391
* added fast-forwarding rules repository #391
* updated command line option #391
* moved output logo prev update rule
* fixed readme #391
* removed recursive option in readme
* changed rules update from clone and pull to submodule update #391
* fixed document
* changed unnecessary clone recursively to clone only
* English message update.
* cargo fmt
* English message update. ( 4657c35e5c#420
* fixed error #410
* changed update rule list seq
* added test
* fixed output #410
* fixed output and fixed output date field when modified field is lacked #410
* fixed compile error
* fixed output
- added enter after Latest rule update output
- added output when no exist new rule
- fixed Latest rule update date format
- changed output from 'Latest rule update' to 'Latest rules update'
* fixed compile error
* changed modified date source from rules folder to each yml rule file
* formatting use chrono in main.rs
* merge develop clippy ci
* fixed output when no update rule #410
- removed Latest rule update
- no output "Rules update successfully" when No rule changed
* Change English
Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com >
2022-03-29 13:09:54 +09:00
James / hach1yon
67cf88cddd
fix degrade for pull req #464 ( #468 )
...
* fix degrade for pull req #464
* add trim
2022-03-27 22:26:42 +09:00
James / hach1yon
b0e4247857
Feature/#440 refactoring #395 ( #464 )
2022-03-26 16:11:11 +09:00
DustInDark
e563224b52
added clippy workflow #428 ( #429 )
...
* added clippy workflow #428
* fixed action yaml to run clippy #428
* fixed indent
* fixed workflow
* fixed workflow error
* fixed indent
* changed no annotation #428
* adujusted annotation version
* fixed clippy::needless_match
* remove if let exception
* removed unnecessary permission check #428
2022-03-21 12:45:30 +09:00
DustInDark
7c7a86f7c9
Fixed Clippy Warnings ( #451 )
...
* fixed clippy warn
* fixed cargo clippy warnging
* fixed clippy warngings in clippy ver 0.1.59
* fixed clippy warnings clippy::unnecessary_to_owned
2022-03-17 08:43:48 +09:00
DustInDark
04b881cb66
changed downcast library from mopa to downcast_rs #447 ( #450 )
2022-03-11 14:49:47 +09:00
kazuminn
d49d6f6210
aliasキーがない場合もEvent.EventDataを自動で走査する ( #442 )
...
* add no event key
* support not-register-alias search
* added checking EventData when key do not match in alias #290
- added checking key in Event.EventData, if key is not exist in eventkey_alias.txt.
* cargo fmt
* fixed panic when filter files does not exists
* fixed errorlog format when filter config files does not exist
Co-authored-by: DustInDark <nextsasasa@gmail.com >
2022-03-11 13:24:43 +09:00
DustInDark
bb1f5f619d
Fix/fix clippy warn ( #434 )
...
- Fixed following Clippy Warnings(previous warning count: 671 -> after: 4)
- clippy::needless_return
- clippy::println_empty_string
- clippy::redundant_field_names
- clippy::single_char_pattern
- clippy::len_zero
- clippy::iter_nth_zero
- clippy::bool_comparison
- clippy::question_mark
- clippy::needless_collect
- clippy::unnecessary_unwrap
- clippy::ptr_arg
- clippy::needless_collect
- clippy::needless_borrow
- clippy::new_without_default
- clippy::assign_op_pattern
- clippy::bool_assert_comparison
- clippy::into_iter_on_ref
- clippy::deref_addrof
- clippy::while_let_on_iterator
- clippy::match_like_matches_macro
- clippy::or_fun_call
- clippy::useless_conversion
- clippy::let_and_return
- clippy::redundant_clone
- clippy::redundant_closure
- clippy::cmp_owned
- clippy::upper_case_acronyms
- clippy::map_identity
- clippy::unused_io_amount
- clippy::assertions_on_constants
- clippy::op_ref
- clippy::useless_vec
- clippy::vec_init_then_push
- clippy::useless_format
- clippy::bind_instead_of_map
- clippy::bool_comparison
- clippy::clone_on_copy
- clippy::too_many_arguments
- clippy::module_inception
- fixed clippy::needless_lifetimes
- fixed clippy::borrowed_box (Thanks for helping by hach1yon!)
2022-03-07 08:38:05 +09:00
Alan Smithee
0fdabf0d70
added process of remove submodule cache #432
2022-03-01 03:17:55 +09:00
Alan Smithee
6e5b24282f
cargo fmt
2022-02-28 18:27:06 +09:00
Alan Smithee
c3c9423b74
fixed clippy warn
2022-02-28 18:25:54 +09:00
Alan Smithee
28ded269de
fixed process case of not exist hayabusa .git folder #432
2022-02-28 18:24:49 +09:00
Yamato Security
65eb818f9b
unique rules to detections ( #426 )
2022-02-28 10:16:39 +09:00
Alan Smithee
b22798fddd
added merge process when submodule update option #422
2022-02-27 21:04:33 +09:00
Alan Smithee
d1553e3ab1
changed crate load together
2022-02-27 21:02:43 +09:00
Yamato Security
fb007ee3a6
Small edits on help screen. ( #417 )
2022-02-27 09:04:30 +09:00
DustInDark
92c472d451
Hotfix/moved rule configs to hayabusa rules repo#409 ( #414 )
...
* fixed target config path #409
* fixed target config file path in test #409
* fixed rules target #409
* Documentation fix, deleted unneeded config files
* added workflow
* changed submodule option
* fixed worksflow to ref submodule
* fixed gitmodules
* fixed workflow
* check code insert
* added update submodules command
* test rules update
* removed test runs
* fixed error
Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com >
2022-02-26 18:19:19 +09:00
DustInDark
02b1d7f07c
added update command #391 ( #392 )
...
* add git2 crate #391
* added Update option #391
* updated readme #391
* fixed cargo.lock
* fixed option if-statement #391
* changed utc short option and rule-update short option #391
* updated readme
* updated readme
* fixed -u long option & version number update #391
* added fast-forwarding rules repository #391
* updated command line option #391
* moved output logo prev update rule
* fixed readme #391
* removed recursive option in readme
* English message update.
* cargo fmt
* Added update command#391 submodule ver (#401 )
* changed rules update from clone and pull to submodule update #391
* fixed document
* changed unnecessary clone recursively to clone only
* English message update. ( 4657c35e5c71482215+YamatoSecurity@users.noreply.github.com >
* added caution case of update failed in readme #391
* fixed document
* added output error in case of loaded rule count is 0 #391 #392
https://github.com/Yamato-Security/hayabusa/pull/392#issuecomment-1050276570
* --update-rules typo
* removed unused library call
Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com >
2022-02-26 18:18:03 +09:00
DustInDark
0dc5de4b73
Bug/ Fixed error when target environment is not installed vcc redistribute package ( #408 )
...
* fixed error when target environment has not installed vcc redistribute package
* added cfg to static_vcruntime when target os is windows.
2022-02-25 10:07:12 +09:00
Alan Smithee
f9b02a65b6
fixed test to change regex detectlist_suspicous_services.txt
2022-02-22 08:42:23 +09:00
DustInDark
58017e971f
fixed detection lack when tab and enter control character in event record#395 ( #396 )
...
* fixed no detected bug when enter and tab control character in record data #395
* added remove \r \n \t character in utils.rs
* added call of utils.rs function in selectionnodes.rs
* added tests #395
* changed space control character function args #395
* fixed test due to function args changes #395
* changed replace method using regex #395
* changed regex by record_data_filter.txt #395
* added record_data_filter.txt #395
* fixed test #395
* added record_data_filter
- add Properties regex
- add ScriptBlockText regex
- add Payload regex
2022-02-17 05:07:15 +09:00
DustInDark
19c44b4f66
added mitre attack data output in csv output ( #397 )
...
* added tags information in csv output #234
* fixed test due to change csvformat struct #234
* changed tag info separator #234
* changed separator #234
* changed tag info separator #234
2022-02-15 02:13:37 +09:00
DustInDark
df86958850
added live analysys feature ( #398 )
...
* added windows live analysis option #125
* added live analysis option #125
* fixed live analysys condition #125
* changed live analysis option #125
* added live-analysis option in readme #125
* fixed live-analysis check condition #125
* is_elevated crate is only windows #125
* fixed is_elevated build error #125
* fixed is_elevated library crate load
* fixed call way os dependencies crate #125
* fix build error on linux and removed unnecessary create #125
* fixed lack of load crate when build at windows #125
* Update error message
Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com >
2022-02-15 02:12:45 +09:00
DustInDark
9cb54a9192
Hotfix/no output colorcode in no true color#376 ( #378 )
...
* added color code emit_csv test
* replaced HashMap and HashSet to hashbrown #368
* removed debug output in test #368
* added color option #376
* fixed process of output check #376
* removed color output check from test #376
* english updates
* colored detections and rules count output by level #384
* refactoring in colored output process #384
* update usage #364 #376
* fixed markdown lint
* added windows terminal bug evasion way #382
* update readme
* fixed colored output test
Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com >
2022-02-09 09:29:36 +09:00
DustInDark
df30adfdef
changed hashmap library to tuneup #368 ( #369 )
...
* added color code emit_csv test
* replaced HashMap and HashSet to hashbrown #368
* removed debug output in test #368
* fixed colored test
2022-02-09 01:59:39 +09:00
DustInDark
84de8d01af
remove yaml ignore check#271 ( #385 )
...
* removed yaml ignore label check #271
* moved exclude rule filter check #271
* fixed colored test
2022-02-09 01:59:12 +09:00
kazuminn
d1597b2322
ルール場所指定オプションでファイルを扱えるようにする ( #364 )
...
* add only rule file path in --rules
* add error handling for metadata
* refactor
* add test
* rename test function
2022-01-31 12:09:25 +09:00
Alan Smithee
f70be3419a
removed csv quote when output result to stdout #381
2022-01-30 13:23:33 +09:00
DustInDark
b12029de5c
Feature/colorlog#239 ( #365 )
...
* added color carete #239
* added hex library
* added color config file parser #239
* added color output feature #239
* changed fast hashmap library
* added color output description(Japanese) #239
* added color output description(English) #239
* fixed medium level typo
* removed white color font level #239
* added trim and loose colorcode condition #239
* fixed hex convert error panic #239
- output warn and go next iterator when happen hex convert panic
- added user input in hex convert warn output to use easily
2022-01-26 01:39:14 +09:00
kazuminn
15ee980711
exclude-rules.txtとnoisy-rules.txtをコメントに対応 ( #362 )
...
* add exclude files comments feature
* trim()
* add error handling and split function
* add id validation
* add comments
* cargo fmt
* fix error statment
* change -full.txt to .txt
* change alert to warn
2022-01-20 23:12:41 +09:00
DustInDark
9c7353a2e9
Feature/except hidden file#335 ( #339 )
...
* added except hidden file load #335
* fixed except hidden file in collect evtx #335
2022-01-13 22:19:59 +09:00
Tanaka Zakku
d9624be752
delete extra white space
2021-12-24 14:56:23 +09:00
