CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
570 Commits 6 Branches 18 Tags
3fa8faa97acc689ce8f8d900dd4b09794bf6ff8a
Commit Graph

48 Commits

Author SHA1 Message Date
Yamato Security
65eb818f9b unique rules to detections (#426) 2022-02-28 10:16:39 +09:00
DustInDark
19c44b4f66 added mitre attack data output in csv output (#397) 
* added tags information in csv output #234

* fixed test due to change csvformat struct #234

* changed tag info separator #234

* changed separator #234

* changed tag info separator #234
 2022-02-15 02:13:37 +09:00
DustInDark
9cb54a9192 Hotfix/no output colorcode in no true color#376 (#378) 
* added color code emit_csv test

* replaced HashMap and HashSet to hashbrown #368

* removed debug output in test #368

* added color option #376

* fixed process of output check #376

* removed color output check from test #376

* english updates

* colored detections and rules count output by level #384

* refactoring in colored output process #384

* update usage #364 #376

* fixed markdown lint

* added windows terminal bug evasion way #382

* update readme

* fixed colored output test

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
 2022-02-09 09:29:36 +09:00
DustInDark
84de8d01af remove yaml ignore check#271 (#385) 
* removed yaml ignore label check #271

* moved exclude rule filter check #271

* fixed colored test
 2022-02-09 01:59:12 +09:00
Alan Smithee
f70be3419a removed csv quote when output result to stdout #381 2022-01-30 13:23:33 +09:00
DustInDark
b12029de5c Feature/colorlog#239 (#365) 
* added color carete #239

* added hex library

* added color config file parser #239

* added color output feature #239

* changed fast hashmap library

* added color output description(Japanese) #239

* added color output description(English) #239

* fixed medium level typo

* removed white color font level #239

* added trim and loose colorcode condition #239

* fixed hex convert error panic #239

- output warn and go next iterator when happen hex convert panic

- added user input in hex convert warn output to use easily
 2022-01-26 01:39:14 +09:00
Yamato Security
67f0ee007b Merge pull request #316 from Yamato-Security/feature/output_error_log_file_and_options#301 
fixed #301 #303 #309
 2021-12-22 16:08:13 +09:00
DustInDark
a0cc36c67e fixed test error #320 2021-12-21 22:31:21 +09:00
DustInDark
d0a7040275 changed output header #320 2021-12-21 20:55:46 +09:00
DustInDark
bccdd8fef9 fixed error 
- changed writer from stderr to bufwriter

- changed alert,warn function arg fro String to borrow-String
 2021-12-21 14:44:26 +09:00
DustInDark
1aebdca160 Revert "Feature/output errorlog#301" (#314) 2021-12-20 20:59:30 +09:00
Yamato Security
f31f8955ed Merge pull request #310 from Yamato-Security/feature/output_errorlog#301 
Feature/output errorlog#301
 2021-12-20 20:17:22 +09:00
DustInDark
11dcc252ca adjust test error #301 2021-12-20 01:27:15 +09:00
DustInDark
807b438009 moved output_error_log_exist due to emit_csv test #301 2021-12-20 01:25:47 +09:00
DustInDark
c081130147 added error log file check process #301 2021-12-20 01:12:30 +09:00
Yamato Security
5e07ccb2b4 summary display minor fix (#307) 2021-12-19 23:07:21 +09:00
DustInDark
dbba49b815 Hotfix/not work count#278 (#281) 
* fixed countup structure #278

* fixed countup structure and count up field logic #278

* fixed tests #278

* added  no output aggregation detect message  when output exist in rule yaml #232

* moved get_agg_condtion to rulenode function #278

* added field_values to output count fields data #232 #278

- fixed count logic #278
- fixed count test to adjust field_values add
- added count test

* fixed count output format #232

* fixed compile error

* fixed count output #232

- moved output check to create_count_output
- fixed yaml condition reference
- adjust top and tail multi space

* added create count output test #232

* removed count by file #278

- commented by @YamatoSecurity

* changed sort function to sort_unstable_by

* fixed typo

* adjust to comment #281

ref: https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767283508

* adjust comment #281

refs
-
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767285993
-
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767286713

* adjust coment #281

ref:
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767287831

* omitted code #281

* adjust comment #281

ref:
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767302595

* adjust comment #281

ref:
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767303168

* adjust comment

ref:
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767307535

* omitted unnecessary code #281

* adjust comment #281

ref:
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767288428

* adjust commnet #281

ref:
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767286731

* adjust comment #281

ref:
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767285716

* adjust comment #281

ref:
159191ec36 (r767288428)

* adjust  test result  #281

* removed debug print statement in testfunction

* adjust comment #281

ref

https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767286731

* fixed output by level  #278 #284

- fixed result counting process when rule has no aggregation condition #278

- added total output by level #284

* removed unnecessary crate

* fixed output #284

* removed unnecessary total/unique sum process #284

* add testcase and fix testcase bug

* add testcase, add check to check_cout()

* fixed count logic #278

* fixed test parameter

* add testcase

* fmt

* fixed count field check process #278

* fix testcase #281

* fixed comment typo

* removed one time used variable in test case #281

* fixed count field check process #278

* changed insert position #278

* changed contributor list

* fixed contributors list`

* passed with timeframe case #278

* passed all count test #278

* removed debug print

* removed debug print

* removed debug print

* cargo fmt

* changed by0level output format #284

* reduce clone() #278 #281

* changed for loop to map #278 #281

* fixed compile error

* changed priority from output in yml to  aggregation output case aggregation condition exist in rule. #232

* fixed testcase #232

* changed if-let to generics #278 #281

* fixed error when test to sample_evtx#278 #281

* changed if-let to generic #278 #281

* adjust unwrap none error #278 #281

* fixed compile error and test case failed #278

Co-authored-by: ichiichi11 <takai.wa.hajime@gmail.com>
 2021-12-19 20:48:29 +09:00
Yamato Security
a023ba46a6 Usage menu update (#302) 
* Usage menu update

* usage menuの微調整

* fixed options #302

- changed show-deprecated to enable-deprecated-rules
- changed csv-timeline to output
- change show-noisyalerts to enable-noisy-rules

* fixed option #302

- changed starttimeline to start-timeline

* fixed option #302

- changed q to quiet option

* fixed options #302

- changed endtimeline to end-timeline option
- changed threadnum to thread-number option

Co-authored-by: DustInDark <nextsasasa@gmail.com>
 2021-12-19 20:03:39 +09:00
DustInDark
cc14b7e4ac Feature/improve output#253 (#285) 
* changed processing time pre code #253

- changed csv file writer to BufWriter

* changed processing time pre code in stdout #253
 2021-12-18 11:59:16 +09:00
DustInDark
3fae98934b Feature/change level option#250 (#259) 
* fixed level option #250

* changed output
 2021-12-13 01:52:21 +09:00
DustInDark
d112129771 changed stdout result delimiter #244 (#245) 
* changed stdout result delimiter #244

* removed unnecessary space #244

* added display output test #244

- added static map clear function (only test use)
- added outputformat test case of stdout (change sequencial process in emit_csv test To prevent the contents of static variables from changing depending on the order of execution)

* fixed typo
 2021-12-04 11:20:11 +09:00
Yamato Security
bc230f7cd5 英語修正 (#236) 
* 英語修正

* cargo fmt

* fixed test assertion string data

Co-authored-by: DustInDark <nextsasasa@gmail.com>
 2021-11-27 11:21:55 +09:00
DustInDark
cc7767a960 changed output format header #213 (#228) 
* changed output format header #213

* fixed test parameter #213
 2021-11-27 00:33:19 +09:00
DustInDark
b48f774b93 Feature/output unique detection#209 (#225) 
* checked contributors #141

- because RustyBlue code contributor(not hayabusa contributor) was mixed in hayabusa contributor

* changed yaml count name

* changed ruletype string #157

* fixed output of parse error #157

* fixed output

* added level unique detection output #209
 2021-11-24 21:15:43 +09:00
DustInDark
86321a4502 Feature/output read rule directory#201 (#221) 
* fixed filepath evtx extension #162

* added rules option to config usage #201

* fixed filepath evtx extension rule #162

* added rules directory read feature #201

* added test case #201

* fixed usage set #201

* removed all check rule #201

* fixed rule read function data #201
 2021-11-20 14:01:50 +09:00
DustInDark
0b85a280f0 output fix logontype and change order #197 #198 (#217) 
* changed output column order #198

* added eventkey alias #197

* fixed eventid double quatation #197

* fixed eventid double quatation #197

* fixed logontype not converted #197

* fixed WorkStation and added TargetDomainName #205

* fixed typo #205

* Fixed the problem that conversion for No-String types #197
 2021-11-20 11:03:28 +09:00
DustInDark
199a8231c1 v1.0でリリースしない機能の削除、contributorsの表示、levelオプションのデフォルト値修正 #141 #211 (#218) 
* changed default level to Low #211

* fixed usage #211

* erased Lang option #195

* changed output credit to contributors #141

* Removed contributor information for uncreated features and features that will not be introduced in v1.0. #141

* removed slack notification feature #202

- removed config option
- removed artifact slack notification call

* removed description of slack notification #202

* fixed default level to Low #211

* removed description about slack notification #202
 2021-11-20 09:56:59 +09:00
DustInDark
480f2d26c0 Feature/change output timeformat#154 (#194) 
* changed default output time format #154

* added time zone #154

* added rfc3339 option #154
 2021-11-14 17:48:38 +09:00
James
22c8302c4c change from stdout to stderr. (#190) 2021-11-12 13:21:14 +09:00
DustInDark
22b36314a3 removed filepath extension #162 (#181) 2021-11-10 22:55:37 +09:00
DustInDark
b278f12cec Feature/output elapsedtime153 (#172) 
* add output process count of detects events #151

* add output process count of detects event when output stdio #151

* add format enter

* add output elapsed time #153

* fixed output position #153
 2021-11-10 19:38:04 +09:00
DustInDark
0c7ad547bf changed output format #152 (#176) 
- Title->Alert
- Message->Details
- add Computername and EventID
 2021-11-10 19:33:25 +09:00
James
e77a193c5c Feature/#158 add rulefilepath column (#168) 
* add level csv column

* update

* Feature/output detect count151 (#167)

* add output process count of detects events #151

* add output process count of detects event when output stdio #151

* add format enter

* update

Co-authored-by: DustInDark <nextsasasa@gmail.com>
 2021-11-09 00:35:28 +09:00
DustInDark
e7e86c23c0 Feature/output detect count151 (#167) 
* add output process count of detects events #151

* add output process count of detects event when output stdio #151

* add format enter
 2021-11-08 23:51:01 +09:00
James
696dd9192a add level csv column (#166) 2021-11-08 22:37:49 +09:00
nishikawaakira
23c60fa8ff Feature/slack_notify#134 (#139) 
* add slack notify

* cargo fmt --all

* slack-hook version up

* change bot name
 2021-09-30 20:43:50 +09:00
Alan Smithee
a68a59417d Feature/add eventfilepath to csv #76 (#89) 
* Feature/call error message struct#66 (#69)

* change  way to use write trait #66

* change call error message struct #66

* erase finished TODO #66

* erase comment in error message format test #66

* resolve conflict #66

* Feature/call error message struct#66 (#71)

* change ERROR writeln struct #66

* add evtx file path export to csv #76

* fixed test case #76

* fix for #76

* forget cargo fmt -all

* fix testcase

Co-authored-by: ichiichi11 <takai.wa.hajime@gmail.com>
 2021-05-01 09:49:48 +09:00
nishikawaakira
7b0357b120 Feature/changeSingleton#53,#65 (#67) 
* change from singleton to global variable

* issue #65

* #65 test mode implemented

* cargo fmt --all
 2021-03-19 04:46:52 +09:00
ichiichi11
4f42e21529 testcase 修正 2021-02-26 20:44:55 +09:00
itiB
857e22e6f8 Feat: output detected rule's title 2020-12-17 18:55:56 +09:00
itiB
f1844882e6 Refact: after_fact.rs emit time format 2020-12-10 01:57:53 +09:00
itiB
7d43885d05 feat: emit DateTime with selected timezone 
@fox
 2020-12-05 02:47:19 +09:00
itiB
12110a4687 Update: release csv-timeline function 2020-12-03 23:26:17 +09:00
ichiichi11
0e3d2ebaf4 refactoring 2020-11-30 21:17:30 +09:00
akiranishikawa
cd8948de4c merge emit_csv 2020-11-30 08:38:01 +09:00
itiB
90bf79f85b rm: after_fact()'s return val(Error) 2020-11-29 02:04:28 +09:00
itiB
d4ceb8ea8f Add: test for emit_csv 2020-11-22 17:05:44 +09:00
itiB
eadf576065 Add: afterfact.rs for emit csv file 2020-11-19 01:21:03 +09:00