CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
838 Commits 6 Branches 18 Tags
54749cd7cd3741c82b8e4dd9659d0f39f80ec4e0
Commit Graph

118 Commits

Author SHA1 Message Date
DustInDark
91a781ffa2 changed way of getting arg due to clap derive 2022-06-16 17:40:58 +09:00
DustInDark
d37c6b1866 Merge branch 'main' into 583-enhancement-output-processing-rules-msg-and-rule-status-metrics 2022-06-11 15:29:14 +09:00
DustInDark
c1aecb1096 fixed rate output #583 2022-06-11 04:23:26 +09:00
DustInDark
71d58e6c62 separate load kind rule count and rules status count #583 2022-06-11 03:40:46 +09:00
DustInDark
bfed19b230 erase unnecessary comment 2022-06-11 02:56:50 +09:00
DustInDark
056e63ce5a output status field summary #583 2022-06-11 02:55:20 +09:00
DustInDark
2830ee7b1a changed display-record-id option to hide-record-id #579 2022-06-10 16:49:22 +09:00
DustInDark
af5a85fc0c separate excluded and noisy rules count (#559) 
* changed ignored rules display separately  exclude rules and noisy rules.

* fixed tests #556

* cargo fmt

* updated changelog #556

* change order

* sorted output order #556

* cargo fmt

* screenshot update

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
 2022-06-03 11:56:20 +09:00
DustInDark
2dcf960d51 display default channel name if not defined (#555) 
* displayed other channel data in Channel column #553

* updated changelog #553

* updated changelog

* readme and channel abbreviataions update

* changelog update

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
 2022-06-01 13:01:14 +09:00
DustInDark
4c1aa94eba display logo in green (#552) 
* added termcolor reset function #537

* added logo green output #537

* fixed test

* cargo fmt

* updated changelog #537

* fixed clippy error

* update logo screenshot

* updated rules

* changed no colored logo when --no-color option is enabled

* fixed colored reset bug when --update-rules option is enabled

* fixed color reset bug when --level-tuning option is enabled

* cargo fmt

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
 2022-05-31 17:06:12 +09:00
DustInDark
a17d0d4e37 display EventRecordID (#549) 
* added -R --display-record-id #548

* fixed test data #548

* cargo fmt

* added describe of -R --display-record-id option to README #548

* updated changelog #548

* readme update

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
 2022-05-27 22:19:40 +09:00
DustInDark
684c8a9688 525 show technique tags (#534) 
* added --all-tags optiojn #525

- exclude load output_tag.txt when --all-tags option is true

* fixed output to MitreAttack column #525

* added test

* added period

* updated usage in readme

* added test file

* added all-tags option in readme

* readme update

* fixed all-tags option description in help option

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
 2022-05-23 00:19:04 +09:00
DustInDark
d654c2cb6b logon summary (#523) 
* logon summary #110

* logon summary #110

* english update

* add sort #110

* add sort #110

* Formatting the output string

* Fixed the check process.

* added document #110

* Fixed login failure eventID.

* Fixed clipy err

* prevent rule load output with logon-summary option #110

* fixed bug of  level-tuning execute when option is -s or -L only #110

Co-authored-by: garigariganzy <tosada31@hotmail.co.jp>
Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
 2022-05-17 09:36:45 +09:00
DustInDark
2c0b057bc0 added twitter badge and link #519 (#520) 
* added twitter badge and link #519

* Fixed clipy err

Co-authored-by: garigariganzy <tosada31@hotmail.co.jp>
 2022-05-15 23:46:32 +09:00
DustInDark
b43eb853e9 Added Channel column and Channel Abbreviations (#508) 
* added Channel output #504

* added test #504

* fixed clippy warnings

* fixed convert serde value to Channel #504

* added channel output config #504

* added doc #504

* added Channel column and Channel addreviation

* fixed file name typo

* changed channel position #504

* fixed markdown warnings in CHANGELOG

* readme update

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
 2022-04-20 16:12:53 +09:00
DustInDark
d4aec68d3b added feature of tag output reducing to agg condition #477 (#488) 2022-04-14 21:32:22 +09:00
hach1yon
7d37e07219 Feature/#216 output allfields csvnewcolumn (#469) 
* refactoring

* refactoring

* under constructing

* underconstructing

* under construction

* underconstructing

* fix existing testcase

* finish implement

* fmt

* add option

* change name

* fix control code bug

* fix disp

* change format and fix testcase

* fix help
 2022-04-08 20:39:28 +09:00
DustInDark
d6efb5107a reduce output mitre attack detail tachnique No. by config file (#483) 
* reduced mitre attck tag output by config file #477

* prepared 1.2.0 version toml

* added test files and mitre attck strategy tag file #477

* fixed cargo.toml version

* updated cargo.lock

* output tag english update

* cargo fmt

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
 2022-04-07 00:47:08 +09:00
kazuminn
c8efa95447 Pivot Keyword List機能の追加 (#412) 
* add get_pivot_keyword() func

* change function name and call it's function

* [WIP] support config file

* compilete output

* cargo fmt

* [WIP] add test

* add test

* support -o option in pivot

* add pivot mod

* fix miss

* pass test in pivot.rs

* add comment

* pass all test

* add fast return

* fix output

* add test config file

* review

* rebase

* cargo fmt

* test pass

* fix clippy in my commit

* cargo fmt

* little refactor

* change file input logic and config format

* [WIP] change output

* [wip] change deta structure

* change output & change data structure

* pass test

* add config

* cargo fmt & clippy & rebase

* fix cllipy

* delete /rules/ in .gitignore

* clean comment

* clean

* clean

* fix rebase miss

* fix rebase miss

* fix clippy

* file name output on -o to stdout

* add pivot_keywords.txt to ./config

* updated english

* Documentation update

* cargo fmt and clean

* updated translate japanese

* readme update

* readme update

Co-authored-by: DustInDark <nextsasasa@gmail.com>
Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
 2022-04-05 21:17:23 +09:00
DustInDark
7c7a86f7c9 Fixed Clippy Warnings (#451) 
* fixed clippy warn

* fixed cargo clippy warnging

* fixed clippy warngings in clippy ver 0.1.59

* fixed clippy warnings clippy::unnecessary_to_owned
 2022-03-17 08:43:48 +09:00
DustInDark
bb1f5f619d Fix/fix clippy warn (#434) 
- Fixed following Clippy Warnings(previous warning count: 671 -> after: 4)
  - clippy::needless_return
  - clippy::println_empty_string
  - clippy::redundant_field_names
  - clippy::single_char_pattern
  - clippy::len_zero
  - clippy::iter_nth_zero
  - clippy::bool_comparison
  - clippy::question_mark
  - clippy::needless_collect
  - clippy::unnecessary_unwrap
  - clippy::ptr_arg
  - clippy::needless_collect
  - clippy::needless_borrow
  - clippy::new_without_default
  - clippy::assign_op_pattern
  - clippy::bool_assert_comparison
  - clippy::into_iter_on_ref
  - clippy::deref_addrof
  - clippy::while_let_on_iterator
  - clippy::match_like_matches_macro
  - clippy::or_fun_call
  - clippy::useless_conversion
  - clippy::let_and_return
  - clippy::redundant_clone
  - clippy::redundant_closure
  - clippy::cmp_owned
  - clippy::upper_case_acronyms
  - clippy::map_identity
  - clippy::unused_io_amount
  - clippy::assertions_on_constants
  - clippy::op_ref
  - clippy::useless_vec
  - clippy::vec_init_then_push
  - clippy::useless_format
  - clippy::bind_instead_of_map
  - clippy::bool_comparison
  - clippy::clone_on_copy
  - clippy::too_many_arguments
  - clippy::module_inception
  - fixed clippy::needless_lifetimes
  - fixed clippy::borrowed_box (Thanks for helping by hach1yon!)
 2022-03-07 08:38:05 +09:00
DustInDark
19c44b4f66 added mitre attack data output in csv output (#397) 
* added tags information in csv output #234

* fixed test due to change csvformat struct #234

* changed tag info separator #234

* changed separator #234

* changed tag info separator #234
 2022-02-15 02:13:37 +09:00
DustInDark
df30adfdef changed hashmap library to tuneup #368 (#369) 
* added color code emit_csv test

* replaced HashMap and HashSet to hashbrown #368

* removed debug output in test #368

* fixed colored test
 2022-02-09 01:59:39 +09:00
DustInDark
716e0a182a changed no outpu rule parse result with -s option #343 2021-12-23 15:45:11 +09:00
DustInDark
bf0d3b12f2 fixed output rule warn #336 2021-12-22 18:29:17 +09:00
DustInDark
98a6ca8adc adjust change field name from output to details in rule file #337 2021-12-22 18:15:34 +09:00
Yamato Security
67f0ee007b Merge pull request #316 from Yamato-Security/feature/output_error_log_file_and_options#301 
fixed #301 #303 #309
 2021-12-22 16:08:13 +09:00
DustInDark
a14702dc76 fixed contents and rule-count #333 2021-12-22 15:25:00 +09:00
DustInDark
3412434d99 fixed error 2021-12-22 14:56:10 +09:00
James Takai / hach1yon
ea685fb75a Feature/fix count() (#327) 2021-12-22 09:10:28 +09:00
DustInDark
bccdd8fef9 fixed error 
- changed writer from stderr to bufwriter

- changed alert,warn function arg fro String to borrow-String
 2021-12-21 14:44:26 +09:00
DustInDark
f1c9418ab4 fixed errorlog create logic 2021-12-21 14:40:23 +09:00
DustInDark
46211711d6 fixed #301 #303 #309 
Squashed commit of the following:

commit 617f12177fbf5066e141b5c1adf969b25c03fa3c
Author: DustInDark <nextsasasa@gmail.com>
Date:   Tue Dec 21 00:57:13 2021 +0900

    fix test typo and merge #301

commit 78926ebf55ae48566152c4097990ca1b1b536b53
Merge: c492ba1 83d891b
Author: DustInDark <nextsasasa@gmail.com>
Date:   Tue Dec 21 00:22:55 2021 +0900

    Merge branch 'main' into feature/output_errorlog_file#301

commit c492ba120a0d977d909b714c2506bd198200853b
Author: DustInDark <nextsasasa@gmail.com>
Date:   Tue Dec 21 00:18:52 2021 +0900

    renamed hayabusa-logs to logs

commit ac018917300e535c2bfc62b6a9df081d4beb1568
Author: DustInDark <nextsasasa@gmail.com>
Date:   Mon Dec 20 23:48:48 2021 +0900

    changed output file path deprecated #303

commit dcef677117555f2fac929b6d3b24ac18b5fb08fc
Author: DustInDark <nextsasasa@gmail.com>
Date:   Mon Dec 20 23:47:42 2021 +0900

    removed error file delete logic

commit b09dec2e4a5c679c3b3c242a655f01cb3b49d490
Author: DustInDark <nextsasasa@gmail.com>
Date:   Mon Dec 20 23:46:49 2021 +0900

    fixed -Q option flag #309
 2021-12-21 01:03:33 +09:00
DustInDark
1aebdca160 Revert "Feature/output errorlog#301" (#314) 2021-12-20 20:59:30 +09:00
DustInDark
300242099b Merge branch 'main' into feature/output_errorlog#301 2021-12-20 01:05:48 +09:00
DustInDark
0e0ceff861 created error log output feature #301 2021-12-20 00:46:04 +09:00
DustInDark
dbba49b815 Hotfix/not work count#278 (#281) 
* fixed countup structure #278

* fixed countup structure and count up field logic #278

* fixed tests #278

* added  no output aggregation detect message  when output exist in rule yaml #232

* moved get_agg_condtion to rulenode function #278

* added field_values to output count fields data #232 #278

- fixed count logic #278
- fixed count test to adjust field_values add
- added count test

* fixed count output format #232

* fixed compile error

* fixed count output #232

- moved output check to create_count_output
- fixed yaml condition reference
- adjust top and tail multi space

* added create count output test #232

* removed count by file #278

- commented by @YamatoSecurity

* changed sort function to sort_unstable_by

* fixed typo

* adjust to comment #281

ref: https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767283508

* adjust comment #281

refs
-
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767285993
-
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767286713

* adjust coment #281

ref:
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767287831

* omitted code #281

* adjust comment #281

ref:
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767302595

* adjust comment #281

ref:
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767303168

* adjust comment

ref:
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767307535

* omitted unnecessary code #281

* adjust comment #281

ref:
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767288428

* adjust commnet #281

ref:
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767286731

* adjust comment #281

ref:
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767285716

* adjust comment #281

ref:
159191ec36 (r767288428)

* adjust  test result  #281

* removed debug print statement in testfunction

* adjust comment #281

ref

https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767286731

* fixed output by level  #278 #284

- fixed result counting process when rule has no aggregation condition #278

- added total output by level #284

* removed unnecessary crate

* fixed output #284

* removed unnecessary total/unique sum process #284

* add testcase and fix testcase bug

* add testcase, add check to check_cout()

* fixed count logic #278

* fixed test parameter

* add testcase

* fmt

* fixed count field check process #278

* fix testcase #281

* fixed comment typo

* removed one time used variable in test case #281

* fixed count field check process #278

* changed insert position #278

* changed contributor list

* fixed contributors list`

* passed with timeframe case #278

* passed all count test #278

* removed debug print

* removed debug print

* removed debug print

* cargo fmt

* changed by0level output format #284

* reduce clone() #278 #281

* changed for loop to map #278 #281

* fixed compile error

* changed priority from output in yml to  aggregation output case aggregation condition exist in rule. #232

* fixed testcase #232

* changed if-let to generics #278 #281

* fixed error when test to sample_evtx#278 #281

* changed if-let to generic #278 #281

* adjust unwrap none error #278 #281

* fixed compile error and test case failed #278

Co-authored-by: ichiichi11 <takai.wa.hajime@gmail.com>
 2021-12-19 20:48:29 +09:00
DustInDark
97b12fc068 fixed logic #301 2021-12-19 16:43:35 +09:00
DustInDark
55c05c6d38 adjusted alert function arg add #301 2021-12-19 13:56:34 +09:00
James Takai / hach1yon
cbbcb4c068 Feature/re tuning and bugfix for regexes keyword (#293) 
* re-tuning

* not effective

* re-tuning

* set key

* fix bug and fix testcase.

* fmt
 2021-12-18 11:13:51 +09:00
James Takai / hach1yon
fd200c54b0 tuning (#280) 
* remove unnecessary to_string

* remove unnecessary RWLock

* change hashmap crate

* remove unneccesarry to_string

* fmt

* remove rustc warning

* remove unnecessary to_string

* remove unnecessary comment

* remove unused functions

* remove unneccesary code.

* change compile option

* fmt

* remove unneccesarry split

* fmt

* remove unneccesary Option
 2021-12-14 16:57:49 +09:00
DustInDark
3fae98934b Feature/change level option#250 (#259) 
* fixed level option #250

* changed output
 2021-12-13 01:52:21 +09:00
kazuminn
a00a114101 refactor : rename variables and fix typo and add test (#270) 2021-12-10 23:01:47 +09:00
kazuminn
b9831ca38a add test for exclude rules 2021-12-09 00:57:40 +09:00
James Takai / hach1yon
2222211ccd Merge branch 'main' into feature/fill_no_use_rules 2021-12-04 19:31:35 +09:00
ichiichi11
c961c3768c change from hashmap to hashset and remove unnecessary copy. 2021-12-04 18:46:11 +09:00
DustInDark
ac5c5c2917 Bugfix/yml alias not found all data output#227 (#241) 
* removed no use alias #227

* changed case of object type  return none #227

- serde json value is object type when alias key dont exist in detected record.

* adjust serde_number_to_string function return value change #227

* adjust yml rule to change of aliaskey_alias.txt #227

* merged same regex as static

* create new struct to reduce same output in rule and keyword warn message #227

* changed output position

* removed regression warnings #227

* removed output wanring

* Fixed a possible panic when None. #227

* added parse_message test #227

* added get_serde_number_to_string tests #227

* removed unnecessary test data part in get_serde_numuber_to_string test #227
 2021-12-04 11:49:38 +09:00
DustInDark
d112129771 changed stdout result delimiter #244 (#245) 
* changed stdout result delimiter #244

* removed unnecessary space #244

* added display output test #244

- added static map clear function (only test use)
- added outputformat test case of stdout (change sequencial process in emit_csv test To prevent the contents of static variables from changing depending on the order of execution)

* fixed typo
 2021-12-04 11:20:11 +09:00
kazuminn
446e540d6f merge main into feature/fill_no_use_rules 2021-12-02 00:49:54 +09:00
kazuminn
838a935d34 pass test 2021-12-02 00:33:19 +09:00