CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
518 Commits 6 Branches 18 Tags
58017e971f55b86b5c6ee35d3c765faaa8017793
Commit Graph

262 Commits

Author SHA1 Message Date
DustInDark
58017e971f fixed detection lack when tab and enter control character in event record#395 (#396) 
* fixed no detected bug when enter and tab control character in record data #395

* added remove \r \n \t character in utils.rs
* added call of utils.rs function in selectionnodes.rs

* added tests #395

* changed space control character function args #395

* fixed test due to function args changes #395

* changed replace method using regex #395

* changed regex by record_data_filter.txt #395

* added record_data_filter.txt #395

* fixed test #395

* added record_data_filter

- add Properties regex
- add ScriptBlockText regex
- add Payload regex
 2022-02-17 05:07:15 +09:00
DustInDark
19c44b4f66 added mitre attack data output in csv output (#397) 
* added tags information in csv output #234

* fixed test due to change csvformat struct #234

* changed tag info separator #234

* changed separator #234

* changed tag info separator #234
 2022-02-15 02:13:37 +09:00
DustInDark
df86958850 added live analysys feature (#398) 
* added windows live analysis option #125

* added live analysis option #125

* fixed live analysys condition #125

* changed live analysis option #125

* added live-analysis option in readme #125

* fixed live-analysis check condition #125

* is_elevated crate is only windows #125

* fixed is_elevated build error #125

* fixed is_elevated library crate load

* fixed call way os dependencies crate #125

* fix build error on linux and removed unnecessary create #125

* fixed lack of load crate when build at windows #125

* Update error message

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
 2022-02-15 02:12:45 +09:00
DustInDark
9cb54a9192 Hotfix/no output colorcode in no true color#376 (#378) 
* added color code emit_csv test

* replaced HashMap and HashSet to hashbrown #368

* removed debug output in test #368

* added color option #376

* fixed process of output check #376

* removed color output check from test #376

* english updates

* colored detections and rules count output by level #384

* refactoring in colored output process #384

* update usage #364 #376

* fixed markdown lint

* added windows terminal bug evasion way #382

* update readme

* fixed colored output test

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
 2022-02-09 09:29:36 +09:00
DustInDark
df30adfdef changed hashmap library to tuneup #368 (#369) 
* added color code emit_csv test

* replaced HashMap and HashSet to hashbrown #368

* removed debug output in test #368

* fixed colored test
 2022-02-09 01:59:39 +09:00
kazuminn
d1597b2322 ルール場所指定オプションでファイルを扱えるようにする (#364) 
* add only rule file path in --rules

* add error handling for metadata

* refactor

* add test

* rename test function
 2022-01-31 12:09:25 +09:00
DustInDark
b12029de5c Feature/colorlog#239 (#365) 
* added color carete #239

* added hex library

* added color config file parser #239

* added color output feature #239

* changed fast hashmap library

* added color output description(Japanese) #239

* added color output description(English) #239

* fixed medium level typo

* removed white color font level #239

* added trim and loose colorcode condition #239

* fixed hex convert error panic #239

- output warn and go next iterator when happen hex convert panic

- added user input in hex convert warn output to use easily
 2022-01-26 01:39:14 +09:00
Tanaka Zakku
d9624be752 delete extra white space 2021-12-24 14:56:23 +09:00
DustInDark
3097ff2ac3 added process case of no exist config files #347 2021-12-24 08:48:38 +09:00
DustInDark
716e0a182a changed no outpu rule parse result with -s option #343 2021-12-23 15:45:11 +09:00
DustInDark
6b5283b28b added no detection when statistics option enabled. #341 2021-12-23 11:33:10 +09:00
DustInDark
f2445ae093 changed output field to details field in yaml data oftest case 2021-12-23 08:59:41 +09:00
DustInDark
bf0d3b12f2 fixed output rule warn #336 2021-12-22 18:29:17 +09:00
DustInDark
98a6ca8adc adjust change field name from output to details in rule file #337 2021-12-22 18:15:34 +09:00
Yamato Security
67f0ee007b Merge pull request #316 from Yamato-Security/feature/output_error_log_file_and_options#301 
fixed #301 #303 #309
 2021-12-22 16:08:13 +09:00
DustInDark
a14702dc76 fixed contents and rule-count #333 2021-12-22 15:25:00 +09:00
DustInDark
3412434d99 fixed error 2021-12-22 14:56:10 +09:00
DustInDark
8876fc5f65 added newline 2021-12-22 09:41:06 +09:00
James Takai / hach1yon
ea685fb75a Feature/fix count() (#327) 2021-12-22 09:10:28 +09:00
DustInDark
2b76103028 fixed output #301 
- To save error log, created empty folder logs

- fixed output
 2021-12-21 21:50:33 +09:00
DustInDark
bccdd8fef9 fixed error 
- changed writer from stderr to bufwriter

- changed alert,warn function arg fro String to borrow-String
 2021-12-21 14:44:26 +09:00
DustInDark
f1c9418ab4 fixed errorlog create logic 2021-12-21 14:40:23 +09:00
DustInDark
33e743c8fc changed parse file error stderr to filewrite #301 2021-12-21 02:13:01 +09:00
DustInDark
29ee8a5901 added Q option 2021-12-21 01:38:25 +09:00
DustInDark
46211711d6 fixed #301 #303 #309 
Squashed commit of the following:

commit 617f12177fbf5066e141b5c1adf969b25c03fa3c
Author: DustInDark <nextsasasa@gmail.com>
Date:   Tue Dec 21 00:57:13 2021 +0900

    fix test typo and merge #301

commit 78926ebf55ae48566152c4097990ca1b1b536b53
Merge: c492ba1 83d891b
Author: DustInDark <nextsasasa@gmail.com>
Date:   Tue Dec 21 00:22:55 2021 +0900

    Merge branch 'main' into feature/output_errorlog_file#301

commit c492ba120a0d977d909b714c2506bd198200853b
Author: DustInDark <nextsasasa@gmail.com>
Date:   Tue Dec 21 00:18:52 2021 +0900

    renamed hayabusa-logs to logs

commit ac018917300e535c2bfc62b6a9df081d4beb1568
Author: DustInDark <nextsasasa@gmail.com>
Date:   Mon Dec 20 23:48:48 2021 +0900

    changed output file path deprecated #303

commit dcef677117555f2fac929b6d3b24ac18b5fb08fc
Author: DustInDark <nextsasasa@gmail.com>
Date:   Mon Dec 20 23:47:42 2021 +0900

    removed error file delete logic

commit b09dec2e4a5c679c3b3c242a655f01cb3b49d490
Author: DustInDark <nextsasasa@gmail.com>
Date:   Mon Dec 20 23:46:49 2021 +0900

    fixed -Q option flag #309
 2021-12-21 01:03:33 +09:00
DustInDark
1aebdca160 Revert "Feature/output errorlog#301" (#314) 2021-12-20 20:59:30 +09:00
DustInDark
9e3587e5cc removed unused Counter struct #301 2021-12-20 11:36:34 +09:00
DustInDark
3c08b45844 fixed typo 2021-12-20 01:26:50 +09:00
DustInDark
a7c6be4182 added Quiet Errors option #309 2021-12-20 01:13:23 +09:00
DustInDark
300242099b Merge branch 'main' into feature/output_errorlog#301 2021-12-20 01:05:48 +09:00
DustInDark
0e0ceff861 created error log output feature #301 2021-12-20 00:46:04 +09:00
DustInDark
8798de6839 changed log directory path and removed error counter #301 2021-12-20 00:44:31 +09:00
DustInDark
49c08ddbc9 changed output message by change option name 2021-12-20 00:42:46 +09:00
DustInDark
3b7cf0b948 added output error log remove feature by line count #301 2021-12-20 00:40:41 +09:00
DustInDark
dbba49b815 Hotfix/not work count#278 (#281) 
* fixed countup structure #278

* fixed countup structure and count up field logic #278

* fixed tests #278

* added  no output aggregation detect message  when output exist in rule yaml #232

* moved get_agg_condtion to rulenode function #278

* added field_values to output count fields data #232 #278

- fixed count logic #278
- fixed count test to adjust field_values add
- added count test

* fixed count output format #232

* fixed compile error

* fixed count output #232

- moved output check to create_count_output
- fixed yaml condition reference
- adjust top and tail multi space

* added create count output test #232

* removed count by file #278

- commented by @YamatoSecurity

* changed sort function to sort_unstable_by

* fixed typo

* adjust to comment #281

ref: https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767283508

* adjust comment #281

refs
-
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767285993
-
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767286713

* adjust coment #281

ref:
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767287831

* omitted code #281

* adjust comment #281

ref:
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767302595

* adjust comment #281

ref:
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767303168

* adjust comment

ref:
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767307535

* omitted unnecessary code #281

* adjust comment #281

ref:
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767288428

* adjust commnet #281

ref:
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767286731

* adjust comment #281

ref:
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767285716

* adjust comment #281

ref:
159191ec36 (r767288428)

* adjust  test result  #281

* removed debug print statement in testfunction

* adjust comment #281

ref

https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767286731

* fixed output by level  #278 #284

- fixed result counting process when rule has no aggregation condition #278

- added total output by level #284

* removed unnecessary crate

* fixed output #284

* removed unnecessary total/unique sum process #284

* add testcase and fix testcase bug

* add testcase, add check to check_cout()

* fixed count logic #278

* fixed test parameter

* add testcase

* fmt

* fixed count field check process #278

* fix testcase #281

* fixed comment typo

* removed one time used variable in test case #281

* fixed count field check process #278

* changed insert position #278

* changed contributor list

* fixed contributors list`

* passed with timeframe case #278

* passed all count test #278

* removed debug print

* removed debug print

* removed debug print

* cargo fmt

* changed by0level output format #284

* reduce clone() #278 #281

* changed for loop to map #278 #281

* fixed compile error

* changed priority from output in yml to  aggregation output case aggregation condition exist in rule. #232

* fixed testcase #232

* changed if-let to generics #278 #281

* fixed error when test to sample_evtx#278 #281

* changed if-let to generic #278 #281

* adjust unwrap none error #278 #281

* fixed compile error and test case failed #278

Co-authored-by: ichiichi11 <takai.wa.hajime@gmail.com>
 2021-12-19 20:48:29 +09:00
Yamato Security
a023ba46a6 Usage menu update (#302) 
* Usage menu update

* usage menuの微調整

* fixed options #302

- changed show-deprecated to enable-deprecated-rules
- changed csv-timeline to output
- change show-noisyalerts to enable-noisy-rules

* fixed option #302

- changed starttimeline to start-timeline

* fixed option #302

- changed q to quiet option

* fixed options #302

- changed endtimeline to end-timeline option
- changed threadnum to thread-number option

Co-authored-by: DustInDark <nextsasasa@gmail.com>
 2021-12-19 20:03:39 +09:00
DustInDark
97b12fc068 fixed logic #301 2021-12-19 16:43:35 +09:00
DustInDark
7f9f2349f2 fixed error and added output #301 2021-12-19 14:17:25 +09:00
DustInDark
55c05c6d38 adjusted alert function arg add #301 2021-12-19 13:56:34 +09:00
DustInDark
7e00ab00fe added output alert message to error file #391 2021-12-19 13:55:03 +09:00
James Takai / hach1yon
cbbcb4c068 Feature/re tuning and bugfix for regexes keyword (#293) 
* re-tuning

* not effective

* re-tuning

* set key

* fix bug and fix testcase.

* fmt
 2021-12-18 11:13:51 +09:00
Yamato Security
d668fc9241 Regex filename change (#291) 
* update rule config files and art

* regexサンプルファイルの名前変更

* fixed test error due to filename change #291

Co-authored-by: DustInDark <nextsasasa@gmail.com>
 2021-12-17 21:25:55 +09:00
itiB
d1d77b4e9f cargo fmt --all 2021-12-16 20:14:31 +09:00
itiB
05076e4fec Merge branch 'main' into feature/start_finish_time 2021-12-16 20:12:01 +09:00
kazuminn
7a6d264be0 feature : statusがdeprecatedなルールを読み込まない (#272) 
* feature status deprecated exclude

* clean

* change logic and option name

* fix option description
 2021-12-14 18:42:23 +09:00
James Takai / hach1yon
fd200c54b0 tuning (#280) 
* remove unnecessary to_string

* remove unnecessary RWLock

* change hashmap crate

* remove unneccesarry to_string

* fmt

* remove rustc warning

* remove unnecessary to_string

* remove unnecessary comment

* remove unused functions

* remove unneccesary code.

* change compile option

* fmt

* remove unneccesarry split

* fmt

* remove unneccesary Option
 2021-12-14 16:57:49 +09:00
DustInDark
3fae98934b Feature/change level option#250 (#259) 
* fixed level option #250

* changed output
 2021-12-13 01:52:21 +09:00
itiB
906319bae5 Merge branch 'main' into feature/start_finish_time 2021-12-11 15:30:22 +09:00
itiB
721bf993f7 cargo fmt --all 2021-12-11 15:28:13 +09:00
itiB
708305c958 Add: TargetTimefilter testcase 2021-12-11 15:27:11 +09:00