CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
518 Commits 6 Branches 18 Tags
58017e971f55b86b5c6ee35d3c765faaa8017793
Commit Graph

47 Commits

Author SHA1 Message Date
DustInDark
58017e971f fixed detection lack when tab and enter control character in event record#395 (#396) 
* fixed no detected bug when enter and tab control character in record data #395

* added remove \r \n \t character in utils.rs
* added call of utils.rs function in selectionnodes.rs

* added tests #395

* changed space control character function args #395

* fixed test due to function args changes #395

* changed replace method using regex #395

* changed regex by record_data_filter.txt #395

* added record_data_filter.txt #395

* fixed test #395

* added record_data_filter

- add Properties regex
- add ScriptBlockText regex
- add Payload regex
 2022-02-17 05:07:15 +09:00
DustInDark
3097ff2ac3 added process case of no exist config files #347 2021-12-24 08:48:38 +09:00
Yamato Security
a023ba46a6 Usage menu update (#302) 
* Usage menu update

* usage menuの微調整

* fixed options #302

- changed show-deprecated to enable-deprecated-rules
- changed csv-timeline to output
- change show-noisyalerts to enable-noisy-rules

* fixed option #302

- changed starttimeline to start-timeline

* fixed option #302

- changed q to quiet option

* fixed options #302

- changed endtimeline to end-timeline option
- changed threadnum to thread-number option

Co-authored-by: DustInDark <nextsasasa@gmail.com>
 2021-12-19 20:03:39 +09:00
James Takai / hach1yon
cbbcb4c068 Feature/re tuning and bugfix for regexes keyword (#293) 
* re-tuning

* not effective

* re-tuning

* set key

* fix bug and fix testcase.

* fmt
 2021-12-18 11:13:51 +09:00
Yamato Security
d668fc9241 Regex filename change (#291) 
* update rule config files and art

* regexサンプルファイルの名前変更

* fixed test error due to filename change #291

Co-authored-by: DustInDark <nextsasasa@gmail.com>
 2021-12-17 21:25:55 +09:00
itiB
05076e4fec Merge branch 'main' into feature/start_finish_time 2021-12-16 20:12:01 +09:00
James Takai / hach1yon
fd200c54b0 tuning (#280) 
* remove unnecessary to_string

* remove unnecessary RWLock

* change hashmap crate

* remove unneccesarry to_string

* fmt

* remove rustc warning

* remove unnecessary to_string

* remove unnecessary comment

* remove unused functions

* remove unneccesary code.

* change compile option

* fmt

* remove unneccesarry split

* fmt

* remove unneccesary Option
 2021-12-14 16:57:49 +09:00
itiB
4bb445d4f5 Add: time filter 2021-12-07 00:50:00 +09:00
itiB
e09cfb7231 Add: datetime util 2021-12-07 00:11:34 +09:00
DustInDark
ac5c5c2917 Bugfix/yml alias not found all data output#227 (#241) 
* removed no use alias #227

* changed case of object type  return none #227

- serde json value is object type when alias key dont exist in detected record.

* adjust serde_number_to_string function return value change #227

* adjust yml rule to change of aliaskey_alias.txt #227

* merged same regex as static

* create new struct to reduce same output in rule and keyword warn message #227

* changed output position

* removed regression warnings #227

* removed output wanring

* Fixed a possible panic when None. #227

* added parse_message test #227

* added get_serde_number_to_string tests #227

* removed unnecessary test data part in get_serde_numuber_to_string test #227
 2021-12-04 11:49:38 +09:00
James Takai / hach1yon
2febaa9b73 add target event filtering. (#242) 2021-11-28 19:02:27 +09:00
Yamato Security
bc230f7cd5 英語修正 (#236) 
* 英語修正

* cargo fmt

* fixed test assertion string data

Co-authored-by: DustInDark <nextsasasa@gmail.com>
 2021-11-27 11:21:55 +09:00
DustInDark
0b85a280f0 output fix logontype and change order #197 #198 (#217) 
* changed output column order #198

* added eventkey alias #197

* fixed eventid double quatation #197

* fixed eventid double quatation #197

* fixed logontype not converted #197

* fixed WorkStation and added TargetDomainName #205

* fixed typo #205

* Fixed the problem that conversion for No-String types #197
 2021-11-20 11:03:28 +09:00
James
7d49b0b521 Feature/#187 change allowlist regexes filenames (#189) 
* add risk level filter arguments #45

* fix default level in help #45

* add test yaml files #45

* refactoring and fix level argument usage.

* cargo fmt --all

* add risk level filter arguments #45

* fix default level in help #45

* add test yaml files #45

* refactoring and fix level argument usage.

* cargo fmt --all

* update

* change filename

* fix regexe and allowlist filename in document #187

Co-authored-by: DustInDark <nextsasasa@gmail.com>
 2021-11-12 13:53:09 +09:00
James
15a28e5602 cache regex for allowlist and regexes keyword. (#174) 2021-11-10 03:10:03 +09:00
James
c5d5d25817 change from black to allow. (#164) 2021-11-09 00:41:21 +09:00
James
4a1e46e47e Feature/#140 document (#144) 
* update

* fix regexes and whitelist

* underconstructing

* fix

* update

* add pic

* update

* update

* update

* fix
 2021-10-22 00:43:40 +09:00
itiB
65b714b81b rule.rsを分割する (#121) 
* Refact: split code for matcher from rule.rs

* Reafact: combine multiple declared functions

* Refact: split code for SelectionNode from rule.rs

* Refact: mv test code for SelectionNode from rule.rs

* Refact: mv condition's code from rule.rs

* Refact: mv aggregation's code from condition_parser.rs

* Refact: use relationships

* cargo fmt --all

* remove unnecessary matcher

Co-authored-by: HajimeTakai <takai.wa.hajime@gmail.com>
 2021-07-08 01:41:59 +09:00
James
2f24dc775f Feature/filter record by eventid#94 (#95) 
* add function to get event id from rootnode.

* refactoring #76

* maybe fix bug.

* before test

* fix source files.

* cargo fmt --all

* add threadnum parameter
 2021-05-06 20:58:43 +09:00
nishikawaakira
7b0357b120 Feature/changeSingleton#53,#65 (#67) 
* change from singleton to global variable

* issue #65

* #65 test mode implemented

* cargo fmt --all
 2021-03-19 04:46:52 +09:00
ichiichi11
712f090919 rule file implemented. 2020-11-22 14:42:10 +09:00
ichiichi11
1adcb8c44b refactoring 2020-11-22 12:12:05 +09:00
akiranishikawa
b183e61596 add regexes and whitelist functions 2020-11-20 16:32:40 +09:00
kazuminn
73fa8090f0 指摘されたところ 2020-11-02 16:15:44 +09:00
kazuminn
1fcf025a06 fix decode's optional 2020-10-31 22:36:52 +09:00
kazuminn
e7a75ff780 add 2020-10-24 18:08:11 +09:00
kazuminn
f8484bf3bf Merge branch 'master' into feature/#11 2020-10-13 13:45:09 +09:00
akiranishikawa
4ac372e883 test修正 2020-10-13 05:31:06 +09:00
ichiichi11
03a4e973c5 refactoring: change function name 2020-10-12 16:12:55 +09:00
ichiichi11
261676574a create configs 2020-10-11 23:40:08 +09:00
akiranishikawa
850caa8a53 powershellの解析、Check-Commandの修正 2020-10-11 14:47:39 +09:00
itiB
5f5251a4a4 Fix: solve thread 2020-10-09 02:13:04 +09:00
itiB
c12090227e Fix: <utils.rs-check_command()> get rdr by reference 2020-10-09 02:04:31 +09:00
Kazuminn
9cab0bb343 add comment 2020-10-04 17:15:08 +09:00
Kazuminn
3e3f7bc51e fix :コメントで指摘されたところ 2020-10-04 17:07:09 +09:00
Kazuminn
e3631abeb3 add test : white listとマッチする時は、すぐにreturnする 2020-10-04 16:13:26 +09:00
Kazuminn
7242dfbc1b refactor 2020-10-03 20:07:45 +09:00
Kazuminn
6d57923ff2 refactor 2020-10-03 20:04:21 +09:00
Kazuminn
61049ce9a8 refactor 2020-10-03 19:52:04 +09:00
Kazuminn
d5fba5e54b fix test 2020-10-03 19:40:40 +09:00
Kazuminn
fb4ee59dee refactor 2020-10-03 17:58:43 +09:00
Kazuminn
5071aa0783 all test passed 2020-10-03 17:55:08 +09:00
Kazuminn
927df3f32a check_regex test ok 2020-10-03 17:34:37 +09:00
Kazuminn
6d8e0a61d2 test 2 pass 2020-10-03 16:52:39 +09:00
Kazuminn
bb2d4bc537 add check_command() 2020-10-03 13:06:25 +09:00
Kazuminn
acf8f8d022 add check_obfu() 2020-10-02 23:26:07 +09:00
Kazuminn
2bf76c4209 add check_regex() and check_creater() 2020-10-02 14:37:56 +09:00