CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
867 Commits 6 Branches 18 Tags
59c88c963f566f05acbe4060e40b51f6c46c3c43
Commit Graph

867 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
DustInDark
493c5ddec1 Trivia/eastereggs#212 (#266) 
* add ninja arts #212

* add takoyakiday eggs #212

* add christmas eggs #212

* add happy newyear eggs #212

* changed encode from UTF-8 BOM to UTF-8

* add output easteregg #212

- changed analysis datetime from Utc to Local
- added output easteregg #213

* changed happynewyear arts #212

* fix ninja day #212

* fix christmas #212
 2021-12-07 01:52:27 +09:00
itiB
f8bd738984 fix: input time format 2021-12-07 01:25:21 +09:00
itiB
0e4136e9cf fix: option's documents 2021-12-07 01:00:18 +09:00
itiB
a1ec06cc6c rm: comments 2021-12-07 00:52:57 +09:00
itiB
4bb445d4f5 Add: time filter 2021-12-07 00:50:00 +09:00
itiB
e09cfb7231 Add: datetime util 2021-12-07 00:11:34 +09:00
itiB
cc7697a319 Merge branch 'main' into feature/start_finish_time 2021-12-06 23:07:08 +09:00
DustInDark
50daf1d716 Feature/improve rule file read time#254 (#260) 
* fixed cached aggregation parser regex #254

* fixed cached condition parser regex #254

* fixed cached condition parser regex re_pipe #254
 2021-12-05 15:05:09 +09:00
James Takai / hach1yon
b10b714b36 SIGMAルールの変換ツールのテストケース作成とバグFIX (#261) 
* grep検索に数値を指定されていると、sigmaルールの変換に失敗する問題を修正しました。

* add test files and bugfix for no timeframe.
 2021-12-05 15:02:54 +09:00
James Takai / hach1yon
2222211ccd Merge branch 'main' into feature/fill_no_use_rules 2021-12-04 19:31:35 +09:00
ichiichi11
191d1df9f0 add exclude files and fix bugs. 2021-12-04 19:23:50 +09:00
ichiichi11
9169214553 fix bug. 2021-12-04 19:09:41 +09:00
ichiichi11
c961c3768c change from hashmap to hashset and remove unnecessary copy. 2021-12-04 18:46:11 +09:00
DustInDark
ac5c5c2917 Bugfix/yml alias not found all data output#227 (#241) 
* removed no use alias #227

* changed case of object type  return none #227

- serde json value is object type when alias key dont exist in detected record.

* adjust serde_number_to_string function return value change #227

* adjust yml rule to change of aliaskey_alias.txt #227

* merged same regex as static

* create new struct to reduce same output in rule and keyword warn message #227

* changed output position

* removed regression warnings #227

* removed output wanring

* Fixed a possible panic when None. #227

* added parse_message test #227

* added get_serde_number_to_string tests #227

* removed unnecessary test data part in get_serde_numuber_to_string test #227
 2021-12-04 11:49:38 +09:00
DustInDark
d112129771 changed stdout result delimiter #244 (#245) 
* changed stdout result delimiter #244

* removed unnecessary space #244

* added display output test #244

- added static map clear function (only test use)
- added outputformat test case of stdout (change sequencial process in emit_csv test To prevent the contents of static variables from changing depending on the order of execution)

* fixed typo
 2021-12-04 11:20:11 +09:00
Yamato Security
e0936ab2d1 rule update (#249) 2021-12-03 15:52:43 +09:00
DustInDark
8b9dac961a added progress bar #199 (#247) 2021-12-03 10:12:31 +09:00
kazuminn
446e540d6f merge main into feature/fill_no_use_rules 2021-12-02 00:49:54 +09:00
kazuminn
b9c415eab5 add 2021-12-02 00:43:31 +09:00
kazuminn
838a935d34 pass test 2021-12-02 00:33:19 +09:00
kazuminn
341a5e4f86 feature fillter no use rules 2021-11-30 22:54:36 +09:00
James Takai / hach1yon
2febaa9b73 add target event filtering. (#242) 2021-11-28 19:02:27 +09:00
DustInDark
84f17323da Hotfix/load rule level changed info to informational#237#238 (#240) 
* changed INFO to informational #237

- INFO in rule level is changed  to informational

* changed level load default rule from LOW to INFORMATIONAL #238

* fixed level description in doc and help menu #238

* removed test files

* removed test check file
 2021-11-28 18:27:58 +09:00
DustInDark
0cfa806baf Feature/addruletype to sigma rule#230 (#235) 
* added ruletype to SIGMA rule #230

* added ruletype to SIGMA rule converter tool #231
 2021-11-28 18:14:51 +09:00
Yamato Security
bc230f7cd5 英語修正 (#236) 
* 英語修正

* cargo fmt

* fixed test assertion string data

Co-authored-by: DustInDark <nextsasasa@gmail.com>
 2021-11-27 11:21:55 +09:00
DustInDark
cc7767a960 changed output format header #213 (#228) 
* changed output format header #213

* fixed test parameter #213
 2021-11-27 00:33:19 +09:00
Yamato Security
df0279c4d1 rule updates-2021-11-26 (#233) 
* rule updates-2021-11-26

* adjust trivial change in pull request issue coment

Co-authored-by: DustInDark <nextsasasa@gmail.com>
 2021-11-26 15:34:16 +09:00
DustInDark
b48f774b93 Feature/output unique detection#209 (#225) 
* checked contributors #141

- because RustyBlue code contributor(not hayabusa contributor) was mixed in hayabusa contributor

* changed yaml count name

* changed ruletype string #157

* fixed output of parse error #157

* fixed output

* added level unique detection output #209
 2021-11-24 21:15:43 +09:00
itiB
b2692ef983 Add: input function for start/end option 2021-11-24 00:09:41 +09:00
Yamato Security
015899bc51 ルール更新 (#224) 2021-11-23 15:04:03 +09:00
itiB
034f9c0957 Add: sigma rules (#175) 2021-11-22 08:45:44 +09:00
DustInDark
b53342218c Feature/output logo#206 (#222) 
* add output logo #206

* added newline and orgnization name #206

* add output rule count #200

* Changed yml summarize the totals for each folder hierarchy. #157

* added analyzing evtx file count output #157

* added loaded rule count output #157

* added quiet option #206
 2021-11-21 15:16:44 +09:00
DustInDark
86321a4502 Feature/output read rule directory#201 (#221) 
* fixed filepath evtx extension #162

* added rules option to config usage #201

* fixed filepath evtx extension rule #162

* added rules directory read feature #201

* added test case #201

* fixed usage set #201

* removed all check rule #201

* fixed rule read function data #201
 2021-11-20 14:01:50 +09:00
DustInDark
0b85a280f0 output fix logontype and change order #197 #198 (#217) 
* changed output column order #198

* added eventkey alias #197

* fixed eventid double quatation #197

* fixed eventid double quatation #197

* fixed logontype not converted #197

* fixed WorkStation and added TargetDomainName #205

* fixed typo #205

* Fixed the problem that conversion for No-String types #197
 2021-11-20 11:03:28 +09:00
DustInDark
199a8231c1 v1.0でリリースしない機能の削除、contributorsの表示、levelオプションのデフォルト値修正 #141 #211 (#218) 
* changed default level to Low #211

* fixed usage #211

* erased Lang option #195

* changed output credit to contributors #141

* Removed contributor information for uncreated features and features that will not be introduced in v1.0. #141

* removed slack notification feature #202

- removed config option
- removed artifact slack notification call

* removed description of slack notification #202

* fixed default level to Low #211

* removed description about slack notification #202
 2021-11-20 09:56:59 +09:00
DustInDark
e2ac686c3f Feature/verbose output rule and file#188 (#219) 
* added verbose output rule and evtx path #188

* fixed typo

* changed yaml read error to warn message #188

- added AlertMessage::warn
- yaml read error changed from error to warn
 2021-11-20 09:10:17 +09:00
Tanaka Zakku
bad4429ad0 Rule tuning 2021-11-18 10:31:28 +09:00
Tanaka Zakku
771c86edbf change rules dir structure. addlogon timeline. 2021-11-18 08:43:13 +09:00
Tanaka Zakku
f71d5848fe contributors.txt 2021-11-18 05:17:20 +09:00
Tanaka Zakku
b2eab00604 removed noisy rules 2021-11-15 08:56:09 +09:00
Tanaka Zakku
464c7ec052 sample-evtx 2021-11-15 05:54:24 +09:00
DustInDark
fb66b987ea fixed output evtx file path in event statistics #192 (#193) 2021-11-14 17:49:46 +09:00
DustInDark
480f2d26c0 Feature/change output timeformat#154 (#194) 
* changed default output time format #154

* added time zone #154

* added rfc3339 option #154
 2021-11-14 17:48:38 +09:00
Tanaka Zakku
50aebce32e Added Sigma Rules 2021-11-14 11:00:56 +09:00
Tanaka Zakku
ac3ea7b20b hayabusa backend documentation update 2021-11-14 11:00:17 +09:00
Tanaka Zakku
998b55e6c4 hayabusa sigmac backend documentation update 2021-11-14 10:41:20 +09:00
Tanaka Zakku
d7c66798b6 sigmacバックエンドのドキュメンテーション更新 2021-11-14 07:27:10 +09:00
James
7d49b0b521 Feature/#187 change allowlist regexes filenames (#189) 
* add risk level filter arguments #45

* fix default level in help #45

* add test yaml files #45

* refactoring and fix level argument usage.

* cargo fmt --all

* add risk level filter arguments #45

* fix default level in help #45

* add test yaml files #45

* refactoring and fix level argument usage.

* cargo fmt --all

* update

* change filename

* fix regexe and allowlist filename in document #187

Co-authored-by: DustInDark <nextsasasa@gmail.com>
 2021-11-12 13:53:09 +09:00
James
22c8302c4c change from stdout to stderr. (#190) 2021-11-12 13:21:14 +09:00
DustInDark
66b8f2de9e Feature/risk level condition#45 (#186) 
* add risk level filter arguments #45

* fix default level in help #45

* add test yaml files #45

* refactoring and fix level argument usage.

* cargo fmt --all

Co-authored-by: ichiichi11 <takai.wa.hajime@gmail.com>
 2021-11-11 23:47:29 +09:00