Yamato Security
67f0ee007b
Merge pull request #316 from Yamato-Security/feature/output_error_log_file_and_options#301
...
fixed #301 #303 #309
2021-12-22 16:08:13 +09:00
DustInDark
3412434d99
fixed error
2021-12-22 14:56:10 +09:00
James Takai / hach1yon
ea685fb75a
Feature/fix count() ( #327 )
2021-12-22 09:10:28 +09:00
DustInDark
bccdd8fef9
fixed error
...
- changed writer from stderr to bufwriter
- changed alert,warn function arg fro String to borrow-String
2021-12-21 14:44:26 +09:00
DustInDark
33e743c8fc
changed parse file error stderr to filewrite #301
2021-12-21 02:13:01 +09:00
DustInDark
46211711d6
fixed #301 #303 #309
...
Squashed commit of the following:
commit 617f12177fbf5066e141b5c1adf969b25c03fa3c
Author: DustInDark <nextsasasa@gmail.com >
Date: Tue Dec 21 00:57:13 2021 +0900
fix test typo and merge #301
commit 78926ebf55ae48566152c4097990ca1b1b536b53
Merge: c492ba1 83d891bnextsasasa@gmail.com >
Date: Tue Dec 21 00:22:55 2021 +0900
Merge branch 'main' into feature/output_errorlog_file#301
commit c492ba120a0d977d909b714c2506bd198200853b
Author: DustInDark <nextsasasa@gmail.com >
Date: Tue Dec 21 00:18:52 2021 +0900
renamed hayabusa-logs to logs
commit ac018917300e535c2bfc62b6a9df081d4beb1568
Author: DustInDark <nextsasasa@gmail.com >
Date: Mon Dec 20 23:48:48 2021 +0900
changed output file path deprecated #303
commit dcef677117555f2fac929b6d3b24ac18b5fb08fc
Author: DustInDark <nextsasasa@gmail.com >
Date: Mon Dec 20 23:47:42 2021 +0900
removed error file delete logic
commit b09dec2e4a5c679c3b3c242a655f01cb3b49d490
Author: DustInDark <nextsasasa@gmail.com >
Date: Mon Dec 20 23:46:49 2021 +0900
fixed -Q option flag #309
2021-12-21 01:03:33 +09:00
DustInDark
1aebdca160
Revert "Feature/output errorlog#301" ( #314 )
2021-12-20 20:59:30 +09:00
DustInDark
300242099b
Merge branch 'main' into feature/output_errorlog#301
2021-12-20 01:05:48 +09:00
DustInDark
0e0ceff861
created error log output feature #301
2021-12-20 00:46:04 +09:00
DustInDark
dbba49b815
Hotfix/not work count#278 ( #281 )
...
* fixed countup structure #278
* fixed countup structure and count up field logic #278
* fixed tests #278
* added no output aggregation detect message when output exist in rule yaml #232
* moved get_agg_condtion to rulenode function #278
* added field_values to output count fields data #232 #278
- fixed count logic #278
- fixed count test to adjust field_values add
- added count test
* fixed count output format #232
* fixed compile error
* fixed count output #232
- moved output check to create_count_output
- fixed yaml condition reference
- adjust top and tail multi space
* added create count output test #232
* removed count by file #278
- commented by @YamatoSecurity
* changed sort function to sort_unstable_by
* fixed typo
* adjust to comment #281
ref: https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767283508
* adjust comment #281
refs
-
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767285993
-
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767286713
* adjust coment #281
ref:
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767287831
* omitted code #281
* adjust comment #281
ref:
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767302595
* adjust comment #281
ref:
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767303168
* adjust comment
ref:
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767307535
* omitted unnecessary code #281
* adjust comment #281
ref:
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767288428
* adjust commnet #281
ref:
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767286731
* adjust comment #281
ref:
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767285716
* adjust comment #281
ref:
159191ec36 (r767288428)#281
* removed debug print statement in testfunction
* adjust comment #281
ref
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767286731
* fixed output by level #278 #284
- fixed result counting process when rule has no aggregation condition #278
- added total output by level #284
* removed unnecessary crate
* fixed output #284
* removed unnecessary total/unique sum process #284
* add testcase and fix testcase bug
* add testcase, add check to check_cout()
* fixed count logic #278
* fixed test parameter
* add testcase
* fmt
* fixed count field check process #278
* fix testcase #281
* fixed comment typo
* removed one time used variable in test case #281
* fixed count field check process #278
* changed insert position #278
* changed contributor list
* fixed contributors list`
* passed with timeframe case #278
* passed all count test #278
* removed debug print
* removed debug print
* removed debug print
* cargo fmt
* changed by0level output format #284
* reduce clone() #278 #281
* changed for loop to map #278 #281
* fixed compile error
* changed priority from output in yml to aggregation output case aggregation condition exist in rule. #232
* fixed testcase #232
* changed if-let to generics #278 #281
* fixed error when test to sample_evtx#278 #281
* changed if-let to generic #278 #281
* adjust unwrap none error #278 #281
* fixed compile error and test case failed #278
Co-authored-by: ichiichi11 <takai.wa.hajime@gmail.com >
2021-12-19 20:48:29 +09:00
DustInDark
97b12fc068
fixed logic #301
2021-12-19 16:43:35 +09:00
DustInDark
55c05c6d38
adjusted alert function arg add #301
2021-12-19 13:56:34 +09:00
James Takai / hach1yon
cbbcb4c068
Feature/re tuning and bugfix for regexes keyword ( #293 )
...
* re-tuning
* not effective
* re-tuning
* set key
* fix bug and fix testcase.
* fmt
2021-12-18 11:13:51 +09:00
Yamato Security
d668fc9241
Regex filename change ( #291 )
...
* update rule config files and art
* regexサンプルファイルの名前変更
* fixed test error due to filename change #291
Co-authored-by: DustInDark <nextsasasa@gmail.com >
2021-12-17 21:25:55 +09:00
James Takai / hach1yon
fd200c54b0
tuning ( #280 )
...
* remove unnecessary to_string
* remove unnecessary RWLock
* change hashmap crate
* remove unneccesarry to_string
* fmt
* remove rustc warning
* remove unnecessary to_string
* remove unnecessary comment
* remove unused functions
* remove unneccesary code.
* change compile option
* fmt
* remove unneccesarry split
* fmt
* remove unneccesary Option
2021-12-14 16:57:49 +09:00
DustInDark
50daf1d716
Feature/improve rule file read time#254 ( #260 )
...
* fixed cached aggregation parser regex #254
* fixed cached condition parser regex #254
* fixed cached condition parser regex re_pipe #254
2021-12-05 15:05:09 +09:00
Yamato Security
bc230f7cd5
英語修正 ( #236 )
...
* 英語修正
* cargo fmt
* fixed test assertion string data
Co-authored-by: DustInDark <nextsasasa@gmail.com >
2021-11-27 11:21:55 +09:00
DustInDark
b48f774b93
Feature/output unique detection#209 ( #225 )
...
* checked contributors #141
- because RustyBlue code contributor(not hayabusa contributor) was mixed in hayabusa contributor
* changed yaml count name
* changed ruletype string #157
* fixed output of parse error #157
* fixed output
* added level unique detection output #209
2021-11-24 21:15:43 +09:00
itiB
034f9c0957
Add: sigma rules ( #175 )
2021-11-22 08:45:44 +09:00
James
7d49b0b521
Feature/#187 change allowlist regexes filenames ( #189 )
...
* add risk level filter arguments #45
* fix default level in help #45
* add test yaml files #45
* refactoring and fix level argument usage.
* cargo fmt --all
* add risk level filter arguments #45
* fix default level in help #45
* add test yaml files #45
* refactoring and fix level argument usage.
* cargo fmt --all
* update
* change filename
* fix regexe and allowlist filename in document #187
Co-authored-by: DustInDark <nextsasasa@gmail.com >
2021-11-12 13:53:09 +09:00
James
22c8302c4c
change from stdout to stderr. ( #190 )
2021-11-12 13:21:14 +09:00
James
5bfa6832c0
fix value keyword ( #183 )
2021-11-11 00:12:58 +09:00
James
15a28e5602
cache regex for allowlist and regexes keyword. ( #174 )
2021-11-10 03:10:03 +09:00
James
c5d5d25817
change from black to allow. ( #164 )
2021-11-09 00:41:21 +09:00
James
e77a193c5c
Feature/#158 add rulefilepath column ( #168 )
...
* add level csv column
* update
* Feature/output detect count151 (#167 )
* add output process count of detects events #151
* add output process count of detects event when output stdio #151
* add format enter
* update
Co-authored-by: DustInDark <nextsasasa@gmail.com >
2021-11-09 00:35:28 +09:00
DustInDark
dcf015970c
fixed warning #149 ( #161 )
2021-11-06 06:46:01 +09:00
James
4a1e46e47e
Feature/#140 document ( #144 )
...
* update
* fix regexes and whitelist
* underconstructing
* fix
* update
* add pic
* update
* update
* update
* fix
2021-10-22 00:43:40 +09:00
garigariganzy
76103d31f3
Feature/event stats#105 ( #137 )
...
Event集計機能実装
Co-authored-by: HajimeTakai <takai.wa.hajime@gmail.com >
2021-09-20 23:53:45 +09:00
James
a469e6e60b
#102実装しました。 ( #133 )
2021-09-09 10:37:33 +09:00
DustInDark
330cbb58ca
WIP: Feature/count sigma rule #93 ( #113 )
...
* Feature/call error message struct#66 (#69 )
* change way to use write trait #66
* change call error message struct #66
* erase finished TODO #66
* erase comment in error message format test #66
* resolve conflict #66
* Feature/call error message struct#66 (#71 )
* change ERROR writeln struct #66
* under constructing
* add statistics template
* fix
* add comment
* add condition impl #93
* fix erased get_descendants and remove unnecessaly struct #93
* erased finished TODO comment
* erased finished TODO comment
* Revert "fix erased get_descendants and remove unnecessaly struct #93 "
This reverts commit 82e905e045#93 "
This reverts commit 19ecc87377#93
* add evaluate aggregation condition func provisional architecture. #93
* add countup function #93
* fix key to count hashmap #93
* add judge aggregation condition function #93
* fix error #93
* fix test #93
* share compile error ver
* fix detection.rs compile error
* fix timeframe parse
* add countup process in select
* fix select argument
* add test countup
* add test count judge #93
* add SIGMA windows count field and by keyword #93
* fix reference record in countup/judgecount #93
* add timedata in countup schema #93
* Refact: split code for matcher from rule.rs
* Reafact: combine multiple declared functions
* Refact: split code for SelectionNode from rule.rs
* Refact: mv test code for SelectionNode from rule.rs
* Refact: mv condition's code from rule.rs
* add count to detection #93
* fix compile error
* fix source to test ng. #93
* erase unused variable #93
* fix count architecture #93
* fix comment and compile error
* erase dust (response to review)
* erase dust (response to review)
* reduce calling Rulenode function (response to review)
* add aggregation output func
* erase dust(response to review) and add agg condition String func
* change error output
* reduce call RuleNode function(response to review)
* To reduce call RuleNode function
* fix test name
* fix coflicted resolve miss
* add code comment in timeframe count.
* add sort record timedata in timeframe(response to review)
* fix unnecesasry result in ArgResult
* add no field and by value count test
* create count test no field and by with timeframe
* erase duplicated timeframe data in RuleNode
* fix test error no field and no by count with timeframe
* fix test name
* add test case of exist field and by count.
* fix by count test and add test count othervalue in timeframe
* add test
* fix judge_timeframe logic when indexout
* fix test name and add count test field and by with timeframe
* adjust #120
* move associated count function from rulenode
* fix error when resolve conflict
* fix no output bug if exist output
Co-authored-by: HajimeTakai <takai.wa.hajime@gmail.com >
Co-authored-by: itiB <is0312vx@ed.ritsumei.ac.jp >
2021-07-16 07:20:44 +09:00
itiB
65b714b81b
rule.rsを分割する ( #121 )
...
* Refact: split code for matcher from rule.rs
* Reafact: combine multiple declared functions
* Refact: split code for SelectionNode from rule.rs
* Refact: mv test code for SelectionNode from rule.rs
* Refact: mv condition's code from rule.rs
* Refact: mv aggregation's code from condition_parser.rs
* Refact: use relationships
* cargo fmt --all
* remove unnecessary matcher
Co-authored-by: HajimeTakai <takai.wa.hajime@gmail.com >
2021-07-08 01:41:59 +09:00
