CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
712 Commits 6 Branches 18 Tags
7a7afe732c75fa6fd12440e2f24d7fdcb42d13fa
Commit Graph

80 Commits

Author SHA1 Message Date
DustInDark
7a7afe732c most detections summary by date (#551) 
* added Date with most detections by level #550

* cargo fmt

* updated changelog #550

* updated readme #550

* removed  most undefined detections date in summary #550

* cargo fmt

* add space after level tuning

* changed undefined rule detection count to no show #550

* cargo fmt

* readme update

* channel abb update

* channel abb update

* readme update

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
 2022-05-31 22:29:51 +09:00
DustInDark
2653e87588 start timeline and end timeline do not work (#547) 
* fixed dont work start-timeline and end-timeline #546

* fixed condition

* added changelog #546

* changelog update

* changed stop analysis when start-timeline and end-timeline happend parse error #546

* cargo fmt

* fixed alert message

* fixed lack of timestamp convert

* cargo fmt

* readme/usage update

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
 2022-05-28 10:07:39 +09:00
DustInDark
a17d0d4e37 display EventRecordID (#549) 
* added -R --display-record-id #548

* fixed test data #548

* cargo fmt

* added describe of -R --display-record-id option to README #548

* updated changelog #548

* readme update

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
 2022-05-27 22:19:40 +09:00
DustInDark
7be79efc21 fixed event timeline frequency font color changed when use f option #542 (#544) 
* fixed event timeline frequency font color changed when use f option #542

* fixed duplicate count detection to same record in data reduction #543

* fixed error #542

* fixed fmt

* fixed error

* changed no frequency timeline output when events is less than 5 record.

* Error message update

* added newline after progress bar

* fixed  frequency timeline logic to pass test

* cargo fmt

* Added CHANGELOG #533 #538 #525

* changelog update

* updated readme #533 #538

* readme update

* startup logo update

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
 2022-05-27 10:13:40 +09:00
DustInDark
995aa1d75b output not found field to n/a (#531) 
* changed no found placeholder output to n/a #528

* added n/a output to details when not found placeholder

* added v1.3.0 changelog describe and #528 enhance

* fixed typo and fixed markdown format

* fixed test

* readme, changelog, version update

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
 2022-05-23 00:20:08 +09:00
DustInDark
684c8a9688 525 show technique tags (#534) 
* added --all-tags optiojn #525

- exclude load output_tag.txt when --all-tags option is true

* fixed output to MitreAttack column #525

* added test

* added period

* updated usage in readme

* added test file

* added all-tags option in readme

* readme update

* fixed all-tags option description in help option

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
 2022-05-23 00:19:04 +09:00
Yamato Security
69564103de clarified rules can cause AV alerts (#532) 
* clarified rules can cause AV alerts

* adjusted to en-readme update

* updated latest hayabusa-rules

Co-authored-by: DustInDark <nextsasasa@gmail.com>
 2022-05-21 17:01:32 +09:00
Yamato Security
6414af3609 readme update (#529) 2022-05-20 15:05:34 +09:00
DustInDark
b47561a79c remove color option (#518) 
* removed used crate in color option and add term color #481

* removed level_color.txt due to fix output color #481

* removed color definition by file

* update cargo

* removed color definiton by true type vec

* added hex crate

* added level_color.txt and color output to command prompt and powershell #481

* adjust termcolor crate
* restored level_color.txt

* remove c option #481

* fixed document #481

* fixed stdoutput test

* add no-color option #481

- disable color output when no-color option set

* added no-color option document

* Fixed clipy err

* doc, changelog, cargo pkg update

* changelog and rules update

* version up to 1.2.2

* readme and changelog update

* reformat to markdown lint

* adjusted logon summary generator section in japanese readme to english
 readme

* fixed typo in readme

Co-authored-by: garigariganzy <tosada31@hotmail.co.jp>
Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
 2022-05-17 11:32:57 +09:00
DustInDark
d654c2cb6b logon summary (#523) 
* logon summary #110

* logon summary #110

* english update

* add sort #110

* add sort #110

* Formatting the output string

* Fixed the check process.

* added document #110

* Fixed login failure eventID.

* Fixed clipy err

* prevent rule load output with logon-summary option #110

* fixed bug of  level-tuning execute when option is -s or -L only #110

Co-authored-by: garigariganzy <tosada31@hotmail.co.jp>
Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
 2022-05-17 09:36:45 +09:00
DustInDark
2c0b057bc0 added twitter badge and link #519 (#520) 
* added twitter badge and link #519

* Fixed clipy err

Co-authored-by: garigariganzy <tosada31@hotmail.co.jp>
 2022-05-15 23:46:32 +09:00
DustInDark
0414b5af78 changed force update to hayabusa-rules #490 (#509) 
* changed force update to hayabusa-rules #490

* added note when update option is used

* readme update

* cargo and changelog updates

* changed jp translation

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
 2022-04-21 21:20:31 +09:00
Yamato Security
fc271c2076 Merge pull request #512 from Yamato-Security/511-move-level_tuning.txt 
level_tuning.txtのパスを./rules/configに移動
 2022-04-20 20:51:14 +09:00
DustInDark
b43eb853e9 Added Channel column and Channel Abbreviations (#508) 
* added Channel output #504

* added test #504

* fixed clippy warnings

* fixed convert serde value to Channel #504

* added channel output config #504

* added doc #504

* added Channel column and Channel addreviation

* fixed file name typo

* changed channel position #504

* fixed markdown warnings in CHANGELOG

* readme update

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
 2022-04-20 16:12:53 +09:00
Tanaka Zakku
c6b2879eb5 change path 2022-04-20 10:16:25 +09:00
Tanaka Zakku
1b6264a33d readme update 2022-04-16 09:08:49 +09:00
Yamato Security
9da46b90a8 twitter link fix (#486) 2022-04-13 13:10:13 +09:00
Tanaka Zakku
0db51b1f87 readme, version, cargo update 2022-04-11 18:05:56 +09:00
Yamato Security
b67aaebf8a Update README-Japanese.md 2022-04-11 17:29:38 +09:00
Yamato Security
861e1c5c4e Merge branch 'develop' into feature/level-tuning#390 2022-04-11 17:24:28 +09:00
Tanaka Zakku
1dc9a11d94 readme update 2022-04-11 09:15:23 +09:00
DustInDark
cd8c856d05 changed level_tuning.txt header from next_level to new_level 2022-04-06 22:46:35 +09:00
DustInDark
a5bf79cf83 Fixed output stop when control char exist in windows terminal (#485) 
* added control character filter in details #382

* fixed document

- removed fixed windows teminal caution in readme
 2022-04-06 08:40:28 +09:00
itiB
52bc918cfb Add: README.md 2022-04-06 01:54:09 +09:00
kazuminn
c8efa95447 Pivot Keyword List機能の追加 (#412) 
* add get_pivot_keyword() func

* change function name and call it's function

* [WIP] support config file

* compilete output

* cargo fmt

* [WIP] add test

* add test

* support -o option in pivot

* add pivot mod

* fix miss

* pass test in pivot.rs

* add comment

* pass all test

* add fast return

* fix output

* add test config file

* review

* rebase

* cargo fmt

* test pass

* fix clippy in my commit

* cargo fmt

* little refactor

* change file input logic and config format

* [WIP] change output

* [wip] change deta structure

* change output & change data structure

* pass test

* add config

* cargo fmt & clippy & rebase

* fix cllipy

* delete /rules/ in .gitignore

* clean comment

* clean

* clean

* fix rebase miss

* fix rebase miss

* fix clippy

* file name output on -o to stdout

* add pivot_keywords.txt to ./config

* updated english

* Documentation update

* cargo fmt and clean

* updated translate japanese

* readme update

* readme update

Co-authored-by: DustInDark <nextsasasa@gmail.com>
Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
 2022-04-05 21:17:23 +09:00
DustInDark
425a629de7 Enhancement: add config config #456 (#471) 
* added config option #456

* added process of option to speicifed config folder #456

following files adjust config option.

* noisy_rules.txt

* exclude_rules.txt

* fixed usage in readme
 2022-03-30 15:26:58 +09:00
Tanaka Zakku
5f570b9e0d update 2022-03-19 13:41:01 +09:00
Tanaka Zakku
6f83a09c1f documentation update macOS usage etc 2022-03-19 13:08:20 +09:00
DustInDark
d57c7587f4 added repository maintenance levels badge #453 2022-03-17 18:41:24 +09:00
DustInDark
5b3c3bc47f added rust report card badges #453 2022-03-17 18:38:43 +09:00
DustInDark
e309e87e0d added temporary blackhat arsenal badge 2022-03-17 18:32:30 +09:00
Yamato Security
6659576211 readme update screenshots etc (#448) 2022-03-10 11:24:39 +09:00
DustInDark
7d909a7438 Merge main and output fix#443#444 (#445) 
* removed tools/sigmac (#441)

* removed tools/sigmac

- moved tools/sigmac to hayabusa-rules repo

* fixed doc link tools/sigmac

* fixed submodule track

* fixed submodule track from latest to v1.1.0 tag

* fixed link

* erased enter #444

* erased enter #444

* reverted logo enter

* fixed rules submodule target commit #444

Co-authored-by: Yamato Security <71482215+YamatoSecurity@users.noreply.github.com>
 2022-03-08 17:55:11 +09:00
Alan Smithee
6694b9b4d5 Merge branch 'main' into develop 2022-03-02 20:19:27 +09:00
Alan Smithee
d498d3114b Merge branch 'readme-update---32bit-cross-compile-add' of github.com:Yamato-Security/hayabusa into readme-update---32bit-cross-compile-add 2022-03-02 18:29:31 +09:00
Alan Smithee
5d4c465bcc fixed janapese usage readme 2022-03-02 18:28:44 +09:00
Alan Smithee
b43f41e7f2 fixed command option in usage 
- UTC option is changed from -u to -U
- Run onlive Windows machine is adjusted -l (--live-analysis)
 2022-03-02 18:21:55 +09:00
Tanaka Zakku
7bc845ea81 cross compile command fix 2022-03-02 18:14:28 +09:00
Tanaka Zakku
5fdcd40179 usage update 2022-03-02 17:02:19 +09:00
Tanaka Zakku
4572bb98f4 add linux compile comment 2022-03-02 16:19:25 +09:00
Tanaka Zakku
02628526ec use standard cargo build to compile 2022-03-02 13:34:33 +09:00
Tanaka Zakku
bd4f433b73 readme update - 32bit compile add 2022-03-02 10:13:45 +09:00
Yamato Security
b0434726ca readme update mac compile error (#431) 2022-02-28 15:23:32 +09:00
Yamato Security
087529ee91 readme update-RuleDocToHayabusRulesRepo BugSub (#427) 2022-02-28 10:14:27 +09:00
DustInDark
92c472d451 Hotfix/moved rule configs to hayabusa rules repo#409 (#414) 
* fixed target config path #409

* fixed target config file path in test #409

* fixed rules target #409

* Documentation fix, deleted unneeded config files

* added workflow

* changed submodule option

* fixed worksflow to ref submodule

* fixed gitmodules

* fixed workflow

* check code insert

* added update submodules command

* test rules update

* removed test runs

* fixed error

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
 2022-02-26 18:19:19 +09:00
DustInDark
02b1d7f07c added update command #391 (#392) 
* add git2 crate #391

* added Update option #391

* updated readme #391

* fixed cargo.lock

* fixed option if-statement #391

* changed utc short option and rule-update short option #391

* updated readme

* updated readme

* fixed -u long option & version number update #391

* added fast-forwarding rules repository #391

* updated command line option #391

* moved output logo prev update rule

* fixed readme #391

* removed recursive option in readme

* English message update.

* cargo fmt

* Added update command#391 submodule ver (#401)

* changed rules update from clone and pull to submodule update #391

* fixed document

* changed unnecessary clone recursively to clone only

* English message update. ( 4657c35e5c cherry-pick)

* added create rules folder when rules folder is not exist

* fixed gitmodules github-rules url from ssh to https

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>

* added caution case of update failed in readme #391

* fixed document

* added output error in case of loaded rule count is 0  #391 #392

 https://github.com/Yamato-Security/hayabusa/pull/392#issuecomment-1050276570

* --update-rules typo

* removed unused library call

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
 2022-02-26 18:18:03 +09:00
itiB
47c1d42daf Add: Table of Contents to README 2022-02-17 00:19:17 +09:00
DustInDark
0a559da580 Fixed Readme (#399) 
* add shields to README-Japanese.md

* replaced README.md to README-English.md

* fixed tags url ref

* fixed reference typo

* fixed hayabusa logo view size

* fixed readme
 2022-02-16 09:28:52 +09:00
DustInDark
df86958850 added live analysys feature (#398) 
* added windows live analysis option #125

* added live analysis option #125

* fixed live analysys condition #125

* changed live analysis option #125

* added live-analysis option in readme #125

* fixed live-analysis check condition #125

* is_elevated crate is only windows #125

* fixed is_elevated build error #125

* fixed is_elevated library crate load

* fixed call way os dependencies crate #125

* fix build error on linux and removed unnecessary create #125

* fixed lack of load crate when build at windows #125

* Update error message

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
 2022-02-15 02:12:45 +09:00
DustInDark
9cb54a9192 Hotfix/no output colorcode in no true color#376 (#378) 
* added color code emit_csv test

* replaced HashMap and HashSet to hashbrown #368

* removed debug output in test #368

* added color option #376

* fixed process of output check #376

* removed color output check from test #376

* english updates

* colored detections and rules count output by level #384

* refactoring in colored output process #384

* update usage #364 #376

* fixed markdown lint

* added windows terminal bug evasion way #382

* update readme

* fixed colored output test

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
 2022-02-09 09:29:36 +09:00