CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
528 Commits 6 Branches 18 Tags
92c472d451a355c95c83ad54f1d0de93c8f62a3f
Commit Graph

337 Commits

Author SHA1 Message Date
DustInDark
92c472d451 Hotfix/moved rule configs to hayabusa rules repo#409 (#414) 
* fixed target config path #409

* fixed target config file path in test #409

* fixed rules target #409

* Documentation fix, deleted unneeded config files

* added workflow

* changed submodule option

* fixed worksflow to ref submodule

* fixed gitmodules

* fixed workflow

* check code insert

* added update submodules command

* test rules update

* removed test runs

* fixed error

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
 2022-02-26 18:19:19 +09:00
DustInDark
02b1d7f07c added update command #391 (#392) 
* add git2 crate #391

* added Update option #391

* updated readme #391

* fixed cargo.lock

* fixed option if-statement #391

* changed utc short option and rule-update short option #391

* updated readme

* updated readme

* fixed -u long option & version number update #391

* added fast-forwarding rules repository #391

* updated command line option #391

* moved output logo prev update rule

* fixed readme #391

* removed recursive option in readme

* English message update.

* cargo fmt

* Added update command#391 submodule ver (#401)

* changed rules update from clone and pull to submodule update #391

* fixed document

* changed unnecessary clone recursively to clone only

* English message update. ( 4657c35e5c cherry-pick)

* added create rules folder when rules folder is not exist

* fixed gitmodules github-rules url from ssh to https

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>

* added caution case of update failed in readme #391

* fixed document

* added output error in case of loaded rule count is 0  #391 #392

 https://github.com/Yamato-Security/hayabusa/pull/392#issuecomment-1050276570

* --update-rules typo

* removed unused library call

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
 2022-02-26 18:18:03 +09:00
DustInDark
0dc5de4b73 Bug/ Fixed error when target environment is not installed vcc redistribute package (#408) 
* fixed error when target environment has not installed vcc redistribute package

* added cfg to static_vcruntime when target os is windows.
 2022-02-25 10:07:12 +09:00
Alan Smithee
f9b02a65b6 fixed test to change regex detectlist_suspicous_services.txt 2022-02-22 08:42:23 +09:00
DustInDark
58017e971f fixed detection lack when tab and enter control character in event record#395 (#396) 
* fixed no detected bug when enter and tab control character in record data #395

* added remove \r \n \t character in utils.rs
* added call of utils.rs function in selectionnodes.rs

* added tests #395

* changed space control character function args #395

* fixed test due to function args changes #395

* changed replace method using regex #395

* changed regex by record_data_filter.txt #395

* added record_data_filter.txt #395

* fixed test #395

* added record_data_filter

- add Properties regex
- add ScriptBlockText regex
- add Payload regex
 2022-02-17 05:07:15 +09:00
DustInDark
19c44b4f66 added mitre attack data output in csv output (#397) 
* added tags information in csv output #234

* fixed test due to change csvformat struct #234

* changed tag info separator #234

* changed separator #234

* changed tag info separator #234
 2022-02-15 02:13:37 +09:00
DustInDark
df86958850 added live analysys feature (#398) 
* added windows live analysis option #125

* added live analysis option #125

* fixed live analysys condition #125

* changed live analysis option #125

* added live-analysis option in readme #125

* fixed live-analysis check condition #125

* is_elevated crate is only windows #125

* fixed is_elevated build error #125

* fixed is_elevated library crate load

* fixed call way os dependencies crate #125

* fix build error on linux and removed unnecessary create #125

* fixed lack of load crate when build at windows #125

* Update error message

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
 2022-02-15 02:12:45 +09:00
DustInDark
9cb54a9192 Hotfix/no output colorcode in no true color#376 (#378) 
* added color code emit_csv test

* replaced HashMap and HashSet to hashbrown #368

* removed debug output in test #368

* added color option #376

* fixed process of output check #376

* removed color output check from test #376

* english updates

* colored detections and rules count output by level #384

* refactoring in colored output process #384

* update usage #364 #376

* fixed markdown lint

* added windows terminal bug evasion way #382

* update readme

* fixed colored output test

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
 2022-02-09 09:29:36 +09:00
DustInDark
df30adfdef changed hashmap library to tuneup #368 (#369) 
* added color code emit_csv test

* replaced HashMap and HashSet to hashbrown #368

* removed debug output in test #368

* fixed colored test
 2022-02-09 01:59:39 +09:00
DustInDark
84de8d01af remove yaml ignore check#271 (#385) 
* removed yaml ignore label check #271

* moved exclude rule filter check #271

* fixed colored test
 2022-02-09 01:59:12 +09:00
kazuminn
d1597b2322 ルール場所指定オプションでファイルを扱えるようにする (#364) 
* add only rule file path in --rules

* add error handling for metadata

* refactor

* add test

* rename test function
 2022-01-31 12:09:25 +09:00
Alan Smithee
f70be3419a removed csv quote when output result to stdout #381 2022-01-30 13:23:33 +09:00
DustInDark
b12029de5c Feature/colorlog#239 (#365) 
* added color carete #239

* added hex library

* added color config file parser #239

* added color output feature #239

* changed fast hashmap library

* added color output description(Japanese) #239

* added color output description(English) #239

* fixed medium level typo

* removed white color font level #239

* added trim and loose colorcode condition #239

* fixed hex convert error panic #239

- output warn and go next iterator when happen hex convert panic

- added user input in hex convert warn output to use easily
 2022-01-26 01:39:14 +09:00
kazuminn
15ee980711 exclude-rules.txtとnoisy-rules.txtをコメントに対応 (#362) 
* add exclude files comments feature

* trim()

* add error handling and split function

* add id validation

* add comments

* cargo fmt

* fix error statment

* change -full.txt to .txt

* change alert to warn
 2022-01-20 23:12:41 +09:00
DustInDark
9c7353a2e9 Feature/except hidden file#335 (#339) 
* added except hidden file load #335

* fixed except hidden file in collect evtx #335
 2022-01-13 22:19:59 +09:00
Tanaka Zakku
d9624be752 delete extra white space 2021-12-24 14:56:23 +09:00
DustInDark
207fcb312c fixed output error if config directory is not found #347 2021-12-24 13:27:51 +09:00
DustInDark
3097ff2ac3 added process case of no exist config files #347 2021-12-24 08:48:38 +09:00
Tanaka Zakku
8f9ff165ec small format fix 2021-12-23 17:52:19 +09:00
DustInDark
b4a66a8e6f inserted usage newline 2021-12-23 17:16:48 +09:00
DustInDark
c43624dcb2 changed outputs #344 2021-12-23 17:09:26 +09:00
DustInDark
716e0a182a changed no outpu rule parse result with -s option #343 2021-12-23 15:45:11 +09:00
DustInDark
7813fd6ac6 reduced statistics start output each file #341 2021-12-23 11:42:58 +09:00
DustInDark
9b382df001 fixed output flag process #341 2021-12-23 11:39:52 +09:00
DustInDark
09782f02a9 added newline 2021-12-23 11:35:34 +09:00
DustInDark
6b5283b28b added no detection when statistics option enabled. #341 2021-12-23 11:33:10 +09:00
DustInDark
f2445ae093 changed output field to details field in yaml data oftest case 2021-12-23 08:59:41 +09:00
DustInDark
2250c4b2c3 fixed error 2021-12-22 20:38:21 +09:00
DustInDark
bf0d3b12f2 fixed output rule warn #336 2021-12-22 18:29:17 +09:00
DustInDark
98a6ca8adc adjust change field name from output to details in rule file #337 2021-12-22 18:15:34 +09:00
Yamato Security
67f0ee007b Merge pull request #316 from Yamato-Security/feature/output_error_log_file_and_options#301 
fixed #301 #303 #309
 2021-12-22 16:08:13 +09:00
DustInDark
a14702dc76 fixed contents and rule-count #333 2021-12-22 15:25:00 +09:00
DustInDark
3412434d99 fixed error 2021-12-22 14:56:10 +09:00
Yamato Security
f54985075b Merge pull request #325 from Yamato-Security/fix/header_name_fix#320 
changed output header #320
 2021-12-22 11:09:02 +09:00
DustInDark
8876fc5f65 added newline 2021-12-22 09:41:06 +09:00
James Takai / hach1yon
ea685fb75a Feature/fix count() (#327) 2021-12-22 09:10:28 +09:00
DustInDark
a0cc36c67e fixed test error #320 2021-12-21 22:31:21 +09:00
DustInDark
2b76103028 fixed output #301 
- To save error log, created empty folder logs

- fixed output
 2021-12-21 21:50:33 +09:00
DustInDark
d0a7040275 changed output header #320 2021-12-21 20:55:46 +09:00
DustInDark
bccdd8fef9 fixed error 
- changed writer from stderr to bufwriter

- changed alert,warn function arg fro String to borrow-String
 2021-12-21 14:44:26 +09:00
DustInDark
f1c9418ab4 fixed errorlog create logic 2021-12-21 14:40:23 +09:00
DustInDark
13494ec609 fixed tests 
errored no defined error file in alert function call
 2021-12-21 02:53:46 +09:00
DustInDark
33e743c8fc changed parse file error stderr to filewrite #301 2021-12-21 02:13:01 +09:00
DustInDark
29ee8a5901 added Q option 2021-12-21 01:38:25 +09:00
DustInDark
20c8b2b073 added create_error_log 2021-12-21 01:26:46 +09:00
DustInDark
46211711d6 fixed #301 #303 #309 
Squashed commit of the following:

commit 617f12177fbf5066e141b5c1adf969b25c03fa3c
Author: DustInDark <nextsasasa@gmail.com>
Date:   Tue Dec 21 00:57:13 2021 +0900

    fix test typo and merge #301

commit 78926ebf55ae48566152c4097990ca1b1b536b53
Merge: c492ba1 83d891b
Author: DustInDark <nextsasasa@gmail.com>
Date:   Tue Dec 21 00:22:55 2021 +0900

    Merge branch 'main' into feature/output_errorlog_file#301

commit c492ba120a0d977d909b714c2506bd198200853b
Author: DustInDark <nextsasasa@gmail.com>
Date:   Tue Dec 21 00:18:52 2021 +0900

    renamed hayabusa-logs to logs

commit ac018917300e535c2bfc62b6a9df081d4beb1568
Author: DustInDark <nextsasasa@gmail.com>
Date:   Mon Dec 20 23:48:48 2021 +0900

    changed output file path deprecated #303

commit dcef677117555f2fac929b6d3b24ac18b5fb08fc
Author: DustInDark <nextsasasa@gmail.com>
Date:   Mon Dec 20 23:47:42 2021 +0900

    removed error file delete logic

commit b09dec2e4a5c679c3b3c242a655f01cb3b49d490
Author: DustInDark <nextsasasa@gmail.com>
Date:   Mon Dec 20 23:46:49 2021 +0900

    fixed -Q option flag #309
 2021-12-21 01:03:33 +09:00
DustInDark
1aebdca160 Revert "Feature/output errorlog#301" (#314) 2021-12-20 20:59:30 +09:00
Yamato Security
f31f8955ed Merge pull request #310 from Yamato-Security/feature/output_errorlog#301 
Feature/output errorlog#301
 2021-12-20 20:17:22 +09:00
DustInDark
3c1753109a fixed compile error #301 2021-12-20 15:28:00 +09:00
DustInDark
7d5f10e6cb changed rule read warn output from std to errorlog write #301 2021-12-20 11:47:49 +09:00