CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
696 Commits 6 Branches 18 Tags
a973b5b0f6e94de6cd31abd25e0057a2c5038ecc
Commit Graph

696 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
DustInDark
9e3587e5cc removed unused Counter struct #301 2021-12-20 11:36:34 +09:00
Tanaka Zakku
c4ea1ca155 Git clone and output sections added. syntax highL 2021-12-20 08:34:42 +09:00
DustInDark
422c0eacdf added error output feature when output file path already exist #303 2021-12-20 01:44:15 +09:00
DustInDark
11dcc252ca adjust test error #301 2021-12-20 01:27:15 +09:00
DustInDark
3c08b45844 fixed typo 2021-12-20 01:26:50 +09:00
DustInDark
807b438009 moved output_error_log_exist due to emit_csv test #301 2021-12-20 01:25:47 +09:00
DustInDark
a7c6be4182 added Quiet Errors option #309 2021-12-20 01:13:23 +09:00
DustInDark
c081130147 added error log file check process #301 2021-12-20 01:12:30 +09:00
DustInDark
300242099b Merge branch 'main' into feature/output_errorlog#301 2021-12-20 01:05:48 +09:00
DustInDark
b49e126d91 deleted rules folder due to change repository submodule 2021-12-20 01:03:07 +09:00
DustInDark
37575ed0bb removed unused crate 2021-12-20 00:48:06 +09:00
DustInDark
0e0ceff861 created error log output feature #301 2021-12-20 00:46:04 +09:00
DustInDark
8798de6839 changed log directory path and removed error counter #301 2021-12-20 00:44:31 +09:00
DustInDark
49c08ddbc9 changed output message by change option name 2021-12-20 00:42:46 +09:00
DustInDark
3b7cf0b948 added output error log remove feature by line count #301 2021-12-20 00:40:41 +09:00
Yamato Security
5e07ccb2b4 summary display minor fix (#307) 2021-12-19 23:07:21 +09:00
DustInDark
3a68dc8466 adjust GPL v3 #305 2021-12-19 22:18:51 +09:00
Yamato Security
e7a57b5361 Merge branch 'main' into readme-EN-update-2021-12-16 2021-12-19 22:18:00 +09:00
Tanaka Zakku
0eca9e1e09 contributor conflict fix 2021-12-19 22:14:59 +09:00
Tanaka Zakku
197bef17a7 readme update 2021-12-19 22:08:36 +09:00
itiB
0bce3800b7 separate rules to submodule (#304) 
* rm: rules

* Add: hayabusa-rules to submodule
 2021-12-19 20:50:20 +09:00
DustInDark
dbba49b815 Hotfix/not work count#278 (#281) 
* fixed countup structure #278

* fixed countup structure and count up field logic #278

* fixed tests #278

* added  no output aggregation detect message  when output exist in rule yaml #232

* moved get_agg_condtion to rulenode function #278

* added field_values to output count fields data #232 #278

- fixed count logic #278
- fixed count test to adjust field_values add
- added count test

* fixed count output format #232

* fixed compile error

* fixed count output #232

- moved output check to create_count_output
- fixed yaml condition reference
- adjust top and tail multi space

* added create count output test #232

* removed count by file #278

- commented by @YamatoSecurity

* changed sort function to sort_unstable_by

* fixed typo

* adjust to comment #281

ref: https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767283508

* adjust comment #281

refs
-
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767285993
-
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767286713

* adjust coment #281

ref:
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767287831

* omitted code #281

* adjust comment #281

ref:
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767302595

* adjust comment #281

ref:
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767303168

* adjust comment

ref:
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767307535

* omitted unnecessary code #281

* adjust comment #281

ref:
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767288428

* adjust commnet #281

ref:
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767286731

* adjust comment #281

ref:
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767285716

* adjust comment #281

ref:
159191ec36 (r767288428)

* adjust  test result  #281

* removed debug print statement in testfunction

* adjust comment #281

ref

https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767286731

* fixed output by level  #278 #284

- fixed result counting process when rule has no aggregation condition #278

- added total output by level #284

* removed unnecessary crate

* fixed output #284

* removed unnecessary total/unique sum process #284

* add testcase and fix testcase bug

* add testcase, add check to check_cout()

* fixed count logic #278

* fixed test parameter

* add testcase

* fmt

* fixed count field check process #278

* fix testcase #281

* fixed comment typo

* removed one time used variable in test case #281

* fixed count field check process #278

* changed insert position #278

* changed contributor list

* fixed contributors list`

* passed with timeframe case #278

* passed all count test #278

* removed debug print

* removed debug print

* removed debug print

* cargo fmt

* changed by0level output format #284

* reduce clone() #278 #281

* changed for loop to map #278 #281

* fixed compile error

* changed priority from output in yml to  aggregation output case aggregation condition exist in rule. #232

* fixed testcase #232

* changed if-let to generics #278 #281

* fixed error when test to sample_evtx#278 #281

* changed if-let to generic #278 #281

* adjust unwrap none error #278 #281

* fixed compile error and test case failed #278

Co-authored-by: ichiichi11 <takai.wa.hajime@gmail.com>
 2021-12-19 20:48:29 +09:00
Yamato Security
a023ba46a6 Usage menu update (#302) 
* Usage menu update

* usage menuの微調整

* fixed options #302

- changed show-deprecated to enable-deprecated-rules
- changed csv-timeline to output
- change show-noisyalerts to enable-noisy-rules

* fixed option #302

- changed starttimeline to start-timeline

* fixed option #302

- changed q to quiet option

* fixed options #302

- changed endtimeline to end-timeline option
- changed threadnum to thread-number option

Co-authored-by: DustInDark <nextsasasa@gmail.com>
 2021-12-19 20:03:39 +09:00
Tanaka Zakku
90583e5408 AboutRuleCreation-sigmacの追加、その他の修正 2021-12-19 19:36:10 +09:00
DustInDark
6e237ebdda Merge branch 'main' into feature/update_eventkey_alias#274 2021-12-19 19:14:16 +09:00
Tanaka Zakku
7f1641bbda Rule Creation Readmeの和訳 2021-12-19 19:02:07 +09:00
DustInDark
a1c3bd0596 Merge branch 'main' into feature/output_errorlog#301 2021-12-19 16:46:54 +09:00
DustInDark
97b12fc068 fixed logic #301 2021-12-19 16:43:35 +09:00
DustInDark
692fdae9a0 RevertedMerge: Feature/remove process speed#289 (#299) 
* removed process-speed view in progress bar #289

* insert changed code after resolve conflict #289
 2021-12-19 15:36:24 +09:00
DustInDark
7f9f2349f2 fixed error and added output #301 2021-12-19 14:17:25 +09:00
DustInDark
55c05c6d38 adjusted alert function arg add #301 2021-12-19 13:56:34 +09:00
DustInDark
7e00ab00fe added output alert message to error file #391 2021-12-19 13:55:03 +09:00
Yamato Security
c01dcbfc94 Logoの微調整 (#300) 2021-12-18 12:14:23 +09:00
DustInDark
cc14b7e4ac Feature/improve output#253 (#285) 
* changed processing time pre code #253

- changed csv file writer to BufWriter

* changed processing time pre code in stdout #253
 2021-12-18 11:59:16 +09:00
Tanaka Zakku
edd1543661 Readme EN fix rule numbers 2021-12-18 11:24:58 +09:00
Tanaka Zakku
8b59cfa2ec English rule creation readme update 2021-12-18 11:19:11 +09:00
James Takai / hach1yon
cbbcb4c068 Feature/re tuning and bugfix for regexes keyword (#293) 
* re-tuning

* not effective

* re-tuning

* set key

* fix bug and fix testcase.

* fmt
 2021-12-18 11:13:51 +09:00
DustInDark
17b6b97aa3 Revert "removed process-speed view in progress bar #289 (#292)" (#298) 
This reverts commit 2626ef8e49.
 2021-12-18 11:12:28 +09:00
DustInDark
2626ef8e49 removed process-speed view in progress bar #289 (#292) 2021-12-18 11:06:45 +09:00
DustInDark
ee80e6bc1e Hotfix/regex filename replace lack#296 (#297) 
* fixed lacked replacement #286

* fixed typo #296
 2021-12-18 11:06:08 +09:00
Tanaka Zakku
8e682aa1e5 TargetInfo alias added 2021-12-18 09:26:27 +09:00
James Takai / hach1yon
a968e12aae add grep search readme 2021-12-17 23:14:21 +09:00
Yamato Security
d668fc9241 Regex filename change (#291) 
* update rule config files and art

* regexサンプルファイルの名前変更

* fixed test error due to filename change #291

Co-authored-by: DustInDark <nextsasasa@gmail.com>
 2021-12-17 21:25:55 +09:00
Yamato Security
9be8b3d33f art update (#294) 2021-12-17 20:07:27 +09:00
Tanaka Zakku
99dbb662b7 aliasの追加 2021-12-17 13:39:59 +09:00
Tanaka Zakku
99507db224 readmeの修正 2021-12-17 07:17:26 +09:00
Yamato Security
8b1e289462 delete noisy-rules folder. not needed anymore (#287) 2021-12-16 22:04:23 +09:00
itiB
9acaeff956 Merge pull request #226 from Yamato-Security/feature/start_finish_time 
指定時間範囲のイベントのみ読み込み
 2021-12-16 21:19:41 +09:00
itiB
d1d77b4e9f cargo fmt --all 2021-12-16 20:14:31 +09:00
itiB
05076e4fec Merge branch 'main' into feature/start_finish_time 2021-12-16 20:12:01 +09:00