bca578b89e
add equalsfield pipe ( #467 )
2022-03-30 11:49:20 +09:00
b0e4247857
Feature/#440 refactoring #395 ( #464 )
2022-03-26 16:11:11 +09:00
e563224b52
added clippy workflow #428 ( #429 )
...
* added clippy workflow #428
* fixed action yaml to run clippy #428
* fixed indent
* fixed workflow
* fixed workflow error
* fixed indent
* changed no annotation #428
* adujusted annotation version
* fixed clippy::needless_match
* remove if let exception
* removed unnecessary permission check #428
2022-03-21 12:45:30 +09:00
7c7a86f7c9
Fixed Clippy Warnings ( #451 )
...
* fixed clippy warn
* fixed cargo clippy warnging
* fixed clippy warngings in clippy ver 0.1.59
* fixed clippy warnings clippy::unnecessary_to_owned
2022-03-17 08:43:48 +09:00
04b881cb66
changed downcast library from mopa to downcast_rs #447 ( #450 )
2022-03-11 14:49:47 +09:00
bb1f5f619d
Fix/fix clippy warn ( #434 )
...
- Fixed following Clippy Warnings(previous warning count: 671 -> after: 4)
- clippy::needless_return
- clippy::println_empty_string
- clippy::redundant_field_names
- clippy::single_char_pattern
- clippy::len_zero
- clippy::iter_nth_zero
- clippy::bool_comparison
- clippy::question_mark
- clippy::needless_collect
- clippy::unnecessary_unwrap
- clippy::ptr_arg
- clippy::needless_collect
- clippy::needless_borrow
- clippy::new_without_default
- clippy::assign_op_pattern
- clippy::bool_assert_comparison
- clippy::into_iter_on_ref
- clippy::deref_addrof
- clippy::while_let_on_iterator
- clippy::match_like_matches_macro
- clippy::or_fun_call
- clippy::useless_conversion
- clippy::let_and_return
- clippy::redundant_clone
- clippy::redundant_closure
- clippy::cmp_owned
- clippy::upper_case_acronyms
- clippy::map_identity
- clippy::unused_io_amount
- clippy::assertions_on_constants
- clippy::op_ref
- clippy::useless_vec
- clippy::vec_init_then_push
- clippy::useless_format
- clippy::bind_instead_of_map
- clippy::bool_comparison
- clippy::clone_on_copy
- clippy::too_many_arguments
- clippy::module_inception
- fixed clippy::needless_lifetimes
- fixed clippy::borrowed_box (Thanks for helping by hach1yon!)
2022-03-07 08:38:05 +09:00
92c472d451
Hotfix/moved rule configs to hayabusa rules repo#409 ( #414 )
...
* fixed target config path #409
* fixed target config file path in test #409
* fixed rules target #409
* Documentation fix, deleted unneeded config files
* added workflow
* changed submodule option
* fixed worksflow to ref submodule
* fixed gitmodules
* fixed workflow
* check code insert
* added update submodules command
* test rules update
* removed test runs
* fixed error
Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com >
2022-02-26 18:19:19 +09:00
f9b02a65b6
fixed test to change regex detectlist_suspicous_services.txt
2022-02-22 08:42:23 +09:00
58017e971f
fixed detection lack when tab and enter control character in event record#395 ( #396 )
...
* fixed no detected bug when enter and tab control character in record data #395
* added remove \r \n \t character in utils.rs
* added call of utils.rs function in selectionnodes.rs
* added tests #395
* changed space control character function args #395
* fixed test due to function args changes #395
* changed replace method using regex #395
* changed regex by record_data_filter.txt #395
* added record_data_filter.txt #395
* fixed test #395
* added record_data_filter
- add Properties regex
- add ScriptBlockText regex
- add Payload regex
2022-02-17 05:07:15 +09:00
df30adfdef
changed hashmap library to tuneup #368 ( #369 )
...
* added color code emit_csv test
* replaced HashMap and HashSet to hashbrown #368
* removed debug output in test #368
* fixed colored test
2022-02-09 01:59:39 +09:00
f2445ae093
changed output field to details field in yaml data oftest case
2021-12-23 08:59:41 +09:00
67f0ee007b
Merge pull request #316 from Yamato-Security/feature/output_error_log_file_and_options#301
...
fixed #301 #303 #309
2021-12-22 16:08:13 +09:00
3412434d99
fixed error
2021-12-22 14:56:10 +09:00
ea685fb75a
Feature/fix count() ( #327 )
2021-12-22 09:10:28 +09:00
bccdd8fef9
fixed error
...
- changed writer from stderr to bufwriter
- changed alert,warn function arg fro String to borrow-String
2021-12-21 14:44:26 +09:00
33e743c8fc
changed parse file error stderr to filewrite #301
2021-12-21 02:13:01 +09:00
46211711d6
fixed #301 #303 #309
...
Squashed commit of the following:
commit 617f12177fbf5066e141b5c1adf969b25c03fa3c
Author: DustInDark <nextsasasa@gmail.com >
Date: Tue Dec 21 00:57:13 2021 +0900
fix test typo and merge #301
commit 78926ebf55ae48566152c4097990ca1b1b536b53
Merge: c492ba1 83d891bnextsasasa@gmail.com >
Date: Tue Dec 21 00:22:55 2021 +0900
Merge branch 'main' into feature/output_errorlog_file#301
commit c492ba120a0d977d909b714c2506bd198200853b
Author: DustInDark <nextsasasa@gmail.com >
Date: Tue Dec 21 00:18:52 2021 +0900
renamed hayabusa-logs to logs
commit ac018917300e535c2bfc62b6a9df081d4beb1568
Author: DustInDark <nextsasasa@gmail.com >
Date: Mon Dec 20 23:48:48 2021 +0900
changed output file path deprecated #303
commit dcef677117555f2fac929b6d3b24ac18b5fb08fc
Author: DustInDark <nextsasasa@gmail.com >
Date: Mon Dec 20 23:47:42 2021 +0900
removed error file delete logic
commit b09dec2e4a5c679c3b3c242a655f01cb3b49d490
Author: DustInDark <nextsasasa@gmail.com >
Date: Mon Dec 20 23:46:49 2021 +0900
fixed -Q option flag #309
2021-12-21 01:03:33 +09:00
1aebdca160
Revert "Feature/output errorlog#301" ( #314 )
2021-12-20 20:59:30 +09:00
300242099b
Merge branch 'main' into feature/output_errorlog#301
2021-12-20 01:05:48 +09:00
0e0ceff861
created error log output feature #301
2021-12-20 00:46:04 +09:00
dbba49b815
Hotfix/not work count#278 ( #281 )
...
* fixed countup structure #278
* fixed countup structure and count up field logic #278
* fixed tests #278
* added no output aggregation detect message when output exist in rule yaml #232
* moved get_agg_condtion to rulenode function #278
* added field_values to output count fields data #232 #278
- fixed count logic #278
- fixed count test to adjust field_values add
- added count test
* fixed count output format #232
* fixed compile error
* fixed count output #232
- moved output check to create_count_output
- fixed yaml condition reference
- adjust top and tail multi space
* added create count output test #232
* removed count by file #278
- commented by @YamatoSecurity
* changed sort function to sort_unstable_by
* fixed typo
* adjust to comment #281
ref: https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767283508
* adjust comment #281
refs
-
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767285993
-
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767286713
* adjust coment #281
ref:
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767287831
* omitted code #281
* adjust comment #281
ref:
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767302595
* adjust comment #281
ref:
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767303168
* adjust comment
ref:
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767307535
* omitted unnecessary code #281
* adjust comment #281
ref:
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767288428
* adjust commnet #281
ref:
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767286731
* adjust comment #281
ref:
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767285716
* adjust comment #281
ref:
https://github.com/Yamato-Security/hayabusa/pull/281/commits/159191ec36bdc89ad6af381f3963a2bb91cd8ace#r767288428
* adjust test result #281
* removed debug print statement in testfunction
* adjust comment #281
ref
https://github.com/Yamato-Security/hayabusa/pull/281#discussion_r767286731
* fixed output by level #278 #284
- fixed result counting process when rule has no aggregation condition #278
- added total output by level #284
* removed unnecessary crate
* fixed output #284
* removed unnecessary total/unique sum process #284
* add testcase and fix testcase bug
* add testcase, add check to check_cout()
* fixed count logic #278
* fixed test parameter
* add testcase
* fmt
* fixed count field check process #278
* fix testcase #281
* fixed comment typo
* removed one time used variable in test case #281
* fixed count field check process #278
* changed insert position #278
* changed contributor list
* fixed contributors list`
* passed with timeframe case #278
* passed all count test #278
* removed debug print
* removed debug print
* removed debug print
* cargo fmt
* changed by0level output format #284
* reduce clone() #278 #281
* changed for loop to map #278 #281
* fixed compile error
* changed priority from output in yml to aggregation output case aggregation condition exist in rule. #232
* fixed testcase #232
* changed if-let to generics #278 #281
* fixed error when test to sample_evtx#278 #281
* changed if-let to generic #278 #281
* adjust unwrap none error #278 #281
* fixed compile error and test case failed #278
Co-authored-by: ichiichi11 <takai.wa.hajime@gmail.com >
2021-12-19 20:48:29 +09:00
97b12fc068
fixed logic #301
2021-12-19 16:43:35 +09:00
55c05c6d38
adjusted alert function arg add #301
2021-12-19 13:56:34 +09:00
cbbcb4c068
Feature/re tuning and bugfix for regexes keyword ( #293 )
...
* re-tuning
* not effective
* re-tuning
* set key
* fix bug and fix testcase.
* fmt
2021-12-18 11:13:51 +09:00
d668fc9241
Regex filename change ( #291 )
...
* update rule config files and art
* regexサンプルファイルの名前変更
* fixed test error due to filename change #291
Co-authored-by: DustInDark <nextsasasa@gmail.com >
2021-12-17 21:25:55 +09:00
fd200c54b0
tuning ( #280 )
...
* remove unnecessary to_string
* remove unnecessary RWLock
* change hashmap crate
* remove unneccesarry to_string
* fmt
* remove rustc warning
* remove unnecessary to_string
* remove unnecessary comment
* remove unused functions
* remove unneccesary code.
* change compile option
* fmt
* remove unneccesarry split
* fmt
* remove unneccesary Option
2021-12-14 16:57:49 +09:00
50daf1d716
Feature/improve rule file read time#254 ( #260 )
...
* fixed cached aggregation parser regex #254
* fixed cached condition parser regex #254
* fixed cached condition parser regex re_pipe #254
2021-12-05 15:05:09 +09:00
bc230f7cd5
英語修正 ( #236 )
...
* 英語修正
* cargo fmt
* fixed test assertion string data
Co-authored-by: DustInDark <nextsasasa@gmail.com >
2021-11-27 11:21:55 +09:00
b48f774b93
Feature/output unique detection#209 ( #225 )
...
* checked contributors #141
- because RustyBlue code contributor(not hayabusa contributor) was mixed in hayabusa contributor
* changed yaml count name
* changed ruletype string #157
* fixed output of parse error #157
* fixed output
* added level unique detection output #209
2021-11-24 21:15:43 +09:00
034f9c0957
Add: sigma rules ( #175 )
2021-11-22 08:45:44 +09:00
7d49b0b521
Feature/#187 change allowlist regexes filenames ( #189 )
...
* add risk level filter arguments #45
* fix default level in help #45
* add test yaml files #45
* refactoring and fix level argument usage.
* cargo fmt --all
* add risk level filter arguments #45
* fix default level in help #45
* add test yaml files #45
* refactoring and fix level argument usage.
* cargo fmt --all
* update
* change filename
* fix regexe and allowlist filename in document #187
Co-authored-by: DustInDark <nextsasasa@gmail.com >
2021-11-12 13:53:09 +09:00
22c8302c4c
change from stdout to stderr. ( #190 )
2021-11-12 13:21:14 +09:00
5bfa6832c0
fix value keyword ( #183 )
2021-11-11 00:12:58 +09:00
15a28e5602
cache regex for allowlist and regexes keyword. ( #174 )
2021-11-10 03:10:03 +09:00
c5d5d25817
change from black to allow. ( #164 )
2021-11-09 00:41:21 +09:00
e77a193c5c
Feature/#158 add rulefilepath column ( #168 )
...
* add level csv column
* update
* Feature/output detect count151 (#167 )
* add output process count of detects events #151
* add output process count of detects event when output stdio #151
* add format enter
* update
Co-authored-by: DustInDark <nextsasasa@gmail.com >
2021-11-09 00:35:28 +09:00
dcf015970c
fixed warning #149 ( #161 )
2021-11-06 06:46:01 +09:00
4a1e46e47e
Feature/#140 document ( #144 )
...
* update
* fix regexes and whitelist
* underconstructing
* fix
* update
* add pic
* update
* update
* update
* fix
2021-10-22 00:43:40 +09:00
76103d31f3
Feature/event stats#105 ( #137 )
...
Event集計機能実装
Co-authored-by: HajimeTakai <takai.wa.hajime@gmail.com >
2021-09-20 23:53:45 +09:00
a469e6e60b
#102実装しました。 ( #133 )
2021-09-09 10:37:33 +09:00
330cbb58ca
WIP: Feature/count sigma rule #93 ( #113 )
...
* Feature/call error message struct#66 (#69 )
* change way to use write trait #66
* change call error message struct #66
* erase finished TODO #66
* erase comment in error message format test #66
* resolve conflict #66
* Feature/call error message struct#66 (#71 )
* change ERROR writeln struct #66
* under constructing
* add statistics template
* fix
* add comment
* add condition impl #93
* fix erased get_descendants and remove unnecessaly struct #93
* erased finished TODO comment
* erased finished TODO comment
* Revert "fix erased get_descendants and remove unnecessaly struct #93 "
This reverts commit 82e905e045#93 "
This reverts commit 19ecc87377#93
* add evaluate aggregation condition func provisional architecture. #93
* add countup function #93
* fix key to count hashmap #93
* add judge aggregation condition function #93
* fix error #93
* fix test #93
* share compile error ver
* fix detection.rs compile error
* fix timeframe parse
* add countup process in select
* fix select argument
* add test countup
* add test count judge #93
* add SIGMA windows count field and by keyword #93
* fix reference record in countup/judgecount #93
* add timedata in countup schema #93
* Refact: split code for matcher from rule.rs
* Reafact: combine multiple declared functions
* Refact: split code for SelectionNode from rule.rs
* Refact: mv test code for SelectionNode from rule.rs
* Refact: mv condition's code from rule.rs
* add count to detection #93
* fix compile error
* fix source to test ng. #93
* erase unused variable #93
* fix count architecture #93
* fix comment and compile error
* erase dust (response to review)
* erase dust (response to review)
* reduce calling Rulenode function (response to review)
* add aggregation output func
* erase dust(response to review) and add agg condition String func
* change error output
* reduce call RuleNode function(response to review)
* To reduce call RuleNode function
* fix test name
* fix coflicted resolve miss
* add code comment in timeframe count.
* add sort record timedata in timeframe(response to review)
* fix unnecesasry result in ArgResult
* add no field and by value count test
* create count test no field and by with timeframe
* erase duplicated timeframe data in RuleNode
* fix test error no field and no by count with timeframe
* fix test name
* add test case of exist field and by count.
* fix by count test and add test count othervalue in timeframe
* add test
* fix judge_timeframe logic when indexout
* fix test name and add count test field and by with timeframe
* adjust #120
* move associated count function from rulenode
* fix error when resolve conflict
* fix no output bug if exist output
Co-authored-by: HajimeTakai <takai.wa.hajime@gmail.com >
Co-authored-by: itiB <is0312vx@ed.ritsumei.ac.jp >
2021-07-16 07:20:44 +09:00
65b714b81b
rule.rsを分割する ( #121 )
...
* Refact: split code for matcher from rule.rs
* Reafact: combine multiple declared functions
* Refact: split code for SelectionNode from rule.rs
* Refact: mv test code for SelectionNode from rule.rs
* Refact: mv condition's code from rule.rs
* Refact: mv aggregation's code from condition_parser.rs
* Refact: use relationships
* cargo fmt --all
* remove unnecessary matcher
Co-authored-by: HajimeTakai <takai.wa.hajime@gmail.com >
2021-07-08 01:41:59 +09:00
James / hach1yon
DustInDark
Yamato Security
itiB
James
garigariganzy