CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
577 Commits 6 Branches 18 Tags
bcf8a33e8cec9b40955a70d21232c4164b3215b2
Commit Graph

577 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
DustInDark
bcf8a33e8c v1.2 pre-release marge (#495) 
* Fix/fix clippy warn (#434)

- Fixed following Clippy Warnings(previous warning count: 671 -> after: 4)
  - clippy::needless_return
  - clippy::println_empty_string
  - clippy::redundant_field_names
  - clippy::single_char_pattern
  - clippy::len_zero
  - clippy::iter_nth_zero
  - clippy::bool_comparison
  - clippy::question_mark
  - clippy::needless_collect
  - clippy::unnecessary_unwrap
  - clippy::ptr_arg
  - clippy::needless_collect
  - clippy::needless_borrow
  - clippy::new_without_default
  - clippy::assign_op_pattern
  - clippy::bool_assert_comparison
  - clippy::into_iter_on_ref
  - clippy::deref_addrof
  - clippy::while_let_on_iterator
  - clippy::match_like_matches_macro
  - clippy::or_fun_call
  - clippy::useless_conversion
  - clippy::let_and_return
  - clippy::redundant_clone
  - clippy::redundant_closure
  - clippy::cmp_owned
  - clippy::upper_case_acronyms
  - clippy::map_identity
  - clippy::unused_io_amount
  - clippy::assertions_on_constants
  - clippy::op_ref
  - clippy::useless_vec
  - clippy::vec_init_then_push
  - clippy::useless_format
  - clippy::bind_instead_of_map
  - clippy::bool_comparison
  - clippy::clone_on_copy
  - clippy::too_many_arguments
  - clippy::module_inception
  - fixed clippy::needless_lifetimes
  - fixed clippy::borrowed_box (Thanks for helping by hach1yon!)

* Merge main and output fix#443#444 (#445)

* removed tools/sigmac (#441)

* removed tools/sigmac

- moved tools/sigmac to hayabusa-rules repo

* fixed doc link tools/sigmac

* fixed submodule track

* fixed submodule track from latest to v1.1.0 tag

* fixed link

* erased enter #444

* erased enter #444

* reverted logo enter

* fixed rules submodule target commit #444

Co-authored-by: Yamato Security <71482215+YamatoSecurity@users.noreply.github.com>

* readme update screenshots etc (#448)

* Opensslを静的にコンパイルするためにCargo.tomlの設定変更 (#437)

* cargo update - openssl static

* updated cargo

* macos2apple

* cargo update

* cargo update

* aliasキーがない場合もEvent.EventDataを自動で走査する (#442)

* add no event key

* support not-register-alias search

* added checking EventData when key do not match in alias #290

- added checking key in Event.EventData, if key is not exist in eventkey_alias.txt.

* cargo fmt

* fixed panic when filter files does not exists

* fixed errorlog format when filter config files does not exist

Co-authored-by: DustInDark <nextsasasa@gmail.com>

* changed downcast library from mopa to downcast_rs #447 (#450)

* Fixed Clippy Warnings (#451)

* fixed clippy warn

* fixed cargo clippy warnging

* fixed clippy warngings in clippy ver 0.1.59

* fixed clippy warnings clippy::unnecessary_to_owned

* added temporary blackhat arsenal badge

* added rust report card badges #453

* added repository maintenance levels badge #453

* documentation update macOS usage etc

* update

* added clippy workflow #428 (#429)

* added clippy workflow #428

* fixed action yaml to run clippy #428

* fixed indent

* fixed workflow

* fixed workflow error

* fixed indent

* changed no annotation #428

* adujusted annotation version

* fixed clippy::needless_match

* remove if let exception

* removed unnecessary permission check #428

* statistics event id update (#457)

* Feature/#440 refactoring #395 (#464)

* updated submodule

* fix degrade for pull req #464 (#468)

* fix degrade for pull req #464

* add trim

* Fearture/ added output update result#410 (#452)

* add git2 crate #391

* added Update option #391

* updated readme #391

* fixed cargo.lock

* fixed option if-statement #391

* changed utc short option and rule-update short option #391

* updated readme

* updated readme

* fixed -u long option & version number update #391

* added fast-forwarding rules repository #391

* updated command line option #391

* moved output logo prev update rule

* fixed readme #391

* removed recursive option in readme

* changed rules update from clone and pull to submodule update #391

* fixed document

* changed unnecessary clone recursively to clone only

* English message update.

* cargo fmt

* English message update. ( 4657c35e5c cherry-pick)

* added create rules folder when rules folder is not exist

* fixed gitmodules github-rules url from ssh to https

* added output of updated file #420

* fixed error #410

* changed update rule list seq

* added test

* fixed output #410

* fixed output and fixed output date field  when  modified field is lacked #410

* fixed compile error

* fixed output

- added enter after Latest rule update output
- added output when no exist new rule
- fixed Latest rule update date format
- changed output from 'Latest rule update' to 'Latest rules update'

* fixed compile error

* changed modified date source from rules folder to each yml rule file

* formatting use chrono in main.rs

* merge develop clippy ci

* fixed output when no update rule #410

- removed Latest rule update

- no output "Rules update successfully" when No rule changed

* Change English

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>

* Remove unnecessary code from timeline_event_info and rename files for… (#470)

* Remove unnecessary code from timeline_event_info and rename files for issue462

* Remove unnecessary code #462

* add equalsfield pipe (#467)

* Enhancement: add config config #456 (#471)

* added config option #456

* added process of option to speicifed config folder #456

following files adjust config option.

* noisy_rules.txt

* exclude_rules.txt

* fixed usage in readme

* updated rules submodule:

* fixed process when yml file exist in .git folder

* ignore when yml file exist in .git folder

* Add: --level-tuning option's outline

* Add: read Rule files

* Add: input rule_level.txt files & read rules

* cargo fmt

* Add: level-tuning function

* Reface: split to options file

* WIP: Text overwrite failed...

* Fix: Text overwrite was failed

* Add: Error handlings

* Add: id, level validation

* mv: IDS_REGEX to configs file

* fix: level tuning's file name

* Cargo fmt

* Pivot Keyword List機能の追加 (#412)

* add get_pivot_keyword() func

* change function name and call it's function

* [WIP] support config file

* compilete output

* cargo fmt

* [WIP] add test

* add test

* support -o option in pivot

* add pivot mod

* fix miss

* pass test in pivot.rs

* add comment

* pass all test

* add fast return

* fix output

* add test config file

* review

* rebase

* cargo fmt

* test pass

* fix clippy in my commit

* cargo fmt

* little refactor

* change file input logic and config format

* [WIP] change output

* [wip] change deta structure

* change output & change data structure

* pass test

* add config

* cargo fmt & clippy & rebase

* fix cllipy

* delete /rules/ in .gitignore

* clean comment

* clean

* clean

* fix rebase miss

* fix rebase miss

* fix clippy

* file name output on -o to stdout

* add pivot_keywords.txt to ./config

* updated english

* Documentation update

* cargo fmt and clean

* updated translate japanese

* readme update

* readme update

Co-authored-by: DustInDark <nextsasasa@gmail.com>
Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>

* Add: test

* Add: README.md

* Cargo fmt

* Use
#[cfg(test)]

* Fixed output stop when  control char exist in windows terminal (#485)

* added control character filter in details #382

* fixed document

- removed fixed windows teminal caution in readme

* fixed level tuning test and added test files #390

* changed level_tuning.txt header from next_level to new_level

* fixed convert miss change to low level

* added run args rules path to check test easy #390

* fixed comment out processing in level_tuning.txt

* fixed config to show level-tuning option

* fixed level-tuning option usage from required to option

* reduce output mitre attack detail tachnique No. by config file (#483)

* reduced mitre attck tag output by config file #477

* prepared 1.2.0 version toml

* added test files and mitre attck strategy tag file #477

* fixed cargo.toml version

* updated cargo.lock

* output tag english update

* cargo fmt

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>

* Fix: test file's path was incorrect

* Add: add test_files/config/level_tuning.txt

* Add: Flush method.

* inserted debug data

* reverted config usage

* fixed test yaml file path

* Feature/#216 output allfields csvnewcolumn (#469)

* refactoring

* refactoring

* under constructing

* underconstructing

* under construction

* underconstructing

* fix existing testcase

* finish implement

* fmt

* add option

* change name

* fix control code bug

* fix disp

* change format and fix testcase

* fix help

* Fix: show usage when hayabusa has no args

* rm: debug line

* Enhance/warning architecture#478 (#482)

* added  enhance of architecture check #478

* changed check architecture process after output logo #478

* English msg update

* fixed detect method of os-bit to windows and linux

* removed mac and unix architecture and binary and updated its process of windows

* fix clippy

* added check on Wow64 env #478

* Update contributors.txt

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>

* added --level-tuning option to usage

* Revert "added --level-tuning option to usage"

This reverts commit e6a74090a3.

* readme update

* Update README-Japanese.md

* readme, version, cargo update

* typo fix

* typo fix

* rm: duplicated test & fix test name

* Add: show logo, and some infos

* small english fix

* twitter link fix (#486)

* added feature of tag output reducing to agg condition #477 (#488)

* changed level output from informational to info #491

* updated rules submodule

* v1.2 changelog update (#473)

* changelog update

* Update CHANGELOG.md

added contributor in "Fields that are not defined in eventkey_alias.txt will automatically be searched in Event.EventData."

ref #442

* Update CHANGELOG-Japanese.md

Fields that are not defined in eventkey_alias.txt will automatically be searched in Event.EventData.

added contributor in "Fields that are not defined in eventkey_alias.txt will automatically be searched in Event.EventData."

ref #442

* Update CHANGELOG.md

added bug fixes (#444) and `Performance and. accuracy`  add contributor ref(#395)

* Update CHANGELOG-Japanese.md

* Translated v1.2 change log to Japanese

v1.2の内容を日本語に修正

* fixed typo

added lacked back quote.

* added description

added following issue and pr description to readme

- #216 / #469 L8
- #390 / #459 L9
- #478 / #482 L19
- #477/ #483 L20

* added description README.md

added following issue and pr description to readme

- #216 / #469 L8
- #390 / #459 L9
- #478 / #482 L19
- #477/ #483 L20

* changelog update

* changelog update

* update

Co-authored-by: DustInDark <nextsasasa@gmail.com>

* updated rules #493 (#494)

* Resolve conflict develop (#496)

* removed tools/sigmac (#441)

* removed tools/sigmac

- moved tools/sigmac to hayabusa-rules repo

* fixed doc link tools/sigmac

* fixed submodule track

* fixed submodule track from latest to v1.1.0 tag

* fixed link

* fixed rules submodule targe #444

* updated submodule

* updated rules submodule

Co-authored-by: Yamato Security <71482215+YamatoSecurity@users.noreply.github.com>

Co-authored-by: Yamato Security <71482215+YamatoSecurity@users.noreply.github.com>
Co-authored-by: kazuminn <warugaki.k.k@gmail.com>
Co-authored-by: James / hach1yon <32596618+hach1yon@users.noreply.github.com>
Co-authored-by: garigariganzy <tosada31@hotmail.co.jp>
Co-authored-by: itiB <is0312vx@ed.ritsumei.ac.jp>
v1.2.0 		2022-04-15 12:13:00 +09:00
DustInDark
2b5837dfc8 updated rules (#497) 2022-04-15 12:12:22 +09:00
Yamato Security
66ac9dd00b Merge pull request #474 from Yamato-Security/update/rules_submodule_main 
updated rules submodule(To main branch)
 2022-03-30 20:54:23 +09:00
DustInDark
230a481eaf updated rules submodule 2022-03-30 20:39:46 +09:00
Yamato Security
b3476f6ad5 Merge pull request #466 from Yamato-Security/rule_submodule_update_main 
Updated rule submodule in main branch
 2022-03-26 19:14:05 +09:00
DustInDark
9b058bcbdc updated submodule 2022-03-26 18:13:38 +09:00
Yamato Security
af3550dd39 Merge pull request #446 from Yamato-Security/fix/fix_rules_submodule_commit 
fixed rules submodule targe #444
 2022-03-08 19:36:21 +09:00
Alan Smithee
3fa8faa97a fixed rules submodule targe #444 2022-03-08 18:10:38 +09:00
DustInDark
b3cfedf4a5 removed tools/sigmac (#441) 
* removed tools/sigmac

- moved tools/sigmac to hayabusa-rules repo

* fixed doc link tools/sigmac

* fixed submodule track

* fixed submodule track from latest to v1.1.0 tag

* fixed link
 2022-03-05 22:26:22 +09:00
Yamato Security
db857f81af Merge pull request #425 from Yamato-Security/develop 
v1.1.0 Release
v1.1.0 		2022-03-03 09:09:48 +09:00
Yamato Security
631496cf41 Update contributors.txt 2022-03-03 08:54:16 +09:00
Alan Smithee
6694b9b4d5 Merge branch 'main' into develop 2022-03-02 20:19:27 +09:00
Yamato Security
cf4bdd00c7 Merge pull request #435 from Yamato-Security/readme-update---32bit-cross-compile-add 
Readme update  32bit cross compile add
 2022-03-02 19:16:32 +09:00
Alan Smithee
d498d3114b Merge branch 'readme-update---32bit-cross-compile-add' of github.com:Yamato-Security/hayabusa into readme-update---32bit-cross-compile-add 2022-03-02 18:29:31 +09:00
Alan Smithee
5d4c465bcc fixed janapese usage readme 2022-03-02 18:28:44 +09:00
Alan Smithee
b43f41e7f2 fixed command option in usage 
- UTC option is changed from -u to -U
- Run onlive Windows machine is adjusted -l (--live-analysis)
 2022-03-02 18:21:55 +09:00
Tanaka Zakku
7bc845ea81 cross compile command fix 2022-03-02 18:14:28 +09:00
Tanaka Zakku
5fdcd40179 usage update 2022-03-02 17:02:19 +09:00
Tanaka Zakku
4572bb98f4 add linux compile comment 2022-03-02 16:19:25 +09:00
Tanaka Zakku
02628526ec use standard cargo build to compile 2022-03-02 13:34:33 +09:00
Tanaka Zakku
bd4f433b73 readme update - 32bit compile add 2022-03-02 10:13:45 +09:00
Yamato Security
f183c4352f Merge pull request #433 from Yamato-Security/hotfix/failed_twice_update_rule#432 
Hotfix/failed twice update rule#432
 2022-03-01 08:19:33 +09:00
Alan Smithee
0fdabf0d70 added process of remove submodule cache #432 2022-03-01 03:17:55 +09:00
Alan Smithee
6e5b24282f cargo fmt 2022-02-28 18:27:06 +09:00
Alan Smithee
c3c9423b74 fixed clippy warn 2022-02-28 18:25:54 +09:00
Alan Smithee
28ded269de fixed process case of not exist hayabusa .git folder #432 2022-02-28 18:24:49 +09:00
Yamato Security
b0434726ca readme update mac compile error (#431) 2022-02-28 15:23:32 +09:00
Yamato Security
65eb818f9b unique rules to detections (#426) 2022-02-28 10:16:39 +09:00
Yamato Security
087529ee91 readme update-RuleDocToHayabusRulesRepo BugSub (#427) 2022-02-28 10:14:27 +09:00
Yamato Security
1cd3680a3a Merge pull request #424 from Yamato-Security/hotfix/not_update_submodule_update#422 
Hotfix/not update submodule update#422
 2022-02-28 06:24:22 +09:00
Alan Smithee
b22798fddd added merge process when submodule update option #422 2022-02-27 21:04:33 +09:00
Alan Smithee
d1553e3ab1 changed crate load together 2022-02-27 21:02:43 +09:00
DustInDark
dc8d7f3522 Update issue templates #419 (#423) 
* Update issue templates #419

Added bug report template

* removed unnecessary bug report #419
 2022-02-27 12:25:49 +09:00
Yamato Security
fb007ee3a6 Small edits on help screen. (#417) 2022-02-27 09:04:30 +09:00
Yamato Security
5022e38b83 Added CHANGELOG (#418) 2022-02-27 08:59:10 +09:00
DustInDark
92c472d451 Hotfix/moved rule configs to hayabusa rules repo#409 (#414) 
* fixed target config path #409

* fixed target config file path in test #409

* fixed rules target #409

* Documentation fix, deleted unneeded config files

* added workflow

* changed submodule option

* fixed worksflow to ref submodule

* fixed gitmodules

* fixed workflow

* check code insert

* added update submodules command

* test rules update

* removed test runs

* fixed error

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
 2022-02-26 18:19:19 +09:00
DustInDark
02b1d7f07c added update command #391 (#392) 
* add git2 crate #391

* added Update option #391

* updated readme #391

* fixed cargo.lock

* fixed option if-statement #391

* changed utc short option and rule-update short option #391

* updated readme

* updated readme

* fixed -u long option & version number update #391

* added fast-forwarding rules repository #391

* updated command line option #391

* moved output logo prev update rule

* fixed readme #391

* removed recursive option in readme

* English message update.

* cargo fmt

* Added update command#391 submodule ver (#401)

* changed rules update from clone and pull to submodule update #391

* fixed document

* changed unnecessary clone recursively to clone only

* English message update. ( 4657c35e5c cherry-pick)

* added create rules folder when rules folder is not exist

* fixed gitmodules github-rules url from ssh to https

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>

* added caution case of update failed in readme #391

* fixed document

* added output error in case of loaded rule count is 0  #391 #392

 https://github.com/Yamato-Security/hayabusa/pull/392#issuecomment-1050276570

* --update-rules typo

* removed unused library call

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
 2022-02-26 18:18:03 +09:00
DustInDark
568ce6764c Document/describe wildcard is case insensitive#411 (#415) 
* describe case-sensitive when use startswith,endswith,contains,re to
aboutrulecreation-japanese #411

* describe case-insensitive when not use startswith,endswith,contains,re to aboutrulecreation #411

* slight wording update

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
 2022-02-25 20:16:19 +09:00
DustInDark
0dc5de4b73 Bug/ Fixed error when target environment is not installed vcc redistribute package (#408) 
* fixed error when target environment has not installed vcc redistribute package

* added cfg to static_vcruntime when target os is windows.
 2022-02-25 10:07:12 +09:00
DustInDark
a04b63662c Bugfix/fixed alias to no detect rename binary rule (#406) 
* added OriginalFileName alias #405

* removed not exist tag in sigma rule(OriginalFilename)

* fixed typo
 2022-02-22 23:17:48 +09:00
Yamato Security
191acef8fe Merge pull request #403 from Yamato-Security/enhancement/config-update 
Update config files
 2022-02-22 18:20:42 +09:00
Alan Smithee
f9b02a65b6 fixed test to change regex detectlist_suspicous_services.txt 2022-02-22 08:42:23 +09:00
Tanaka Zakku
0260a223fd Update config files 2022-02-21 17:07:47 +09:00
itiB
4abbb24117 Merge pull request #400 from Yamato-Security/document/add-contents-table 
Add: Table of Contents to README
 2022-02-17 19:59:57 +09:00
DustInDark
58017e971f fixed detection lack when tab and enter control character in event record#395 (#396) 
* fixed no detected bug when enter and tab control character in record data #395

* added remove \r \n \t character in utils.rs
* added call of utils.rs function in selectionnodes.rs

* added tests #395

* changed space control character function args #395

* fixed test due to function args changes #395

* changed replace method using regex #395

* changed regex by record_data_filter.txt #395

* added record_data_filter.txt #395

* fixed test #395

* added record_data_filter

- add Properties regex
- add ScriptBlockText regex
- add Payload regex
 2022-02-17 05:07:15 +09:00
itiB
47c1d42daf Add: Table of Contents to README 2022-02-17 00:19:17 +09:00
DustInDark
0a559da580 Fixed Readme (#399) 
* add shields to README-Japanese.md

* replaced README.md to README-English.md

* fixed tags url ref

* fixed reference typo

* fixed hayabusa logo view size

* fixed readme
 2022-02-16 09:28:52 +09:00
DustInDark
19c44b4f66 added mitre attack data output in csv output (#397) 
* added tags information in csv output #234

* fixed test due to change csvformat struct #234

* changed tag info separator #234

* changed separator #234

* changed tag info separator #234
 2022-02-15 02:13:37 +09:00
DustInDark
df86958850 added live analysys feature (#398) 
* added windows live analysis option #125

* added live analysis option #125

* fixed live analysys condition #125

* changed live analysis option #125

* added live-analysis option in readme #125

* fixed live-analysis check condition #125

* is_elevated crate is only windows #125

* fixed is_elevated build error #125

* fixed is_elevated library crate load

* fixed call way os dependencies crate #125

* fix build error on linux and removed unnecessary create #125

* fixed lack of load crate when build at windows #125

* Update error message

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
 2022-02-15 02:12:45 +09:00
DustInDark
9cb54a9192 Hotfix/no output colorcode in no true color#376 (#378) 
* added color code emit_csv test

* replaced HashMap and HashSet to hashbrown #368

* removed debug output in test #368

* added color option #376

* fixed process of output check #376

* removed color output check from test #376

* english updates

* colored detections and rules count output by level #384

* refactoring in colored output process #384

* update usage #364 #376

* fixed markdown lint

* added windows terminal bug evasion way #382

* update readme

* fixed colored output test

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
 2022-02-09 09:29:36 +09:00