c8efa95447
Pivot Keyword List機能の追加 ( #412 )
...
* add get_pivot_keyword() func
* change function name and call it's function
* [WIP] support config file
* compilete output
* cargo fmt
* [WIP] add test
* add test
* support -o option in pivot
* add pivot mod
* fix miss
* pass test in pivot.rs
* add comment
* pass all test
* add fast return
* fix output
* add test config file
* review
* rebase
* cargo fmt
* test pass
* fix clippy in my commit
* cargo fmt
* little refactor
* change file input logic and config format
* [WIP] change output
* [wip] change deta structure
* change output & change data structure
* pass test
* add config
* cargo fmt & clippy & rebase
* fix cllipy
* delete /rules/ in .gitignore
* clean comment
* clean
* clean
* fix rebase miss
* fix rebase miss
* fix clippy
* file name output on -o to stdout
* add pivot_keywords.txt to ./config
* updated english
* Documentation update
* cargo fmt and clean
* updated translate japanese
* readme update
* readme update
Co-authored-by: DustInDark <nextsasasa@gmail.com >
Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com >
2022-04-05 21:17:23 +09:00
425a629de7
Enhancement: add config config #456 ( #471 )
...
* added config option #456
* added process of option to speicifed config folder #456
following files adjust config option.
* noisy_rules.txt
* exclude_rules.txt
* fixed usage in readme
2022-03-30 15:26:58 +09:00
7861174a93
Remove unnecessary code from timeline_event_info and rename files for… ( #470 )
...
* Remove unnecessary code from timeline_event_info and rename files for issue462
* Remove unnecessary code #462
2022-03-30 09:46:18 +09:00
bb1f5f619d
Fix/fix clippy warn ( #434 )
...
- Fixed following Clippy Warnings(previous warning count: 671 -> after: 4)
- clippy::needless_return
- clippy::println_empty_string
- clippy::redundant_field_names
- clippy::single_char_pattern
- clippy::len_zero
- clippy::iter_nth_zero
- clippy::bool_comparison
- clippy::question_mark
- clippy::needless_collect
- clippy::unnecessary_unwrap
- clippy::ptr_arg
- clippy::needless_collect
- clippy::needless_borrow
- clippy::new_without_default
- clippy::assign_op_pattern
- clippy::bool_assert_comparison
- clippy::into_iter_on_ref
- clippy::deref_addrof
- clippy::while_let_on_iterator
- clippy::match_like_matches_macro
- clippy::or_fun_call
- clippy::useless_conversion
- clippy::let_and_return
- clippy::redundant_clone
- clippy::redundant_closure
- clippy::cmp_owned
- clippy::upper_case_acronyms
- clippy::map_identity
- clippy::unused_io_amount
- clippy::assertions_on_constants
- clippy::op_ref
- clippy::useless_vec
- clippy::vec_init_then_push
- clippy::useless_format
- clippy::bind_instead_of_map
- clippy::bool_comparison
- clippy::clone_on_copy
- clippy::too_many_arguments
- clippy::module_inception
- fixed clippy::needless_lifetimes
- fixed clippy::borrowed_box (Thanks for helping by hach1yon!)
2022-03-07 08:38:05 +09:00
fb007ee3a6
Small edits on help screen. ( #417 )
2022-02-27 09:04:30 +09:00
92c472d451
Hotfix/moved rule configs to hayabusa rules repo#409 ( #414 )
...
* fixed target config path #409
* fixed target config file path in test #409
* fixed rules target #409
* Documentation fix, deleted unneeded config files
* added workflow
* changed submodule option
* fixed worksflow to ref submodule
* fixed gitmodules
* fixed workflow
* check code insert
* added update submodules command
* test rules update
* removed test runs
* fixed error
Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com >
2022-02-26 18:19:19 +09:00
02b1d7f07c
added update command #391 ( #392 )
...
* add git2 crate #391
* added Update option #391
* updated readme #391
* fixed cargo.lock
* fixed option if-statement #391
* changed utc short option and rule-update short option #391
* updated readme
* updated readme
* fixed -u long option & version number update #391
* added fast-forwarding rules repository #391
* updated command line option #391
* moved output logo prev update rule
* fixed readme #391
* removed recursive option in readme
* English message update.
* cargo fmt
* Added update command#391 submodule ver (#401 )
* changed rules update from clone and pull to submodule update #391
* fixed document
* changed unnecessary clone recursively to clone only
* English message update. ( 4657c35e5c71482215+YamatoSecurity@users.noreply.github.com >
* added caution case of update failed in readme #391
* fixed document
* added output error in case of loaded rule count is 0 #391 #392
https://github.com/Yamato-Security/hayabusa/pull/392#issuecomment-1050276570
* --update-rules typo
* removed unused library call
Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com >
2022-02-26 18:18:03 +09:00
df86958850
added live analysys feature ( #398 )
...
* added windows live analysis option #125
* added live analysis option #125
* fixed live analysys condition #125
* changed live analysis option #125
* added live-analysis option in readme #125
* fixed live-analysis check condition #125
* is_elevated crate is only windows #125
* fixed is_elevated build error #125
* fixed is_elevated library crate load
* fixed call way os dependencies crate #125
* fix build error on linux and removed unnecessary create #125
* fixed lack of load crate when build at windows #125
* Update error message
Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com >
2022-02-15 02:12:45 +09:00
9cb54a9192
Hotfix/no output colorcode in no true color#376 ( #378 )
...
* added color code emit_csv test
* replaced HashMap and HashSet to hashbrown #368
* removed debug output in test #368
* added color option #376
* fixed process of output check #376
* removed color output check from test #376
* english updates
* colored detections and rules count output by level #384
* refactoring in colored output process #384
* update usage #364 #376
* fixed markdown lint
* added windows terminal bug evasion way #382
* update readme
* fixed colored output test
Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com >
2022-02-09 09:29:36 +09:00
d1597b2322
ルール場所指定オプションでファイルを扱えるようにする ( #364 )
...
* add only rule file path in --rules
* add error handling for metadata
* refactor
* add test
* rename test function
2022-01-31 12:09:25 +09:00
3097ff2ac3
added process case of no exist config files #347
2021-12-24 08:48:38 +09:00
2b76103028
fixed output #301
...
- To save error log, created empty folder logs
- fixed output
2021-12-21 21:50:33 +09:00
bccdd8fef9
fixed error
...
- changed writer from stderr to bufwriter
- changed alert,warn function arg fro String to borrow-String
2021-12-21 14:44:26 +09:00
29ee8a5901
added Q option
2021-12-21 01:38:25 +09:00
46211711d6
fixed #301 #303 #309
...
Squashed commit of the following:
commit 617f12177fbf5066e141b5c1adf969b25c03fa3c
Author: DustInDark <nextsasasa@gmail.com >
Date: Tue Dec 21 00:57:13 2021 +0900
fix test typo and merge #301
commit 78926ebf55ae48566152c4097990ca1b1b536b53
Merge: c492ba1 83d891bnextsasasa@gmail.com >
Date: Tue Dec 21 00:22:55 2021 +0900
Merge branch 'main' into feature/output_errorlog_file#301
commit c492ba120a0d977d909b714c2506bd198200853b
Author: DustInDark <nextsasasa@gmail.com >
Date: Tue Dec 21 00:18:52 2021 +0900
renamed hayabusa-logs to logs
commit ac018917300e535c2bfc62b6a9df081d4beb1568
Author: DustInDark <nextsasasa@gmail.com >
Date: Mon Dec 20 23:48:48 2021 +0900
changed output file path deprecated #303
commit dcef677117555f2fac929b6d3b24ac18b5fb08fc
Author: DustInDark <nextsasasa@gmail.com >
Date: Mon Dec 20 23:47:42 2021 +0900
removed error file delete logic
commit b09dec2e4a5c679c3b3c242a655f01cb3b49d490
Author: DustInDark <nextsasasa@gmail.com >
Date: Mon Dec 20 23:46:49 2021 +0900
fixed -Q option flag #309
2021-12-21 01:03:33 +09:00
1aebdca160
Revert "Feature/output errorlog#301" ( #314 )
2021-12-20 20:59:30 +09:00
a7c6be4182
added Quiet Errors option #309
2021-12-20 01:13:23 +09:00
300242099b
Merge branch 'main' into feature/output_errorlog#301
2021-12-20 01:05:48 +09:00
49c08ddbc9
changed output message by change option name
2021-12-20 00:42:46 +09:00
a023ba46a6
Usage menu update ( #302 )
...
* Usage menu update
* usage menuの微調整
* fixed options #302
- changed show-deprecated to enable-deprecated-rules
- changed csv-timeline to output
- change show-noisyalerts to enable-noisy-rules
* fixed option #302
- changed starttimeline to start-timeline
* fixed option #302
- changed q to quiet option
* fixed options #302
- changed endtimeline to end-timeline option
- changed threadnum to thread-number option
Co-authored-by: DustInDark <nextsasasa@gmail.com >
2021-12-19 20:03:39 +09:00
55c05c6d38
adjusted alert function arg add #301
2021-12-19 13:56:34 +09:00
d1d77b4e9f
cargo fmt --all
2021-12-16 20:14:31 +09:00
05076e4fec
Merge branch 'main' into feature/start_finish_time
2021-12-16 20:12:01 +09:00
7a6d264be0
feature : statusがdeprecatedなルールを読み込まない ( #272 )
...
* feature status deprecated exclude
* clean
* change logic and option name
* fix option description
2021-12-14 18:42:23 +09:00
fd200c54b0
tuning ( #280 )
...
* remove unnecessary to_string
* remove unnecessary RWLock
* change hashmap crate
* remove unneccesarry to_string
* fmt
* remove rustc warning
* remove unnecessary to_string
* remove unnecessary comment
* remove unused functions
* remove unneccesary code.
* change compile option
* fmt
* remove unneccesarry split
* fmt
* remove unneccesary Option
2021-12-14 16:57:49 +09:00
3fae98934b
Feature/change level option#250 ( #259 )
...
* fixed level option #250
* changed output
2021-12-13 01:52:21 +09:00
906319bae5
Merge branch 'main' into feature/start_finish_time
2021-12-11 15:30:22 +09:00
721bf993f7
cargo fmt --all
2021-12-11 15:28:13 +09:00
708305c958
Add: TargetTimefilter testcase
2021-12-11 15:27:11 +09:00
f8bd738984
fix: input time format
2021-12-07 01:25:21 +09:00
0e4136e9cf
fix: option's documents
2021-12-07 01:00:18 +09:00
4bb445d4f5
Add: time filter
2021-12-07 00:50:00 +09:00
cc7697a319
Merge branch 'main' into feature/start_finish_time
2021-12-06 23:07:08 +09:00
446e540d6f
merge main into feature/fill_no_use_rules
2021-12-02 00:49:54 +09:00
341a5e4f86
feature fillter no use rules
2021-11-30 22:54:36 +09:00
2febaa9b73
add target event filtering. ( #242 )
2021-11-28 19:02:27 +09:00
84f17323da
Hotfix/load rule level changed info to informational#237#238 ( #240 )
...
* changed INFO to informational #237
- INFO in rule level is changed to informational
* changed level load default rule from LOW to INFORMATIONAL #238
* fixed level description in doc and help menu #238
* removed test files
* removed test check file
2021-11-28 18:27:58 +09:00
bc230f7cd5
英語修正 ( #236 )
...
* 英語修正
* cargo fmt
* fixed test assertion string data
Co-authored-by: DustInDark <nextsasasa@gmail.com >
2021-11-27 11:21:55 +09:00
b48f774b93
Feature/output unique detection#209 ( #225 )
...
* checked contributors #141
- because RustyBlue code contributor(not hayabusa contributor) was mixed in hayabusa contributor
* changed yaml count name
* changed ruletype string #157
* fixed output of parse error #157
* fixed output
* added level unique detection output #209
2021-11-24 21:15:43 +09:00
b2692ef983
Add: input function for start/end option
2021-11-24 00:09:41 +09:00
b53342218c
Feature/output logo#206 ( #222 )
...
* add output logo #206
* added newline and orgnization name #206
* add output rule count #200
* Changed yml summarize the totals for each folder hierarchy. #157
* added analyzing evtx file count output #157
* added loaded rule count output #157
* added quiet option #206
2021-11-21 15:16:44 +09:00
86321a4502
Feature/output read rule directory#201 ( #221 )
...
* fixed filepath evtx extension #162
* added rules option to config usage #201
* fixed filepath evtx extension rule #162
* added rules directory read feature #201
* added test case #201
* fixed usage set #201
* removed all check rule #201
* fixed rule read function data #201
2021-11-20 14:01:50 +09:00
199a8231c1
v1.0でリリースしない機能の削除、contributorsの表示、levelオプションのデフォルト値修正 #141 #211 ( #218 )
...
* changed default level to Low #211
* fixed usage #211
* erased Lang option #195
* changed output credit to contributors #141
* Removed contributor information for uncreated features and features that will not be introduced in v1.0. #141
* removed slack notification feature #202
- removed config option
- removed artifact slack notification call
* removed description of slack notification #202
* fixed default level to Low #211
* removed description about slack notification #202
2021-11-20 09:56:59 +09:00
e2ac686c3f
Feature/verbose output rule and file#188 ( #219 )
...
* added verbose output rule and evtx path #188
* fixed typo
* changed yaml read error to warn message #188
- added AlertMessage::warn
- yaml read error changed from error to warn
2021-11-20 09:10:17 +09:00
480f2d26c0
Feature/change output timeformat#154 ( #194 )
...
* changed default output time format #154
* added time zone #154
* added rfc3339 option #154
2021-11-14 17:48:38 +09:00
66b8f2de9e
Feature/risk level condition#45 ( #186 )
...
* add risk level filter arguments #45
* fix default level in help #45
* add test yaml files #45
* refactoring and fix level argument usage.
* cargo fmt --all
Co-authored-by: ichiichi11 <takai.wa.hajime@gmail.com >
2021-11-11 23:47:29 +09:00
1bdf6943ff
update ( #171 )
2021-11-09 00:50:15 +09:00
c97cf7373a
change from lagotto to hayabusa. ( #170 )
2021-11-09 00:32:24 +09:00
4a1e46e47e
Feature/#140 document ( #144 )
...
* update
* fix regexes and whitelist
* underconstructing
* fix
* update
* add pic
* update
* update
* update
* fix
2021-10-22 00:43:40 +09:00
23c60fa8ff
Feature/slack_notify#134 ( #139 )
...
* add slack notify
* cargo fmt --all
* slack-hook version up
* change bot name
2021-09-30 20:43:50 +09:00
kazuminn
DustInDark
garigariganzy
Yamato Security
itiB
James Takai / hach1yon
James
nishikawaakira