CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,435 Commits 6 Branches 18 Tags
ebe89905b51b332817d753847e22758d4b511d5c
Commit Graph

1435 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
itiB
65b714b81b rule.rsを分割する (#121) 
* Refact: split code for matcher from rule.rs

* Reafact: combine multiple declared functions

* Refact: split code for SelectionNode from rule.rs

* Refact: mv test code for SelectionNode from rule.rs

* Refact: mv condition's code from rule.rs

* Refact: mv aggregation's code from condition_parser.rs

* Refact: use relationships

* cargo fmt --all

* remove unnecessary matcher

Co-authored-by: HajimeTakai <takai.wa.hajime@gmail.com>
 2021-07-08 01:41:59 +09:00
James
c13e6da932 Feature/sigmarule wildcard regex caseinsensitive#119 (#123) 
* under constructing

* underconstructing

* fix rule file for SIGMA rule.

* wildcard case insensetive.

* refactor

* Update src/detections/rule.rs

add test triple backshash

Co-authored-by: itiB <is0312vx@ed.ritsumei.ac.jp>

* remove unnecessary if statement

Co-authored-by: itiB <is0312vx@ed.ritsumei.ac.jp>
 2021-07-02 20:19:53 +09:00
James
ea9f6b96c7 Feature/and or not #107 (#117) 
* wip

* wip

* wip

* wip

* wip

* wip

* wip

* dekita

* cargo fmt --all

* change message

* count parse implementedgit add .!

* Update: use docstring in rule.rs (#118)

* add testcase.

* add testcase.

* fix comment

Co-authored-by: itiB <is0312vx@ed.ritsumei.ac.jp>
 2021-06-04 00:35:03 +09:00
itiB
b22051e207 Feature/str exact match#79 (#100) 
* Add: LeafMatch struct 'StartsWithMatcher'

* Add: LeafMatch struct 'EndsWithMatcher'

* Add: LeafMatch struct 'ContainsMatcher'

* WIP: StrFeature

* Add: get strFeature's from rule file

* refact

* Revert "refact"
This reverts commit 5439b4d6d52dff4a90307206404e38ff20fe792e.

Revert "Add: get strFeature's from rule file"
This reverts commit 152ad10a03f67f23e6de3db93be9b4e7eaf6a7a8.

Revert "WIP: StrFeature"
This reverts commit bf7271348d30b24f6063cfe8ce5b27e956143d60.

* Add: matcher selector for string options

* Add: rm |xxx text from rule file

* fix: leafNodes's |xxx command overwritten

* test: startswith, endswith, contains LeafNodeTest

* test: use string MethodNode in OrSelectionNode

* cargo fmt --all

* Update: when undefined rule option occur, raise err
 2021-05-28 23:19:43 +09:00
James
9b8bed70f8 Feature/timeline template #104 (#106) 
* under constructing

* add statistics template

* fix

* add comment

* change for statistics
 2021-05-16 01:34:48 +09:00
Alan Smithee
99b640adaa Add rule of Kerberoasting and AS-REP Roasting #91 (#101) 
* Feature/call error message struct#66 (#69)

* change  way to use write trait #66

* change call error message struct #66

* erase finished TODO #66

* erase comment in error message format test #66

* resolve conflict #66

* Feature/call error message struct#66 (#71)

* change ERROR writeln struct #66

* add Kerberoasting & AS-REP Roasting Rule #91

* fix rule and add alias #91
 2021-05-13 22:52:15 +09:00
James
e0b5434716 Merge pull request #99 from YamatoSecurity/feature/make_rule.rs_testcase_#97 
Feature/make rule.rs testcase #97
 2021-05-13 22:30:23 +09:00
ichiichi11
ee23fc9a66 cargo fmt --all 2021-05-13 22:07:41 +09:00
ichiichi11
e960586ede fix comment 2021-05-13 22:05:49 +09:00
HajimeTakai
7cd0691764 cargo fmt --all 2021-05-12 23:19:03 +09:00
HajimeTakai
e504a36d0a refactoring 2021-05-12 23:16:11 +09:00
HajimeTakai
4e68e75cb2 add testcase 2021-05-12 22:45:38 +09:00
HajimeTakai
b9752e567d underconstructing 2021-05-10 00:41:20 +09:00
HajimeTakai
61ae299e4b underconstructing 2021-05-10 00:14:50 +09:00
HajimeTakai
7913fbfb95 refactoring 2021-05-09 17:26:17 +09:00
James
2f24dc775f Feature/filter record by eventid#94 (#95) 
* add function to get event id from rootnode.

* refactoring #76

* maybe fix bug.

* before test

* fix source files.

* cargo fmt --all

* add threadnum parameter
 2021-05-06 20:58:43 +09:00
Alan Smithee
a68a59417d Feature/add eventfilepath to csv #76 (#89) 
* Feature/call error message struct#66 (#69)

* change  way to use write trait #66

* change call error message struct #66

* erase finished TODO #66

* erase comment in error message format test #66

* resolve conflict #66

* Feature/call error message struct#66 (#71)

* change ERROR writeln struct #66

* add evtx file path export to csv #76

* fixed test case #76

* fix for #76

* forget cargo fmt -all

* fix testcase

Co-authored-by: ichiichi11 <takai.wa.hajime@gmail.com>
 2021-05-01 09:49:48 +09:00
ichiichi11
541494047a Merge branch 'feature/multi-thread#68' 2021-04-01 23:20:55 +09:00
ichiichi11
377213c294 change comment 2021-03-22 00:02:24 +09:00
ichiichi11
f7ae24a785 change comment 2021-03-21 23:53:06 +09:00
ichiichi11
61ce8415bd マルチスレッド対応 2021-03-21 18:10:09 +09:00
nishikawaakira
7b0357b120 Feature/changeSingleton#53,#65 (#67) 
* change from singleton to global variable

* issue #65

* #65 test mode implemented

* cargo fmt --all
 2021-03-19 04:46:52 +09:00
Alan Smithee
f594bb1432 Feature/emessageformat#62 (#64) 
* add struct to alert error message refs #62

* add pub to call module #62
 2021-03-11 20:04:51 +09:00
sigure
194e554624 Merge pull request #61 from YamatoSecurity/feature/issue#60 
issue60の修正
 2021-03-04 19:04:51 +09:00
ichiichi11
7bd044272c #60 2021-03-03 23:29:27 +09:00
ichiichi
7f99dadcb4 Merge pull request #59 from YamatoSecurity/feature/issue#57 
Feature/issue#57
 2021-02-27 11:15:29 +09:00
ichiichi11
4f42e21529 testcase 修正 2021-02-26 20:44:55 +09:00
ichiichi11
185acd83cd issue57に伴うデグレの修正。検知したログの時間が取得できなくなった問題の修正 2021-02-26 20:37:24 +09:00
nishikawaakira
382a48edfc Merge pull request #54 from YamatoSecurity/feature/eventkey_alias 
eventkey_alias の精査 / #51
 2021-02-26 09:06:08 +09:00
ichiichi11
af2331e6ad format 2021-02-25 23:23:43 +09:00
ichiichi11
3e1c4a2942 fix issue#57 2021-02-25 23:04:12 +09:00
nishikawaakira
631dda679a Merge pull request #55 from YamatoSecurity/feature/append_emit_data 
Feat: output detected rule's title
 2020-12-25 11:32:56 +09:00
nishikawaakira
3fd11860ce Merge pull request #56 from YamatoSecurity/feature/rm_unnecessary_code 
refactor
 2020-12-17 11:04:59 +00:00
itiB
c130ca08dd refactor 2020-12-17 19:38:00 +09:00
itiB
857e22e6f8 Feat: output detected rule's title 2020-12-17 18:55:56 +09:00
akiranishikawa
a77edfb311 #51 resolved 2020-12-16 20:29:08 +09:00
itiB
c7dd0adfe1 Merge pull request #43 from YamatoSecurity/feature/emit_csv2 
Update: release csv-timeline function
 2020-12-15 03:00:44 +09:00
ichiichi
d9beb3c71b Merge pull request #50 from YamatoSecurity/fix/#40 
resolved #40
 2020-12-13 18:14:18 +09:00
akiranishikawa
a87058743e cargo fmt 2020-12-13 17:28:00 +09:00
nishikawaakira
83cf1e398c Merge branch 'main' into feature/emit_csv2 2020-12-13 08:18:29 +00:00
nishikawaakira
ca68005d90 Merge pull request #49 from YamatoSecurity/feature/main_refactor 
refactor
 2020-12-10 20:28:11 +00:00
itiB
f1844882e6 Refact: after_fact.rs emit time format 2020-12-10 01:57:53 +09:00
nishikawaakira
a281c213ef Merge pull request #35 from YamatoSecurity/feature/credits 
credits template
 2020-12-07 17:17:09 +00:00
kazuminn
cec683408e refactor 2020-12-07 17:45:05 +09:00
akiranishikawa
f58d5f316b resolved #40 2020-12-07 12:18:48 +09:00
kazuminn
d94d18f9cd refactor 2020-12-06 22:50:20 +09:00
kazuminn
b9189f8e31 refactor 2020-12-06 22:28:00 +09:00
nishikawaakira
67da36c919 Merge pull request #48 from YamatoSecurity/feature/directory_option 
implement directory option
 2020-12-06 08:46:52 +00:00
ichiichi11
b6c89c754b implement directory option 2020-12-05 23:30:09 +09:00
itiB
7d43885d05 feat: emit DateTime with selected timezone 
@fox
 2020-12-05 02:47:19 +09:00