CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
667 Commits 6 Branches 18 Tags
f0cdfae81acc9159ff24d2b82650113bb033c0b1
Commit Graph

346 Commits

Author SHA1 Message Date
DustInDark
bcf8a33e8c v1.2 pre-release marge (#495) 
* Fix/fix clippy warn (#434)

- Fixed following Clippy Warnings(previous warning count: 671 -> after: 4)
  - clippy::needless_return
  - clippy::println_empty_string
  - clippy::redundant_field_names
  - clippy::single_char_pattern
  - clippy::len_zero
  - clippy::iter_nth_zero
  - clippy::bool_comparison
  - clippy::question_mark
  - clippy::needless_collect
  - clippy::unnecessary_unwrap
  - clippy::ptr_arg
  - clippy::needless_collect
  - clippy::needless_borrow
  - clippy::new_without_default
  - clippy::assign_op_pattern
  - clippy::bool_assert_comparison
  - clippy::into_iter_on_ref
  - clippy::deref_addrof
  - clippy::while_let_on_iterator
  - clippy::match_like_matches_macro
  - clippy::or_fun_call
  - clippy::useless_conversion
  - clippy::let_and_return
  - clippy::redundant_clone
  - clippy::redundant_closure
  - clippy::cmp_owned
  - clippy::upper_case_acronyms
  - clippy::map_identity
  - clippy::unused_io_amount
  - clippy::assertions_on_constants
  - clippy::op_ref
  - clippy::useless_vec
  - clippy::vec_init_then_push
  - clippy::useless_format
  - clippy::bind_instead_of_map
  - clippy::bool_comparison
  - clippy::clone_on_copy
  - clippy::too_many_arguments
  - clippy::module_inception
  - fixed clippy::needless_lifetimes
  - fixed clippy::borrowed_box (Thanks for helping by hach1yon!)

* Merge main and output fix#443#444 (#445)

* removed tools/sigmac (#441)

* removed tools/sigmac

- moved tools/sigmac to hayabusa-rules repo

* fixed doc link tools/sigmac

* fixed submodule track

* fixed submodule track from latest to v1.1.0 tag

* fixed link

* erased enter #444

* erased enter #444

* reverted logo enter

* fixed rules submodule target commit #444

Co-authored-by: Yamato Security <71482215+YamatoSecurity@users.noreply.github.com>

* readme update screenshots etc (#448)

* Opensslを静的にコンパイルするためにCargo.tomlの設定変更 (#437)

* cargo update - openssl static

* updated cargo

* macos2apple

* cargo update

* cargo update

* aliasキーがない場合もEvent.EventDataを自動で走査する (#442)

* add no event key

* support not-register-alias search

* added checking EventData when key do not match in alias #290

- added checking key in Event.EventData, if key is not exist in eventkey_alias.txt.

* cargo fmt

* fixed panic when filter files does not exists

* fixed errorlog format when filter config files does not exist

Co-authored-by: DustInDark <nextsasasa@gmail.com>

* changed downcast library from mopa to downcast_rs #447 (#450)

* Fixed Clippy Warnings (#451)

* fixed clippy warn

* fixed cargo clippy warnging

* fixed clippy warngings in clippy ver 0.1.59

* fixed clippy warnings clippy::unnecessary_to_owned

* added temporary blackhat arsenal badge

* added rust report card badges #453

* added repository maintenance levels badge #453

* documentation update macOS usage etc

* update

* added clippy workflow #428 (#429)

* added clippy workflow #428

* fixed action yaml to run clippy #428

* fixed indent

* fixed workflow

* fixed workflow error

* fixed indent

* changed no annotation #428

* adujusted annotation version

* fixed clippy::needless_match

* remove if let exception

* removed unnecessary permission check #428

* statistics event id update (#457)

* Feature/#440 refactoring #395 (#464)

* updated submodule

* fix degrade for pull req #464 (#468)

* fix degrade for pull req #464

* add trim

* Fearture/ added output update result#410 (#452)

* add git2 crate #391

* added Update option #391

* updated readme #391

* fixed cargo.lock

* fixed option if-statement #391

* changed utc short option and rule-update short option #391

* updated readme

* updated readme

* fixed -u long option & version number update #391

* added fast-forwarding rules repository #391

* updated command line option #391

* moved output logo prev update rule

* fixed readme #391

* removed recursive option in readme

* changed rules update from clone and pull to submodule update #391

* fixed document

* changed unnecessary clone recursively to clone only

* English message update.

* cargo fmt

* English message update. ( 4657c35e5c cherry-pick)

* added create rules folder when rules folder is not exist

* fixed gitmodules github-rules url from ssh to https

* added output of updated file #420

* fixed error #410

* changed update rule list seq

* added test

* fixed output #410

* fixed output and fixed output date field  when  modified field is lacked #410

* fixed compile error

* fixed output

- added enter after Latest rule update output
- added output when no exist new rule
- fixed Latest rule update date format
- changed output from 'Latest rule update' to 'Latest rules update'

* fixed compile error

* changed modified date source from rules folder to each yml rule file

* formatting use chrono in main.rs

* merge develop clippy ci

* fixed output when no update rule #410

- removed Latest rule update

- no output "Rules update successfully" when No rule changed

* Change English

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>

* Remove unnecessary code from timeline_event_info and rename files for… (#470)

* Remove unnecessary code from timeline_event_info and rename files for issue462

* Remove unnecessary code #462

* add equalsfield pipe (#467)

* Enhancement: add config config #456 (#471)

* added config option #456

* added process of option to speicifed config folder #456

following files adjust config option.

* noisy_rules.txt

* exclude_rules.txt

* fixed usage in readme

* updated rules submodule:

* fixed process when yml file exist in .git folder

* ignore when yml file exist in .git folder

* Add: --level-tuning option's outline

* Add: read Rule files

* Add: input rule_level.txt files & read rules

* cargo fmt

* Add: level-tuning function

* Reface: split to options file

* WIP: Text overwrite failed...

* Fix: Text overwrite was failed

* Add: Error handlings

* Add: id, level validation

* mv: IDS_REGEX to configs file

* fix: level tuning's file name

* Cargo fmt

* Pivot Keyword List機能の追加 (#412)

* add get_pivot_keyword() func

* change function name and call it's function

* [WIP] support config file

* compilete output

* cargo fmt

* [WIP] add test

* add test

* support -o option in pivot

* add pivot mod

* fix miss

* pass test in pivot.rs

* add comment

* pass all test

* add fast return

* fix output

* add test config file

* review

* rebase

* cargo fmt

* test pass

* fix clippy in my commit

* cargo fmt

* little refactor

* change file input logic and config format

* [WIP] change output

* [wip] change deta structure

* change output & change data structure

* pass test

* add config

* cargo fmt & clippy & rebase

* fix cllipy

* delete /rules/ in .gitignore

* clean comment

* clean

* clean

* fix rebase miss

* fix rebase miss

* fix clippy

* file name output on -o to stdout

* add pivot_keywords.txt to ./config

* updated english

* Documentation update

* cargo fmt and clean

* updated translate japanese

* readme update

* readme update

Co-authored-by: DustInDark <nextsasasa@gmail.com>
Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>

* Add: test

* Add: README.md

* Cargo fmt

* Use
#[cfg(test)]

* Fixed output stop when  control char exist in windows terminal (#485)

* added control character filter in details #382

* fixed document

- removed fixed windows teminal caution in readme

* fixed level tuning test and added test files #390

* changed level_tuning.txt header from next_level to new_level

* fixed convert miss change to low level

* added run args rules path to check test easy #390

* fixed comment out processing in level_tuning.txt

* fixed config to show level-tuning option

* fixed level-tuning option usage from required to option

* reduce output mitre attack detail tachnique No. by config file (#483)

* reduced mitre attck tag output by config file #477

* prepared 1.2.0 version toml

* added test files and mitre attck strategy tag file #477

* fixed cargo.toml version

* updated cargo.lock

* output tag english update

* cargo fmt

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>

* Fix: test file's path was incorrect

* Add: add test_files/config/level_tuning.txt

* Add: Flush method.

* inserted debug data

* reverted config usage

* fixed test yaml file path

* Feature/#216 output allfields csvnewcolumn (#469)

* refactoring

* refactoring

* under constructing

* underconstructing

* under construction

* underconstructing

* fix existing testcase

* finish implement

* fmt

* add option

* change name

* fix control code bug

* fix disp

* change format and fix testcase

* fix help

* Fix: show usage when hayabusa has no args

* rm: debug line

* Enhance/warning architecture#478 (#482)

* added  enhance of architecture check #478

* changed check architecture process after output logo #478

* English msg update

* fixed detect method of os-bit to windows and linux

* removed mac and unix architecture and binary and updated its process of windows

* fix clippy

* added check on Wow64 env #478

* Update contributors.txt

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>

* added --level-tuning option to usage

* Revert "added --level-tuning option to usage"

This reverts commit e6a74090a3.

* readme update

* Update README-Japanese.md

* readme, version, cargo update

* typo fix

* typo fix

* rm: duplicated test & fix test name

* Add: show logo, and some infos

* small english fix

* twitter link fix (#486)

* added feature of tag output reducing to agg condition #477 (#488)

* changed level output from informational to info #491

* updated rules submodule

* v1.2 changelog update (#473)

* changelog update

* Update CHANGELOG.md

added contributor in "Fields that are not defined in eventkey_alias.txt will automatically be searched in Event.EventData."

ref #442

* Update CHANGELOG-Japanese.md

Fields that are not defined in eventkey_alias.txt will automatically be searched in Event.EventData.

added contributor in "Fields that are not defined in eventkey_alias.txt will automatically be searched in Event.EventData."

ref #442

* Update CHANGELOG.md

added bug fixes (#444) and `Performance and. accuracy`  add contributor ref(#395)

* Update CHANGELOG-Japanese.md

* Translated v1.2 change log to Japanese

v1.2の内容を日本語に修正

* fixed typo

added lacked back quote.

* added description

added following issue and pr description to readme

- #216 / #469 L8
- #390 / #459 L9
- #478 / #482 L19
- #477/ #483 L20

* added description README.md

added following issue and pr description to readme

- #216 / #469 L8
- #390 / #459 L9
- #478 / #482 L19
- #477/ #483 L20

* changelog update

* changelog update

* update

Co-authored-by: DustInDark <nextsasasa@gmail.com>

* updated rules #493 (#494)

* Resolve conflict develop (#496)

* removed tools/sigmac (#441)

* removed tools/sigmac

- moved tools/sigmac to hayabusa-rules repo

* fixed doc link tools/sigmac

* fixed submodule track

* fixed submodule track from latest to v1.1.0 tag

* fixed link

* fixed rules submodule targe #444

* updated submodule

* updated rules submodule

Co-authored-by: Yamato Security <71482215+YamatoSecurity@users.noreply.github.com>

Co-authored-by: Yamato Security <71482215+YamatoSecurity@users.noreply.github.com>
Co-authored-by: kazuminn <warugaki.k.k@gmail.com>
Co-authored-by: James / hach1yon <32596618+hach1yon@users.noreply.github.com>
Co-authored-by: garigariganzy <tosada31@hotmail.co.jp>
Co-authored-by: itiB <is0312vx@ed.ritsumei.ac.jp>
 2022-04-15 12:13:00 +09:00
Alan Smithee
0fdabf0d70 added process of remove submodule cache #432 2022-03-01 03:17:55 +09:00
Alan Smithee
6e5b24282f cargo fmt 2022-02-28 18:27:06 +09:00
Alan Smithee
c3c9423b74 fixed clippy warn 2022-02-28 18:25:54 +09:00
Alan Smithee
28ded269de fixed process case of not exist hayabusa .git folder #432 2022-02-28 18:24:49 +09:00
Yamato Security
65eb818f9b unique rules to detections (#426) 2022-02-28 10:16:39 +09:00
Alan Smithee
b22798fddd added merge process when submodule update option #422 2022-02-27 21:04:33 +09:00
Alan Smithee
d1553e3ab1 changed crate load together 2022-02-27 21:02:43 +09:00
Yamato Security
fb007ee3a6 Small edits on help screen. (#417) 2022-02-27 09:04:30 +09:00
DustInDark
92c472d451 Hotfix/moved rule configs to hayabusa rules repo#409 (#414) 
* fixed target config path #409

* fixed target config file path in test #409

* fixed rules target #409

* Documentation fix, deleted unneeded config files

* added workflow

* changed submodule option

* fixed worksflow to ref submodule

* fixed gitmodules

* fixed workflow

* check code insert

* added update submodules command

* test rules update

* removed test runs

* fixed error

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
 2022-02-26 18:19:19 +09:00
DustInDark
02b1d7f07c added update command #391 (#392) 
* add git2 crate #391

* added Update option #391

* updated readme #391

* fixed cargo.lock

* fixed option if-statement #391

* changed utc short option and rule-update short option #391

* updated readme

* updated readme

* fixed -u long option & version number update #391

* added fast-forwarding rules repository #391

* updated command line option #391

* moved output logo prev update rule

* fixed readme #391

* removed recursive option in readme

* English message update.

* cargo fmt

* Added update command#391 submodule ver (#401)

* changed rules update from clone and pull to submodule update #391

* fixed document

* changed unnecessary clone recursively to clone only

* English message update. ( 4657c35e5c cherry-pick)

* added create rules folder when rules folder is not exist

* fixed gitmodules github-rules url from ssh to https

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>

* added caution case of update failed in readme #391

* fixed document

* added output error in case of loaded rule count is 0  #391 #392

 https://github.com/Yamato-Security/hayabusa/pull/392#issuecomment-1050276570

* --update-rules typo

* removed unused library call

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
 2022-02-26 18:18:03 +09:00
DustInDark
0dc5de4b73 Bug/ Fixed error when target environment is not installed vcc redistribute package (#408) 
* fixed error when target environment has not installed vcc redistribute package

* added cfg to static_vcruntime when target os is windows.
 2022-02-25 10:07:12 +09:00
Alan Smithee
f9b02a65b6 fixed test to change regex detectlist_suspicous_services.txt 2022-02-22 08:42:23 +09:00
DustInDark
58017e971f fixed detection lack when tab and enter control character in event record#395 (#396) 
* fixed no detected bug when enter and tab control character in record data #395

* added remove \r \n \t character in utils.rs
* added call of utils.rs function in selectionnodes.rs

* added tests #395

* changed space control character function args #395

* fixed test due to function args changes #395

* changed replace method using regex #395

* changed regex by record_data_filter.txt #395

* added record_data_filter.txt #395

* fixed test #395

* added record_data_filter

- add Properties regex
- add ScriptBlockText regex
- add Payload regex
 2022-02-17 05:07:15 +09:00
DustInDark
19c44b4f66 added mitre attack data output in csv output (#397) 
* added tags information in csv output #234

* fixed test due to change csvformat struct #234

* changed tag info separator #234

* changed separator #234

* changed tag info separator #234
 2022-02-15 02:13:37 +09:00
DustInDark
df86958850 added live analysys feature (#398) 
* added windows live analysis option #125

* added live analysis option #125

* fixed live analysys condition #125

* changed live analysis option #125

* added live-analysis option in readme #125

* fixed live-analysis check condition #125

* is_elevated crate is only windows #125

* fixed is_elevated build error #125

* fixed is_elevated library crate load

* fixed call way os dependencies crate #125

* fix build error on linux and removed unnecessary create #125

* fixed lack of load crate when build at windows #125

* Update error message

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
 2022-02-15 02:12:45 +09:00
DustInDark
9cb54a9192 Hotfix/no output colorcode in no true color#376 (#378) 
* added color code emit_csv test

* replaced HashMap and HashSet to hashbrown #368

* removed debug output in test #368

* added color option #376

* fixed process of output check #376

* removed color output check from test #376

* english updates

* colored detections and rules count output by level #384

* refactoring in colored output process #384

* update usage #364 #376

* fixed markdown lint

* added windows terminal bug evasion way #382

* update readme

* fixed colored output test

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
 2022-02-09 09:29:36 +09:00
DustInDark
df30adfdef changed hashmap library to tuneup #368 (#369) 
* added color code emit_csv test

* replaced HashMap and HashSet to hashbrown #368

* removed debug output in test #368

* fixed colored test
 2022-02-09 01:59:39 +09:00
DustInDark
84de8d01af remove yaml ignore check#271 (#385) 
* removed yaml ignore label check #271

* moved exclude rule filter check #271

* fixed colored test
 2022-02-09 01:59:12 +09:00
kazuminn
d1597b2322 ルール場所指定オプションでファイルを扱えるようにする (#364) 
* add only rule file path in --rules

* add error handling for metadata

* refactor

* add test

* rename test function
 2022-01-31 12:09:25 +09:00
Alan Smithee
f70be3419a removed csv quote when output result to stdout #381 2022-01-30 13:23:33 +09:00
DustInDark
b12029de5c Feature/colorlog#239 (#365) 
* added color carete #239

* added hex library

* added color config file parser #239

* added color output feature #239

* changed fast hashmap library

* added color output description(Japanese) #239

* added color output description(English) #239

* fixed medium level typo

* removed white color font level #239

* added trim and loose colorcode condition #239

* fixed hex convert error panic #239

- output warn and go next iterator when happen hex convert panic

- added user input in hex convert warn output to use easily
 2022-01-26 01:39:14 +09:00
kazuminn
15ee980711 exclude-rules.txtとnoisy-rules.txtをコメントに対応 (#362) 
* add exclude files comments feature

* trim()

* add error handling and split function

* add id validation

* add comments

* cargo fmt

* fix error statment

* change -full.txt to .txt

* change alert to warn
 2022-01-20 23:12:41 +09:00
DustInDark
9c7353a2e9 Feature/except hidden file#335 (#339) 
* added except hidden file load #335

* fixed except hidden file in collect evtx #335
 2022-01-13 22:19:59 +09:00
Tanaka Zakku
d9624be752 delete extra white space 2021-12-24 14:56:23 +09:00
DustInDark
207fcb312c fixed output error if config directory is not found #347 2021-12-24 13:27:51 +09:00
DustInDark
3097ff2ac3 added process case of no exist config files #347 2021-12-24 08:48:38 +09:00
Tanaka Zakku
8f9ff165ec small format fix 2021-12-23 17:52:19 +09:00
DustInDark
b4a66a8e6f inserted usage newline 2021-12-23 17:16:48 +09:00
DustInDark
c43624dcb2 changed outputs #344 2021-12-23 17:09:26 +09:00
DustInDark
716e0a182a changed no outpu rule parse result with -s option #343 2021-12-23 15:45:11 +09:00
DustInDark
7813fd6ac6 reduced statistics start output each file #341 2021-12-23 11:42:58 +09:00
DustInDark
9b382df001 fixed output flag process #341 2021-12-23 11:39:52 +09:00
DustInDark
09782f02a9 added newline 2021-12-23 11:35:34 +09:00
DustInDark
6b5283b28b added no detection when statistics option enabled. #341 2021-12-23 11:33:10 +09:00
DustInDark
f2445ae093 changed output field to details field in yaml data oftest case 2021-12-23 08:59:41 +09:00
DustInDark
2250c4b2c3 fixed error 2021-12-22 20:38:21 +09:00
DustInDark
bf0d3b12f2 fixed output rule warn #336 2021-12-22 18:29:17 +09:00
DustInDark
98a6ca8adc adjust change field name from output to details in rule file #337 2021-12-22 18:15:34 +09:00
Yamato Security
67f0ee007b Merge pull request #316 from Yamato-Security/feature/output_error_log_file_and_options#301 
fixed #301 #303 #309
 2021-12-22 16:08:13 +09:00
DustInDark
a14702dc76 fixed contents and rule-count #333 2021-12-22 15:25:00 +09:00
DustInDark
3412434d99 fixed error 2021-12-22 14:56:10 +09:00
Yamato Security
f54985075b Merge pull request #325 from Yamato-Security/fix/header_name_fix#320 
changed output header #320
 2021-12-22 11:09:02 +09:00
DustInDark
8876fc5f65 added newline 2021-12-22 09:41:06 +09:00
James Takai / hach1yon
ea685fb75a Feature/fix count() (#327) 2021-12-22 09:10:28 +09:00
DustInDark
a0cc36c67e fixed test error #320 2021-12-21 22:31:21 +09:00
DustInDark
2b76103028 fixed output #301 
- To save error log, created empty folder logs

- fixed output
 2021-12-21 21:50:33 +09:00
DustInDark
d0a7040275 changed output header #320 2021-12-21 20:55:46 +09:00
DustInDark
bccdd8fef9 fixed error 
- changed writer from stderr to bufwriter

- changed alert,warn function arg fro String to borrow-String
 2021-12-21 14:44:26 +09:00
DustInDark
f1c9418ab4 fixed errorlog create logic 2021-12-21 14:40:23 +09:00