Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

No output file path which file analyze when Logdirectory is set on EventIDStatistics mode #54

Closed
hitenkoku opened this issue Sep 30, 2021 · 1 comment
Assignees
Labels
enhancement New feature or request priority:low

Comments

@hitenkoku
Copy link
Collaborator

EventIDStatisticsでディレクトリ指定をしたときにどのファイルのイベント合計を集計した結果なのかが表示されていない為わかりづらい

PS > .\WELA.ps1 -LogDirectory ..\DeepBlueCLI\evtx\ -UseDetectRules 0 -EventIDStatistics
██╗    ██╗███████╗██╗      █████╗
██║    ██║██╔════╝██║     ██╔══██╗
██║ █╗ ██║█████╗  ██║     ███████║
██║███╗██║██╔══╝  ██║     ██╔══██║
╚███╔███╔╝███████╗███████╗██║  ██║
 ╚══╝╚══╝ ╚══════╝╚══════╝╚═╝  ╚═╝
New Era of Windows Event Log Analyzer!
                              by Yamato Security

イベントIDを集計します。
少々お待ちください。

イベントの合計: 13
ファイルサイズ: 68.00 kB
最初のイベント: 2019-04-28 06:04:25.73
最後のイベント: 2019-04-28 06:06:49.34

処理時間:0時0分0秒


LogonTimeLineのように、ファイルパスを表示するように変更する

@hitenkoku hitenkoku added enhancement New feature or request priority:low labels Sep 30, 2021
@hitenkoku hitenkoku self-assigned this Sep 30, 2021
hitenkoku added a commit that referenced this issue Sep 30, 2021
hitenkoku added a commit that referenced this issue Nov 2, 2021
* create framework
separate util function #28

* create SIGMA Rule Read Framework #28

* create framework add ntlm logon sigma rule test
Fixes #28

* fix rule stack #28

* add detection call fix other script call #28

* erase duplicate proceess

* fix add-rule template & erase debug print #28

* add SIGMA Powershell Code(not adjust WELA)

* add SIGMA rule adjust WELA Framwork #28

* add SIGMA rule translated WELA Framework #28

* add SIGMA rule translated WELA Framework #28

* moved categorize folder

* adjust multi rule

* fix detected message

* checked powershell category rules #28

* fix error

* moved dir checked process creation category #28

* checked rules and adjust multi rules #28

* moved SIGMA rule to category directory #28

* fixed  lacked rule copy  #28

* fixed lacked rule copy #28

* fixed lacked rule copy #28

* fixed head comment out

* fixed head comment out

* fixed lacked if case

* fixed lacked rule copy #28

* fixed lacked rule copy #28

* replace sigmac powershell convert result

* fixed lacked rule copy #28

* fixed lackedrule copy #28

* fixed sigmac translate error #28

* fix lacked copy rule #28

* fixed lacked copy rule #28

* fixed lacked copy rule#28

* fixed lacked copy rule #28

* unification detectedMessage variable expresstion

* unification detectedMessage variable expression

* change format to multi detect rules #28

* fixed syntax error #28

* add param and help #28

* erased duplicate file to not execute same detection check

* fix output detail to Rules/SIGMA #21 #28

* erase unnecessary liveanalysys parameter  #28

* erase unnecessary liveanalysys param #28

* due to remove liveanalysys argument from add-rule

* added DeepBlueCLI Util Function #30

* add DeepBlueCLI Rule(4688-ProcessCreate) #30

* add DeepBlueCLI Rule(4672-AdminAccountAccessAllAlert)#30

* add DeepBlueCLI Rule(4720-ProcessCreate) #30

* add providename condition and fix error #30

* fix index to creator and fix func check-command argumentation #30

* fixed multi record process #30

* fixed adjust multi record #30

* fixed adjust multi record in 4688DeepblueRule #30

* add DeepBlueCLI RULE(4728_4732_4756) #30

* remove unnecessary foreach

* add DeepBlueCLI Rule(4625)

* rename 4625

* fixed lacked extension 4625

* erased unnecessary if

* add DeepBlueCLI Rule(4673 Security) #30

* add DeepBlueCLI Rule(4674 Security) #30

* add  4624 and 4628 password spray attack WELA Rule

* fix file name

* fix filename and event ID in passwordsprayattack

* adjust argument dateformat

* add DeepBlueCLI Rule(1102 Security) #30

* fix typo

* fixed where object search providername #30

* add DeepBlueCLI Rule(7045 System) and add argument in util.ps1 #30

* add DeepBlueCLI Rule(104 System) #30

* add DeepBlueCLI Rule(7030 System) #30

* add DeepBlueCLI Rule(7036 System) #30

* add DeepBlueCLI Rule(7040 System) #30

* add DeepBlueCLI Rule(2 Application) #30

* erase omission of copied data

* add DeepBlueCLI Rule(8003 Applocker) #30

* fix detected message

* add DeepBlueCLI Rule(8004 Applocker) #30

* add DeepBlueCLI Rule(4103 PowerShell) #30

* add DeepBlueCLI Rule(4104 PowerShell) #30

* filename changed and add DeepBlueCLI Rule(4104 PowerShell) #30

* add DeepBlueCLI Rule(7 Sysmon) #30

* change scope when execute rule #21 #28 #30

* fix syntax error #21 #28

* erased unnecessary module load #21 #28 #30

* remove duplicate process when resolve conflict merge main

merge log 17f4f13

* fix autoformatter change

* fix autoformat

* remove unnecessary global variable #28

* fix autoformatting

* add parameter to scriptblock

* fix single escape sequence

* fix single escape sequence

* fix single escape sequence

* fix single escape sequence

* fix single escape sequence

* fix single escape sequence

* fix single escape sequence

* fix Wrong Filter WELA-Rules #30
change ProviderName to LogName

* fix single escape sequence

* fix single escape sequence in SIGMA:process_create/sysmon/wmi_event

* fix detect output format

* fix argumentation in detect function on Rules #21 #28 #30

* add contributors accounts

* fix UseDetectRule output color

* fix function call error

* add Get-WinEvent exception warning output #48

* fix if statement condition

* add DeepBlueCLI ResultObject and check-command function add servicecmd and obj #30

* erase test output

* fix error when SaveOutput is Null #49

* fix rulename and detected message in 7045-servicecreated

* comment out output executing rule name

* change scope of detectedMessage and ruleName on WELA-Rule(DeepBlueCLI) and SIGMA #28

WELA-Rule:All Completed
SIGMA :20 Completed

* change scope detectedMessage SIGMA and duplicate detectedMessage on SIGMA and WELA-Rule #21 #28 #30

WELA-Rule:All Completed
SIGMA: All Completed

* lacked DeepBlueCLI Result object #30

* add  recurse property to Logdirectory file search

* add regexes and whitelites and error fix on utils.ps1 #30

- add regexes and whitelist
- fix error check when commandline is null

* fix event variable is wrong #30

* erase debug output

* fix output format & add ruleName and detectedMessage multi detect pattern in rule #21 #28 #30

* fix error

- lacked variable call to set_item method
- lacked converting firstdetecttime to DateTime type

* fixed for loop

* Fixed saveoutput case  #49

* changed no output executerule case of UseDetectRules is 0 #28

* removed debug output

* changed no output executerule case of UseDetectRules is 0 #28

* fix LogonTimeline outputflag lacked initialize  in WELA #51

* fix cmdlet is not verb

* get rid of lint warn #37

* fix case of 0 divine in LogonTimeline #52

* output change no match logon record #53

- add output case of no match in get-winevent

- removed output logon output when LogonEvents count is 0

* output filename in EventIDStatistics mode #54

* removed duplicate filesize output #54

* fix output header evtx files in LogDirectory in EventIDStatistics mode #55

* changed Output Format on DeepBlueCLI Rule #30

* fixed powershell invoke deepbluecli rule logname wrong #30

* fixed lacked count on DeepblueCLI Rule(4625) #30

* erase debug output

* fixed error occuring module import error

* commented converted powershell

* fix rule import argument

* fixed rule singlequote error

* fix double quote lack error

* commented converted powershell

* fixed lacked get-winevent remove

* fixed lack of convert escape sequence in match

* fix result output write-host to write-output

* fix output rule import errror to write-host

* fix lacked arg in write-output when output empty row

* adapt formatter

* Feature/add remote computer live analysis #31 (#56)

* Add_RDP_analysis_#14

* Add RemoteLiveAnalysis function

* Add remote machine analysis

* Add Help Messages

* Update subtitle

* Remove the process of checking the execution-policy.

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>

* adapt formatter

* fix rule condition

change match to eq

* used  arraylist add method

* remove unnecessary process

* fixed check comand return

* fixed error output condition case of logfile specified and not liveanalysys is false

* fixed detection process due sorted difference from DeepBlueCLI

* fixed lacked argument call check-command

* adapt formatter

* add DeepBlueCLI passspray detection logic

* fixed passwordguess detection logic #28

* moved show-contributors to utils.ps1

* default servicecd value set

* fixed lacked initialize

* fixed null result output

* fixed typo fixed

* AV to read SIGMA mimikatz Rule

* add IDs

* fixed mimikatz detecion check script blocked by AMSI

* fixed  result is null exection case

* fixed not exist registory value error

* fixed read template ps1 file

* fixed process view #28

* fixed null check

* fixed match rule

Co-authored-by: ogino <59769602+oginoPmP@users.noreply.github.com>
Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
@hitenkoku
Copy link
Collaborator Author

2db8d3c で対応完了。マージ済みの為クローズする。

hitenkoku added a commit that referenced this issue Nov 3, 2021
* create framework
separate util function #28

* create SIGMA Rule Read Framework #28

* create framework add ntlm logon sigma rule test
Fixes #28

* fix rule stack #28

* add detection call fix other script call #28

* erase duplicate proceess

* fix add-rule template & erase debug print #28

* add SIGMA Powershell Code(not adjust WELA)

* add SIGMA rule adjust WELA Framwork #28

* add SIGMA rule translated WELA Framework #28

* add SIGMA rule translated WELA Framework #28

* moved categorize folder

* adjust multi rule

* fix detected message

* checked powershell category rules #28

* fix error

* moved dir checked process creation category #28

* checked rules and adjust multi rules #28

* moved SIGMA rule to category directory #28

* fixed  lacked rule copy  #28

* fixed lacked rule copy #28

* fixed lacked rule copy #28

* fixed head comment out

* fixed head comment out

* fixed lacked if case

* fixed lacked rule copy #28

* fixed lacked rule copy #28

* replace sigmac powershell convert result

* fixed lacked rule copy #28

* fixed lackedrule copy #28

* fixed sigmac translate error #28

* fix lacked copy rule #28

* fixed lacked copy rule #28

* fixed lacked copy rule#28

* fixed lacked copy rule #28

* unification detectedMessage variable expresstion

* unification detectedMessage variable expression

* change format to multi detect rules #28

* fixed syntax error #28

* add param and help #28

* erased duplicate file to not execute same detection check

* fix output detail to Rules/SIGMA #21 #28

* erase unnecessary liveanalysys parameter  #28

* erase unnecessary liveanalysys param #28

* due to remove liveanalysys argument from add-rule

* added DeepBlueCLI Util Function #30

* add DeepBlueCLI Rule(4688-ProcessCreate) #30

* add DeepBlueCLI Rule(4672-AdminAccountAccessAllAlert)#30

* add DeepBlueCLI Rule(4720-ProcessCreate) #30

* add providename condition and fix error #30

* fix index to creator and fix func check-command argumentation #30

* fixed multi record process #30

* fixed adjust multi record #30

* fixed adjust multi record in 4688DeepblueRule #30

* add DeepBlueCLI RULE(4728_4732_4756) #30

* remove unnecessary foreach

* add DeepBlueCLI Rule(4625)

* rename 4625

* fixed lacked extension 4625

* erased unnecessary if

* add DeepBlueCLI Rule(4673 Security) #30

* add DeepBlueCLI Rule(4674 Security) #30

* add  4624 and 4628 password spray attack WELA Rule

* fix file name

* fix filename and event ID in passwordsprayattack

* adjust argument dateformat

* add DeepBlueCLI Rule(1102 Security) #30

* fix typo

* fixed where object search providername #30

* add DeepBlueCLI Rule(7045 System) and add argument in util.ps1 #30

* add DeepBlueCLI Rule(104 System) #30

* add DeepBlueCLI Rule(7030 System) #30

* add DeepBlueCLI Rule(7036 System) #30

* add DeepBlueCLI Rule(7040 System) #30

* add DeepBlueCLI Rule(2 Application) #30

* erase omission of copied data

* add DeepBlueCLI Rule(8003 Applocker) #30

* fix detected message

* add DeepBlueCLI Rule(8004 Applocker) #30

* add DeepBlueCLI Rule(4103 PowerShell) #30

* add DeepBlueCLI Rule(4104 PowerShell) #30

* filename changed and add DeepBlueCLI Rule(4104 PowerShell) #30

* add DeepBlueCLI Rule(7 Sysmon) #30

* change scope when execute rule #21 #28 #30

* fix syntax error #21 #28

* erased unnecessary module load #21 #28 #30

* remove duplicate process when resolve conflict merge main

merge log 17f4f13

* fix autoformatter change

* fix autoformat

* remove unnecessary global variable #28

* fix autoformatting

* add parameter to scriptblock

* fix single escape sequence

* fix single escape sequence

* fix single escape sequence

* fix single escape sequence

* fix single escape sequence

* fix single escape sequence

* fix single escape sequence

* fix Wrong Filter WELA-Rules #30
change ProviderName to LogName

* fix single escape sequence

* fix single escape sequence in SIGMA:process_create/sysmon/wmi_event

* fix detect output format

* fix argumentation in detect function on Rules #21 #28 #30

* add contributors accounts

* fix UseDetectRule output color

* fix function call error

* add Get-WinEvent exception warning output #48

* fix if statement condition

* add DeepBlueCLI ResultObject and check-command function add servicecmd and obj #30

* erase test output

* fix error when SaveOutput is Null #49

* fix rulename and detected message in 7045-servicecreated

* comment out output executing rule name

* change scope of detectedMessage and ruleName on WELA-Rule(DeepBlueCLI) and SIGMA #28

WELA-Rule:All Completed
SIGMA :20 Completed

* change scope detectedMessage SIGMA and duplicate detectedMessage on SIGMA and WELA-Rule #21 #28 #30

WELA-Rule:All Completed
SIGMA: All Completed

* lacked DeepBlueCLI Result object #30

* add  recurse property to Logdirectory file search

* add regexes and whitelites and error fix on utils.ps1 #30

- add regexes and whitelist
- fix error check when commandline is null

* fix event variable is wrong #30

* erase debug output

* fix output format & add ruleName and detectedMessage multi detect pattern in rule #21 #28 #30

* fix error

- lacked variable call to set_item method
- lacked converting firstdetecttime to DateTime type

* fixed for loop

* Fixed saveoutput case  #49

* changed no output executerule case of UseDetectRules is 0 #28

* removed debug output

* changed no output executerule case of UseDetectRules is 0 #28

* fix LogonTimeline outputflag lacked initialize  in WELA #51

* fix cmdlet is not verb

* get rid of lint warn #37

* fix case of 0 divine in LogonTimeline #52

* output change no match logon record #53

- add output case of no match in get-winevent

- removed output logon output when LogonEvents count is 0

* output filename in EventIDStatistics mode #54

* removed duplicate filesize output #54

* fix output header evtx files in LogDirectory in EventIDStatistics mode #55

* changed Output Format on DeepBlueCLI Rule #30

* fixed powershell invoke deepbluecli rule logname wrong #30

* fixed lacked count on DeepblueCLI Rule(4625) #30

* erase debug output

* fixed error occuring module import error

* commented converted powershell

* fix rule import argument

* fixed rule singlequote error

* fix double quote lack error

* commented converted powershell

* fixed lacked get-winevent remove

* fixed lack of convert escape sequence in match

* fix result output write-host to write-output

* fix output rule import errror to write-host

* fix lacked arg in write-output when output empty row

* adapt formatter

* Feature/add remote computer live analysis #31 (#56)

* Add_RDP_analysis_#14

* Add RemoteLiveAnalysis function

* Add remote machine analysis

* Add Help Messages

* Update subtitle

* Remove the process of checking the execution-policy.

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>

* adapt formatter

* fix rule condition

change match to eq

* used  arraylist add method

* remove unnecessary process

* fixed check comand return

* fixed error output condition case of logfile specified and not liveanalysys is false

* fixed detection process due sorted difference from DeepBlueCLI

* fixed lacked argument call check-command

* adapt formatter

* add DeepBlueCLI passspray detection logic

* fixed passwordguess detection logic #28

* moved show-contributors to utils.ps1

* default servicecd value set

* fixed lacked initialize

* fixed null result output

* fixed typo fixed

* AV to read SIGMA mimikatz Rule

* add IDs

* fixed mimikatz detecion check script blocked by AMSI

* fixed  result is null exection case

* fixed not exist registory value error

* fixed read template ps1 file

* fixed process view #28

* fixed null check

* fixed match rule

* fixed match contents #21

* comment out debug write-out statement

Co-authored-by: ogino <59769602+oginoPmP@users.noreply.github.com>
Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
YamatoSecurity added a commit that referenced this issue Dec 24, 2021
* create framework
separate util function #28

* create SIGMA Rule Read Framework #28

* create framework add ntlm logon sigma rule test
Fixes #28

* fix rule stack #28

* add detection call fix other script call #28

* erase duplicate proceess

* fix add-rule template & erase debug print #28

* add SIGMA Powershell Code(not adjust WELA)

* add SIGMA rule adjust WELA Framwork #28

* add SIGMA rule translated WELA Framework #28

* add SIGMA rule translated WELA Framework #28

* moved categorize folder

* adjust multi rule

* fix detected message

* checked powershell category rules #28

* fix error

* moved dir checked process creation category #28

* checked rules and adjust multi rules #28

* moved SIGMA rule to category directory #28

* fixed  lacked rule copy  #28

* fixed lacked rule copy #28

* fixed lacked rule copy #28

* fixed head comment out

* fixed head comment out

* fixed lacked if case

* fixed lacked rule copy #28

* fixed lacked rule copy #28

* replace sigmac powershell convert result

* fixed lacked rule copy #28

* fixed lackedrule copy #28

* fixed sigmac translate error #28

* fix lacked copy rule #28

* fixed lacked copy rule #28

* fixed lacked copy rule#28

* fixed lacked copy rule #28

* unification detectedMessage variable expresstion

* unification detectedMessage variable expression

* change format to multi detect rules #28

* fixed syntax error #28

* add param and help #28

* erased duplicate file to not execute same detection check

* fix output detail to Rules/SIGMA #21 #28

* erase unnecessary liveanalysys parameter  #28

* erase unnecessary liveanalysys param #28

* due to remove liveanalysys argument from add-rule

* added DeepBlueCLI Util Function #30

* add DeepBlueCLI Rule(4688-ProcessCreate) #30

* add DeepBlueCLI Rule(4672-AdminAccountAccessAllAlert)#30

* add DeepBlueCLI Rule(4720-ProcessCreate) #30

* add providename condition and fix error #30

* fix index to creator and fix func check-command argumentation #30

* fixed multi record process #30

* fixed adjust multi record #30

* fixed adjust multi record in 4688DeepblueRule #30

* add DeepBlueCLI RULE(4728_4732_4756) #30

* remove unnecessary foreach

* add DeepBlueCLI Rule(4625)

* rename 4625

* fixed lacked extension 4625

* erased unnecessary if

* add DeepBlueCLI Rule(4673 Security) #30

* add DeepBlueCLI Rule(4674 Security) #30

* add  4624 and 4628 password spray attack WELA Rule

* fix file name

* fix filename and event ID in passwordsprayattack

* adjust argument dateformat

* add DeepBlueCLI Rule(1102 Security) #30

* fix typo

* fixed where object search providername #30

* add DeepBlueCLI Rule(7045 System) and add argument in util.ps1 #30

* add DeepBlueCLI Rule(104 System) #30

* add DeepBlueCLI Rule(7030 System) #30

* add DeepBlueCLI Rule(7036 System) #30

* add DeepBlueCLI Rule(7040 System) #30

* add DeepBlueCLI Rule(2 Application) #30

* erase omission of copied data

* add DeepBlueCLI Rule(8003 Applocker) #30

* fix detected message

* add DeepBlueCLI Rule(8004 Applocker) #30

* add DeepBlueCLI Rule(4103 PowerShell) #30

* add DeepBlueCLI Rule(4104 PowerShell) #30

* filename changed and add DeepBlueCLI Rule(4104 PowerShell) #30

* add DeepBlueCLI Rule(7 Sysmon) #30

* change scope when execute rule #21 #28 #30

* fix syntax error #21 #28

* erased unnecessary module load #21 #28 #30

* remove duplicate process when resolve conflict merge main

merge log 17f4f13

* fix autoformatter change

* fix autoformat

* remove unnecessary global variable #28

* fix autoformatting

* add parameter to scriptblock

* fix single escape sequence

* fix single escape sequence

* fix single escape sequence

* fix single escape sequence

* fix single escape sequence

* fix single escape sequence

* fix single escape sequence

* fix Wrong Filter WELA-Rules #30
change ProviderName to LogName

* fix single escape sequence

* fix single escape sequence in SIGMA:process_create/sysmon/wmi_event

* fix detect output format

* fix argumentation in detect function on Rules #21 #28 #30

* add contributors accounts

* fix UseDetectRule output color

* fix function call error

* add Get-WinEvent exception warning output #48

* fix if statement condition

* add DeepBlueCLI ResultObject and check-command function add servicecmd and obj #30

* erase test output

* fix error when SaveOutput is Null #49

* fix rulename and detected message in 7045-servicecreated

* comment out output executing rule name

* change scope of detectedMessage and ruleName on WELA-Rule(DeepBlueCLI) and SIGMA #28

WELA-Rule:All Completed
SIGMA :20 Completed

* change scope detectedMessage SIGMA and duplicate detectedMessage on SIGMA and WELA-Rule #21 #28 #30

WELA-Rule:All Completed
SIGMA: All Completed

* lacked DeepBlueCLI Result object #30

* add  recurse property to Logdirectory file search

* add regexes and whitelites and error fix on utils.ps1 #30

- add regexes and whitelist
- fix error check when commandline is null

* fix event variable is wrong #30

* erase debug output

* fix output format & add ruleName and detectedMessage multi detect pattern in rule #21 #28 #30

* fix error

- lacked variable call to set_item method
- lacked converting firstdetecttime to DateTime type

* fixed for loop

* Fixed saveoutput case  #49

* changed no output executerule case of UseDetectRules is 0 #28

* removed debug output

* changed no output executerule case of UseDetectRules is 0 #28

* fix LogonTimeline outputflag lacked initialize  in WELA #51

* fix cmdlet is not verb

* get rid of lint warn #37

* fix case of 0 divine in LogonTimeline #52

* output change no match logon record #53

- add output case of no match in get-winevent

- removed output logon output when LogonEvents count is 0

* output filename in EventIDStatistics mode #54

* removed duplicate filesize output #54

* fix output header evtx files in LogDirectory in EventIDStatistics mode #55

* changed Output Format on DeepBlueCLI Rule #30

* fixed powershell invoke deepbluecli rule logname wrong #30

* fixed lacked count on DeepblueCLI Rule(4625) #30

* erase debug output

* fixed error occuring module import error

* commented converted powershell

* fix rule import argument

* fixed rule singlequote error

* fix double quote lack error

* commented converted powershell

* fixed lacked get-winevent remove

* fixed lack of convert escape sequence in match

* fix result output write-host to write-output

* fix output rule import errror to write-host

* fix lacked arg in write-output when output empty row

* adapt formatter

* Feature/add remote computer live analysis #31 (#56)

* Add_RDP_analysis_#14

* Add RemoteLiveAnalysis function

* Add remote machine analysis

* Add Help Messages

* Update subtitle

* Remove the process of checking the execution-policy.

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>

* adapt formatter

* fix rule condition

change match to eq

* used  arraylist add method

* remove unnecessary process

* fixed check comand return

* fixed error output condition case of logfile specified and not liveanalysys is false

* fixed detection process due sorted difference from DeepBlueCLI

* fixed lacked argument call check-command

* adapt formatter

* add DeepBlueCLI passspray detection logic

* fixed passwordguess detection logic #28

* moved show-contributors to utils.ps1

* default servicecd value set

* fixed lacked initialize

* fixed null result output

* fixed typo fixed

* AV to read SIGMA mimikatz Rule

* add IDs

* fixed mimikatz detecion check script blocked by AMSI

* fixed  result is null exection case

* fixed not exist registory value error

* fixed read template ps1 file

* fixed process view #28

* fixed null check

* fixed match rule

* fixed match contents #21

* comment out debug write-out statement

Co-authored-by: ogino <59769602+oginoPmP@users.noreply.github.com>
Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request priority:low
Projects
None yet
Development

No branches or pull requests

1 participant