Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

-X, --remove-duplicate-detections option #1157

Closed
YamatoSecurity opened this issue Aug 13, 2023 · 2 comments · Fixed by #1158
Closed

-X, --remove-duplicate-detections option #1157

YamatoSecurity opened this issue Aug 13, 2023 · 2 comments · Fixed by #1158
Assignees
@fukusuket
Labels
enhancement New feature or request
Milestone
v2.8.0

Comments

@YamatoSecurity
Copy link
Collaborator

YamatoSecurity commented Aug 13, 2023
edited
Loading

When enabling -x, --recover-records, duplicate entries are often outputted as for whatever reason the same event record is being read twice. Also, when doing investigations, analysts might want to load in old logs from backups, VSS, etc... so there is a chance of reading and outputting the same events. I want to be able to load in all of these backups evtx files and only output unique detections so in order to do this we need a -X, --remove-duplicate-detections option.
Under Output: in csv-timeline and json-timeline will be added -X, --remove-duplicate-detections Remove duplicate detections

In order to test, you can just make a copy of a evtx file and place the same two evtx files (with different names) in a folder and when -X is not used, it should output the same detections twice but when -X is used, it should not output the same detection more than once.
@YamatoSecurity YamatoSecurity added the enhancement New feature or request label Aug 13, 2023
@YamatoSecurity YamatoSecurity added this to the v2.8.0 milestone Aug 13, 2023
@YamatoSecurity
Copy link
Collaborator Author

@fukusuket Are you interested in this issue?

@fukusuket
Copy link
Collaborator

@YamatoSecurity
Thank you for the mention :) Yes, I would love to implement it!💪

@fukusuket fukusuket mentioned this issue Aug 14, 2023
Merged
@hitenkoku hitenkoku linked a pull request Aug 14, 2023 that will close this issue
feat: add remove duplicate detections option #1158
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fukusuket fukusuket

Labels
enhancement New feature or request
Projects
None yet
Milestone
v2.8.0
Development

Successfully merging a pull request may close this issue.

feat: add remove duplicate detections option Yamato-Security/hayabusa
2 participants
@fukusuket @YamatoSecurity