Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

--timeline-offset <OFFSET> option #1159

Closed
gs3cl opened this issue Aug 15, 2023 · 4 comments · Fixed by #1167
Closed

--timeline-offset <OFFSET> option #1159

gs3cl opened this issue Aug 15, 2023 · 4 comments · Fixed by #1167
Assignees
@hitenkoku
Labels
enhancement New feature or request
Milestone
v2.8.0

Comments

@gs3cl
Copy link

gs3cl commented Aug 15, 2023

Hey,

first off all what a fantastic tool and great presentation at SANS summit ! The timeline option start and end date is also quiet good during IR but it is possible to add also something like "--timeline-last-30days" or in general with an "X" for specific days
30,90 or 180 days based on experience.

I would then update my module for KAPE or add a new one
https://github.com/EricZimmerman/KapeFiles/blob/master/Modules/Apps/GitHub/Hayabusa/hayabusa_LiveResponse.mkape

Thanks in advance and please continue with more fantastic updates

Regards
@YamatoSecurity
Copy link
Collaborator

@gs3cl Thanks for the issue! Glad you enjoyed the presentation. I will talk to the other developers about this. It shouldn't be too difficult to implement but we also don't want to overload users with too many options.

@hitenkoku hitenkoku self-assigned this Aug 16, 2023
@hitenkoku hitenkoku added the enhancement New feature or request label Aug 16, 2023
@YamatoSecurity
Copy link
Collaborator

@hitenkoku What about implementing it as --timeline-last-days <NUMBER> Scan just the most recent number of days ?
I'd like to implement it for all commands that it is applicable to. (Not just csv-timeline and json-timeline but logon-summary, eid-metrics, pivot-keywords as well)

@YamatoSecurity YamatoSecurity changed the title add option for timeline last X days --timeline-offset <OFFSET> option Aug 18, 2023
@YamatoSecurity
Copy link
Collaborator

@hitenkoku Sorry, I'd like to update this to --timeline-offset <OFFSET> Scan recent events based on an offset. (ex: 1y, 30d, 24h, etc..) instead.
1y for 1 year
3M for 3 months
30d for 30 days
24h for 24 hours
30m for 30 minutes

Sorry this might be a little more complex to implement but what do you think?

@hitenkoku hitenkoku added this to the v2.8.0 milestone Aug 26, 2023
hitenkoku added a commit that referenced this issue Aug 28, 2023
@hitenkoku
feat(configs): added timeline-offset option #1159
5a90424
hitenkoku added a commit that referenced this issue Aug 28, 2023
@hitenkoku
feat(configs): added timefilter processing via timeline-offset option #…
2be4186 
…1159
hitenkoku added a commit that referenced this issue Aug 28, 2023
@hitenkoku
test: modified test due to add timeline-offset option #1159
52cc8b8
hitenkoku added a commit that referenced this issue Aug 28, 2023
@hitenkoku
feat(main): added timeline-offset feature in search command #1159
159f1a9
hitenkoku added a commit that referenced this issue Aug 28, 2023
@hitenkoku
style(main, configs): cargo fmt #1159
f9f0ccd
hitenkoku added a commit that referenced this issue Aug 28, 2023
@hitenkoku
test(configs): added timeline-offset test in csv-timeline #1159
3b3f11e
hitenkoku added a commit that referenced this issue Aug 28, 2023
@hitenkoku
test(configs): added timeline-offset option test #1159
d15659d
@hitenkoku hitenkoku linked a pull request Aug 28, 2023 that will close this issue
Added timeline offset offset option #1167
Merged
hitenkoku added a commit that referenced this issue Aug 28, 2023
@hitenkoku
UI(configs): reordered timeline-offset option #1159
c6d8bf9
hitenkoku added a commit that referenced this issue Aug 28, 2023
@hitenkoku
docs(CHANGELOG): added #1159
6327fa2
hitenkoku added a commit that referenced this issue Aug 29, 2023
@hitenkoku
feat(configs): added 'M'(month) in timeline offset #1159
e46046a
hitenkoku added a commit that referenced this issue Aug 31, 2023
@hitenkoku
fix(configs): fixed error case in timeline-offset option #1159
4fe71f1
@gs3cl
Copy link
Author

gs3cl commented Aug 31, 2023

Thanks you are awesome!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hitenkoku hitenkoku

Labels
enhancement New feature or request
Projects
None yet
Milestone
v2.8.0
Development

Successfully merging a pull request may close this issue.

Added timeline offset offset option Yamato-Security/hayabusa
3 participants
@hitenkoku @YamatoSecurity @gs3cl