Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a %RecoveredRecord% column to the output profile. #1160

Closed
YamatoSecurity opened this issue Aug 15, 2023 · 0 comments · Fixed by #1164
Closed

Add a %RecoveredRecord% column to the output profile. #1160

YamatoSecurity opened this issue Aug 15, 2023 · 0 comments · Fixed by #1164
Assignees
@hitenkoku
Labels
enhancement New feature or request
Milestone
v2.8.0

Comments

@YamatoSecurity
Copy link
Collaborator

YamatoSecurity commented Aug 15, 2023
edited
Loading

When -x is used to recover records, I want to automatically add a %RecoveredRecord% column to the output profile.
For example, if the output profile is standard, it would change from
%Timestamp%, %Computer%, %Channel%, %EventID%, %Level%, %RecordID%, %RuleTitle%, %Details%, %ExtraFieldInfo%
to
%Timestamp%, %Computer%, %Channel%, %EventID%, %Level%, %RecordID%, %RuleTitle%, %Details%, %ExtraFieldInfo%, %RecoveredRecord%
When the record is recovered, the data should be Y (for Yes) and blank when it is just a normal record.
@YamatoSecurity YamatoSecurity added the enhancement New feature or request label Aug 15, 2023
@YamatoSecurity YamatoSecurity added this to the v2.8.0 milestone Aug 15, 2023
@hitenkoku hitenkoku self-assigned this Aug 15, 2023
hitenkoku added a commit that referenced this issue Aug 21, 2023
@hitenkoku
feat: added recoveredrecord column processing #1160
b28edc2
hitenkoku added a commit that referenced this issue Aug 21, 2023
@hitenkoku
test: changed test due to add a recovered record column #1160
09bbfaa
hitenkoku added a commit that referenced this issue Aug 21, 2023
@hitenkoku
docs(CHANGELOG): added #1160
c5954d1
hitenkoku added a commit that referenced this issue Aug 21, 2023
@hitenkoku
feat: added RecoverRecord field in json-timeline #1160
49d7c6c
@hitenkoku hitenkoku linked a pull request Aug 21, 2023 that will close this issue
added RecoveredRecord column to the output profile #1164
Merged
hitenkoku added a commit that referenced this issue Aug 21, 2023
@hitenkoku
UI(detection): modified recoveredrecord field value to "Y" #1160
be9f5f2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hitenkoku hitenkoku

Labels
enhancement New feature or request
Projects
None yet
Milestone
v2.8.0
Development

Successfully merging a pull request may close this issue.

added RecoveredRecord column to the output profile Yamato-Security/hayabusa
2 participants
@hitenkoku @YamatoSecurity