Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ルール場所指定オプションでファイルを扱えるようにする #364

Merged
merged 5 commits into from
Jan 31, 2022
Merged

ルール場所指定オプションでファイルを扱えるようにする #364

merged 5 commits into from
Jan 31, 2022

Conversation

kazuminn
Copy link
Collaborator

@kazuminn kazuminn commented Jan 19, 2022
edited
Loading

fix #311

現状、ルール場所を指定するオプションはディレクトリしか指定できない。

ファイルも指定できるようにする。

両方とも同じオプションでできるようにしました。(--rules)

@kazuminn kazuminn self-assigned this Jan 19, 2022
@kazuminn kazuminn added this to the v1.1 milestone Jan 19, 2022
@hitenkoku hitenkoku linked an issue Jan 19, 2022 that may be closed by this pull request
-R --rule-file=というオプションでディレクトリ指定ではなく、一つのルールファイルだけを使うオプション #311
Closed
@hitenkoku hitenkoku marked this pull request as draft January 20, 2022 11:31
@kazuminn
Copy link
Collaborator Author

手動テストで、以下のファイル単体で検知できていることが確認できた。ディレクトリに対してもできました。

 .\target\release\hayabusa.exe  -D -n -r C:\Users\warug\hayabusa-rules\hayabusa\default\events\BitsClientOperational\59_BITS-Jobs_BitsJobCreation.yml -f 'C:\Users\warug\hayabusa-sample-evtx\EVTX-ATTACK-SAMPLES\Command and Control\bits_openvpn.evtx'

@kazuminn kazuminn marked this pull request as ready for review January 21, 2022 05:06
@kazuminn kazuminn changed the title [WIP] ルール場所指定オプションでファイルを扱えるようにする ルール場所指定オプションでファイルを扱えるようにする Jan 21, 2022
@kazuminn kazuminn added the enhancement New feature or request label Jan 21, 2022
@kazuminn
Copy link
Collaborator Author

レビューお願いします。

hitenkoku
hitenkoku approved these changes Jan 21, 2022
View reviewed changes
Copy link
Collaborator

@hitenkoku hitenkoku left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

問題ないと思います。ただ pub 関数ではあるのでテストを追加するようにはしておいてください

@kazuminn kazuminn merged commit d1597b2 into develop Jan 31, 2022
@kazuminn kazuminn deleted the feature/rules_option branch January 31, 2022 03:09
hitenkoku added a commit that referenced this pull request Jan 31, 2022
@hitenkoku
update usage #364 #376
181ecf3
hitenkoku added a commit that referenced this pull request Feb 9, 2022
@hitenkoku @YamatoSecurity
Hotfix/no output colorcode in no true color#376 (#378)
9cb54a9 
* added color code emit_csv test

* replaced HashMap and HashSet to hashbrown #368

* removed debug output in test #368

* added color option #376

* fixed process of output check #376

* removed color output check from test #376

* english updates

* colored detections and rules count output by level #384

* refactoring in colored output process #384

* update usage #364 #376

* fixed markdown lint

* added windows terminal bug evasion way #382

* update readme

* fixed colored output test

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
@hitenkoku hitenkoku added this to the v1.1 milestone Mar 7, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hitenkoku hitenkoku hitenkoku approved these changes

Assignees

@kazuminn kazuminn

Labels
enhancement New feature or request
Projects
None yet
Milestone
v1.1
2 participants
@kazuminn @hitenkoku