hayabusa

hayabusa copied to clipboard

feature(option): auto complete

7

fix #1058 ## What Changed add auto complete feature. ## Evidence in Bash. ``` $ hayabusa [tab] --debug eid-metrics level-tuning auto-complete csv-timeline pivot-keywords-list set-default-profile computer-metrics json-timeline search list-contributors help logon-summary...

kazuminn

Support multiple grouping by in `count`

1

@fukusuket This is related to Event and Value Counting correlation rules. Since we need to support multiple `group-by`, it might be better to first implement and test this with our...

YamatoSecurity

Sigma correlations support: Value Count

1

@fukusuket This one is similar to Event Count by also looks for when fields are different so you probably should do this issue after Event Count. Value Count sample: ```...

YamatoSecurity

Sigma correlations support: Event Count

1

@fukusuket Here is a (maybe) hard one for you. I'd like to start supporting sigma correlations starting with Event Count and Value Count types since we already have the logic...

YamatoSecurity

Improving count rule's output

7

https://github.com/Yamato-Security/hayabusa/pull/1341#issuecomment-2097170105 >1. Is it possible to put in the `Channel` and `EventID` info? When there are multiple values, we can separate them with ` ¦ `. >2. `ExtraFieldInfo` is blank...

fukusuket

feat(main): adjusted splunk api json format #1083

7

## What Changed - Adjusted Splunk API Json Format.

hitenkoku

Support for `Provider_name` and `Data[x]` notation to the field mapping

4

Currently, the field mapping feature does not support following point: - `Provider_name` matching - e.g. Since the Application log has multiple `Provider_names`, we need to convert the field value only...

fukusuket

feat: add support for `Data[x]` notation and `Provider_Name`(field mapping feature's config)

4

## What Changed - Closed #1350 - added support `Provider_Name` in data mapping config(Optional) - added support multiple `Provider_Name` in data mapping config(Optional) - added support `Data[x]` notation in data...

fukusuket

## What Changed Added GitHub Actions for csv/json timeline diff check. This Action does the following for both main/selected branch. - `checkout ` - `cargo run --release -- update-rules -q`...

fukusuket

Support encoded rules to avoid AV false positives

9

In order to prevent Windows defender from alerting on false positives on yml rules and to minimize the amount of files we need to save to the system, I would...

YamatoSecurity