-
@fukusuket Sorry I think this is going to be a difficult issue, but I think you will like it. 😉 Please let me know if you are interested in implementing it.
Right now, all of the unnamed `Data` fie…
-
When trying to use `Windows.Hayabusa.Rules` or some artifacts from `DetectRaptor.Windows.Detection.*` to create an offline collector, I get the error `ERROR client_repack: config file is too large t…
-
When Windows.EventLogs.Hayabusa artifact is executed, returns several errors using csv and/or jsonl outputs related to "Timestamp" field. By default, Hayabusa creates Timestamp field with the name "da…
-
-
Right now, when correlation rules are used, the following output is shown:
```
Loading detection rules. Please wait.
Undefined rules: 3 (100.00%)
Other rules: 3
Total detection rules: 3
…
-
I would only like to host rules in this repository so I separated the converter tool to this separate repo: https://github.com/Yamato-Security/sigma-to-hayabusa-converter
@fukusuket Could you update …
-
lndan dan1(717, 176, 336, 191, 176, 106, 613, 401, "ln1");
lndan dan2(805, 379, 805, 609, 377, 328, 805, 805, "ln2");
lndan dan3(836, 469, 921, 421, 612, 268, 1157, 538, "ln3");
lndan dan4(907,…
-
@fukusuket Sorry I noticed this bug after merging the previous PR..
I am using this rule:
```
title: Value Count TEST
id: 0e95725d-7320-415d-80f7-004da920fc11
level: high
correlation:
type:…
-
Hello :)
Since the `Hayabusa Ruleset` were recently updated, I compared the results of `Hayabusa` and `Velociraptor Sigma plugin`.
I would appreciate it if you could check it out.
Thank you!
#…
-
### Checked for duplicates
No - I haven't checked
### 🐛 Describe the bug
When I run validate with the `--update-context-products` flag, I get an Exception
### 🕵️ Expected behavior
I expected the …