-
**Describe the bug**
For Sysmon event ID 13 events, there is a field named `Details` that gets converted to a duplicate `TgtObj (TargetObject)`. I am not sure if it is because the field name is `Deta…
-
Server OS: Ubuntu 22.04 64 bit
Velociraptor Version: 0.7.1 pre-release
The "Sigma.Windows.Hayabusa.Rules" deploys and works like a charm with my current testing, but when attempting to deploy the …
-
打ち合わせ内で以下の機能についても要望があったのでissueを分けます。
---
hayabusaが出力したcsv情報をもとに、technique番号をMITRE ATTCKのheatmapで投入できる形のJSONファイルを出力するようにしたい。
https://mitre-attack.github.io/attack-navigator/v3/enterprise/
_…
-
Port over https://github.com/theAtropos4n6/Partition-4DiagnosticParser to a Hayabusa rule and Takajo command.
@fukusuket Would you be interested in this? I think we first need a hayabusa rule to extr…
-
The following parsing error occurred with the latest rules.
```
user input: C:\tmp\hayabusa-2.10.1-win-64-bit\hayabusa-2.10.1-win-x64.exe csv-timeline -f .\apt29_evals_day2_manual_2020-05-02035409.j…
-
**?(Question mark)** literals must be escaped as described in the Sigma specification document below.
>[String Wildcard](https://github.com/SigmaHQ/sigma-specification/blob/main/Sigma_specification.m…
-
**Describe the bug**
PowerShell Classic logs's `Data` field is output to multiple times resulting in incorrect JSON format.
**Step to Reproduce**
1. create test.yml and execute json-timeline comm…
-
As per these discussions: https://github.com/SigmaHQ/sigma/discussions/4510 and https://github.com/Yamato-Security/hayabusa-rules/issues/514
It seems best to extract out fields from the `Data` field …
-
This might be a dumb question, but i'm genuinely finding a little bit of difficulty on finding where i should be tweaking to be able to make the fetcher show an image aside from the unknown-os ascii a…
-
I'm adding a news section in Mobile Celestia (iOS(Mac via Catalyst)/Android), this feature will include two parts
1. When Celestia is launched, the latest news will be shown to the user (if the use…