-
ChatGPTにHayabusaのソースコードで改善できるところがあるか聞いてみましたw:
ザック: give me specific examples in the source code of where we can optimize for better code in github.com/Yamato-Security/hayabusa
Here are some specif…
-
**Describe the bug**
`json-timeline` seems to fail on latest version of main branch 🤔
**Step to Reproduce**
Checkout main branch latest commit and execute command as follows
```
hayabusa.exe js…
-
Although many backends might not be able to support it, there is a need to check if two fields are equal or not.
Ref: [https://github.com/SigmaHQ/sigma/discussions/3902](https://github.com/SigmaHQ/si…
-
1. The grouping of options differs accoring to command so would like to organize that as well. (In order of importance, not by alphabet)
Also would like to 1) Rename `Options` to `General Options` an…
-
In Sigma rules, the following declaration is often used:
```
selection:
ImagePath|contains|all:
- 'ADMIN$'
- '.exe'
```
However, to use it in Hayabusa, it needs written in t…
-
現在9件のルールが`Field|base64offset|contains:`を使っていますが、対応していないので、使えません。
```
.//wmi_event/sysmon_wmi_susp_encoded_scripts.yml: Destination|base64offset|contains:
.//process_creation/proc_creation_…
-
It seems that the result field is slightly misaligned in the json output🤔
**Describe the bug**
Misaligned `details fields` in JSON output.
**Step to Reproduce**
1. Execute following command
…
-
**Describe the bug**
About 1 out of 10 times hayabuse.exe suspends when analyzing [large evtxes(6.1GB evtx)](https://github.com/Yamato-Security/hayabusa/issues/778#issuecomment-1296504766).
At firs…
-
**Describe the bug**
The following rule with `4 backslashes` is not detected correctly 🤔
- \rules\sigma\builtin\system\win_system_susp_service_installation.yml
- \rules\sigma\builtin\system\win_sy…
-
> 動作確認してみたのですが、./hayabusaだけでは`-h`のヘルプメニューが表示されませんでした。
> できれば、hayabusaのみ(オプション無し)を実行したら、「HAYABUSA」ロゴの後に`-h`の同じヘルプメニューを出力したいですね。
>
_Originally posted by @YamatoSecurity in https://github.com/Yamat…