search

Yamato-Security / hayabusa

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
GNU Affero General Public License v3.0
2.26k stars 200 forks source link

Enhancement: output which output profile is used #1055

Closed YamatoSecurity closed 1 year ago

YamatoSecurity commented 1 year ago

It seems to be confusing to new users about what information is being outputted so I want to output to the terminal which profile is being used.

After:

Start time: 2023/05/19 04:16

Total event log files: 585
Total file size: 137.2 MB

Loading detections rules. Please wait.

Excluded rules: 30
Noisy rules: 7 (Disabled)

Deprecated rules: 162 (4.53%) (Disabled)
Experimental rules: 1867 (52.15%)
Stable rules: 225 (6.28%)
Test rules: 1488 (41.56%)
Unsupported rules: 43 (1.20%) (Disabled)

Hayabusa rules: 152
Sigma rules: 3428
Total enabled detection rules: 3580

Output profile: standard

Scanning in progress. Please wait.

In the HTML report: Before:

Total enabled detection rules: 3580
Saved file: test.csv (17.6 MB)

After:

Total enabled detection rules: 3580
Output profile: standard
Saved file: test.csv (17.6 MB)

Right now, config/default_profile.yaml contains the fields to output by default but in order to keep track of what the default profile is, we could create a config/default_profile.txt file and just put the name of the default profile (example: standard) inside it. @hitenkoku What do you think?

Can I assign you to this since you are most familiar with the output profiles and HTML report?

hitenkoku commented 1 year ago

@YamatoSecurity Thank you very much. I think that content is fine with me as well.