Output JSON format in `json-timeline` for standard output

Yamato-Security / hayabusa

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

GNU Affero General Public License v3.0

2.26k stars 200 forks source link

Output JSON format in `json-timeline` for standard output #1197

Closed YamatoSecurity closed 8 months ago

YamatoSecurity commented 12 months ago

When outputting to standard output with the json-timeline command the results are the same as csv-timeline, however, it would be nice to output in JSON format for quick testing when creating rules, etc.. colored_json looks like a good crate to use as I would like to output in color to make easier to read.

hitenkoku commented 11 months ago

@YamatoSecurity Thanks for creating issue. I implemented json-timeline and jsonl-timeline standard I/O with colored-json crate. because output of json-output each record to reduce memory usage, formatted json outputting is difficult.

> ./1197.exe json-timeline -d ../hayabusa-sample-evtx -w

hitenkoku commented 11 months ago