Closed fukusuket closed 11 months ago
@fukusuket Thanks for finding and fixing this! Is this just a bug in 2.10.0? It seems to be working up to 2.9.0:
./hayabusa-2.9.0-mac-intel update-rules
╔╗ ╔╦═══╦╗ ╔╦═══╦══╗╔╗ ╔╦═══╦═══╗
║║ ║║╔═╗║╚╗╔╝║╔═╗║╔╗║║║ ║║╔═╗║╔═╗║
║╚═╝║║ ║╠╗╚╝╔╣║ ║║╚╝╚╣║ ║║╚══╣║ ║║
║╔═╗║╚═╝║╚╗╔╝║╚═╝║╔═╗║║ ║╠══╗║╚═╝║
║║ ║║╔═╗║ ║║ ║╔═╗║╚═╝║╚═╝║╚═╝║╔═╗║
╚╝ ╚╩╝ ╚╝ ╚╝ ╚╝ ╚╩═══╩═══╩═══╩╝ ╚╝
by Yamato Security
Start time: 2023/11/05 08:19
- Suspicious Non-Browser Network Communication With Google API (Modified: 2023/11/03 | Path: rules/sigma/sysmon/network_connection/net_connection_win_google_api_non_browser_access.yml)
- Obfuscated IP Download Activity (Modified: 2023/10/29 | Path: rules/sigma/sysmon/process_creation/proc_creation_win_susp_obfuscated_ip_download.yml)
- Uncommon PowerShell Hosts (Modified: 2023/11/03 | Path: rules/sigma/builtin/powershell/powershell_classic/posh_pc_alternate_powershell_hosts.yml)
- Obfuscated IP Download Activity (Modified: 2023/10/29 | Path: rules/sigma/builtin/process_creation/proc_creation_win_susp_obfuscated_ip_download.yml)
Updated Sigma rules: 4
Rules updated successfully.
There is a new version of Hayabusa: v2.10.0
You can download it at https://github.com/Yamato-Security/hayabusa/releases
@YamatoSecurity Thank you for checking issue :) Yes, this is an issue that only occurs in 2.10.0. (This is because after implementing the Scan Wizard feature, it is necessary to internally specify that all rules are targeted when executing the update-rules command.)
Describe the bug
update-rules
command always outputYou currently have the latest rules.
Step to Reproduce
hayabusa update-rules
Expected behavior Updated rule name is output
Actual behavior Updated rule name is not output
Environment
Additional context The standard output message output is incorrect, but the rule update was actually successful.