[bug] Nothing is detected when using the `-J, --JSON-input` option with the timeline command because of `Channel` filter

[fukusuket]

Describe the bug Nothing is detected when using the -J, --JSON-input option with the timeline command because of Channel filer https://github.com/Yamato-Security/hayabusa/pull/1334 :( This issue occurs only in dev-2.16.0 version.

Step to Reproduce

1. Download apt29_evals_day1_manual.zip and unzip.
2. hayabusa csv-timeline -f ../apt29/apt29_evals_day1_manual_2020-05-01225525.json -J -w

Actual behavior Nothing is detected.

Expected behavior I expect the following behavior. It is necessary to consider which specifications to use.

• Detect as in version 2.15.0 (disable Channel filter when -J, --JSON-input)
• Indicate that -A, --enable-all-rules /-a, --scan-all-evtx-files option is required.
• Just like evtx, get the Channel of the first record and filter based on it
  • Is it okay to assume that JSON has 1 channel in 1 file like evtx?

Environment

• OS: macOS Sonoma 14.4.1
• Hayabusa version 2.16.0-dev(Occurs only in the version currently under development)

Additional context If you enable the -A, --enable-all-rules /-a, --scan-all-evtx-files option, it will be detected as in version 2.15.0.

[fukusuket]

@YamatoSecurity @hitenkoku I'm thinking about which is the best expected behavior...🤔, what do you think? Personally, I think it might be better to indicate that -A, --enable-all-rules /-a, --scan-all-evtx-files option is required...? (or if you have any other ideas, please let me know🙏)

[YamatoSecurity]

@fukusuket I think that is a good idea. Since the JSON(L) files won't usually be separated by Channel like evtx files then I think we can solve this by just requiring -A and -a whenever -J is specified.

[fukusuket]

@YamatoSecurity Thank you for comment! I'll Implement with the above specifications.

[YamatoSecurity]

Update: Since more options will usually confuse users, we should automatically disable the channel filter whenever the input is JSON, instead of EVTX