search

Yamato-Security / hayabusa

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
GNU General Public License v3.0
2.1k stars 183 forks source link

[bug] Rule Author does not appear in the terminal #1383

Closed fukusuket closed 6 days ago

fukusuket commented 2 weeks ago

Describe the bug Rule Author does not appear in the terminal in Windows 11 Pro (only English locale?)

Step to Reproduce

  1. Create Windows11 machine in Azure with default setting.
  2. Open Command prompt as Administrator
  3. hayabusa-2.6.0-win-x64.exe csv-timeline -l -w -o timeline.csv

Expected behavior Rule Author appear in the terminal.

Actual behavior Rule Author does not appear in the terminal as follows.

Screenshots

スクリーンショット 2024-07-07 15 35 46

Environment

Additional context The systeminfo of the reproduced environment is as follows.

C:\Users\fukusuket\Downloads\hayabusa-2.16.0-win-x64>systeminfo

Host Name:                 hayabusa
OS Name:                   Microsoft Windows 11 Pro
OS Version:                10.0.22621 N/A Build 22621
OS Manufacturer:           Microsoft Corporation
OS Configuration:          Standalone Workstation
OS Build Type:             Multiprocessor Free
Registered Owner:          N/A
Registered Organization:   N/A
Product ID:                00331-10000-00001-AA795
Original Install Date:     7/7/2024, 6:27:31 AM
System Boot Time:          7/7/2024, 6:22:31 AM
System Manufacturer:       Microsoft Corporation
System Model:              Virtual Machine
System Type:               x64-based PC
Processor(s):              1 Processor(s) Installed.
                           [01]: Intel64 Family 6 Model 85 Stepping 4 GenuineIntel ~2095 Mhz
BIOS Version:              Microsoft Corporation Hyper-V UEFI Release v4.1, 5/13/2024
Windows Directory:         C:\Windows
System Directory:          C:\Windows\system32
Boot Device:               \Device\HarddiskVolume3
System Locale:             en-us;English (United States)
Input Locale:              en-us;English (United States)
Time Zone:                 (UTC) Coordinated Universal Time
Total Physical Memory:     8,141 MB
Available Physical Memory: 5,389 MB
Virtual Memory: Max Size:  10,061 MB
Virtual Memory: Available: 7,437 MB
Virtual Memory: In Use:    2,624 MB
Page File Location(s):     D:\pagefile.sys
Domain:                    WORKGROUP
Logon Server:              \\hayabusa
Hotfix(s):                 3 Hotfix(s) Installed.
                           [01]: KB5036620
                           [02]: KB5039212
                           [03]: KB5037959
Network Card(s):           1 NIC(s) Installed.
                           [01]: Microsoft Hyper-V Network Adapter
                                 Connection Name: Ethernet
                                 DHCP Enabled:    Yes
                                 DHCP Server:     168.63.129.16
                                 IP address(es)
                                 [01]: 10.0.0.4
                                 [02]: fe80::418b:1055:e9ba:6826
Hyper-V Requirements:      A hypervisor has been detected. Features required for Hyper-V will not be displayed.
fukusuket commented 2 weeks ago

It does not occur in the following environments, so it appears to be an issue that occurs in specific locales or editions.

fukusuket commented 6 days ago

Somehow, when I followed the same steps again to create windows 11 with azure, it did not reproduce...😲 I'll close this issue!