search

Yamato-Security / hayabusa

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
GNU Affero General Public License v3.0
2.3k stars 203 forks source link

Bug: `logon-summary` crash #1477

Closed YamatoSecurity closed 6 days ago

YamatoSecurity commented 1 week ago

When there is a corrupted log, logon-summary will crash: 

[ERROR] timestamp parse error. input: null input contains invalid characters
thread 'main' panicked at src/timeline/metrics.rs:230:36:
called `Option::unwrap()` on a `None` value
YamatoSecurity commented 1 week ago

I noticed that this only happens with -x is used and therefore the events are more corrupt than normal. This may be related to https://github.com/Yamato-Security/hayabusa/pull/1418 Someone created a PR to fix something but then closed it and never re-opened it so we might also want to fix this bug as well.