search

Yamato-Security / hayabusa

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
GNU Affero General Public License v3.0
2.32k stars 203 forks source link

Output field information in green and messages in orange #1491

Closed YamatoSecurity closed 6 days ago

YamatoSecurity commented 1 week ago

For the following output when running:

Start time: 2024/11/13 08:03

Total event log files: 598
Total file size: 139.2 MB

Loading detection rules. Please wait.

Excluded rules: 26
Noisy rules: 12 (Disabled)

Deprecated rules: 216 (5.01%) (Disabled)
Experimental rules: 373 (8.65%)
Stable rules: 241 (5.59%)
Test rules: 3,700 (85.77%)
Unsupported rules: 42 (0.97%) (Disabled)

Correlation rules: 3 (0.07%)
Correlation referenced rules: 3 (0.07%)

Hayabusa rules: 175
Sigma rules: 4,139
Total detection rules: 4,314

Creating the channel filter. Please wait.

Evtx files loaded after channel filter: 585
Detection rules enabled after channel filter: 4,237

Output profile: standard

I would like to output the hogehoge: parts (Ex: Start time:, Total event log files:, etc...) in the same green as the HAYABUSA logo. (With the ability to disable colors with the --no-color option.) Also Scan wizard: in green. At the end:

Elapsed time: 00:00:07.1247

Please report any issues with Hayabusa rules to: https://github.com/Yamato-Security/hayabusa-rules/issues
Please report any false positives with Sigma rules to: https://github.com/SigmaHQ/sigma/issues
Please submit new Sigma rules with pull requests to: https://github.com/SigmaHQ/sigma/pulls

Elapsed time:, Please report any issues with Hayabusa rules to:, etc... also in green.

I want to output Loading detection rules. Please wait., Creating the channel filter. Please wait., Scanning finished. in the same orange color as ? and (y/n) in the scan wizard settings.

I think this will make things easier to read and look better.

@fukusuket could I ask you to do this one?

fukusuket commented 1 week ago

Sounds Good! Yes, I would love to implement it!💪

fukusuket commented 1 week ago 
Color::Rgb(0, 255, 0) // green
Style::new().color256(46), // green

Color::Rgb(0,255,255) // cyan
Style::new().color256(51), // cyan

Color::Rgb(255,175,0) // orange
Style::new().color256(214).apply_to("❯".to_string()), // orange
fukusuket commented 1 week ago

@YamatoSecurity Is it correct that the following message is also output in orange? 👀

YamatoSecurity commented 1 week ago

Yes! I'd also like to output these messages in orange.

@YamatoSecurity Is it correct that the following message is also output in orange? 👀

fukusuket commented 1 week ago

@YamatoSecurity I have a question! Which specification is the expected behavior?

YamatoSecurity commented 1 week ago

@YamatoSecurity I have a question! Which specification is the expected behavior?

  • Start time: <- Orange + 2024/11/13 08:03<- white
  • Start time: 2024/11/13 08:03 <- whole Orange

I would like to do Start time: <- Green + 2024/11/13 08:03<- white

but whole orange for things like the opening messages, warning messages, etc.. (The places that don't have field: something format.)