search

Yamato-Security / hayabusa

Hayabusa (éš¼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
GNU Affero General Public License v3.0
2.26k stars 200 forks source link

[bug] json-timeline failed with panic #905

Closed fukusuket closed 1 year ago

fukusuket commented 1 year ago

Describe the bug json-timeline seems to fail on latest version of main branch 🤔

Step to Reproduce Checkout main branch latest commit and execute command as follows

hayabusa.exe json-timeline -d hayabusa-sample-evtx -o out.json

Expected behavior The command succeeded.

Actual behavior The command failed with panic.

fukusuke@fukusukenoMacBook-Air hayabusa-2.1.0-all-platforms % ./hayabusa json-timeline -d ~/Scripts/Rust/hayabusa-sample-evtx -o out.json -q
Start time: 2023/02/04 21:52

Analyzing event files: 581
Total file size: 136.9 MB

Loading detections rules. Please wait.

Excluded rules: 15
Noisy rules: 7 (Disabled)

Experimental rules: 1881 (56.17%)
Stable rules: 220 (6.57%)
Test rules: 1248 (37.26%)

Hayabusa rules: 146
Sigma rules: 3203
Total enabled detection rules: 3349

Scanning in progress. Please wait.

581 / 581 [=========================================================================================================================] 100.00 %

Analysis finished. Please wait while the results are being saved.

thread 'main' panicked at 'called `Option::unwrap()` on a `None` value', src/afterfact.rs:1147:13
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Environment

hitenkoku commented 1 year ago

Thanks for the issue report.

I will check it out.