diff --git a/CHANGELOG-Japanese.md b/CHANGELOG-Japanese.md index 5093c5e11..0759136d9 100644 --- a/CHANGELOG-Japanese.md +++ b/CHANGELOG-Japanese.md @@ -1,49 +1,29 @@ # 変更点 -## 2.10.0 [2023/XX/XX] "xxx Release" - -**新機能:** - -- XXX - -**改善:** - -- XXX - -**バグ修正:** - -- XXX - -**その他:** - -- CIを通すためにtimeクレートを利用している更新されていないhhmmssクレートを除外した。 (#1181) (@hitenkoku) - -## 2.9.0 [2023/XX/XX] "xxx Release" - -**新機能:** - -- XXX +## 2.9.0 [2023/09/22] "Autumn Rain Release" **改善:** - ディレクトリパスの指定にバックスラッシュを使用すべきではないことを示すエラーメッセージを追加した。 (#1166) (@hitenkoku, 提案者: @joswr1ght) - 一度に読み込むレコード数の最適化。(#1175) (@yamatosecurity) - プログレスバー内にあるバックスラッシュの表示をスラッシュに変更した。 (#1172) (@hitenkoku) +- JSON形式で出力する際に、`count`ルールの`Details`フィールドを文字列にし、パースしやすくした。(#1179) (@hitenkoku) +- デフォルトのスレッド数をCPU数から、プログラムが使用すべきデフォルトの並列度の推定値(`std::thread::available_parallelism`)に変更した。(#1182) (@hitenkoku) **バグ修正:** -- XXX +- まれにJSONフィールドが正しくパースされない状態を修正した。(#1145) (@hitenkoku) **その他:** -- XXX +- CIを通すために`time`クレートを利用している更新されていない`hhmmss`クレートを除外した。 (#1181) (@hitenkoku) ## 2.8.0 [2023/09/01] "Double X Release" **新機能:** - フィールドマッピング設定に16進数値を10進数に変換する`HexToDecimal`機能に対応した。 (元の16進数のプロセスIDを変換するのに便利。) (#1133) (@fukusuket) -- `csv-timeline`と`json-timeline`に`-x, --recover-records`オプションを追加し、空ページのファイルカービングによってevtxレコードを復元できるようにした。(#952) (@hitenkoku) (Evtxカービング機能は@forensicmattに実装された。) +- `csv-timeline`と`json-timeline`に`-x, --recover-records`オプションを追加し、evtxのスラックスペースのファイルカービングによってevtxレコードを復元できるようにした。(#952) (@hitenkoku) (Evtxカービング機能は@forensicmattに実装された。) - `csv-timeline`と`json-timeline`に`-X, --remove-duplicate-detections`オプションを追加した。(`-x`を使用する場合、重複データのあるバックアップログを含める場合などに便利。) (#1157) (@fukusuket) - `csv-timeline`、`json-timeline`、`logon-summary`、`eid-metrics`、`pivot-keywords-list`、`search`コマンドに、直近のイベントだけをスキャンするための`--timeline-offset`オプションを追加した。 (#1159) (@hitenkoku) - `search`コマンドに`-a, --and-logic`オプションを追加し、複数のキーワードをAND条件で検索できるようにした。 (#1162) (@hitenkoku) diff --git a/CHANGELOG.md b/CHANGELOG.md index e7a96e8f3..b3aaea565 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,57 +1,29 @@ # Changes -## 2.10.0 [2023/XX/XX] "xxx Release" - -**New Features:** - -- XXX - -**New Features:** - -- XXX - -**Enhancements:** - -- XXX - -**Bug Fixes:** - -- XXX - -**Other:** - -- Excluded unupdated hhmmss crates that use time crates to pass CI. (#1181) (@hitenkoku) - -## 2.9.0 [2023/XX/XX] "xxx Release" - -**New Features:** - -- XXX - -**New Features:** - -- XXX +## 2.9.0 [2023/09/22] "Autumn Rain Release" **Enhancements:** - Added an error message to indicate that when you can't load evtx files in Windows due to specifying a directory path with spaces in it, you need to remove the trailing backslash. (#1166) (@hitenkoku, thanks for the suggestion from @joswr1ght) -- Optimized the number of records to load at a time. (#1175) (@yamatosecurity) -- Replaced double backslashes in paths in under the progress bar on Windows systems with single forward slashes. (#1172) (@hitenkoku) +- Optimized the number of records to load at a time for performance. (#1175) (@yamatosecurity) +- Replaced double backslashes in paths under the progress bar on Windows systems with single forward slashes. (#1172) (@hitenkoku) +- Made the `Details` field for `count` rules a string in the JSON output for easier parsing. (#1179) (@hitenkoku) +- Changed the default number of threads from number of CPUs to the estimate of the default amount of parallelism a program should use (`std::thread::available_parallelism`). (#1182) (@hitenkoku) **Bug Fixes:** -- XXX +- Fixed JSON fields would not be correctly parsed in rare cases. (#1145) (@hitenkoku) **Other:** -- XXX +- Removed the unmaintained `hhmmss` crate that uses an old `time` crate in order to pass the code coverage CI checks. (#1181) (@hitenkoku) ## 2.8.0 [2023/09/01] "Double X Release" **New Features:** - Added support for `HexToDecimal` in the field mapping configuration files to convert hex values to decimal. (Useful for converting the original process IDs from hex to decimal.) (#1133) (@fukusuket) -- Added `-x, --recover-records` option to `csv-timeline` and `json-timeline` to recover evtx records through file carving on empty pages. (#952) (@hitenkoku) (Evtx carving feature is thanks to @forensicmatt) +- Added `-x, --recover-records` option to `csv-timeline` and `json-timeline` to recover evtx records through file carving in evtx slack space. (#952) (@hitenkoku) (Evtx carving feature is thanks to @forensicmatt) - Added `-X, --remove-duplicate-detections` option to `csv-timeline` and `json-timeline` to not output any duplicate detection entries. (Useful when you use `-x`, include backup logs or logs extracted from VSS with duplicate data, etc...) - Added a `--timeline-offset` option to `csv-timeline`, `json-timeline`, `logon-summary`, `eid-metrics`, `pivot-keywords-list` and `search` commands to scan just recent events based on a offset of years, months, days, hours, etc... (#1159) (@hitenkoku) - Added a `-a, --and-logic` option in the `search` command to search keywords with AND logic. (#1162) (@hitenkoku) diff --git a/Cargo.lock b/Cargo.lock index 6a7d87e9e..cc9e1d7ea 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -509,12 +509,6 @@ version = "0.3.13" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f578e8e2c440e7297e008bb5486a3a8a194775224bbc23729b0dbdfaeebf162e" -[[package]] -name = "deranged" -version = "0.3.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f2696e8a945f658fd14dc3b87242e6b80cd0f36ff04ea560fa39082368847946" - [[package]] name = "dialoguer" version = "0.10.4" @@ -660,7 +654,7 @@ dependencies = [ [[package]] name = "evtx" version = "0.8.7" -source = "git+https://github.com/Yamato-Security/hayabusa-evtx.git?rev=c8391f1#c8391f173eb5d80b9def72ffd68e2a5c6867c945" +source = "git+https://github.com/Yamato-Security/hayabusa-evtx.git?rev=d7af285#d7af285430398803e653ae06864bd65d61ec9063" dependencies = [ "anyhow", "bitflags 2.4.0", @@ -680,7 +674,6 @@ dependencies = [ "rpmalloc", "serde", "serde_json", - "simplelog", "skeptic", "thiserror", "winstructs", @@ -807,7 +800,7 @@ dependencies = [ [[package]] name = "hayabusa" -version = "2.9.0-dev" +version = "2.9.0" dependencies = [ "aho-corasick", "base64", @@ -1399,15 +1392,6 @@ dependencies = [ "libc", ] -[[package]] -name = "num_threads" -version = "0.1.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2819ce041d2ee131036f4fc9d6ae7ae125a3a40e97ba64d04fe799ad9dabbb44" -dependencies = [ - "libc", -] - [[package]] name = "number_prefix" version = "0.4.0" @@ -1775,7 +1759,7 @@ checksum = "cd8d6c9f025a446bc4d18ad9632e69aec8f287aa84499ee335599fabd20c3fd8" dependencies = [ "log", "ring", - "rustls-webpki 0.101.5", + "rustls-webpki 0.101.6", "sct", ] @@ -1791,9 +1775,9 @@ dependencies = [ [[package]] name = "rustls-webpki" -version = "0.101.5" +version = "0.101.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "45a27e3b59326c16e23d30aeb7a36a24cc0d29e71d68ff611cdfb4a01d013bed" +checksum = "3c7d5dece342910d9ba34d259310cae3e0154b873b35408b787b59bce53d34fe" dependencies = [ "ring", "untrusted", @@ -1912,17 +1896,6 @@ dependencies = [ "libc", ] -[[package]] -name = "simplelog" -version = "0.12.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "acee08041c5de3d5048c8b3f6f13fafb3026b24ba43c6a695a0c76179b844369" -dependencies = [ - "log", - "termcolor", - "time", -] - [[package]] name = "skeptic" version = "0.13.7" @@ -2028,9 +2001,9 @@ dependencies = [ [[package]] name = "termcolor" -version = "1.1.3" +version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bab24d30b911b2376f3a13cc2cd443142f0c81dda04c118693e35b3835757755" +checksum = "6093bad37da69aab9d123a8091e4be0aa4a03e4d601ec641c327398315f62b64" dependencies = [ "winapi-util", ] @@ -2087,36 +2060,6 @@ dependencies = [ "syn 2.0.37", ] -[[package]] -name = "time" -version = "0.3.28" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "17f6bb557fd245c28e6411aa56b6403c689ad95061f50e4be16c274e70a17e48" -dependencies = [ - "deranged", - "itoa", - "libc", - "num_threads", - "serde", - "time-core", - "time-macros", -] - -[[package]] -name = "time-core" -version = "0.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7300fbefb4dadc1af235a9cef3737cea692a9d97e1b9cbcd4ebdae6f8868e6fb" - -[[package]] -name = "time-macros" -version = "0.2.14" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1a942f44339478ef67935ab2bbaec2fb0322496cf3cbe84b261e06ac3814c572" -dependencies = [ - "time-core", -] - [[package]] name = "tinyvec" version = "1.6.0" diff --git a/Cargo.toml b/Cargo.toml index 6bc46ffe8..355182694 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,17 +1,17 @@ [package] name = "hayabusa" -version = "2.9.0-dev" +version = "2.9.0" repository = "https://github.com/Yamato-Security/hayabusa" authors = ["Yamato Security @SecurityYamato"] edition = "2021" -rust-version = "1.71.0" +rust-version = "1.72.1" include = ["src/**/*", "LICENSE.txt", "README.md", "CHANGELOG.md"] [dependencies] itertools = "*" dashmap = "*" clap = { version = "4.*", features = ["derive", "cargo", "color"]} -evtx = { git = "https://github.com/Yamato-Security/hayabusa-evtx.git" , features = ["fast-alloc"] , rev = "c8391f1" } # 0.8.7 2023/08/30 update +evtx = { git = "https://github.com/Yamato-Security/hayabusa-evtx.git" , features = ["fast-alloc"] , rev = "d7af285" } # 0.8.7 2023/09/22 update quick-xml = {version = "0.*", features = ["serialize"] } serde = { version = "1.*", features = ["derive"] } serde_json = { version = "1.0"} diff --git a/README.md b/README.md index 7c9556a0f..1e10ecadc 100644 --- a/README.md +++ b/README.md @@ -248,7 +248,7 @@ You can learn how to analyze JSON-formatted results with `jq` [here](doc/Analysi * Log enrichment by adding GeoIP (ASN, city, country) information to IP addresses. * Search all events for keywords or regular expressions. * Field data mapping. (Ex: `0xc0000234` -> `ACCOUNT LOCKED`) -* Evtx record carving from empty space. +* Evtx record carving from evtx slack space. * Event de-duplication when outputting. (Useful when recovery records is enabled or when you include backed up evtx files, evtx files from VSS, etc...) # Downloads @@ -475,7 +475,7 @@ Input: -f, --file File path to one .evtx file -l, --live-analysis Analyze the local C:\Windows\System32\winevt\Logs folder -J, --JSON-input Scan JSON formatted logs instead of .evtx (.json or .jsonl) - -x, --recover-records Carve evtx records from empty pages (default: disabled) + -x, --recover-records Carve evtx records from slack space (default: disabled) Filtering: --timeline-offset Scan recent events based on an offset (ex: 1y, 3M, 30d, 24h, 30m) @@ -514,7 +514,7 @@ Input: -f, --file File path to one .evtx file -l, --live-analysis Analyze the local C:\Windows\System32\winevt\Logs folder -J, --JSON-input Scan JSON formatted logs instead of .evtx (.json or .jsonl) - -x, --recover-records Carve evtx records from empty pages (default: disabled) + -x, --recover-records Carve evtx records from slack space (default: disabled) Filtering: --exclude-computer Do not scan specified computer names (ex: ComputerA) (ex: ComputerA,ComputerB) @@ -579,7 +579,7 @@ Input: -f, --file File path to one .evtx file -l, --live-analysis Analyze the local C:\Windows\System32\winevt\Logs folder -J, --JSON-input Scan JSON formatted logs instead of .evtx (.json or .jsonl) - -x, --recover-records Carve evtx records from empty pages (default: disabled) + -x, --recover-records Carve evtx records from slack space (default: disabled) Filtering: --exclude-computer Do not scan specified computer names (ex: ComputerA) (ex: ComputerA,ComputerB) @@ -635,7 +635,7 @@ Input: -f, --file File path to one .evtx file -l, --live-analysis Analyze the local C:\Windows\System32\winevt\Logs folder -J, --JSON-input Scan JSON formatted logs instead of .evtx (.json or .jsonl) - -x, --recover-records Carve evtx records from empty pages (default: disabled) + -x, --recover-records Carve evtx records from slack space (default: disabled) Filtering: -E, --EID-filter Scan only common EIDs for faster speed (./rules/config/target_event_IDs.txt) @@ -705,7 +705,7 @@ Input: -d, --directory Directory of multiple .evtx files -f, --file File path to one .evtx file -l, --live-analysis Analyze the local C:\Windows\System32\winevt\Logs folder - -x, --recover-records Carve evtx records from empty pages (default: disabled) + -x, --recover-records Carve evtx records from slack space (default: disabled) Filtering: -a, --and-logic Search keywords with AND logic (default: OR) @@ -793,7 +793,7 @@ Input: -f, --file File path to one .evtx file -l, --live-analysis Analyze the local C:\Windows\System32\winevt\Logs folder -J, --JSON-input Scan JSON formatted logs instead of .evtx (.json or .jsonl) - -x, --recover-records Carve evtx records from empty pages (default: disabled) + -x, --recover-records Carve evtx records from slack space (default: disabled) Filtering: -E, --EID-filter Scan only common EIDs for faster speed (./rules/config/target_event_IDs.txt) @@ -1051,7 +1051,7 @@ Input: -f, --file File path to one .evtx file -l, --live-analysis Analyze the local C:\Windows\System32\winevt\Logs folder -J, --JSON-input Scan JSON formatted logs instead of .evtx (.json or .jsonl) - -x, --recover-records Carve evtx records from empty pages (default: disabled) + -x, --recover-records Carve evtx records from slack space (default: disabled) Filtering: -E, --EID-filter Scan only common EIDs for faster speed (./rules/config/target_event_IDs.txt) diff --git a/rules b/rules index 3118742b7..73149dce2 160000 --- a/rules +++ b/rules @@ -1 +1 @@ -Subproject commit 3118742b76c18a79066f3676ea7b97e78550250a +Subproject commit 73149dce2cb3251a803be556a5ff1a267613ef0c diff --git a/src/detections/configs.rs b/src/detections/configs.rs index 60cc6c033..56a941221 100644 --- a/src/detections/configs.rs +++ b/src/detections/configs.rs @@ -727,7 +727,7 @@ fn check_thread_number(config: &Config) -> Option { pub enum Action { #[clap( author = "Yamato Security (https://github.com/Yamato-Security/hayabusa - @SecurityYamato)", - help_template = "\nHayabusa v2.8.0 - Double X Release\n{author-with-newline}\n{usage-heading}\n hayabusa.exe csv-timeline [OPTIONS]\n\n{all-args}", + help_template = "\nHayabusa v2.9.0 - Autumn Rain Release\n{author-with-newline}\n{usage-heading}\n hayabusa.exe csv-timeline [OPTIONS]\n\n{all-args}", term_width = 400, disable_help_flag = true, display_order = 290 @@ -737,7 +737,7 @@ pub enum Action { #[clap( author = "Yamato Security (https://github.com/Yamato-Security/hayabusa - @SecurityYamato)", - help_template = "\nHayabusa v2.8.0 - Double X Release\n{author-with-newline}\n{usage-heading}\n hayabusa.exe json-timeline [OPTIONS]\n\n{all-args}", + help_template = "\nHayabusa v2.9.0 - Autumn Rain Release\n{author-with-newline}\n{usage-heading}\n hayabusa.exe json-timeline [OPTIONS]\n\n{all-args}", term_width = 400, disable_help_flag = true, display_order = 360 @@ -747,7 +747,7 @@ pub enum Action { #[clap( author = "Yamato Security (https://github.com/Yamato-Security/hayabusa - @SecurityYamato)", - help_template = "\nHayabusa v2.8.0 - Double X Release\n{author-with-newline}\n{usage-heading}\n hayabusa.exe logon-summary [OPTIONS]\n\n{all-args}", + help_template = "\nHayabusa v2.9.0 - Autumn Rain Release\n{author-with-newline}\n{usage-heading}\n hayabusa.exe logon-summary [OPTIONS]\n\n{all-args}", term_width = 400, disable_help_flag = true, display_order = 383 @@ -757,7 +757,7 @@ pub enum Action { #[clap( author = "Yamato Security (https://github.com/Yamato-Security/hayabusa - @SecurityYamato)", - help_template = "\nHayabusa v2.8.0 - Double X Release\n{author-with-newline}\n{usage-heading}\n hayabusa.exe eid-metrics [OPTIONS]\n\n{all-args}", + help_template = "\nHayabusa v2.9.0 - Autumn Rain Release\n{author-with-newline}\n{usage-heading}\n hayabusa.exe eid-metrics [OPTIONS]\n\n{all-args}", term_width = 400, disable_help_flag = true, display_order = 310 @@ -767,7 +767,7 @@ pub enum Action { #[clap( author = "Yamato Security (https://github.com/Yamato-Security/hayabusa - @SecurityYamato)", - help_template = "\nHayabusa v2.8.0 - Double X Release\n{author-with-newline}\n{usage-heading}\n hayabusa.exe pivot-keywords-list [OPTIONS]\n\n{all-args}", + help_template = "\nHayabusa v2.9.0 - Autumn Rain Release\n{author-with-newline}\n{usage-heading}\n hayabusa.exe pivot-keywords-list [OPTIONS]\n\n{all-args}", term_width = 400, disable_help_flag = true, display_order = 420 @@ -777,7 +777,7 @@ pub enum Action { #[clap( author = "Yamato Security (https://github.com/Yamato-Security/hayabusa - @SecurityYamato)", - help_template = "\nHayabusa v2.8.0 - Double X Release\n{author-with-newline}\n{usage-heading}\n hayabusa.exe search <--keywords \"\" OR --regex \"\"> [OPTIONS]\n\n{all-args}", + help_template = "\nHayabusa v2.9.0 - Autumn Rain Release\n{author-with-newline}\n{usage-heading}\n hayabusa.exe search <--keywords \"\" OR --regex \"\"> [OPTIONS]\n\n{all-args}", term_width = 400, disable_help_flag = true, display_order = 450 @@ -787,7 +787,7 @@ pub enum Action { #[clap( author = "Yamato Security (https://github.com/Yamato-Security/hayabusa - @SecurityYamato)", - help_template = "\nHayabusa v2.8.0 - Double X Release\n{author-with-newline}\n{usage-heading}\n {usage}\n\n{all-args}", + help_template = "\nHayabusa v2.9.0 - Autumn Rain Release\n{author-with-newline}\n{usage-heading}\n {usage}\n\n{all-args}", term_width = 400, disable_help_flag = true, display_order = 470 @@ -797,7 +797,7 @@ pub enum Action { #[clap( author = "Yamato Security (https://github.com/Yamato-Security/hayabusa - @SecurityYamato)", - help_template = "\nHayabusa v2.8.0 - Double X Release\n{author-with-newline}\n{usage-heading}\n {usage}\n\n{all-args}", + help_template = "\nHayabusa v2.9.0 - Autumn Rain Release\n{author-with-newline}\n{usage-heading}\n {usage}\n\n{all-args}", term_width = 400, disable_help_flag = true, display_order = 380 @@ -807,7 +807,7 @@ pub enum Action { #[clap( author = "Yamato Security (https://github.com/Yamato-Security/hayabusa - @SecurityYamato)", - help_template = "\nHayabusa v2.8.0 - Double X Release\n{author-with-newline}\n{usage-heading}\n {usage}\n\n{all-args}", + help_template = "\nHayabusa v2.9.0 - Autumn Rain Release\n{author-with-newline}\n{usage-heading}\n {usage}\n\n{all-args}", term_width = 400, disable_help_flag = true, display_order = 451 @@ -825,7 +825,7 @@ pub enum Action { #[clap( author = "Yamato Security (https://github.com/Yamato-Security/hayabusa - @SecurityYamato)", - help_template = "\nHayabusa v2.8.0 - Double X Release\n{author-with-newline}\n{usage-heading}\n {usage}\n\n{all-args}", + help_template = "\nHayabusa v2.9.0 - Autumn Rain Release\n{author-with-newline}\n{usage-heading}\n {usage}\n\n{all-args}", term_width = 400, disable_help_flag = true, display_order = 290 @@ -1502,7 +1502,7 @@ pub struct InputOption { #[arg(help_heading = Some("Input"), short = 'l', long = "live-analysis", conflicts_with_all = ["filepath", "directory", "json_input"], display_order = 380)] pub live_analysis: bool, - /// Carve evtx records from empty pages (default: disabled) + /// Carve evtx records from slack space (default: disabled) #[arg(help_heading = Some("Input"), short = 'x', long = "recover-records", conflicts_with = "json_input", display_order = 440)] pub recover_records: bool, @@ -1618,7 +1618,7 @@ pub struct ComputerMetricsOption { #[derive(Parser, Clone, Debug)] #[clap( author = "Yamato Security (https://github.com/Yamato-Security/hayabusa - @SecurityYamato)", - help_template = "\nHayabusa v2.8.0 - Double X Release\n{author-with-newline}\n{usage-heading}\n hayabusa.exe [OPTIONS]\n hayabusa.exe help \n\n{all-args}{options}", + help_template = "\nHayabusa v2.9.0 - Autumn Rain Release\n{author-with-newline}\n{usage-heading}\n hayabusa.exe [OPTIONS]\n hayabusa.exe help \n\n{all-args}{options}", term_width = 400, disable_help_flag = true )] diff --git a/src/detections/utils.rs b/src/detections/utils.rs index 7c62b9ab2..753487c86 100644 --- a/src/detections/utils.rs +++ b/src/detections/utils.rs @@ -10,6 +10,7 @@ use hashbrown::{HashMap, HashSet}; use itertools::Itertools; use nested::Nested; use std::path::{Path, PathBuf}; +use std::thread::available_parallelism; use chrono::{Duration, Local}; use termcolor::{Color, ColorChoice}; @@ -284,8 +285,8 @@ pub fn get_event_value<'a>( } pub fn get_thread_num(thread_number: Option) -> usize { - let cpu_num = num_cpus::get(); - thread_number.unwrap_or(cpu_num) + let cpu_num = available_parallelism().unwrap(); + thread_number.unwrap_or(cpu_num.into()) } pub fn create_tokio_runtime(thread_number: Option) -> Runtime { diff --git a/src/main.rs b/src/main.rs index 4c4e4dc99..281b4418b 100644 --- a/src/main.rs +++ b/src/main.rs @@ -1007,7 +1007,7 @@ impl App { || stored_static.search_flag || stored_static.computer_metrics_flag) { - println!("Loading detections rules. Please wait."); + println!("Loading detection rules. Please wait."); println!(); }