Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

category filtering #1119

Closed
YamatoSecurity opened this issue Jul 3, 2023 · 1 comment · Fixed by #1123
Closed

category filtering #1119

YamatoSecurity opened this issue Jul 3, 2023 · 1 comment · Fixed by #1123
Assignees
@hitenkoku
Labels
enhancement New feature or request
Milestone
v2.7.0

Comments

@YamatoSecurity
Copy link
Collaborator

Similar to --exclude-tags filtering, I want to add filtering for logsource category as well to let users only scan for certain categories or ignore certain categories to speed up scanning and reduce memory usage.

Under Filtering in csv-timeline and --json-timeline add the following:
--include-category <CATEGORY> Only load rules with certain logsource categories (ex: process_creation,pipe_created)
--exclude-category <CATEGORY> Do not load rules with certain logsource categories (ex: process_creation,pipe_created)
@YamatoSecurity YamatoSecurity added the enhancement New feature or request label Jul 3, 2023
@YamatoSecurity YamatoSecurity added this to the v2.7.0 milestone Jul 3, 2023
@hitenkoku hitenkoku self-assigned this Jul 3, 2023
@hitenkoku
Copy link
Collaborator

hitenkoku commented Jul 3, 2023
edited
Loading

Is this option to search for logsource > category, or is it unnecessary to search for logsource > product, and logsource > service ? If you need to filter by product, please let me create another option.

are --include-category and --exclude-category option each conflict?

hitenkoku added a commit that referenced this issue Jul 3, 2023
@hitenkoku
WIP(config): added include-category and exclude-category option and r…
1888062 
…eorder option #1119
hitenkoku added a commit that referenced this issue Jul 3, 2023
@hitenkoku
feat(yaml): added include-category and exclude-category processing #1119
9ed350a
hitenkoku added a commit that referenced this issue Jul 3, 2023
@hitenkoku
test: fixed test due to adding include-category and exclude-category …
f8ab225 
…options #1119
hitenkoku added a commit that referenced this issue Jul 3, 2023
@hitenkoku
test(yaml): added test for include-category and exclude-category #1119
6cd3005
hitenkoku added a commit that referenced this issue Jul 3, 2023
@hitenkoku
docs(CHANGELOG): added #1119
214f949
@hitenkoku hitenkoku linked a pull request Jul 3, 2023 that will close this issue
added category filtering #1123
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hitenkoku hitenkoku

Labels
enhancement New feature or request
Projects
None yet
Milestone
v2.7.0
Development

Successfully merging a pull request may close this issue.

added category filtering Yamato-Security/hayabusa
2 participants
@hitenkoku @YamatoSecurity