Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Print count of rules in the scan wizard #1206

Closed
YamatoSecurity opened this issue Oct 31, 2023 · 5 comments · Fixed by #1219
Closed

Print count of rules in the scan wizard #1206

YamatoSecurity opened this issue Oct 31, 2023 · 5 comments · Fixed by #1219
Assignees
@hitenkoku
Labels
enhancement New feature or request
Milestone
v2.11.0

Comments

@YamatoSecurity
Copy link
Collaborator

Before:

? Which set of detection rules would you like to load? ›
❯ 1. Core ( status: test, stable | level: high, critical )
  2. Core+ ( status: test, stable | level: medium, high, critical )
  3. Core++ ( status: experimental, test, stable | level: medium, high, critical )
  4. All alert rules ( status: * | level: low+ )
  5. All event and alert rules ( status: * | level: informational+ )

? Include Emerging Threats rules? (y/n) › yes
? Include Threat Hunting rules? (y/n) › no

After:

? Which set of detection rules would you like to load? ›
❯ 1. Core  ( 500 rules ) ( status: test, stable | level: high, critical )
  2. Core+ ( 800 rules) ( status: test, stable | level: medium, high, critical ) 
  3. Core++ ( 1000 rules ) ( status: experimental, test, stable | level: medium, high, critical ) 
  4. All alert rules ( 2500 rules) ( status: * | level: low+ ) 
  5. All event and alert rules ( 3000 rules ) ( status: * | level: informational+ ) 

? Include Emerging Threats rules? ( 300 rules ) (y/n) › yes
? Include Threat Hunting rules? ( 200 rules ) (y/n) › no
@YamatoSecurity YamatoSecurity added the enhancement New feature or request label Oct 31, 2023
@YamatoSecurity YamatoSecurity added this to the v2.11.0 milestone Oct 31, 2023
@hitenkoku hitenkoku self-assigned this Oct 31, 2023
@hitenkoku
Copy link
Collaborator

hitenkoku commented Nov 3, 2023
edited
Loading

@YamatoSecurity Thanks for your issue.
I have two ideas.

  1. rule load and stock by prompt select before prompt output
    • This case rule load is one time, but it use memory to stock rule data before prompt.
  2. two times rule load way, first load is executed to count rule by choice before prompt output, second load is executed to load rule with selected prompt rule
  • This case File load is two times, but used memory can little differ.

I think better 2 than 1. What do you think?

@YamatoSecurity
Copy link
Collaborator Author

@hitenkoku Thanks for the question! Yes, I think we should prioritize using little memory and it does not take long to load rules especially if the first time just loads things like status, level, etc.. So let's do option 2.

@YamatoSecurity
Copy link
Collaborator Author

One thing that might be tricky with counting the number of rules to include is that they will change depending on what the user selects. For example, if there are rules that are bothnoisy and unsupported and rules that are both not noisy and unsupported then the number of rules the user can include will change depending on whether the user chooses yes or no for Include noisy rules?. This may make the logic for counting a little complex. What do you think?

@hitenkoku
Copy link
Collaborator

@YamatoSecurity Thanks for comment. I will implement option 2.
I think that it's better counting noisy and unsupported rules on first rule check.

For example, if there are rules that are bothnoisy and unsupported and rules that are both not noisy and unsupported then the number of rules the user can include will change depending on whether the user chooses yes or no for Include noisy rules?. This may make the logic for counting a little complex. What do you think?

@YamatoSecurity
Copy link
Collaborator Author

Yes, it will be too complicated to try to dynamically count them and probably confuse users.
Let's use the total count for rules based on their characteristics.

hitenkoku added a commit that referenced this issue Nov 17, 2023
@hitenkoku
feat: added print count of rules in the scan wizard #1206
0cd1d80
hitenkoku added a commit that referenced this issue Nov 18, 2023
@hitenkoku
docs(CHANGELOG): added #1206
fef2a34
@hitenkoku hitenkoku linked a pull request Nov 18, 2023 that will close this issue
Added print count of rules in the scan wizard #1219
Merged
hitenkoku added a commit that referenced this issue Nov 19, 2023
@hitenkoku
feat(main): fixed wizard output included exclude status #1206
691ee18
hitenkoku added a commit that referenced this issue Nov 19, 2023
@hitenkoku
fix(main): fixed typo #1206
f8cf6e6
hitenkoku added a commit that referenced this issue Nov 23, 2023
@hitenkoku
feat(yaml): modified rule count from id base to file base #1206
c9ad9a0
hitenkoku added a commit that referenced this issue Nov 23, 2023
@hitenkoku
feat(main): added noisy rule count in wizard section count #1206
a34f3ae
hitenkoku added a commit that referenced this issue Nov 23, 2023
@hitenkoku
feat(main): no output when include/exclude rule count is 0 in wizard #…
bdb4b00 
…1206
hitenkoku added a commit that referenced this issue Nov 23, 2023
@hitenkoku
feat(main): no asking about deprecated and unsupported excluded when …
e65e1d4 
…All alert or event selected #1206
hitenkoku added a commit that referenced this issue Nov 26, 2023
@hitenkoku
fix(main, yaml): removed duplicated rule count by tag in wizard #1206
7aa6ba5
hitenkoku added a commit that referenced this issue Nov 27, 2023
@hitenkoku
fix(main): removed excluded rule count #1206
fe72800
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hitenkoku hitenkoku

Labels
enhancement New feature or request
Projects
None yet
Milestone
v2.11.0
Development

Successfully merging a pull request may close this issue.

Added print count of rules in the scan wizard Yamato-Security/hayabusa
2 participants
@hitenkoku @YamatoSecurity