Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make search command line options stricter #1257

Closed
YamatoSecurity opened this issue Jan 26, 2024 · 0 comments · Fixed by #1261
Closed

Make search command line options stricter #1257

YamatoSecurity opened this issue Jan 26, 2024 · 0 comments · Fixed by #1261
Assignees
@hitenkoku
Labels
invalid This doesn't seem right
Milestone
v2.13.0

Comments

@YamatoSecurity
Copy link
Collaborator

-k or -r is not required so the user can run hayabusa like this:

./target/release/hayabusa search -d ../hayabusa-sample-evtx

╔╗ ╔╦═══╦╗  ╔╦═══╦══╗╔╗ ╔╦═══╦═══╗
║║ ║║╔═╗║╚╗╔╝║╔═╗║╔╗║║║ ║║╔═╗║╔═╗║
║╚═╝║║ ║╠╗╚╝╔╣║ ║║╚╝╚╣║ ║║╚══╣║ ║║
║╔═╗║╚═╝║╚╗╔╝║╚═╝║╔═╗║║ ║╠══╗║╚═╝║
║║ ║║╔═╗║ ║║ ║╔═╗║╚═╝║╚═╝║╚═╝║╔═╗║
╚╝ ╚╩╝ ╚╝ ╚╝ ╚╝ ╚╩═══╩═══╩═══╩╝ ╚╝
   by Yamato Security

Searching...

Start time: 2024/01/27 08:07

Total event log files: 1170
Total file size: 274.4 MB

Loading detection rules. Please wait.

or this:

./target/release/hayabusa search -d ../hayabusa-sample-evtx -F EventID:1

╔╗ ╔╦═══╦╗  ╔╦═══╦══╗╔╗ ╔╦═══╦═══╗
║║ ║║╔═╗║╚╗╔╝║╔═╗║╔╗║║║ ║║╔═╗║╔═╗║
║╚═╝║║ ║╠╗╚╝╔╣║ ║║╚╝╚╣║ ║║╚══╣║ ║║
║╔═╗║╚═╝║╚╗╔╝║╚═╝║╔═╗║║ ║╠══╗║╚═╝║
║║ ║║╔═╗║ ║║ ║╔═╗║╚═╝║╚═╝║╚═╝║╔═╗║
╚╝ ╚╩╝ ╚╝ ╚╝ ╚╝ ╚╩═══╩═══╩═══╩╝ ╚╝
   by Yamato Security

Searching...

Start time: 2024/01/27 08:05

Total event log files: 1170
Total file size: 274.4 MB

Loading detection rules. Please wait.

[00:00:04] 1,170 / 1,170   [========================================] 100%

Scanning finished. Please wait while the results are being saved.


No matches found.

Elapsed time: 00:00:09.667

and not get any results. I want to require in clap the user to specify either -k or -r.

Also, -M can be specified with -J or -L but this should not be possible. I want to give an error when the user specifies -J or -L with -M.
@YamatoSecurity YamatoSecurity added the invalid This doesn't seem right label Jan 26, 2024
@hitenkoku hitenkoku self-assigned this Jan 27, 2024
@hitenkoku hitenkoku added this to the v2.13.0 milestone Feb 1, 2024
hitenkoku added a commit that referenced this issue Feb 1, 2024
@hitenkoku
fix(configs): added required option filter in search command #1257
dc4fcc1
hitenkoku added a commit that referenced this issue Feb 1, 2024
@hitenkoku
fix(configs): added conflict command filter in multiple row and json/…
09a1c13 
…jsonl output #1257
@hitenkoku hitenkoku mentioned this issue Feb 1, 2024
Merged
@hitenkoku hitenkoku linked a pull request Feb 1, 2024 that will close this issue
fixed search command line options associate #1261
Merged
hitenkoku added a commit that referenced this issue Feb 3, 2024
@hitenkoku
fix(configs): added required option filter in search command #1257
1dadd1d
hitenkoku added a commit that referenced this issue Feb 3, 2024
@hitenkoku
fix(configs): added conflict command filter in multiple row and json/…
b1d4998 
…jsonl output #1257
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hitenkoku hitenkoku

Labels
invalid This doesn't seem right
Projects
None yet
Milestone
v2.13.0
Development

Successfully merging a pull request may close this issue.

fixed search command line options associate Yamato-Security/hayabusa
2 participants
@hitenkoku @YamatoSecurity