Skip to content

Commit

Permalink
Merge pull request #962 from Yamato-Security/finalize-2.3.0
Browse files Browse the repository at this point in the history 
finalize 2.3.0
  • Loading branch information
@YamatoSecurity
YamatoSecurity authored Mar 16, 2023
2 parents e0e063e + e98c07e commit 0bbcf81
Show file tree
Hide file tree
Showing 10 changed files with 14 additions and 16 deletions.
2 changes: 1 addition & 1 deletion CHANGELOG-Japanese.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# 変更点

## 2.3.0 [2023/03/25] "TMCIT Release"
## 2.3.0 [2023/03/16] "TMCIT Release"

**新機能:**

Expand Down
2 changes: 1 addition & 1 deletion CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Changes

## 2.3.0 [2023/03/25] "TMCIT Release"
## 2.3.0 [2023/03/16] "TMCIT Release"

**New Features:**

Expand Down
2 changes: 1 addition & 1 deletion Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion Cargo.toml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "hayabusa"
version = "2.3.0-dev"
version = "2.3.0"
authors = ["Yamato Security @SecurityYamato"]
edition = "2021"
rust-version = "1.66.0"
Expand Down
Binary file renamed README-2.2.2-English.pdf → README-2.3.0-English.pdf
View file
Binary file not shown.
Binary file renamed README-2.2.2-Japanese.pdf → README-2.3.0-Japanese.pdf
View file
Binary file not shown.
1 change: 0 additions & 1 deletion README-Japanese.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1247,7 +1247,6 @@ Hayabusaルールのディレクトリ構造は、2つのディレクトリに
## Hayabusa v.s. 変換されたSigmaルール

Sigmaルールは、最初にHayabusaルール形式に変換する必要があります。変換のやり方は[ここ](https://github.com/Yamato-Security/hayabusa-rules/tree/main/tools/sigmac/README-Japanese.md)で説明されています。
Hayabusaルールは`|contains|all``1 of selection*``all of selection*`[Rust正規表現クレート](https://docs.rs/regex/1.5.4/regex/)では機能しない正規表現を使用するルールをデフォルトで対応していないため、コンバータが必要です。
殆どのルールはSigmaルールと互換性があるので、Sigmaルールのようにその他のSIEM形式に変換できます。
Hayabusaルールは、Windowsのイベントログ解析専用に設計されており、以下のような利点があります:

Expand Down
1 change: 0 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1247,7 +1247,6 @@ Please check out the current rules to use as a template in creating new ones or
## Hayabusa v.s. Converted Sigma Rules

Sigma rules need to first be converted to hayabusa rule format explained [here](https://github.com/Yamato-Security/hayabusa-rules/blob/main/tools/sigmac/README.md).
A converter is needed as hayabusa rules do not support `|contains|all`, `1 of selection*`, and `all of selection*`.
However, almost all hayabusa rules are compatible with the sigma format so you can use them just like sigma rules to convert to other SIEM formats.
Hayabusa rules are designed solely for Windows event log analysis and have the following benefits:

Expand Down
2 changes: 1 addition & 1 deletion rules
Submodule rules updated 821 files
18 changes: 9 additions & 9 deletions src/detections/configs.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -472,7 +472,7 @@ fn check_thread_number(config: &Config) -> Option<usize> {
pub enum Action {
#[clap(
author = "Yamato Security (https://github.com/Yamato-Security/hayabusa) @SecurityYamato)",
help_template = "\nHayabusa v2.3.0-dev\n{author-with-newline}\n{usage-heading}\n hayabusa.exe csv-timeline <INPUT> [OPTIONS]\n\n{all-args}",
help_template = "\nHayabusa v2.3.0\n{author-with-newline}\n{usage-heading}\n hayabusa.exe csv-timeline <INPUT> [OPTIONS]\n\n{all-args}",
term_width = 400,
disable_help_flag = true
)]
Expand All @@ -481,7 +481,7 @@ pub enum Action {

#[clap(
author = "Yamato Security (https://github.com/Yamato-Security/hayabusa) @SecurityYamato)",
help_template = "\nHayabusa v2.3.0-dev\n{author-with-newline}\n{usage-heading}\n hayabusa.exe json-timeline <INPUT> [OPTIONS]\n\n{all-args}",
help_template = "\nHayabusa v2.3.0\n{author-with-newline}\n{usage-heading}\n hayabusa.exe json-timeline <INPUT> [OPTIONS]\n\n{all-args}",
term_width = 400,
disable_help_flag = true
)]
Expand All @@ -490,7 +490,7 @@ pub enum Action {

#[clap(
author = "Yamato Security (https://github.com/Yamato-Security/hayabusa) @SecurityYamato)",
help_template = "\nHayabusa v2.3.0-dev\n{author-with-newline}\n{usage-heading}\n hayabusa.exe logon-summary <INPUT> [OPTIONS]\n\n{all-args}",
help_template = "\nHayabusa v2.3.0\n{author-with-newline}\n{usage-heading}\n hayabusa.exe logon-summary <INPUT> [OPTIONS]\n\n{all-args}",
term_width = 400,
disable_help_flag = true
)]
Expand All @@ -499,7 +499,7 @@ pub enum Action {

#[clap(
author = "Yamato Security (https://github.com/Yamato-Security/hayabusa) @SecurityYamato)",
help_template = "\nHayabusa v2.3.0-dev\n{author-with-newline}\n{usage-heading}\n hayabusa.exe metrics <INPUT> [OPTIONS]\n\n{all-args}",
help_template = "\nHayabusa v2.3.0\n{author-with-newline}\n{usage-heading}\n hayabusa.exe metrics <INPUT> [OPTIONS]\n\n{all-args}",
term_width = 400,
disable_help_flag = true
)]
Expand All @@ -508,7 +508,7 @@ pub enum Action {

#[clap(
author = "Yamato Security (https://github.com/Yamato-Security/hayabusa) @SecurityYamato)",
help_template = "\nHayabusa v2.3.0-dev\n{author-with-newline}\n{usage-heading}\n hayabusa.exe pivot-keywords-list <INPUT> [OPTIONS]\n\n{all-args}",
help_template = "\nHayabusa v2.3.0\n{author-with-newline}\n{usage-heading}\n hayabusa.exe pivot-keywords-list <INPUT> [OPTIONS]\n\n{all-args}",
term_width = 400,
disable_help_flag = true
)]
Expand All @@ -517,7 +517,7 @@ pub enum Action {

#[clap(
author = "Yamato Security (https://github.com/Yamato-Security/hayabusa) @SecurityYamato)",
help_template = "\nHayabusa v2.3.0-dev\n{author-with-newline}\n{usage-heading}\n {usage}\n\n{all-args}",
help_template = "\nHayabusa v2.3.0\n{author-with-newline}\n{usage-heading}\n {usage}\n\n{all-args}",
term_width = 400,
disable_help_flag = true
)]
Expand All @@ -526,7 +526,7 @@ pub enum Action {

#[clap(
author = "Yamato Security (https://github.com/Yamato-Security/hayabusa) @SecurityYamato)",
help_template = "\nHayabusa v2.3.0-dev\n{author-with-newline}\n{usage-heading}\n {usage}\n\n{all-args}",
help_template = "\nHayabusa v2.3.0\n{author-with-newline}\n{usage-heading}\n {usage}\n\n{all-args}",
term_width = 400,
disable_help_flag = true
)]
Expand All @@ -535,7 +535,7 @@ pub enum Action {

#[clap(
author = "Yamato Security (https://github.com/Yamato-Security/hayabusa) @SecurityYamato)",
help_template = "\nHayabusa v2.3.0-dev\n{author-with-newline}\n{usage-heading}\n {usage}\n\n{all-args}",
help_template = "\nHayabusa v2.3.0\n{author-with-newline}\n{usage-heading}\n {usage}\n\n{all-args}",
term_width = 400,
disable_help_flag = true
)]
Expand Down Expand Up @@ -1024,7 +1024,7 @@ pub struct JSONOutputOption {
#[derive(Parser, Clone, Debug)]
#[clap(
author = "Yamato Security (https://github.com/Yamato-Security/hayabusa) @SecurityYamato)",
help_template = "\nHayabusa 2.3.0-dev\n{author-with-newline}\n{usage-heading}\n hayabusa.exe <COMMAND> [OPTIONS]\n hayabusa.exe help <COMMAND>\n\n{all-args}{options}",
help_template = "\nHayabusa 2.3.0\n{author-with-newline}\n{usage-heading}\n hayabusa.exe <COMMAND> [OPTIONS]\n hayabusa.exe help <COMMAND>\n\n{all-args}{options}",
term_width = 400,
disable_help_flag = true
)]
Expand Down

0 comments on commit 0bbcf81

Please sign in to comment.