Skip to content

Commit

Permalink
Merge pull request #1167 from Yamato-Security/1159-timeline-offset-of…
Browse files Browse the repository at this point in the history 
…fset-option

Added timeline offset offset option
  • Loading branch information
@hitenkoku
hitenkoku authored Aug 31, 2023
2 parents 2be94c6 + 4fe71f1 commit ac04f59
Show file tree
Hide file tree
Showing 18 changed files with 582 additions and 36 deletions.
1 change: 1 addition & 0 deletions CHANGELOG-Japanese.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@

- `search``-a, --and-logic`オプションを追加し、複数のキーワードをAND条件で検索できるようにした。 (#1162) (@hitenkoku)
- 出力プロファイルに、回復されたかどうかを示す `%RecoveredRecord%` フィールドを追加した。 (#1170) (@hitenkoku)
- `csv-timeline``json-timeline``logon-summary``eid-metrics``pivot-keywords-list``search` コマンドに、直近の日数だけをスキャンするための `--timeline-offset` オプションを追加した。 (#1159) (@hitenkoku)

## 2.7.0 [2023/08/03] "SANS DFIR Summit Release"

Expand Down
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@

- Added a `-a, --and-logic` option in the `search` command to search keywords with AND logic. (#1162) (@hitenkoku)
- When using `-x, --recover-records`, an additional `%RecoveredRecord%` field will be added to the output profile and will output `Y` to indicate if a record was recovered. (#1160) (@hitenkoku)
- Added a `--timeline-offset` option in `csv-timeline`, `json-timeline`, `logon-summary`, `eid-metrics`, `pivot-keywords-list`, `search` command to scan just the most recent number of days. (#1159) (@hitenkoku)

## 2.7.0 [2023/08/03] "SANS DFIR Summit Release"

Expand Down
13 changes: 13 additions & 0 deletions src/afterfact.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1869,6 +1869,7 @@ mod tests {
filepath: None,
live_analysis: false,
recover_records: false,
timeline_offset: None,
},
profile: None,
enable_deprecated_rules: false,
Expand Down Expand Up @@ -1956,6 +1957,7 @@ mod tests {
filepath: None,
live_analysis: false,
recover_records: false,
timeline_offset: None,
},
profile: None,
enable_deprecated_rules: false,
Expand Down Expand Up @@ -2191,6 +2193,7 @@ mod tests {
filepath: None,
live_analysis: false,
recover_records: false,
timeline_offset: None,
},
profile: Some("verbose-2".to_string()),
enable_deprecated_rules: false,
Expand Down Expand Up @@ -2280,6 +2283,7 @@ mod tests {
filepath: None,
live_analysis: false,
recover_records: false,
timeline_offset: None,
},
profile: Some("verbose-2".to_string()),
enable_deprecated_rules: false,
Expand Down Expand Up @@ -2501,6 +2505,7 @@ mod tests {
filepath: None,
live_analysis: false,
recover_records: false,
timeline_offset: None,
},
profile: None,
enable_deprecated_rules: false,
Expand Down Expand Up @@ -2588,6 +2593,7 @@ mod tests {
filepath: None,
live_analysis: false,
recover_records: false,
timeline_offset: None,
},
profile: None,
enable_deprecated_rules: false,
Expand Down Expand Up @@ -2820,6 +2826,7 @@ mod tests {
filepath: None,
live_analysis: false,
recover_records: false,
timeline_offset: None,
},
profile: None,
enable_deprecated_rules: false,
Expand Down Expand Up @@ -2907,6 +2914,7 @@ mod tests {
filepath: None,
live_analysis: false,
recover_records: false,
timeline_offset: None,
},
profile: None,
enable_deprecated_rules: false,
Expand Down Expand Up @@ -3223,6 +3231,7 @@ mod tests {
filepath: None,
live_analysis: false,
recover_records: false,
timeline_offset: None,
},
profile: None,
enable_deprecated_rules: false,
Expand Down Expand Up @@ -3360,6 +3369,7 @@ mod tests {
filepath: None,
live_analysis: false,
recover_records: false,
timeline_offset: None,
},
profile: None,
enable_deprecated_rules: false,
Expand Down Expand Up @@ -3446,6 +3456,7 @@ mod tests {
filepath: None,
live_analysis: false,
recover_records: false,
timeline_offset: None,
},
profile: None,
enable_deprecated_rules: false,
Expand Down Expand Up @@ -3618,6 +3629,7 @@ mod tests {
filepath: None,
live_analysis: false,
recover_records: false,
timeline_offset: None,
},
profile: None,
enable_deprecated_rules: false,
Expand Down Expand Up @@ -3704,6 +3716,7 @@ mod tests {
filepath: None,
live_analysis: false,
recover_records: false,
timeline_offset: None,
},
profile: None,
enable_deprecated_rules: false,
Expand Down
Loading

0 comments on commit ac04f59

Please sign in to comment.