Sample Json files for expected Input format or Any Examples on how to use json as input ?

[satadda]

I am trying to use hayabusa with a json input file but didn't any example or what is expected format of the json? I see lot of examples/samples for evtx files. Any sample json files?

[fukusuket]

@satadda The following JSON can be used as a sample :)

• Support JSON formatted event log input #386 (comment)
• Can't used --JSON-input from JSON (export from Splunk) #1083 (comment)

[satadda]

Thanks @fukusuket. This helped me to some extent.

I am new to this threating hunting and trying to understand how hayabusa works. Do all fields as in the splunk output json required for successful analysis? If not is there any list of mandatory fields?

The input data I have is in csv format with following columns and events in the rows:

Timestamp	DeviceName	InitiatingProcessParentCreationTime	InitiatingProcessId	InitiatingProcessFileName	InitiatingProcessCommandLine	ProcessCreationTime	ProcessId	FileName	ProcessCommandLine

I am trying to convert this csv formatted data into JSON format to use hayabusa for analysis. Do you think this is the right way to go? Let me know if you have any suggestions on this

[fukusuket]

@satadda
Currently, JSON exported from the Splunk REST API is partially supported, but probably not for other output formats. Therefore, at this point, exporting JSON from the REST API is the only way to go!
#1083 (comment)