Comments (5)
Thank you for your quick answer !
I was thinking about a parameter (or even a profile) creating an output that will always be more supported by TLE (fixed columns predefined on the TLE side) without changing anything to the usual behavior of Hayabusa since the profile feature is something really good.
Maybe supporting only minimal, verbose, super-verbose and standard would not be too much a hassle, I will share with their project and give you feedback
from hayabusa.
Thanks for your comment.
I disagree about having parameters, as keeping the output columns the same across all versions of Hayabusa would likely require modifications to past versions as well.
I think the default format (standard profile) is unlikely to change.
Is it your understanding that TimelineExplorer requires all column names to match?
As noted in https://github.com/Yamato-Security/hayabusa?tab=readme-ov-file#timeline-output, the user can change the column names and contents of the output. Please check.
@YamatoSecurity What do you think about this issue?
from hayabusa.
@Droid-HK47 Thank you for the issue. We would like to have Timeline Explorer support but we are still going to keep the various built-in profiles because how much analysts want to output will differ depending on circumstances. While I cannot guarantee that fields will not change in the future, we currently do not have any plans to change them. I suppose the standard
profile would be the first one to support but it would be nice if Timeline Explorer could also support minimal
, verbose
, and super-verbose
as those are also commonly used.
from hayabusa.
In the worst case that we did change default field names, you can always easily edit them back in the text config file.
from hayabusa.
@Droid-HK47 Thanks for facilitating this! I confirmed that it is working well with TLE so I will close this issue.
from hayabusa.
Related Issues (20)
- computer-metrics usage is different
- Only enable rule files that are applicable to the loaded evtx files
- Only load and scan evtx files based on loaded rules
- Support `windash` pipe modifier HOT 5
- Investigate chances to reduce memory, refactor code, etc...
- [bug] `-T(--visualize-timeline)` option does not work
- Can't get hayabusa to use JSON as input HOT 3
- Enhancement: Duplicate detections for logon-summary HOT 5
- Bug: `windash` not working when there is a * wildcard HOT 3
- Check out WatchAD2.0 by Qihoo360 HOT 1
- aarch64 musl binary can't run HOT 1
- Allow `-d` to be specified multiple times HOT 1
- Sigma correlations support: Event Count HOT 3
- Sigma correlations support: Value Count HOT 1
- Support multiple grouping by in `count` HOT 1
- Improving count rule's output HOT 5
- [bug] Nothing is detected when using the `-J, --JSON-input` option with the timeline command because of `Channel` filter HOT 4
- Enable overflow checks in release mode
- Support for `Provider_name` and `Data[x]` notation to the field mapping HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hayabusa.