Consistent output for Timeline Explorer about hayabusa HOT 5 CLOSED

Thank you for your quick answer !

I was thinking about a parameter (or even a profile) creating an output that will always be more supported by TLE (fixed columns predefined on the TLE side) without changing anything to the usual behavior of Hayabusa since the profile feature is something really good.

Maybe supporting only minimal, verbose, super-verbose and standard would not be too much a hassle, I will share with their project and give you feedback

from hayabusa.

Thanks for your comment.

I disagree about having parameters, as keeping the output columns the same across all versions of Hayabusa would likely require modifications to past versions as well.

I think the default format (standard profile) is unlikely to change.

Is it your understanding that TimelineExplorer requires all column names to match?

As noted in https://github.com/Yamato-Security/hayabusa?tab=readme-ov-file#timeline-output, the user can change the column names and contents of the output. Please check.

@YamatoSecurity What do you think about this issue?

from hayabusa.

@Droid-HK47 Thank you for the issue. We would like to have Timeline Explorer support but we are still going to keep the various built-in profiles because how much analysts want to output will differ depending on circumstances. While I cannot guarantee that fields will not change in the future, we currently do not have any plans to change them. I suppose the standard profile would be the first one to support but it would be nice if Timeline Explorer could also support minimal, verbose, and super-verbose as those are also commonly used.

from hayabusa.

In the worst case that we did change default field names, you can always easily edit them back in the text config file.

from hayabusa.

@Droid-HK47 Thanks for facilitating this! I confirmed that it is working well with TLE so I will close this issue.

from hayabusa.