Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add --timeline-start/--timeline-end option to search command #1543

Closed
fukusuket opened this issue Jan 16, 2025 · 1 comment · Fixed by #1545
Closed

Add --timeline-start/--timeline-end option to search command #1543

fukusuket opened this issue Jan 16, 2025 · 1 comment · Fixed by #1545
Assignees
@fukusuket
Labels
enhancement New feature or request
Milestone
3.1 (2025/2/22 Ni...

Comments

@fukusuket
Copy link
Collaborator

fukusuket commented Jan 16, 2025
edited
Loading

It would be nice if the search command had a --timeline-start/--timeline-end option.
This is because there are occasional use cases where I want to see all the logs for a specific period of time with --regex ".*"

@YamatoSecurity
What do you think? :D

Current Option:

% ./hayabusa search --help
Hayabusa v3.0.1 - 3rd Year Anniversary Release
Yamato Security (https://github.com/Yamato-Security/hayabusa - @SecurityYamato)

Usage:
  hayabusa.exe search <INPUT> <--keywords "<KEYWORDS>" OR --regex "<REGEX>"> [OPTIONS]

Display Settings:
  -K, --no-color  Disable color output
  -q, --quiet     Quiet mode: do not display the launch banner
  -v, --verbose   Output verbose information

General Options:
  -C, --clobber                        Overwrite files when saving
  -h, --help                           Show the help menu
  -Q, --quiet-errors                   Quiet errors mode: do not save error logs
  -x, --recover-records                Carve evtx records from slack space (default: disabled)
  -c, --rules-config <DIR>             Specify custom rule config directory (default: ./rules/config)
  -t, --threads <NUMBER>               Number of threads (default: optimal number for performance)
      --target-file-ext <FILE-EXT...>  Specify additional evtx file extensions (ex: evtx_data)

Input:
  -d, --directory <DIR>  Directory of multiple .evtx files
  -f, --file <FILE>      File path to one .evtx file
  -l, --live-analysis    Analyze the local C:\Windows\System32\winevt\Logs folder

Filtering:
  -a, --and-logic             Search keywords with AND logic (default: OR)
  -F, --filter <FILTER...>    Filter by specific field(s)
  -i, --ignore-case           Case-insensitive keyword search
  -k, --keyword <KEYWORD...>  Search by keyword(s)
  -r, --regex <REGEX>         Search by regular expression
      --time-offset <OFFSET>  Scan recent events based on an offset (ex: 1y, 3M, 30d, 24h, 30m)

Output:
@fukusuket fukusuket added the enhancement New feature or request label Jan 16, 2025
@fukusuket fukusuket changed the title Add --timeline-start/--timeline-end option to search command Add --timeline-start/--timeline-end option to search command Jan 16, 2025
@YamatoSecurity
Copy link
Collaborator

@fukusuket I think this would be good to implement. 👍

@fukusuket fukusuket self-assigned this Jan 16, 2025
@fukusuket fukusuket added this to the 3.1 milestone Jan 16, 2025
@fukusuket fukusuket mentioned this issue Jan 16, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fukusuket fukusuket

Labels
enhancement New feature or request
Projects
None yet
Milestone
3.1 (2025/2/22 Ninja Day)
Development

Successfully merging a pull request may close this issue.

feat: add timeline-start/timeline-end option to search command Yamato-Security/hayabusa
2 participants
@fukusuket @YamatoSecurity