Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: not create unnecessary output file in logon-summary and pivot-keywords-list #1554

Merged
merged 2 commits into from
Jan 25, 2025
Merged

fix: not create unnecessary output file in logon-summary and pivot-keywords-list #1554

merged 2 commits into from
Jan 25, 2025

Conversation

fukusuket
Copy link
Collaborator

@fukusuket fukusuket commented Jan 24, 2025
edited
Loading

What Changed

Evidence

Integration-Test

I would appreciate it if you could check it out when you have time🙏

@fukusuket fukusuket self-assigned this Jan 24, 2025
@fukusuket fukusuket added the bug Something isn't working label Jan 24, 2025
@fukusuket fukusuket added this to the 3.1 (2025/2/22 Ninja Day) milestone Jan 24, 2025
@fukusuket
Copy link
Collaborator Author

logon-summary

% ./hayabusa logon-summary -d ../hayabusa-sample-evtx -q -o out -C
Generating Logon Summary

Start time: 2025/01/24 21:30
Total event log files: 598
Total file size: 139.2 MB

Currently scanning for the logon summary. Please wait.

[00:00:00] 249 / 249   [========================================] 100%

Scanning finished.


Total Event Records:  26,409

First Timestamp:  2013-10-24 01:16:13.765 +09:00
Last Timestamp:  2024-11-04 22:59:32.624 +09:00

Successful logon results: out-successful.csv (9.8 KB)

Failed logon results: out-failed.csv (328.2 KB)


Elapsed time: 00:00:00.887

Errors were generated. Please check ./logs/errorlog-20250124_213100.log for details.

fukusuke@fukusukenoMacBook-Air hayabusa-3.0.1-mac-aarch64 % ls -la
total 45376
drwx------@ 10 fukusuke  staff       320  1 24 21:31 .
drwxr-xr-x  12 fukusuke  staff       384  1 23 20:06 ..
-rw-r--r--@  1 fukusuke  staff      6148  1 11 08:39 .DS_Store
drwxr-xr-x@  9 fukusuke  staff       288 12 31 15:59 config
-rwxr-xr-x@  1 fukusuke  staff  11495872  1 24 21:02 hayabusa
-rwxr-xr-x@  1 fukusuke  staff  11379768 12 31 15:59 hayabusa-3.0.1-mac-aarch64
drwxr-xr-x@ 30 fukusuke  staff       960  1 24 21:31 logs
-rw-r--r--@  1 fukusuke  staff    328206  1 24 21:31 out-failed.csv
-rw-r--r--@  1 fukusuke  staff      9832  1 24 21:31 out-successful.csv
drwxr-xr-x@ 16 fukusuke  staff       512  1 11 08:39 rules

@fukusuket
Copy link
Collaborator Author

pivot-keywords-list

% ./hayabusa pivot-keywords-list -d ../hayabusa-sample-evtx -q -o out -C -w
Start time: 2025/01/24 21:32
Total event log files: 598
Total file size: 139.2 MB

Loading detection rules. Please wait.

Excluded rules: 26
Noisy rules: 12 (Disabled)
...
% ls -la
total 47528
drwx------@ 20 fukusuke  staff       640  1 24 21:32 .
drwxr-xr-x  12 fukusuke  staff       384  1 23 20:06 ..
-rw-r--r--@  1 fukusuke  staff      6148  1 11 08:39 .DS_Store
drwxr-xr-x@  9 fukusuke  staff       288 12 31 15:59 config
-rwxr-xr-x@  1 fukusuke  staff  11495872  1 24 21:02 hayabusa
-rwxr-xr-x@  1 fukusuke  staff  11379768 12 31 15:59 hayabusa-3.0.1-mac-aarch64
drwxr-xr-x@ 30 fukusuke  staff       960  1 24 21:31 logs
-rw-r--r--@  1 fukusuke  staff   1319416  1 24 21:32 out-Command Lines.txt
-rw-r--r--@  1 fukusuke  staff       468  1 24 21:32 out-IP Addresses.txt
-rw-r--r--@  1 fukusuke  staff      1201  1 24 21:32 out-Logon IDs.txt
-rw-r--r--@  1 fukusuke  staff     21633  1 24 21:32 out-Processes.txt
-rw-r--r--@  1 fukusuke  staff     60722  1 24 21:32 out-Source Computers.txt
-rw-r--r--@  1 fukusuke  staff       214  1 24 21:32 out-Source IP Addresses.txt
-rw-r--r--@  1 fukusuke  staff      2479  1 24 21:32 out-Subject Logon IDs.txt
-rw-r--r--@  1 fukusuke  staff       565  1 24 21:32 out-Subject Users.txt
-rw-r--r--@  1 fukusuke  staff       656  1 24 21:32 out-Target IP Addresses.txt
-rw-r--r--@  1 fukusuke  staff      2818  1 24 21:32 out-Target Logon IDs.txt
-rw-r--r--@  1 fukusuke  staff      1898  1 24 21:32 out-Target Users.txt
-rw-r--r--@  1 fukusuke  staff       609  1 24 21:32 out-Users.txt
drwxr-xr-x@ 16 fukusuke  staff       512  1 11 08:39 rules

@fukusuket fukusuket marked this pull request as ready for review January 24, 2025 12:33
YamatoSecurity
YamatoSecurity approved these changes Jan 25, 2025
View reviewed changes
Copy link
Collaborator

@YamatoSecurity YamatoSecurity left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@fukusuket LGTM! Thanks so much!

@YamatoSecurity YamatoSecurity merged commit 40d0981 into main Jan 25, 2025
5 checks passed
@YamatoSecurity YamatoSecurity deleted the 1553-fix-unnecessary-output-file branch January 25, 2025 22:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@YamatoSecurity YamatoSecurity YamatoSecurity approved these changes

Assignees

@fukusuket fukusuket

Labels
bug Something isn't working
Projects
None yet
Milestone
3.1 (2025/2/22 Ninja Day)
Development

Successfully merging this pull request may close these issues.

[bug] Unnecessary files are created in logon-summary and pivot-keywords-list
2 participants
@fukusuket @YamatoSecurity