removed hhmmss crate #1183
Merged
removed hhmmss crate #1183
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
implemented the necessary processing to exclude the hhmmss crate to reduce dependencies of the time crate
Closed
|
@hitenkoku There is still a code coverage error. Shouldn't this go away if we aren't using the hhmmss crate? |
YamatoSecurity
approved these changes
Sep 21, 2023
There was a problem hiding this comment.
@hitenkoku Nevermind, I think because we were using the old simplelog in hayabusa-evtx. LGTM!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What Changed
Evidence
Evidence Details
Loading detections rules. Please wait.
Excluded rules: 31
Noisy rules: 12 (Disabled)
Deprecated rules: 175 (6.96%) (Disabled)
Experimental rules: 1365 (54.27%)
Stable rules: 196 (7.79%)
Test rules: 954 (37.93%)
Unsupported rules: 45 (1.79%) (Disabled)
Hayabusa rules: 159
Sigma rules: 2356
Total enabled detection rules: 2515
Output profile: standard
Scanning in progress. Please wait.
[00:00:05] 584 / 584 [========================================] 100%
Scanning finished. Please wait while the results are being saved.
Rule Authors:
╭───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│ Florian Roth (184) Zach Mathis (107) oscd.community (106) Nasreddine Bencherchali (103) frack113 (87) Tim Shelton (34) │
│ Daniil Yugoslavskiy (24) Teymur Kheirkhabarov (22) Jonhnathan Ribeiro (21) Christian Burkard (17) Thomas Patzke (17) Markus Neis (15) │
│ Roberto Rodriguez @cyb3r... (14) Timur Zinniatullin (13) Roberto Rodriguez (12) Michael Haag (11) Tim Rauch (11) E.M. Anhaus (11) │
│ Samir Bousseaden (11) OTR (8) Victor Sergeev (8) Endgame (7) JHasenbusch (7) Natalia Shornikova (7) │
│ David ANDRE (7) Endgame) (6) Ecco (6) Swachchhanda Shrawan Poudel (6) Sander Wiebing (5) omkar72 (5) │
│ Ilyas Ochkov (4) Gleb Sukhodolskiy (4) Max Altgelt (4) Tobias Michalski (4) Eric Conrad (4) @neu5ron (4) │
│ Arnim Rupp (4) elhoim (3) Yusuke Matsui (3) FPT.EagleEye Team (3) Andreas Hunkeler (3) @twjackomo (3) │
│ Tom Ueltschi (3) Janantha Marasinghe (3) Austin Songer @austinsonger (3) Wojciech Lesicki (3) James Pemberton@4A616D6573 (3) Hieu Tran (3) │
│ Christopher Peacock @sec... (3) pH-T (3) X__Junior (3) FPT.EagleEye (3) wagga (3) Vasiliy Burov (3) │
│ juju4 (3) Karneades (2) Hosni Mribah (2) SCYTHE @scythe_io (2) Tony Lambert (2) SOC Prime (2) │
│ Oleg Kolesnikov @securon... (2) Sreeman (2) Relativity (2) Aleksey Potapov (2) Alexandr Yampolskyi (2) Yassine Oukessou (2) │
│ Chakib Gzenayi (2) Mark Woan (2) Tony Lambert) (2) Cyb3rEng (2) Nikita Nazarov (2) D3F7A5105 (2) │
│ Daniel Bohannon (2) Jakob Weinzettl (2) Romaissa Adjailia (2) Perez Diego (2) Margaritis Dimitrios (2) Justin C. (2) │
│ Bartlomiej Czyz (2) Nik Seetharaman (2) Anton Kutepov (2) Fukusuke Takahashi (2) Modexp (2) Sean Metcalf (2) │
│ keepwatch (2) Vadim Khrykov (2) Dimitrios Slamaris (2) @2xxeformyshirt (2) @dreadphones (2) Zach Stanford @svch0st (2) │
│ Mark Russinovich (2) @sbousseaden (2) James Pemberton@4A616D65... (2) Maxim Pavlunin (1) Maxime Thiebaut (1) Sherif Eldeeb (1) │
│ Tuan Le (1) Cedric MAURUGEON (1) @scythe_io (1) Elastic (1) @svch0st (1) David Strassegger (1) │
│ KevTheHermit (1) NVISO (1) Semanur Guneysu @semanurtg (1) blueteam0ps (1) Tom Kern (1) Mustafa Kaan Demir (1) │
│ Zaw Min Htun (1) Julia Fomina (1) @caliskanfurkan_ (1) rukawa (1) Jason Lynch (1) Bartlomiej Czyz @bczyz1 (1) │
│ Christopher Peacock @sec... (1) Fatih Sirin (1) Markus Neis @Karneades (1) Oddvar Moe (1) Mangatas Tondang (1) fuzzyf10w (1) │
│ Dominik Schaudel (1) Tom U. @c_APT_ure (1) Georg Lauenstein (1) vburov (1) Kutepov Anton (1) Subhash Popuri (1) │
│ Stamatis Chatzimangou (1) @gott_cyber (1) Sorina Ionescu (1) Pushkarev Dmitry (1) @oscd_initiative (1) Joshua Wright (1) │
│ James Dickenson (1) Harish Segar (1) James Pemberton @4A616D6573 (1) Jose Rodriguez (1) SCYTHE (1) David Burkett (1) │
│ @atc_project (1) frac113 (1) @signalblur (1) Dave Kennedy (1) Sami Ruohonen (1) Austin Songer (1) │
│ Swisscom CSIRT (1) CD_ROM_ (1) Matthew Green @mgreen27 (1) @juju4 (1) Trent Liffick (1) EagleEye Team (1) │
│ Jeff Warren (1) Dan Beavin) (1) Ivan Dyachkov (1) Omer Faruk Celik (1) Alec Costello (1) Dmitriy Lifanov (1) │
│ John Lambert (1) Teymur Kheirkhabarov @he... (1) Open Threat Research (1) mdecrevoisier (1) Scott Dermott (1) Furkan CALISKAN (1) │
│ Timon Hackenjos (1) alias support) (1) Maxence Fossat (1) Bhabesh Raj (1) Benjamin Delpy (1) Jack Croock (1) │
╰──────────────────────────────────╌─────────────────────────────────╌─────────────────────────────────╌─────────────────────────────────╌────────────────────────────────╌─────────────────────────────╯
Results Summary:
Events with hits / Total events: 19,642 / 47,472 (Data reduction: 27,830 events (58.62%))
Total | Unique detections: 32,227 | 568
Total | Unique critical detections: 60 (0.19%) | 22 (3.87%)
Total | Unique high detections: 5,976 (18.54%) | 246 (43.31%)
Total | Unique medium detections: 1,948 (6.04%) | 187 (32.92%)
Total | Unique low detections: 6,014 (18.66%) | 58 (10.21%)
Total | Unique informational detections: 18,229 (56.56%) | 55 (9.68%)
Dates with most total detections:
critical: 2019-07-19 (16), high: 2016-09-20 (3,652), medium: 2019-05-19 (167), low: 2016-09-20 (3,708), informational: 2016-08-19 (2,104)
Top 5 computers with most unique detections:
critical: MSEDGEWIN10 (9), IEWIN7 (3), FS03.offsec.lan (2), IE10Win7 (2), rootdc1.offsec.lan (2)
high: MSEDGEWIN10 (121), IEWIN7 (70), fs03vuln.offsec.lan (28), FS03.offsec.lan (28), IE10Win7 (23)
medium: MSEDGEWIN10 (78), IEWIN7 (47), FS03.offsec.lan (22), fs03vuln.offsec.lan (19), IE10Win7 (16)
low: MSEDGEWIN10 (33), FS03.offsec.lan (18), IEWIN7 (16), fs03vuln.offsec.lan (16), fs01.offsec.lan (11)
informational: IEWIN7 (17), MSEDGEWIN10 (17), PC01.example.corp (15), fs01.offsec.lan (15), FS03.offsec.lan (13)
╭─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│ Top critical alerts: Top high alerts: │
├╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌┤
│ Sticky Key Like Backdoor Usage - Registry (8) Metasploit SMB Authentication (3,562) │
│ CobaltStrike Service Installations - System (6) Malicious Svc Possibly Installed (271) │
│ Active Directory Replication from Non Machine Account (6) Susp Svc Installed (257) │
│ Meterpreter or Cobalt Strike Getsystem Service Installation - System (6) Suspicious Service Installation Script (250) │
│ WannaCry Ransomware Activity (4) PowerShell Scripts Installed as Services (250) │
├╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌┤
│ Top medium alerts: Top low alerts: │
├╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌┤
│ Potentially Malicious PwSh (235) Logon Failure (Wrong Password) (3,564) │
│ Proc Injection (104) Susp CmdLine (Possible LOLBIN) (1,418) │
│ Reg Key Value Set (Sysmon Alert) (103) Non Interactive PowerShell Process Spawned (325) │
│ Remote Thread Creation Via PowerShell (93) Proc Access (157) │
│ Log File Cleared (87) DLL Loaded (Sysmon Alert) (108) │
├╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌┤
│ Top informational alerts: │
├╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌┤
│ Proc Exec (11,174) Svc Installed (331) │
│ NetShare File Access (2,564) Explicit Logon (304) │
│ PwSh Scriptblock (789) New Non-USB PnP Device (268) │
│ PwSh Pipeline Exec (680) Net Conn (243) │
│ NetShare Access (433) File Created (210) │
╰──────────────────────────────────────────────────────────────────────────╌──────────────────────────────────────────────────╯
Saved file: 1181.csv (32.3 MB)
Elapsed time: 00:00:07.831
Rule Parse Processing Time: 00:00:01.682
Analysis Processing Time: 00:00:05.688
Output Processing Time: 00:00:00.459
Memory usage stats:
heap stats: peak total freed current unit count
reserved: 2.0 GiB 2.0 GiB 0 2.0 GiB
committed: 1022.9 MiB 2.0 GiB 1.2 GiB 822.1 MiB
reset: 0
purged: 777.5 MiB
touched: 128.5 KiB 12.8 MiB 8.1 GiB -8.1 GiB ok
segments: 13 206 195 11 not all freed!
-abandoned: 1 1 0 1 not all freed!
-cached: 0 0 0 0 ok
pages: 0 0 56.6 Ki -56.6 Ki ok
-abandoned: 2 2 0 2 not all freed!
-extended: 0
-noretire: 0
mmaps: 0
commits: 9.6 Ki
resets: 0
purges: 342
threads: 33 33 1 32 not all freed!
searches: 0.0 avg
numa nodes: 1
elapsed: 7.837 s
process: user: 22.250 s, system: 0.281 s, faults: 287804, rss: 855.5 MiB, commit: 1012.9 MiB
I would appreciate it if you could review when you have time.