fix: output save file msg/ output red error msg

[fukusuket]

What Changed

• Closed [bug] Saved file <file name> (file size) message is not output #1504
• Closed Output error message in red #1505

Evidence

Integration-Test

https://github.com/Yamato-Security/hayabusa/actions/runs/11996187416

I would appreciate it if you could check it out when you have time🙏

[fukusuket]

Output red error msg

color

no color

[fukusuket]

Saved file msg

% ./hayabusa csv-timeline -d ../hayabusa-sample-evtx -w -q -o timeline.csv -C
Start time: 2024/11/24 21:37
Total event log files: 598
Total file size: 139.2 MB

Loading detection rules. Please wait.

Excluded rules: 26
Noisy rules: 12 (Disabled)

Deprecated rules: 216 (5.00%) (Disabled)
Experimental rules: 375 (8.69%)
Stable rules: 241 (5.58%)
Test rules: 3,700 (85.73%)
Unsupported rules: 42 (0.97%) (Disabled)

Correlation rules: 3 (0.07%)
Correlation referenced rules: 3 (0.07%)

Hayabusa rules: 175
Sigma rules: 4,141
Total detection rules: 4,316

Creating the channel filter. Please wait.

Evtx files loaded after channel filter: 585
Detection rules enabled after channel filter: 4,239

Output profile: standard

Scanning in progress. Please wait.

[00:00:07] 585 / 585   [========================================] 100%

Scanning finished. Please wait while the results are being saved.
                                                                                                                                               Rule Authors:

╭───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│ Florian Roth (179)                 Nasreddine Bencherchali (122)     Zach Mathis (111)            oscd.community (107)            │
│ frack113 (90)                      Tim Shelton (32)                  Daniil Yugoslavskiy (23)     Teymur Kheirkhabarov (22)       │
│ Jonhnathan Ribeiro (21)            Thomas Patzke (20)                Christian Burkard (17)       Markus Neis (16)                │
│ Roberto Rodriguez @Cyb3r... (14)   Timur Zinniatullin (14)           Roberto Rodriguez (13)       E.M. Anhaus (12)                │
│ Tim Rauch (12)                     Elastic (12)                      Michael Haag (11)            Samir Bousseaden (11)           │
│ OTR (9)                            Swachchhanda Shrawan Poudel (9)   Victor Sergeev (8)           Natalia Shornikova (7)          │
│ Endgame) (7)                       Ecco (6)                          JHasenbusch (6)              David ANDRE (6)                 │
│ X__Junior (6)                      Endgame (6)                       Arnim Rupp (5)               Sander Wiebing (5)              │
│ omkar72 (5)                        @neu5ron (4)                      Gleb Sukhodolskiy (4)        Max Altgelt (4)                 │
│ Tobias Michalski (4)               Andreas Hunkeler (4)              Yusuke Matsui (3)            James Pemberton@4A616D6573 (3)  │
│ Wojciech Lesicki (3)               juju4 (3)                         Daniel Bohannon (3)          wagga (3)                       │
│ Fukusuke Takahashi (3)             @twjackomo (3)                    Janantha Marasinghe (3)      Christopher Peacock @sec... (3) │
│ Austin Songer @austinsonger (3)    FPT.EagleEye Team (3)             FPT.EagleEye (3)             pH-T (3)                        │
│ Eric Conrad (3)                    Ilyas Ochkov (3)                  Nikita Nazarov (3)           Vasiliy Burov (3)               │
│ Harish Segar (3)                   Hieu Tran (3)                     Jordan Lloyd (2)             Bartlomiej Czyz (2)             │
│ Mark Woan (2)                      Romaissa Adjailia (2)             Alexandr Yampolskyi (2)      Chakib Gzenayi (2)              │
│ Dimitrios Slamaris (2)             SCYTHE @scythe_io (2)             Jakob Weinzettl (2)          D3F7A5105 (2)                   │
│ @dreadphones (2)                   @2xxeformyshirt (2)               Nik Seetharaman (2)          Karneades (2)                   │
│ Tom Ueltschi (2)                   Anton Kutepov (2)                 Modexp (2)                   SOC Prime (2)                   │
│ Mark Russinovich (2)               Oleg Kolesnikov @securon... (2)   Relativity (2)               Yassine Oukessou (2)            │
│ Tony Lambert) (2)                  @SBousseaden (2)                  Sean Metcalf (2)             Aleksey Potapov (2)             │
│ Hosni Mribah (2)                   James Pemberton@4A616D65... (2)   Zach Stanford @svch0st (2)   Tony Lambert (2)                │
│ Vadim Khrykov (2)                  Justin C. (2)                     Perez Diego (2)              Sreeman (2)                     │
│ Cyb3rEng (2)                       keepwatch (2)                     elhoim (2)                   Oddvar Moe (1)                  │
│ Jeff Warren (1)                    CD_ROM_ (1)                       Austin Songer (1)            Georg Lauenstein (1)            │
│ Ali Alwashali (1)                  Andreas Braathen (1)              Timon Hackenjos (1)          Semanur Guneysu @semanurtg (1)  │
│ mdecrevoisier (1)                  Joshua Wright (1)                 SCYTHE (1)                   Jose Rodriguez (1)              │
│ @gott_cyber (1)                    Dmitriy Lifanov (1)               Jason Lynch (1)              Bhabesh Raj (1)                 │
│ Bartlomiej Czyz @bczyz1 (1)        Furkan CALISKAN (1)               Maxence Fossat (1)           Subhash Popuri (1)              │
│ KevTheHermit (1)                   Tom Kern (1)                      NVISO (1)                    Stephen Lincoln `@slinco... (1) │
│ Pushkarev Dmitry (1)               blueteam0ps (1)                   Fatih Sirin (1)              Omer Faruk Celik (1)            │
│ Swisscom CSIRT (1)                 Sorina Ionescu (1)                Maxim Pavlunin (1)           David Strassegger (1)           │
│ EagleEye Team (1)                  Benjamin Delpy (1)                Open Threat Research (1)     Josh Nickels (1)                │
│ Maxime Thiebaut (1)                Markus Neis @Karneades (1)        Tom U. @c_APT_ure (1)        @oscd_initiative (1)            │
│ Zaw Min Htun (1)                   @scythe_io (1)                    Sami Ruohonen (1)            Center for Threat Inform... (1) │
│ @kostastsale (1)                   j4son (1)                         @signalblur (1)              Dan Beavin) (1)                 │
│ Teymur Kheirkhabarov @He... (1)    SBousseaden (1)                   Kutepov Anton (1)            Daniel Koifman (1)              │
│ James Pemberton @4A616D6573 (1)    Mangatas Tondang (1)              Cedric MAURUGEON (1)         Trent Liffick (1)               │
│ Stamatis Chatzimangou (1)          Matthew Green @mgreen27 (1)       David Burkett (1)            Anish Bogati (1)                │
│ @caliskanfurkan_ (1)               Sherif Eldeeb (1)                 John Lambert (1)             Margaritis Dimitrios (1)        │
│ Ivan Dyachkov (1)                  fuzzyf10w (1)                     MalGamy (1)                  James Dickenson (1)             │
│ @Joseliyo_Jstnk (1)                Christopher Peacock @Sec... (1)   Dominik Schaudel (1)         Jack Croock (1)                 │
│ Ahmed Farouk (1)                   @svch0st (1)                      Joseliyo Sanchez (1)         Alec Costello (1)               │
│ @juju4 (1)                         Scott Dermott (1)                 Mustafa Kaan Demir (1)       vburov (1)                      │
│ Dave Kennedy (1)                   @atc_project (1)                  rukawa (1)                   Tuan Le (1)                     │
│ Nextron Systems (1)                Julia Fomina (1)                                                                               │
╰──────────────────────────────────╌─────────────────────────────────╌────────────────────────────╌─────────────────────────────────╯

Results Summary:

Events with hits / Total events: 19,752 / 46,495 (Data reduction: 26,743 events (57.52%))

Total | Unique detections: 32,210 | 669
Total | Unique critical detections: 51 (0.16%) | 20 (0.00%)
Total | Unique high detections: 5,581 (17.33%) | 258 (9.12%)
Total | Unique medium detections: 2,134 (6.63%) | 246 (12.56%)
Total | Unique low detections: 6,145 (19.08%) | 84 (36.77%)
Total | Unique informational detections: 18,299 (56.81%) | 61 (38.57%)

Dates with most total detections:
critical: 2019-07-19 (16), high: 2016-09-20 (3,650), medium: 2019-05-19 (249), low: 2016-09-20 (3,708), informational: 2016-08-19 (2,115)

Top 5 computers with most unique detections:
critical: MSEDGEWIN10 (9), srvdefender01.offsec.lan (2), Isaac (1), alice.insecurebank.local (1), rootdc1.offsec.lan (1)
high: MSEDGEWIN10 (102), IEWIN7 (60), FS03.offsec.lan (26), IE10Win7 (23), fs03vuln.offsec.lan (23)
medium: MSEDGEWIN10 (91), IEWIN7 (58), FS03.offsec.lan (28), fs03vuln.offsec.lan (24), rootdc1.offsec.lan (18)
low: MSEDGEWIN10 (38), IEWIN7 (21), FS03.offsec.lan (20), fs03vuln.offsec.lan (16), fs01.offsec.lan (12)
informational: IEWIN7 (18), MSEDGEWIN10 (17), PC01.example.corp (15), FS03.offsec.lan (14), fs01.offsec.lan (14)

╭──────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│ Top critical alerts:                                        Top high alerts:                                 │
├╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌┤
│ Sticky Key Like Backdoor Usage - Registry (8)               Metasploit SMB Authentication (3,562)            │
│ CobaltStrike Service Installations - System (6)             Suspicious Service Path (277)                    │
│ Active Directory Replication from Non Machine Account (6)   Suspicious Service Installation Script (250)     │
│ Defender Alert (Severe) (4)                                 PowerShell Scripts Installed as Services (250)   │
│ WannaCry Ransomware Activity (4)                            Suspicous Service Name (80)                      │
├╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌┤
│ Top medium alerts:                                          Top low alerts:                                  │
├╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌┤
│ Potentially Malicious PwSh (235)                            Logon Failure (Wrong Password) (3,580)           │
│ Reg Key Value Set (Sysmon Alert) (107)                      Possible LOLBIN (1,418)                          │
│ Proc Injection (104)                                        Non Interactive PowerShell Process Spawned (326) │
│ Remote Thread Creation In Uncommon Target Image (93)        Proc Access (156)                                │
│ Remote Thread Creation Via PowerShell (93)                  DLL Loaded (Sysmon Alert) (109)                  │
├╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌┤
│ Top informational alerts:                                                                                    │
├╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌┤
│ Proc Exec (11,173)                                          Svc Installed (331)                              │
│ NetShare File Access (2,558)                                Explicit Logon (304)                             │
│ PwSh Scriptblock (789)                                      New Non-USB PnP Device (268)                     │
│ PwSh Pipeline Exec (680)                                    Net Conn (243)                                   │
│ NetShare Access (403)                                       File Created (212)                               │
╰───────────────────────────────────────────────────────────╌──────────────────────────────────────────────────╯

Saved file: timeline.csv (31.9 MB)

Elapsed time: 00:00:09.1212

Please report any issues with Hayabusa rules to: https://github.com/Yamato-Security/hayabusa-rules/issues
Please report any false positives with Sigma rules to: https://github.com/SigmaHQ/sigma/issues
Please submit new Sigma rules with pull requests to: https://github.com/SigmaHQ/sigma/pulls

[YamatoSecurity]

@fukusuket LGTM! Thanks so much!