Yamato-Security/hayabusa-rules

Rule parsing error due to regression (caused by #568)

fukusuket opened this issue ยท 0 comments

fukusuket commented

I'm very sorry ... ๐Ÿ™‡
A rule parsing error (caused by #568) has occurred due to regression, and 922 rules are in error.

% ./hayabusa update-rules
...
% ./hayabusa csv-timeline -d ../hayabusa-sample-evtx -w

โ•”โ•— โ•”โ•ฆโ•โ•โ•โ•ฆโ•—  โ•”โ•ฆโ•โ•โ•โ•ฆโ•โ•โ•—โ•”โ•— โ•”โ•ฆโ•โ•โ•โ•ฆโ•โ•โ•โ•—
โ•‘โ•‘ โ•‘โ•‘โ•”โ•โ•—โ•‘โ•šโ•—โ•”โ•โ•‘โ•”โ•โ•—โ•‘โ•”โ•—โ•‘โ•‘โ•‘ โ•‘โ•‘โ•”โ•โ•—โ•‘โ•”โ•โ•—โ•‘
โ•‘โ•šโ•โ•โ•‘โ•‘ โ•‘โ• โ•—โ•šโ•โ•”โ•ฃโ•‘ โ•‘โ•‘โ•šโ•โ•šโ•ฃโ•‘ โ•‘โ•‘โ•šโ•โ•โ•ฃโ•‘ โ•‘โ•‘
โ•‘โ•”โ•โ•—โ•‘โ•šโ•โ•โ•‘โ•šโ•—โ•”โ•โ•‘โ•šโ•โ•โ•‘โ•”โ•โ•—โ•‘โ•‘ โ•‘โ• โ•โ•โ•—โ•‘โ•šโ•โ•โ•‘
โ•‘โ•‘ โ•‘โ•‘โ•”โ•โ•—โ•‘ โ•‘โ•‘ โ•‘โ•”โ•โ•—โ•‘โ•šโ•โ•โ•‘โ•šโ•โ•โ•‘โ•šโ•โ•โ•‘โ•”โ•โ•—โ•‘
โ•šโ• โ•šโ•ฉโ• โ•šโ• โ•šโ• โ•šโ• โ•šโ•ฉโ•โ•โ•โ•ฉโ•โ•โ•โ•ฉโ•โ•โ•โ•ฉโ• โ•šโ•
   by Yamato Security

Start time: 2024/01/21 13:06

Total event log files: 583
Total file size: 137.1 MB

Loading detection rules. Please wait.

Excluded rules: 48
Noisy rules: 12 (Disabled)
Rule parsing errors: 922

Deprecated rules: 328 (4.64%) (Disabled)
Experimental rules: 2043 (28.91%)
Stable rules: 324 (4.58%)
Test rules: 4700 (66.51%)
Unsupported rules: 84 (1.19%) (Disabled)

Hayabusa rules: 161
Sigma rules: 6906
Total enabled detection rules: 7067

I'll quickly revert to the code before modification #568.