Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hayabusa displays Unknown for some events in metrics when the input is JSON #943

Closed
YamatoSecurity opened this issue Feb 25, 2023 · 0 comments · Fixed by #944
Closed

Hayabusa displays Unknown for some events in metrics when the input is JSON #943

YamatoSecurity opened this issue Feb 25, 2023 · 0 comments · Fixed by #944
Assignees
@hitenkoku
Labels
bug Something isn't working
Milestone
v2.3.0

Comments

@YamatoSecurity
Copy link
Collaborator

When the input is JSON, Hayabusa will display some events correctly but some events as Unknown.
Hayabusa version 2.2.2.
Ex: ./hayabusa-2.2.2-mac-intel metrics -J -f APT29.json

For example, 4657 says the event is Registry value modified, however EID 4956 is Unknown.
Screen Shot 2023-02-25 at 11 02 25 AM

However, EID 4956 is also defined in channel_eid_info.txt
Screen Shot 2023-02-25 at 11 02 11 AM

I only see this happening when JSON is used as input.

@hitenkoku Could you take a look at this whenever you have time?
@YamatoSecurity YamatoSecurity added the bug Something isn't working label Feb 25, 2023
@YamatoSecurity YamatoSecurity added this to the v2.3.0 milestone Feb 25, 2023
@hitenkoku hitenkoku self-assigned this Feb 25, 2023
hitenkoku added a commit that referenced this issue Feb 25, 2023
@hitenkoku
config(rules): updated rules #943
945f7ae
hitenkoku added a commit that referenced this issue Feb 25, 2023
@hitenkoku
fix(metrics): fixed display unknown when some events channel name is …
5cbce5c 
…not case match #943
hitenkoku added a commit that referenced this issue Feb 25, 2023
@hitenkoku
docs(CHANGELOG): updated changelog #943
5730ce9
@hitenkoku hitenkoku linked a pull request Feb 25, 2023 that will close this issue
Fixed hayabusa displays unknown for some events in metrics when the input is json #944
Merged
hitenkoku added a commit that referenced this issue Feb 28, 2023
@hitenkoku
fix(metrics/timelines): fixed Unknown output due to lowercase convert #…
3f8273b 
…943
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hitenkoku hitenkoku

Labels
bug Something isn't working
Projects
None yet
Milestone
v2.3.0
2 participants
@hitenkoku @YamatoSecurity