enabled low memory mode by default

[hitenkoku]

What Changed

• enabled low memory mode by default

I would appreciate it if you could check it out when you have time

[fukusuket]

I confirmed that it works :) LGTM!!🚀

hayabusa-sample-evtx

% ./hayabusa-2.16.0-mac-aarch64 csv-timeline -d ../hayabusa-sample-evtx -D -n -u -q -w -o old.csv --debug
% ./hayabusa-low-memory csv-timeline -d ../hayabusa-sample-evtx -D -n -u -q -w -o new.csv --debug -s
% diff old.csv new.csv

all-evtx

2.16.0

% ./hayabusa-2.16.0-mac-aarch64 csv-timeline -d ../all-evtx -D -n -u -q -w -o old-big.csv --debug
Rule Parse Processing Time: 00:00:01.799
Analysis Processing Time: 00:08:03.302
Output Processing Time: 00:01:58.302

Memory usage stats:
heap stats:     peak       total       freed     current        unit       count
  reserved:    16.0 GiB    17.1 GiB     1.1 GiB    16.0 GiB

This PR

% ./hayabusa-low-memory csv-timeline -d ../all-evtx -D -n -u -q -w --debug -o new-big.csv
...
Rule Parse Processing Time: 00:00:01.911
Analysis Processing Time: 00:08:57.270
Output Processing Time: 00:00:00.112

Memory usage stats:
heap stats:     peak       total       freed     current        unit       count
  reserved:     5.2 GiB     5.3 GiB   384.0 MiB     5.0 GiB

[fukusuket]

Unrelated to this PR, but since memory usage has increased since low-memory was released, I will look into this as a separate issue. (In version 2.13.0, memory usage was 2 GB as shown below🤔)

• low memoption wave2 #1292 (review)

I created an issue for the investigation.

• Investigation of increased memory usage #1368

[YamatoSecurity]

@hitenkoku Thank you! When low memory mode in enabled, we shouldn't be able to use -R, --remove-duplicate-data and -X, --remove-duplicate-detections, right? I can still add these options without getting an error so could you configure it so that -R and -X require the option -s?

[YamatoSecurity]

@hitenkoku LGTM! Sorry, I figured out the bug, requires = "sort-events" needed to be requires = "sort_events" so I just updated it.