Add command line to html report

[hitenkoku]

What Changed

• Added executed command string to html report
• Added test
• Updated rules
• Updated changelog

Evidence

> > .\877.exe csv-timeline -d ..\hayabusa-sample-evtx\ -o 877.csv -H 877.html

...

Analyzing event files: 582
Total file size: 148.5 MB

Loading detections rules. Please wait.

Excluded rules: 15
Noisy rules: 7 (Disabled)

Experimental rules: 1911 (56.59%)
Stable rules: 220 (6.51%)
Test rules: 1246 (36.90%)

Hayabusa rules: 148
Sigma rules: 3229
Total enabled detection rules: 3377

582 / 582 [======================================================================================================================================================================] 100.00 % 

Analysis finished. Please wait while the results are being saved.

Rule Authors: 
...

Results Summary:

Events with hits / Total events: 19,601 / 76,974 (Data reduction: 57,373 events (74.54%))

Total | Unique detections: 32,385 | 602
Total | Unique critical detections: 46 (0.14%) | 18 (2.99%)
Total | Unique high detections: 6,212 (19.18%) | 274 (45.51%)
Total | Unique medium detections: 1,623 (5.01%) | 184 (30.56%)
Total | Unique low detections: 6,373 (19.68%) | 73 (12.13%)
Total | Unique informational detections: 18,131 (55.99%) | 53 (8.80%)

Dates with most total detections:
critical: 2019-07-19 (15), high: 2016-09-20 (3,643), medium: 2021-04-22 (197), low: 2016-09-20 (3,724), informational: 2016-08-19 (2,105)

Top 5 computers with most unique detections:
critical: MSEDGEWIN10 (6), IEWIN7 (3), FS03.offsec.lan (2), rootdc1.offsec.lan (2), srvdefender01.offsec.lan (2)
high: MSEDGEWIN10 (123), IEWIN7 (73), FS03.offsec.lan (32), fs03vuln.offsec.lan (31), IE10Win7 (23)
medium: MSEDGEWIN10 (68), IEWIN7 (43), fs03vuln.offsec.lan (16), FS03.offsec.lan (16), IE10Win7 (15)
low: MSEDGEWIN10 (33), FS03.offsec.lan (16), IEWIN7 (15), fs03vuln.offsec.lan (14), fs01.offsec.lan (10)
informational: IEWIN7 (18), MSEDGEWIN10 (18), fs01.offsec.lan (15), PC01.example.corp (14), FS03.offsec.lan (13)

╭───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│ Top critical alerts:                                                       Top high alerts:                               │
├╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌┤
│ Sticky Key Like Backdoor Usage - Registry (8)                              Metasploit SMB Authentication (3,562)          │
│ Active Directory Replication from Non Machine Account (6)                  Malicious Svc Possibly Installed (271)         │
│ Meterpreter or Cobalt Strike Getsystem Service Installation - System (6)   Susp Svc Installed (257)                       │
│ WannaCry Ransomware (4)                                                    Suspicious Service Installation Script (250)   │
│ Defender Alert (Severe) (4)                                                PowerShell Scripts Installed as Services (250) │
├╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌┤
│ Top medium alerts:                                                         Top low alerts:                                │
├╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌┤
│ Potentially Malicious PwSh (235)                                           Logon Failure (Wrong Password) (3,564)         │
│ Proc Injection (104)                                                       Susp CmdLine (Possible LOLBIN) (1,418)         │
│ Reg Key Value Set (Sysmon Alert) (103)                                     Non Interactive PowerShell (325)               │
│ Suspicious Remote Thread Target (93)                                       Rare Service Installations (321)               │
│ Wscript Execution from Non C Drive (61)                                    Proc Access (157)                              │
├╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌┤
│ Top informational alerts:                                                                                                 │
├╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌┤
│ Proc Exec (11,174)                                                         Explicit Logon (342)                           │
│ NetShare File Access (2,564)                                               Svc Installed (331)                            │
│ PwSh Scriptblock (789)                                                     New Non-USB PnP Device (268)                   │
│ PwSh Pipeline Exec (680)                                                   Logon (Network) (228)                          │
│ NetShare Access (433)                                                      File Created (210)                             │
╰──────────────────────────────────────────────────────────────────────────╌────────────────────────────────────────────────╯

Saved file: 877.csv (16.5 MB)
HTML report: 877.html
Elapsed time: 00:00:11.124

result:

[codecov]

Codecov Report

Base: 69.07% // Head: 69.49% // Increases project coverage by +0.42% 🎉

Coverage data is based on head (3f781b3) compared to base (819db32).
Patch coverage: 100.00% of modified lines in pull request are covered.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #880      +/-   ##
==========================================
+ Coverage   69.07%   69.49%   +0.42%     
==========================================
  Files          23       23              
  Lines       13651    13674      +23     
==========================================
+ Hits         9429     9503      +74     
+ Misses       4222     4171      -51     

Impacted Files	Coverage Δ
src/main.rs	13.76% <100.00%> (+5.34%)	⬆️
src/detections/configs.rs	49.35% <0.00%> (+0.43%)	⬆️
src/options/htmlreport.rs	71.96% <0.00%> (+7.57%)	⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

[YamatoSecurity]

確認できました。LGTM.
ありがとうございました！