Added question in scan wizard

[hitenkoku]

What Changed

• Added question in scan wizard
  • Include deprecated rules? (y/n) (default: no)
  • If yes is chosen then perform -D logic
  • Include noisy rules? (y/n) (default: no)
    • If yes is chosen then perform -n logic
  • Include unsupported rules? (y/n) (default: no)
    • => If yes is chosen then perform -u logic
  • Include sysmon rules? (y/n) (default: yes)
• Added new version CHANGELOG tempalte
• update version to v.2.11.0 - dev

Evidence

> ./1207.exe csv-timeline -d ..\hayabusa-sample-evtx\ -o 1207.csv --debug -q
...
Total event log files: 584
Total file size: 137.1 MB

Scan wizard:

✔ Which set of detection rules would you like to load? · 5. All event and alert rules ( status: * | level: informational+ )     
✔ Include deprecated rules? ( xxxx rules) (y/n) (default: no) · no
✔ Include noisy rules? ( xxxx rules) (y/n) (default: no) · no
✔ Include unsupported rules? ( xxxx rules) (y/n) (default: no) · no
✔ Include sysmon rules? ( xxxx rules) (y/n) (default: yes) · yes

Loading detection rules. Please wait.

Excluded rules: 31
Noisy rules: 12 (Disabled)

Deprecated rules: 182 (7.13%) (Disabled)
Experimental rules: 974 (38.18%)
Stable rules: 197 (7.72%)
Test rules: 1380 (54.10%)
Unsupported rules: 45 (1.76%) (Disabled)

Hayabusa rules: 159
Sigma rules: 2392
Total enabled detection rules: 2551

Output profile: standard

Scanning in progress. Please wait.

[00:00:05] 584 / 584   [========================================] 100%

Scanning finished. Please wait while the results are being saved.

Rule Authors: 

...
Results Summary:

Events with hits / Total events: 19,652 / 47,472 (Data reduction: 27,820 events (58.60%))

Total | Unique detections: 32,264 | 574
Total | Unique critical detections: 60 (0.19%) | 22 (3.83%)
Total | Unique high detections: 5,955 (18.46%) | 241 (41.99%)
Total | Unique medium detections: 1,973 (6.12%) | 194 (33.80%)
Total | Unique low detections: 6,047 (18.74%) | 62 (10.80%)
Total | Unique informational detections: 18,229 (56.50%) | 55 (9.58%)

Dates with most total detections:
critical: 2019-07-19 (16), high: 2016-09-20 (3,652), medium: 2019-05-19 (167), low: 2016-09-20 (3,708), informational: 2016-08-19 (2,104)

Top 5 computers with most unique detections:
critical: MSEDGEWIN10 (9), IEWIN7 (3), FS03.offsec.lan (2), IE10Win7 (2), rootdc1.offsec.lan (2)
high: MSEDGEWIN10 (117), IEWIN7 (69), fs03vuln.offsec.lan (28), FS03.offsec.lan (27), IE10Win7 (23)
medium: MSEDGEWIN10 (82), IEWIN7 (49), FS03.offsec.lan (23), fs03vuln.offsec.lan (20), rootdc1.offsec.lan (16)
low: MSEDGEWIN10 (37), FS03.offsec.lan (19), IEWIN7 (17), fs03vuln.offsec.lan (17), fs01.offsec.lan (11)
informational: IEWIN7 (17), MSEDGEWIN10 (17), PC01.example.corp (15), fs01.offsec.lan (15), FS03.offsec.lan (13)

╭──────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│ Top critical alerts:                                    Top high alerts:                                 │
├╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌┤
│ Sticky Key Like Backdoor Usage - Registry (8)           Metasploit SMB Authentication (3,562)            │
│ CobaltStrike Service Installations - System (6)         Malicious Svc Possibly Installed (271)           │
│ Active Directory Replication from Non Machine ... (6)   Susp Svc Installed (257)                         │
│ Meterpreter or Cobalt Strike Getsystem Service... (6)   Suspicious Service Installation Script (250)     │
│ WannaCry Ransomware Activity (4)                        PowerShell Scripts Installed as Services (250)   │
├╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌┤
│ Top medium alerts:                                      Top low alerts:                                  │
├╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌┤
│ Potentially Malicious PwSh (235)                        Logon Failure (Wrong Password) (3,564)           │
│ Proc Injection (104)                                    Susp CmdLine (Possible LOLBIN) (1,418)           │
│ Reg Key Value Set (Sysmon Alert) (103)                  Non Interactive PowerShell Process Spawned (325) │
│ Remote Thread Creation Via PowerShell (93)              Proc Access (157)                                │
│ Log File Cleared (87)                                   DLL Loaded (Sysmon Alert) (108)                  │
├╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌┤
│ Top informational alerts:                                                                                │
├╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌┤
│ Proc Exec (11,174)                                      Svc Installed (331)                              │
│ NetShare File Access (2,564)                            Explicit Logon (304)                             │
│ PwSh Scriptblock (789)                                  New Non-USB PnP Device (268)                     │
│ PwSh Pipeline Exec (680)                                Net Conn (243)                                   │
│ NetShare Access (433)                                   File Created (210)                               │
╰───────────────────────────────────────────────────────╌──────────────────────────────────────────────────╯

Saved file: 1207.csv (31.4 MB)

Elapsed time: 00:00:15.391
Rule Parse Processing Time: 00:00:09.074
Analysis Processing Time: 00:00:05.817
Output Processing Time: 00:00:00.497

Memory usage stats:
heap stats:     peak       total       freed     current        unit       count
  reserved:     2.0 GiB     2.0 GiB     0           2.0 GiB
 committed:     1.0 GiB     1.6 GiB   876.7 MiB   804.8 MiB
     reset:     0
    purged:   405.7 MiB
   touched:   128.5 KiB    12.1 MiB     8.3 GiB    -8.3 GiB                          ok
  segments:    13         194         183          11                                not all freed!
-abandoned:     1           1           0           1                                not all freed!
   -cached:     0           0           0           0                                ok
     pages:     0           0          53.5 Ki    -53.5 Ki                           ok
-abandoned:     3           3           0           3                                not all freed!
 -extended:     0
 -noretire:     0
     mmaps:     0
   commits:    10.0 Ki
    resets:     0
    purges:   379
   threads:    33          33           1          32                                not all freed!
  searches:     0.0 avg
numa nodes:     1
   elapsed:    15.396 s
   process: user: 22.468 s, system: 0.843 s, faults: 299961, rss: 840.7 MiB, commit: 1.0 GiB

I would appreciate it if you could review when you have time.

[codecov]

Codecov Report

Attention: 56 lines in your changes are missing coverage. Please review.

Comparison is base (deefddf) 83.82% compared to head (7b7819f) 83.60%.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1208      +/-   ##
==========================================
- Coverage   83.82%   83.60%   -0.23%     
==========================================
  Files          26       26              
  Lines       23768    23818      +50     
==========================================
- Hits        19924    19912      -12     
- Misses       3844     3906      +62     

Files	Coverage Δ
src/detections/configs.rs	81.72% <ø> (ø)
src/main.rs	65.75% <0.00%> (-1.94%)	⬇️

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[fukusuket]

I have confirmed that the results match those when executed with the -D/-n-/u option in version 2.10.0! LGTM!!🚀

[YamatoSecurity]

@hitenkoku LGTM! Thank you!

[hitenkoku]

@YamatoSecurity 　Thanks for yor review and updating changelog.
I will merge it