Comments (5)
mischw
commented on July 22, 2024
2
I gave it a try and it looks like a nice way to get the info I need. Thanks for letting me know!
from hayabusa.
YamatoSecurity
commented on July 22, 2024
1
@mischw We updated the stack-logons command so if you compile takajo with the main branch, you can get failed logon info as well.
from hayabusa.
YamatoSecurity
commented on July 22, 2024
We will look into adding this feature. For now, you might just have to write a script to remove the duplicates.
from hayabusa.
mischw
commented on July 22, 2024
Thanks for considering adding this feature. In the mean time I am happy to write a script. Do you happen to know a tool or two which would be suitable for usage in script and at the same time is able to output a format which hayabusa is able to parse?
from hayabusa.
YamatoSecurity
commented on July 22, 2024
@mischw To work around this, you can remove duplicates with the json-timeline command, output to JSONL and then use the stack-logons in Takajo to get the same information. (https://github.com/Yamato-Security/takajo?tab=readme-ov-file#stack-logons-command)
Right now, it only summarizes successful logons but will add an option to analyze failed logons as well.
from hayabusa.
Related Issues (20)
- [bug] `-T(--visualize-timeline)` option does not work
- Can't get hayabusa to use JSON as input HOT 3
- Bug: `windash` not working when there is a * wildcard HOT 3
- Check out WatchAD2.0 by Qihoo360 HOT 1
- aarch64 musl binary can't run HOT 1
- Consistent output for Timeline Explorer HOT 5
- Allow `-d` to be specified multiple times HOT 1
- Sigma correlations support: Event Count HOT 3
- Sigma correlations support: Value Count HOT 1
- Support multiple grouping by in `count` HOT 1
- Improving count rule's output HOT 7
- [bug] Nothing is detected when using the `-J, --JSON-input` option with the timeline command because of `Channel` filter HOT 4
- Enable overflow checks in release mode
- Support for `Provider_name` and `Data[x]` notation to the field mapping HOT 4
- [bug] Defender is getting triggered when unpacking rules HOT 13
- Embed non-configurable files into binary
- Enable low memory mode by default
- Ignore referenced rules in sigma correlation rules HOT 3
- Investigation of increased memory usage HOT 12
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hayabusa.