Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

stack-computers command #125

Closed
YamatoSecurity opened this issue Mar 1, 2024 · 1 comment · Fixed by #127
Closed

stack-computers command #125

YamatoSecurity opened this issue Mar 1, 2024 · 1 comment · Fixed by #127
Assignees
@fukusuket
Labels
enhancement New feature or request
Milestone
v2.5.0

Comments

@YamatoSecurity
Copy link
Collaborator

Similar to the computer-metrics command in hayabusa, it will stack unique entries of the .Computer field.
I would like to output in the table format for standard output and CSV file output and add Levels and Alerts similar to takajo's stack-services command. It would be nice to print how many alerts for each level and alert.
Example:

Count Computer Levels Alerts
500 ComputerA crit (10) | high (20) | info (xx) CobaltStrike Service Installations - System (10) | Alert2 (20) | Alert3 (5) | etc...
100 ComputerB high (10) | low (10) | info (100) Drive-by Compromise (10) | etc...
1 ComputerC hogehoge hogehoge

The difference between stack-computers and computer-metrics is that stack-computers only gets info from Hayabusa results but Hayabusa's computer-metrics will take metrics on all events regardless of sigma rules.

We should probably add this option:
-m=, --minLevel= specify the minimum alert level (default: informational)

@fukusuket Are you interested in this?
@YamatoSecurity YamatoSecurity mentioned this issue Mar 1, 2024
Closed
@fukusuket
Copy link
Collaborator

@YamatoSecurity
Thank you so much :) Yes, I would love to implement it💪

@fukusuket fukusuket self-assigned this Mar 1, 2024
@fukusuket fukusuket added the enhancement New feature or request label Mar 1, 2024
@fukusuket fukusuket added this to the v2.5.0 milestone Mar 1, 2024
@fukusuket fukusuket mentioned this issue Mar 1, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fukusuket fukusuket

Labels
enhancement New feature or request
Projects
None yet
Milestone
v2.5.0
Development

Successfully merging a pull request may close this issue.

feat: add stack-computers command Yamato-Security/takajo
2 participants
@fukusuket @YamatoSecurity