Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[bug] --timeline-start and --timeline-end do not work correctly with json-timeline #1148

Closed
YamatoSecurity opened this issue Jul 31, 2023 · 0 comments · Fixed by #1149
Closed

[bug] --timeline-start and --timeline-end do not work correctly with json-timeline #1148

YamatoSecurity opened this issue Jul 31, 2023 · 0 comments · Fixed by #1149
Assignees
@hitenkoku
Labels
bug Something isn't working Priority:High
Milestone
v2.7.0

Comments

@YamatoSecurity
Copy link
Collaborator

@hitenkoku Can you take a look at this?

Describe the bug
When json-timeline is used with --timeline-start, it shows no detections so no file is written.
Also, --timeline-end does not work correctly with json-timeline.

Step to Reproduce
./hayabusa-2.7.0-dev json-timeline -d ../hayabusa-sample-evtx -C -o test.json --timeline-start "2018-01-01 00:00:00 +00:00"
This gives 0 detections and 0 file size.

However, when I run the the same command with csv-timeline, it works:
./hayabusa-2.7.0-dev csv-timeline -d ../hayabusa-sample-evtx -C -o test.csv --timeline-start "2018-01-01 00:00:00 +00:00"

Total | Unique detections: 14,001 | 521 and 20 MB file get outputted.

Also, when using --timeline-end with json-timeline, a file gets outputted but it does not filter out events after the date.
For example the following command:
./hayabusa-2.7.0-dev csv-timeline -d ../hayabusa-sample-evtx -C -o test.csv --timeline-end "2018-01-01 00:00:00 +00:00"
gives this result: Total | Unique detections: 18,238 | 189
but
./hayabusa-2.7.0-dev json-timeline -d ../hayabusa-sample-evtx -C -o test.json --timeline-end "2018-01-01 00:00:00 +00:00"
gives this result: Total | Unique detections: 32,239 | 567 (same is when --timeline-end is not used)

Environment (please complete the following information):

  • OS: mac
  • hayabusa version: 2.7.0-dev but the bug seems to be in older versions as well. (Same behavior in 2.5.0 and 2.6.0)
@YamatoSecurity YamatoSecurity added bug Something isn't working Priority:High labels Jul 31, 2023
@YamatoSecurity YamatoSecurity added this to the v2.7.0 milestone Jul 31, 2023
@hitenkoku hitenkoku self-assigned this Jul 31, 2023
hitenkoku added a commit that referenced this issue Jul 31, 2023
@hitenkoku
fix(configs): fixed --timeline-start and --timeline-end do not work c…
95443bb 
…orrectly with json-timeline #1148
hitenkoku added a commit that referenced this issue Jul 31, 2023
@hitenkoku
docs(CHANGELOG): added #1148
3fbdbb9
@hitenkoku hitenkoku linked a pull request Jul 31, 2023 that will close this issue
Fixed --timeline-start and --timeline-end do not work correctly with json-timeline command. #1149
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hitenkoku hitenkoku

Labels
bug Something isn't working Priority:High
Projects
None yet
Milestone
v2.7.0
2 participants
@hitenkoku @YamatoSecurity