Merge pull request #1153 from Yamato-Security/1152-support-timeline-s…

…tart-and-timeline-end-in-logon-summary

 Added `--timeline-start` and `--timeline-end` to `logon-summary` command.

CHANGELOG-Japanese.md

@@ -25,6 +25,7 @@
 - 端末の調整に余裕を持たせるため、プログレスバーの幅を減らした。 (#1135) (@hitenkoku)
 - `search`コマンドで出力時間フォーマットのオプションをサポートした。(`--European-time`, `--ISO-8601`, `--RFC-2822`, `--RFC-3339`, `--US-time`, `--US-military-time`, `-U, --UTC`) (#1040) (@hitenkoku)
 - プログレスバーのETA時間が正確でなかったため、経過時間に置き換えた。 (#1143) (@YamatoSecurity)
+- `logon-summary`コマンドで`--timeline-start`と`--timeline-end`オプションを追加した。 (#1152) (@hitenkoku)
 
 **バグ修正:**
 

CHANGELOG.md

@@ -24,6 +24,7 @@
 - Reduced progress bar width to leave room for adjustment of the terminal. (#1135) (@hitenkoku)
 - Added support for outputing timestamps in the following formats in the `search` command: `--European-time`, `--ISO-8601`, `--RFC-2822`, `--RFC-3339`, `--US-time`, `--US-military-time`, `-U, --UTC`. (#1040) (@hitenkoku)
 - Replaced the ETA time in the progress bar with elapsed time as the ETA time was not accurate. (#1143) (@YamatoSecurity)
+- Added `--timeline-start` and `--timeline-end` to the `logon-summary` command. (#1152) (@hitenkoku)
 
 **Bug Fixes:**
 

src/detections/configs.rs

@@ -1260,6 +1260,14 @@ pub struct LogonSummaryOption {
     /// Overwrite files when saving
     #[arg(help_heading = Some("General Options"), short='C', long = "clobber", display_order = 290, requires = "output")]
     pub clobber: bool,
+
+    /// End time of the event logs to load (ex: "2022-02-22 23:59:59 +09:00")
+    #[arg(help_heading = Some("Filtering"), long = "timeline-end", value_name = "DATE", display_order = 460)]
+    pub end_timeline: Option<String>,
+
+    /// Start time of the event logs to load (ex: "2020-02-22 00:00:00 +09:00")
+    #[arg(help_heading = Some("Filtering"), long = "timeline-start", value_name = "DATE", display_order = 460)]
+    pub start_timeline: Option<String>,
 }
 
 /// Options can be set when outputting
@@ -1699,6 +1707,17 @@ impl TargetEventTime {
                 );
                 Self::set(parse_success_flag, start_time, end_time)
             }
+            Action::LogonSummary(option) => {
+                let start_time = get_time(
+                    option.start_timeline.as_ref(),
+                    "start-timeline field: the timestamp format is not correct.",
+                );
+                let end_time = get_time(
+                    option.end_timeline.as_ref(),
+                    "end-timeline field: the timestamp format is not correct.",
+                );
+                Self::set(parse_success_flag, start_time, end_time)
+            }
             _ => Self::set(parse_success_flag, None, None),
         }
     }

src/main.rs

@@ -2253,6 +2253,8 @@ mod tests {
             us_time: false,
             utc: false,
             clobber: false,
+            end_timeline: None,
+            start_timeline: None,
         });
         let config = Some(Config {
             action: Some(action),
@@ -2306,6 +2308,8 @@ mod tests {
             us_time: false,
             utc: false,
             clobber: true,
+            end_timeline: None,
+            start_timeline: None,
         });
         let config = Some(Config {
             action: Some(action),

src/timeline/timelines.rs

@@ -552,6 +552,8 @@ mod tests {
                 utc: false,
                 output: None,
                 clobber: false,
+                end_timeline: None,
+                start_timeline: None,
             }));
         *STORED_EKEY_ALIAS.write().unwrap() = Some(dummy_stored_static.eventkey_alias.clone());
         let mut timeline = Timeline::default();
@@ -815,6 +817,8 @@ mod tests {
                 utc: false,
                 output: Some(Path::new("./test_tm_logon_stats").to_path_buf()),
                 clobber: false,
+                end_timeline: None,
+                start_timeline: None,
             }));
         *STORED_EKEY_ALIAS.write().unwrap() = Some(dummy_stored_static.eventkey_alias.clone());
         let mut timeline = Timeline::default();