diff --git a/CHANGELOG-Japanese.md b/CHANGELOG-Japanese.md index de9cbdb71..939f7b57a 100644 --- a/CHANGELOG-Japanese.md +++ b/CHANGELOG-Japanese.md @@ -25,6 +25,7 @@ - 端末の調整に余裕を持たせるため、プログレスバーの幅を減らした。 (#1135) (@hitenkoku) - `search`コマンドで出力時間フォーマットのオプションをサポートした。(`--European-time`, `--ISO-8601`, `--RFC-2822`, `--RFC-3339`, `--US-time`, `--US-military-time`, `-U, --UTC`) (#1040) (@hitenkoku) - プログレスバーのETA時間が正確でなかったため、経過時間に置き換えた。 (#1143) (@YamatoSecurity) +- `logon-summary`コマンドで`--timeline-start`と`--timeline-end`オプションを追加した。 (#1152) (@hitenkoku) **バグ修正:** diff --git a/CHANGELOG.md b/CHANGELOG.md index 53c8e6355..6f7f2eadb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -24,6 +24,7 @@ - Reduced progress bar width to leave room for adjustment of the terminal. (#1135) (@hitenkoku) - Added support for outputing timestamps in the following formats in the `search` command: `--European-time`, `--ISO-8601`, `--RFC-2822`, `--RFC-3339`, `--US-time`, `--US-military-time`, `-U, --UTC`. (#1040) (@hitenkoku) - Replaced the ETA time in the progress bar with elapsed time as the ETA time was not accurate. (#1143) (@YamatoSecurity) +- Added `--timeline-start` and `--timeline-end` to the `logon-summary` command. (#1152) (@hitenkoku) **Bug Fixes:** diff --git a/src/detections/configs.rs b/src/detections/configs.rs index 5567571b1..59e8a4666 100644 --- a/src/detections/configs.rs +++ b/src/detections/configs.rs @@ -1260,6 +1260,14 @@ pub struct LogonSummaryOption { /// Overwrite files when saving #[arg(help_heading = Some("General Options"), short='C', long = "clobber", display_order = 290, requires = "output")] pub clobber: bool, + + /// End time of the event logs to load (ex: "2022-02-22 23:59:59 +09:00") + #[arg(help_heading = Some("Filtering"), long = "timeline-end", value_name = "DATE", display_order = 460)] + pub end_timeline: Option, + + /// Start time of the event logs to load (ex: "2020-02-22 00:00:00 +09:00") + #[arg(help_heading = Some("Filtering"), long = "timeline-start", value_name = "DATE", display_order = 460)] + pub start_timeline: Option, } /// Options can be set when outputting @@ -1699,6 +1707,17 @@ impl TargetEventTime { ); Self::set(parse_success_flag, start_time, end_time) } + Action::LogonSummary(option) => { + let start_time = get_time( + option.start_timeline.as_ref(), + "start-timeline field: the timestamp format is not correct.", + ); + let end_time = get_time( + option.end_timeline.as_ref(), + "end-timeline field: the timestamp format is not correct.", + ); + Self::set(parse_success_flag, start_time, end_time) + } _ => Self::set(parse_success_flag, None, None), } } diff --git a/src/main.rs b/src/main.rs index 1970ce57a..e93efaaaf 100644 --- a/src/main.rs +++ b/src/main.rs @@ -2253,6 +2253,8 @@ mod tests { us_time: false, utc: false, clobber: false, + end_timeline: None, + start_timeline: None, }); let config = Some(Config { action: Some(action), @@ -2306,6 +2308,8 @@ mod tests { us_time: false, utc: false, clobber: true, + end_timeline: None, + start_timeline: None, }); let config = Some(Config { action: Some(action), diff --git a/src/timeline/timelines.rs b/src/timeline/timelines.rs index 51f295b26..75b0ff26d 100644 --- a/src/timeline/timelines.rs +++ b/src/timeline/timelines.rs @@ -552,6 +552,8 @@ mod tests { utc: false, output: None, clobber: false, + end_timeline: None, + start_timeline: None, })); *STORED_EKEY_ALIAS.write().unwrap() = Some(dummy_stored_static.eventkey_alias.clone()); let mut timeline = Timeline::default(); @@ -815,6 +817,8 @@ mod tests { utc: false, output: Some(Path::new("./test_tm_logon_stats").to_path_buf()), clobber: false, + end_timeline: None, + start_timeline: None, })); *STORED_EKEY_ALIAS.write().unwrap() = Some(dummy_stored_static.eventkey_alias.clone()); let mut timeline = Timeline::default();