Open
Description
It would be nice to have field data mapping working in the search command.
Now:
./target/release/hayabusa search -d ../hayabusa-sample-evtx -k hi
2021-12-14 23:42:48.817 +09:00 · Computer account created · rootdc1.offsec.lan · Sec · 4741 · 237294524 · AccountExpires: %%1794 ¦ AllowedToDelegateTo: - ¦ DisplayName: %%1793 ¦ DnsHostName: - ¦ HomeDirectory: %%1793 ¦ HomePath: %%1793 ¦ LogonHours: %%1793 ¦ NewUacValue: 0x84 ¦ OldUacValue: 0x0 ¦ PasswordLastSet: %%1794 ¦ PrimaryGroupId: 515 ¦ PrivilegeList: SeMachineAccountPrivilege ¦ ProfilePath: %%1793 ¦ SamAccountName: compnay-88$ ¦ ScriptPath: %%1793 ¦ ServicePrincipalNames: - ¦ SidHistory: - ¦ SubjectDomainName: OFFSEC ¦ SubjectLogonId: 0x308fb82ad ¦ SubjectUserName: hack1 ¦ SubjectUserSid: S-1-5-21-4230534742-2542757381-3142984815-1234 ¦ TargetDomainName: OFFSEC ¦ TargetSid: S-1-5-21-4230534742-2542757381-3142984815-1296 ¦ TargetUserName: compnay-88$ ¦ UserAccountControl: %%2082 %%2087 ¦ UserParameters: %%1792 ¦ UserPrincipalName: - ¦ UserWorkstations: %%1793 · ../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1136-Create account/ID4741-Computer account created with privileges.evtx