From 2b69f1feb292e563a58bd160fa3f491b86a85311 Mon Sep 17 00:00:00 2001
From: kle <kle@example.com>
Date: Thu, 13 Jun 2024 13:41:34 +0200
Subject: [PATCH] Move back to ubuntu as base for takajo

---
 Dockerfile | 16 +++++++++-------
 start.sh   |  3 +++
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 080ecf0..c3644f2 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,16 +1,18 @@
 FROM alpine as builder
-ADD 'https://github.com/Yamato-Security/hayabusa/releases/download/v2.10.1/hayabusa-2.10.1-all-platforms.zip' /hayabusa.zip
+ADD 'https://github.com/Yamato-Security/hayabusa/releases/download/v2.16.0/hayabusa-2.16.0-linux-intel.zip' /hayabusa.zip
+ADD 'https://github.com/Yamato-Security/takajo/releases/download/v2.5.0/takajo-2.5.0-linux.zip' /takajo.zip
 RUN apk add -U unzip git
-RUN mkdir /opt/hayabusa && cd /opt/hayabusa && unzip /hayabusa.zip
-RUN chmod +x /opt/hayabusa/hayabusa-2.10.1-lin-musl
-RUN ln /opt/hayabusa/hayabusa-2.10.1-lin-musl /opt/hayabusa/hayabusa
+RUN mkdir /opt/hayabusa && cd /opt/hayabusa && unzip /hayabusa.zip && unzip /takajo.zip
+RUN chmod +x /opt/hayabusa/*
+RUN ln /opt/hayabusa/hayabusa-2.16.0-lin-x64-gnu /opt/hayabusa/hayabusa
 RUN chmod +x /opt/hayabusa/hayabusa
-RUN /opt/hayabusa/hayabusa update-rules -r /opt/hayabusa/rules/
+RUN /opt/hayabusa/hayabusa-2.16.0-lin-x64-musl update-rules -r /opt/hayabusa/rules/
 
-From alpine
+
+From ubuntu
 COPY --from=0 /opt/hayabusa /opt/hayabusa
 ENV PATH="${PATH}:/opt/hayabusa"
-RUN apk add -U bash
+RUN apt update && apt install -y bash libcurl4 libpcre3 &&  rm -rf /var/lib/apt/lists/*
 WORKDIR /data
 RUN mkdir /output && touch /output/notmounted
 ADD start.sh /root/start.sh
diff --git a/start.sh b/start.sh
index 9dc44fb..4e7e8a1 100644
--- a/start.sh
+++ b/start.sh
@@ -29,7 +29,10 @@ else
 fi
 
 #set output-destination
+outdir="${output}"
 output="${output}/hayabusa_$(date +%s)"
 echo "output is goint to : ${output}"
 
 hayabusa csv-timeline -p timesketch-verbose -r /opt/hayabusa/rules/ -w -m low -U -H "${output}".html -o "${output}.ts.csv" -C -d /data
+hayabusa json-timeline -p verbose -r /opt/hayabusa/rules/ -w -L -o "${output}_takajo.jsonl" -d /data
+takajo automagic -t "${output}_takajo.jsonl" -o "${outdir}/takajo"