Move back to ubuntu as base for takajo

Dockerfile

@@ -1,16 +1,18 @@
 FROM alpine as builder
-ADD 'https://github.com/Yamato-Security/hayabusa/releases/download/v2.10.1/hayabusa-2.10.1-all-platforms.zip' /hayabusa.zip
+ADD 'https://github.com/Yamato-Security/hayabusa/releases/download/v2.16.0/hayabusa-2.16.0-linux-intel.zip' /hayabusa.zip
+ADD 'https://github.com/Yamato-Security/takajo/releases/download/v2.5.0/takajo-2.5.0-linux.zip' /takajo.zip
 RUN apk add -U unzip git
-RUN mkdir /opt/hayabusa && cd /opt/hayabusa && unzip /hayabusa.zip
+RUN mkdir /opt/hayabusa && cd /opt/hayabusa && unzip /hayabusa.zip && unzip /takajo.zip
-RUN chmod +x /opt/hayabusa/hayabusa-2.10.1-lin-musl
+RUN chmod +x /opt/hayabusa/*
-RUN ln /opt/hayabusa/hayabusa-2.10.1-lin-musl /opt/hayabusa/hayabusa
+RUN ln /opt/hayabusa/hayabusa-2.16.0-lin-x64-gnu /opt/hayabusa/hayabusa
 RUN chmod +x /opt/hayabusa/hayabusa
-RUN /opt/hayabusa/hayabusa update-rules -r /opt/hayabusa/rules/
+RUN /opt/hayabusa/hayabusa-2.16.0-lin-x64-musl update-rules -r /opt/hayabusa/rules/
 
-From alpine
+
+From ubuntu
 COPY --from=0 /opt/hayabusa /opt/hayabusa
 ENV PATH="${PATH}:/opt/hayabusa"
-RUN apk add -U bash
+RUN apt update && apt install -y bash libcurl4 libpcre3 &&  rm -rf /var/lib/apt/lists/*
 WORKDIR /data
 RUN mkdir /output && touch /output/notmounted
 ADD start.sh /root/start.sh

start.sh

@@ -29,7 +29,10 @@ else
 fi
 
 #set output-destination
+outdir="${output}"
 output="${output}/hayabusa_$(date +%s)"
 echo "output is goint to : ${output}"
 
 hayabusa csv-timeline -p timesketch-verbose -r /opt/hayabusa/rules/ -w -m low -U -H "${output}".html -o "${output}.ts.csv" -C -d /data
+hayabusa json-timeline -p verbose -r /opt/hayabusa/rules/ -w -L -o "${output}_takajo.jsonl" -d /data
+takajo automagic -t "${output}_takajo.jsonl" -o "${outdir}/takajo"