docker_hayabusa

irt/docker_hayabusa

Fork 0

Commit Graph

Author	SHA1	Message	Date
tabledevil	d5f4ba8862	Add hayabusa smoke test (fetch sample-evtx → scan → eval → cleanup) Verifies image present, EVTX corpus available (clones on demand), the container exits cleanly, all four output artefact types are produced non-empty, then prints detection count + MITRE TTP coverage. Default SUBSET=DeepBlueCLI (21 EVTX, ~30s). Documented alternatives: YamatoSecurity, EVTX-ATTACK-SAMPLES, EVTX-to-MITRE-Attack, or empty for the full 599-file bundle. KEEP_DATA=1 keeps the cloned corpus on disk for fast reruns. Validated end-to-end on amd64 Linux: 7/7 PASS, 8,626 detections from DeepBlueCLI subset, 31 distinct MITRE TTPs. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-07 11:45:33 +02:00

Author

SHA1

Message

Date

tabledevil

d5f4ba8862

Add hayabusa smoke test (fetch sample-evtx → scan → eval → cleanup)

Verifies image present, EVTX corpus available (clones on demand), the
container exits cleanly, all four output artefact types are produced
non-empty, then prints detection count + MITRE TTP coverage.

Default SUBSET=DeepBlueCLI (21 EVTX, ~30s). Documented alternatives:
YamatoSecurity, EVTX-ATTACK-SAMPLES, EVTX-to-MITRE-Attack, or empty for
the full 599-file bundle.

KEEP_DATA=1 keeps the cloned corpus on disk for fast reruns.

Validated end-to-end on amd64 Linux: 7/7 PASS, 8,626 detections from
DeepBlueCLI subset, 31 distinct MITRE TTPs.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-07 11:45:33 +02:00

1 Commits