bug non utf 8 byte sequences error with color output

[hitenkoku]

What Changed

• Fixed non utf 8 byte sequences error with color output. Changed timing of result output to display from bulk to each result (line by line).

Evdence

- test command is `>.\hayabusa.exe -f .\hayabusa-sample-evtx\DeepBlueCLI\Powershell-Invoke-Obfuscation-many.evtx -q`

PS >.\hayabusa.exe -f .\hayabusa-sample-evtx\DeepBlueCLI\Powershell-Invoke-Obfuscation-many.evtx -q
Analyzing event files: 1
Total file size: 3.2 MB

Loading detections rules. Please wait.

Excluded rules: 15
Noisy rules: 5 (Disabled)

Experimental rules: 1574 (61.58%)
Stable rules: 212 (8.29%)
Test rules: 770 (30.13%)

Hayabusa rules: 134
Sigma rules: 2422
Total enabled detection rules: 2556
...

2017-08-31 04:12:28.360 +09:00 | SEC511 | PwSh | 4104 | high | 626853 | Accessing WinAPI in PowerShell | iNVOkE-expRessION (( [RUNTiMe.inTEROPsErVices.MARsHaL]::ptrTOsTRINgautO( [runTIME.IntErOPsERvIceS.MarSHAL]::SEcureSTRIngtObsTr($('76492d1116743f0423413b16050a5345MgB8AFEAcwB0AHAAaAAwAGEAWABRAG8AcgBMAEMAdAAyAFgANwAyAGsATABCAFEAPQA9AHwAZQBjADMAOAAxAGYAOAA4ADcANAA2ADIAYQAzADgANwBjADIANgAyAGYAYQA0ADYAYgBhADAANgBmADkAZgA4AGYAZQBiADQANgBlADAAYwAxADYAYwBmADIAZABhADEAMgA5ADQANwA0ADEAMAA1ADAAYQA1ADQAMwBmADAAMAAyAGEAYgBiADMAMQBhADgAMgBjADUAYQBkADcAMwBlADAAMQA4ADAANABiADEAYwA2AGQAOQAwADMAMgA0ADYAMgA5ADcAZgAwAGMAMwBkADUANABiAGYAOAAwADEAMQBmAGIAYQBhADAAOABiADIANwAxADQAMgAxADUANgAxADQAZgBlAGYAOQBiADQAMwAwADEAMAA3ADQAZQA3AGMAYgBkADQANQBlADAANwBkADYAYQBhADMAYwA1AGUAZQBhAGUANAAzADEANgBlAGQAOQA4ADcAMQAyADYAOABlADEAMgAxADkAYQBmADgANwBkAGIAOQBhADMAYgAzAGQAZAA1AGMANAA4ADcAZgBhAGYAYQBhAGUAZQBmAGIAOAA2ADAAMAAwADkAYgAwAGEAZgA1AGEAYwBmADUANgBjAGIAMQA5ADIAYQBmADYAYwAzADAAYwBlADYAYwA3AGIANQAxAGEAMQBlADMANwBjADYAMgBmAGQAZAAxADUAMAA0ADcAMQBiAGMAOQBkAGQAOAA5ADYAMwAwAGEAOQBjAGUANQAzADQANwA2ADkAZgAyAGYAOQA2ADgANgA2ADEAMQAxADkAYwBkADYAZQA2AGQAZABlAGEANgBlAGMAYwA0ADYANwBjAGMAYQAyADAAMQBmADUAZgA4ADUANAA4ADMANwA2AGYAOAAxADIAYQBhAGUAYgBjADMAYQAwADYAOQA5AGMAZQBjADkAOQAzADkAMQA0ADIANAAyAGEAZgAwAGUAYwA2ADIANwBlAGUANwBmADQANwBmADgAMgA2ADkANQAxAGMAMwBmAGQAMQA5ADMANwAzAGEAOAA0AGQANAA2AGIAZAA3ADQAYgAwAGIAMQAwADIAZgBkADMAYQBmADEAYgBiADkAYgAzADYAMQA5ADQANQA2ADQAMQA1ADcAMwA2ADYAMQA0ADAAMABlAGQANAAyADQAYQA2ADYAMwA0AGMAZQBiAGUAZQBkADUAYgAxADkANwBlAGMANgA1ADkANQAyADcAYQBmADYAYQA0ADYAMQBmAGUAOABkADEAOAAwAGMAMwBkAGUAYgBlAGEAMAAzADIAYgA1ADYAYQA5AGEAMABjADYAZAAwADQANABiAGYAZABjADMANwA0ADgAYwA1ADMAZQBjAGQAMQA4ADAAMQAwAGIAYQBhAGEAMAA1AGUAZgAyAGUAZABlAGMAMwA5ADkAMQAyADAAZgBjADgANwAyAGEANwA3ADcAOQA2AGUAZQBjADkAYwAwADIANQBjAGIAOAA2AGQAOQBkAGQAMQBjAGUANABlAGUAMABjADcAMQA3ADkANQAzAGQAOQA3AGUAYgBjAGEANgBmADMANwAxADYAMwBiAGMAYgA5ADQANQAxADQANAAxAGQAMABiADIAMQA0ADEAMQA3ADUAMAA4AGEAMAA4ADUAOABlADcAOABlADYANQA2ADQAZQAwADcANAA3ADYANQA5ADYAYQA5ADcANgAyADgANwAyADIAMwAyADEAZgA1ADkAYgBkADUANgA0AGEAMgBlAGEAYwBiADUAZQAwAGEANQAxAGEAOQAwADMANQA2ADYAMQBiAGMAYQA2ADgAMQA3ADAAOQBjADgAMwA5AGQAOQBhADUANgA1ADIAMABlADMAMgBiAGIAMwA4ADMAZAA5ADQAYwAxAGUANgBlADcANQBmAGIAOQAzADAANAAwAGMAZAA1AGQAYwA5AGEAMgA2ADcAMABjADcAOABhADQANgBiAGUAYQA4ADUAMgA='|CoNverTTo-secuReStriNG -k 82,189,200,92,184,235,46,38,211,250,202,240,198,208,70,100,210,121,211,227,2,148,77,154,149,200,93,130,24,30,119,255) ) )) )

Results Summary:

Total events: 302
Data reduction: 0 events (0.00%)


Total detections: 447
Total critical detections: 0
Total high detections: 47
Total medium detections: 97
Total low detections: 1
Total informational detections: 302

Unique detections: 12
Unique critical detections: 0
Unique high detections: 6
Unique medium detections: 4
Unique low detections: 1
Unique informational detections: 1

Date with most total critical detections: n/a
Date with most total high detections: 2017-08-31 (47)
Date with most total medium detections: 2017-08-31 (97)
Date with most total low detections: 2017-08-31 (1)
Date with most total informational detections: 2017-08-31 (302)

Top 5 computers with most unique critical detections: n/a
Top 5 computers with most unique high detections: SEC511 (6)
Top 5 computers with most unique medium detections: SEC511 (4)
Top 5 computers with most unique low detections: SEC511 (1)
Top 5 computers with most unique informational detections: SEC511 (1)

Elapsed Time: 00:00:16.371

[hitenkoku]

@YamatoSecurity 確認時にカラー入力に対して出力情報が大きすぎるとバッファの出力が発生してしまい、カラー出力でエラーが発生する問題を確認したためこちらのpull-requestで対応しました。お手数をおかけしてしまい申し訳ございませんが、ご確認いただき問題なければApproveのほどよろしくお願いいたします。

5d058d3 で 一部clippyやtestエラーがありましたが対応完了しました。

[YamatoSecurity]

LGTM!