Json output missing detections

Question

Json output missing detections

56616c6f72 opened this issue 2 years ago · comments

Yo yo,

It's your boy, Mert.

Was just testing the json output. It looks like built-in detections do not get appended to the json output. Was this by design or a bug?

Json output:

Normal output:

Eric Capuano · Answer 1 · Sat May 21 2022 17:33:15 GMT+0800 (China Standard Time)

Just checking in on this as I am experiencing the same issue. Stdout reports 71 detections, but JSON only contains 42. However, my JSON does contain some of the builtin detections, just not all of them. This may be resolved by the same bug fix, but just bringing it to your attention.

Any progress on a fix? Hoping to get this Velociraptor artifact patched ASAP as it relies on the incomplete JSON results at this time.

Alex Kornitzer · Answer 2 · Sat May 21 2022 18:11:35 GMT+0800 (China Standard Time)

Due to the complexity of how builtins work and the required breaking changes to then expose this in the JSON. I am going to resolve this in the v2 work, but i cant give a timeframe for when i will have time to finish it off. Although i have done the bulk of the work already.

Alex Kornitzer · Answer 3 · Tue Jun 07 2022 22:11:34 GMT+0800 (China Standard Time)

Right this is solved in v2.0.0-alpha.x so am closing this out. Feed back on the output format should be given in #77.