hayabusa
Timeline generator
A tool that generates fast forensics timelines and supports threat hunting on Windows event logs.
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
2k stars
41 watching
206 forks
Language: Rust
last commit: about 1 month ago
Linked from 2 awesome lists
attackcybersecuritydetectiondfireventforensicshayabusahuntingincidentincident-responselogsresponserustsecuritysecurity-automationsigmathreatthreat-huntingwindowsyamato
meirwah/awesome-incident-response
cugu/awesome-forensicsRelated projects:
| Repository | Description | Stars |
|---|---|---|
| yamato-security/hayabusa-sample-evtx | A collection of sample event log files used for testing and development of threat detection rules | 45 |
| yamato-security/enablewindowslogsettings | Enables Windows event log settings to support a larger percentage of Sigma detection rules and retain logs for longer periods | 571 |
 withsecurelabs/chainsaw | A tool to rapidly search and analyze Windows forensic artefacts like Event Logs and MFT files. | 2,919 |
| yamato-security/wela | Analyzes Windows Event Logs to identify security-related events and provides forensic tools for incident response. | 769 |
 threathunters-io/laurel | Converts Linux audit logs into standardized JSON format for enhanced security monitoring | 722 |
 xen0ph0n/yaragenerator | Automates the creation of Yara rules to detect malware and other malicious objects of interest by analyzing sample files from various sources. | 332 |
 securitymagic/yara | A collection of YARA rules for detecting malware and suspicious activity in various environments. | 11 |
 wagga40/zircolite | A standalone tool for analyzing and detecting security-related events in various Linux logs using SIGMA rules | 684 |
 chronicle/detection-rules | A collection of YARA-L 2.0 sample rules and dashboards for threat detection in Google Security Operations | 326 |
 ahmedkhlief/apt-hunter | A tool to analyze Windows event logs for signs of APT attacks and malware activity. | 1,265 |
 neo23x0/yargen | Generates YARA rules from malware strings while excluding goodware strings and optionally refines the rules for AI use. | 1,569 |
 west-wind/threat-hunting-with-splunk | Provides Splunk queries to detect vulnerability exploitation attempts and subsequent compromise, including threat hunting for MITRE ATT&CK TTPs | 58 |
 yara-silly-silly/yarasilly2 | Automatically generates YARA rules from sample files for malware analysis | 28 |
 cluster25/detection | A collection of threat detection rules written in YARA | 13 |
 h3x2b/yara-rules | Rules and patterns used to identify malicious software | 23 |