hayabusa

Timeline generator

A tool that generates fast forensics timelines and supports threat hunting on Windows event logs.

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

GitHub

2k stars
42 watching
203 forks
Language: Rust
last commit: 5 days ago
Linked from 2 awesome lists

attackcybersecuritydetectiondfireventforensicshayabusahuntingincidentincident-responselogsresponserustsecuritysecurity-automationsigmathreatthreat-huntingwindowsyamato

Backlinks from these awesome lists:

Related projects:

Repository Description Stars
yamato-security/hayabusa-sample-evtx A collection of sample event log files used for testing and development of threat detection rules 44
yamato-security/enablewindowslogsettings Enables Windows event log settings to support a larger percentage of Sigma detection rules and retain logs for longer periods 556
withsecurelabs/chainsaw A tool for rapid analysis of Windows forensic artefacts to support incident response and threat hunting investigations. 2,876
yamato-security/wela Analyzes Windows Event Logs to identify security-related events and provides forensic tools for incident response. 763
threathunters-io/laurel Transforms Linux audit logs into standardized, human-readable format for security monitoring 711
xen0ph0n/yaragenerator Automates the creation of Yara rules to detect malware and other malicious objects of interest by analyzing sample files from various sources. 332
securitymagic/yara A collection of YARA rules for detecting malware and suspicious activity in various environments. 11
wagga40/zircolite A standalone tool for analyzing and detecting security-related events in various Linux logs using SIGMA rules 680
chronicle/detection-rules A collection of YARA-L 2.0 sample rules and dashboards for threat detection in Google Security Operations 316
ahmedkhlief/apt-hunter A tool to analyze Windows event logs for signs of APT attacks and malware activity. 1,255
neo23x0/yargen Generates YARA rules from malware strings while excluding goodware strings and optionally refines the rules for AI use. 1,555
west-wind/threat-hunting-with-splunk Provides Splunk queries to detect vulnerability exploitation attempts and subsequent compromise, including threat hunting for MITRE ATT&CK TTPs 57
yara-silly-silly/yarasilly2 Automatically generates YARA rules from sample files for malware analysis 28
cluster25/detection A collection of threat detection rules written in YARA 13
h3x2b/yara-rules Rules and patterns used to identify malicious software 23