hayabusa
Timeline generator
A tool that generates fast forensics timelines and supports threat hunting on Windows event logs.
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
2k stars
42 watching
203 forks
Language: Rust
last commit: 5 days ago
Linked from 2 awesome lists
attackcybersecuritydetectiondfireventforensicshayabusahuntingincidentincident-responselogsresponserustsecuritysecurity-automationsigmathreatthreat-huntingwindowsyamato
Related projects:
Repository | Description | Stars |
---|---|---|
yamato-security/hayabusa-sample-evtx | A collection of sample event log files used for testing and development of threat detection rules | 44 |
yamato-security/enablewindowslogsettings | Enables Windows event log settings to support a larger percentage of Sigma detection rules and retain logs for longer periods | 556 |
withsecurelabs/chainsaw | A tool for rapid analysis of Windows forensic artefacts to support incident response and threat hunting investigations. | 2,876 |
yamato-security/wela | Analyzes Windows Event Logs to identify security-related events and provides forensic tools for incident response. | 763 |
threathunters-io/laurel | Transforms Linux audit logs into standardized, human-readable format for security monitoring | 711 |
xen0ph0n/yaragenerator | Automates the creation of Yara rules to detect malware and other malicious objects of interest by analyzing sample files from various sources. | 332 |
securitymagic/yara | A collection of YARA rules for detecting malware and suspicious activity in various environments. | 11 |
wagga40/zircolite | A standalone tool for analyzing and detecting security-related events in various Linux logs using SIGMA rules | 680 |
chronicle/detection-rules | A collection of YARA-L 2.0 sample rules and dashboards for threat detection in Google Security Operations | 316 |
ahmedkhlief/apt-hunter | A tool to analyze Windows event logs for signs of APT attacks and malware activity. | 1,255 |
neo23x0/yargen | Generates YARA rules from malware strings while excluding goodware strings and optionally refines the rules for AI use. | 1,555 |
west-wind/threat-hunting-with-splunk | Provides Splunk queries to detect vulnerability exploitation attempts and subsequent compromise, including threat hunting for MITRE ATT&CK TTPs | 57 |
yara-silly-silly/yarasilly2 | Automatically generates YARA rules from sample files for malware analysis | 28 |
cluster25/detection | A collection of threat detection rules written in YARA | 13 |
h3x2b/yara-rules | Rules and patterns used to identify malicious software | 23 |