Repositories list

• hayabusa

  Public

  Yamato-Security/hayabusa’s past year of commit activity
  Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

  windowsrustsecurity+ 17attackdetectionincident-responselogseventthreatforensics+ 10

  Rust

  •

  GNU Affero General Public License v3.0

  •253•2.9k•36•1•Updated Nov 2, 2025Nov 2, 2025

• hayabusa-rules

  Public

  Yamato-Security/hayabusa-rules’s past year of commit activity
  Curated Windows event log Sigma rules used in Hayabusa and Velociraptor.

  windowsattacklog+ 6analysiseventdfirmitresigmahayabusa

  Python

  •

  Other

  •26•208•3•0•Updated Nov 2, 2025Nov 2, 2025

• hayabusa-encoded-rules

  Public

  Yamato-Security/hayabusa-encoded-rules’s past year of commit activity
  Encoded Hayabusa and Sigma rules to avoid anti-virus false positives and reduce files stored on target systems.

  Rust

  •

  Other

  •0•10•1•0•Updated Nov 2, 2025Nov 2, 2025

• WELA

  Public

  Yamato-Security/WELA’s past year of commit activity
  Windows Event Log Auditor

  PowerShell

  •

  MIT License

  •2•50•6•1•Updated Nov 2, 2025Nov 2, 2025

• takajo

  Public

  Yamato-Security/takajo’s past year of commit activity
  Takajō (鷹匠) is a Hayabusa results analyzer.

  windowsnimlog+ 4analysiseventnim-langhayabusa

  Nim

  •

  GNU Affero General Public License v3.0

  •9•146•15•0•Updated Oct 31, 2025Oct 31, 2025

• IT-Yokai

  Public

  Yamato-Security/IT-Yokai’s past year of commit activity
  Collection of IT Yōkai (妖怪) (traditional Japanese supernatural beings)

  Other

  •1•5•0•0•Updated Oct 31, 2025Oct 31, 2025

• EventLog-Baseline-Guide

  Public
  Windows Event Log Audit Configuration Baselines and Guidelines. Automated monitoring of audit policy settings across different security frameworks.

  Batchfile

  •

  MIT License

  •2•6•0•0•Updated Oct 30, 2025Oct 30, 2025

• suzaku-rules

  Public

  Yamato-Security/suzaku-rules’s past year of commit activity
  Other

  •2•11•1•0•Updated Oct 29, 2025Oct 29, 2025

• hayabusa-evtx

  Public

  Yamato-Security/hayabusa-evtx’s past year of commit activity
  A fork of the evtx Rust crate for Hayabusa

  Rust

  •

  Apache License 2.0

  •2•9•4•0•Updated Oct 27, 2025Oct 27, 2025

• suzaku

  Public

  Yamato-Security/suzaku’s past year of commit activity
  Suzaku (朱雀) is a sigma-based threat hunting and fast forensics timeline generator for cloud logs.

  awssecurityengineering+ 14monitoringlogazuredetectiongcpidthreat+ 7

  Rust

  •

  GNU Affero General Public License v3.0

  •8•152•5•0•Updated Oct 24, 2025Oct 24, 2025

• sigma-to-hayabusa-converter

  Public
  Documentation and tools to curate Sigma rules for Windows event logs into easier to parse rules.

  Python

  •

  GNU General Public License v3.0

  •0•16•4•0•Updated Oct 22, 2025Oct 22, 2025

• WELA-RulesGenerator

  Public

  Yamato-Security/WELA-RulesGenerator’s past year of commit activity
  This repository generates rules to be used with WELA for auditing Windows event log audit settings.

  Rust

  •

  GNU General Public License v3.0

  •0•5•0•0•Updated Oct 9, 2025Oct 9, 2025

• EnableWindowsLogSettings

  Public

  Yamato-Security/EnableWindowsLogSettings’s past year of commit activity
  Documentation and scripts to properly enable Windows event logs.

  windowssecurityauditing+ 8monitoringlogseventforensicsdfirsysmonsigma+ 1

  Batchfile

  •

  GNU General Public License v3.0

  •57•639•3•0•Updated Oct 3, 2025Oct 3, 2025

• suzaku-sample-data

  Public

  Yamato-Security/suzaku-sample-data’s past year of commit activity
  Sample cloud logs to test with Suzaku.

  1•4•0•0•Updated Sep 29, 2025Sep 29, 2025

• sigma-rust

  Public

  Yamato-Security/sigma-rust’s past year of commit activity
  A fork of the Rust library for parsing and evaluating Sigma rules

  Rust

  •

  Apache License 2.0

  •4•1•1•0•Updated Jul 28, 2025Jul 28, 2025

• .github

  Public

  Yamato-Security/.github’s past year of commit activity
  0•1•0•0•Updated Apr 21, 2025Apr 21, 2025

• Presentations

  Public

  Yamato-Security/Presentations’s past year of commit activity
  2•19•0•0•Updated Apr 2, 2025Apr 2, 2025

• hayabusa-sample-evtx

  Public

  Yamato-Security/hayabusa-sample-evtx’s past year of commit activity
  Sample evtx files to use for testing hayabusa detection rules

  3•61•0•1•Updated Nov 4, 2024Nov 4, 2024

• WELA-deprecated

  Public

  Yamato-Security/WELA-deprecated’s past year of commit activity
  WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅（ウェラ）

  windowsloganalysis+ 10timelinelogseventthreatforensicsdfirresponse+ 3

  PowerShell

  •

  GNU General Public License v3.0

  •82•777•9•0•Updated Feb 3, 2023Feb 3, 2023

• RustyBlue

  Public archive

  Yamato-Security/RustyBlue’s past year of commit activity
  RustyBlue is a rust implementation of DeepblueCLI, a forensics log analyzer for finding evidence of compromise from windows event logs.

  Rust

  •

  MIT License

  •6•72•0•0•Updated Oct 13, 2022Oct 13, 2022