hayabusa
hayabusa copied to clipboard
Yamato-Security
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
To get Hayabusa processing benchmark, is cargo bench needed?
## What Changed - Closed #1317 - Closed #1318 ## Test ### baseline-evtx v8 |rev|Events with hits / Total events|Memory usage stats|Elapsed time| |--|--|--|--| |main|5,969,042 / 6,611,184|16.0 GiB|00:11:07.2717| |This PR|5,968,974...
I saw that the csv-timeline and json-timeline commands support deduplication using the flag `--remove-duplicate-detections`. I think that is incredibly useful. Unfortunately the logon-summary does not have a equivalent flag it...
Scanning can be even more efficient by only enabling only rules that apply to the loaded `.evtx` files. For example, if the scan is done against a single `Security.evtx` file...
refs: #1317 Updated by Zach: For clarification, for example, if a user chooses to scan with only a single rule that searches for events that have `Channel: Security`, then we...
Old `.evtx` logs may be found in the Volume Shadow Copy Service backups so it would be nice to have a `--scan-vss-backups` option that is used when Hayabusa is doing...
Strengthen the log detection of domain control, and recommend you a https://github.com/Qihoo360/WatchAD2.0 item There are domain-related attack detections here, and I hope the next version of the tool will be...
I can compile an aarch64 musl binary in a arm based Kali VM on a M1 Mac but it gets killed by the shell when I try to run it:...
Since `--low-memory-mode` can not sort or remove duplicate entries it would be nice to have a command that can do this in post-processing. `sort-csv`: `sort and remove duplicate detections` @hitenkoku...
Metadata
Owner
Metadata
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.