hayabusa
DeepBlueCLI
hayabusa | DeepBlueCLI | |
---|---|---|
7 | 4 | |
1,938 | 2,085 | |
2.3% | 1.0% | |
9.7 | 6.1 | |
11 days ago | 7 months ago | |
Rust | PowerShell | |
GNU General Public License v3.0 only | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
hayabusa
- Hayabusa: Sigma-based forensics timeline generator for Windows event logs
- Release v2.5.0 ๐ฆ of Hayabusa - Hayabusa is a Windows event log fast forensics timeline generator and threat hunting tool
-
Is it possible to analyze old Windows Event Logs to find IOAs or IOCs with Wazuh?
Hayabusa https://github.com/Yamato-Security/hayabusa
- Analysing Hayabusa Results with jq
- Yamato-Security/hayabusa: Hayabusa is a threat hunting and fast forensics timeline generator for Windows event logs.
- Hayabusa is a threat hunting and fast forensics timeline generator for Windows event logs.
- hayabusa: Hayabusa is a threat hunting and fast forensics timeline generator for Windows event logs.
DeepBlueCLI
-
Is it possible to secure Powershell with MFA?
If you don't have a SIEM/EDR setup for detecting suspicious PowerShell usage, you can also use DeepBlueCLI by Eric Conrad - https://github.com/sans-blue-team/DeepBlueCLI
- Is it possible to analyze old Windows Event Logs to find IOAs or IOCs with Wazuh?
-
What are some of the most frequently used (or favorite) tools in your toolbox?
DeepBlueCLI - Event log parsing for suspicious behavior
-
Getting started on detecting and responding to cybersecurity incidents
If you think that the alert is malicious figure out what has happened. Save hosts security events to a file and run them through DeepBlueCLI(https://github.com/sans-blue-team/DeepBlueCLI). It's a PowerShell tool for detecting threats from Windows logs.
What are some alternatives?
WELA - WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ใ็พ ๏ผใฆใงใฉ๏ผ
Loki - Loki - Simple IOC and YARA Scanner
MemLabs - Educational, CTF-styled labs for individuals interested in Memory Forensics
ATTACK - MITRE ATT&CK Windows Logging Cheat Sheets
hayabusa-rules - Curated Windows event log Sigma rules used in Hayabusa and Velociraptor.
BloodHound - Six Degrees of Domain Admin
chainsaw - Rapidly Search and Hunt through Windows Forensic Artefacts
SilkETW
sigma-essentials - Everything you need for the #grindset
krapslog-rs - Visualize logs in your terminal: โโโโโโโ โ โ โ โโโ โ โโ
FunctionStomping - Shellcode injection technique. Given as C++ header, standalone Rust program or library.
zff-rs - Library to handle the files in zff format (file format to store and handle forensic acquisitions).