hayabusa
chainsaw
hayabusa | chainsaw | |
---|---|---|
7 | 14 | |
1,938 | 2,547 | |
2.3% | 1.5% | |
9.7 | 8.3 | |
11 days ago | 17 days ago | |
Rust | Rust | |
GNU General Public License v3.0 only | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
hayabusa
- Hayabusa: Sigma-based forensics timeline generator for Windows event logs
- Release v2.5.0 π¦ of Hayabusa - Hayabusa is a Windows event log fast forensics timeline generator and threat hunting tool
-
Is it possible to analyze old Windows Event Logs to find IOAs or IOCs with Wazuh?
Hayabusa https://github.com/Yamato-Security/hayabusa
- Analysing Hayabusa Results with jq
- Yamato-Security/hayabusa: Hayabusa is a threat hunting and fast forensics timeline generator for Windows event logs.
- Hayabusa is a threat hunting and fast forensics timeline generator for Windows event logs.
- hayabusa: Hayabusa is a threat hunting and fast forensics timeline generator for Windows event logs.
chainsaw
-
Angle-grinder: Slice and dice logs on the command line
Thereβs already a DFIR log tool named chainsaw: https://github.com/WithSecureLabs/chainsaw
- Agent event queue is flooded. Check the agent configuration
- What's your favorite cybersecurity tool?
-
Tools for "static" log analysis
https://github.com/WithSecureLabs/chainsaw if you're just looking for bad stuff.
- Chainsaw v2.0 Release - Hunt and Search Through Windows Event Logs
- Chainsaw v2.0.0 - Rapidly Search and Hunt through Windows Event Logs
- Chainsaw 2.0: Allows users to rapidly search through Windows event logs and hunt for threats using Sigma detection rules.
-
EvtxHussar 1.0
Differences between this and Chainsaw? Chainsaw
- IR log Collection/Parsing Recommendations
-
AMA : Iβm a cybersecurity engineer at Microsoft .
Use Chainsaw for event logs https://github.com/countercept/chainsaw
What are some alternatives?
WELA - WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! γηΎ οΌγ¦γ§γ©οΌ
EvtxHussar - Initial triage of Windows Event logs
MemLabs - Educational, CTF-styled labs for individuals interested in Memory Forensics
zff-rs - Library to handle the files in zff format (file format to store and handle forensic acquisitions).
hayabusa-rules - Curated Windows event log Sigma rules used in Hayabusa and Velociraptor.
sigma-essentials - Everything you need for the #grindset
Wazuh - Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
krapslog-rs - Visualize logs in your terminal: βββββββ β β β βββ β ββ
EnableWindowsLogSettings - Documentation and scripts to properly enable Windows event logs.
FunctionStomping - Shellcode injection technique. Given as C++ header, standalone Rust program or library.
Purpleteam - Purpleteam scripts simulation & Detection - trigger events for SOC detections