Windows event log DFIR
Sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Curated Windows event log Sigma rules used in Hayabusa and Velociraptor.
Documentation and tools to curate Sigma rules for Windows event logs into easier to parse rules.
A Hayabusa results analyzer — extract and pivot on the most important findings.
AI analyzer for Hayabusa results — triage and summarize detections with LLMs.
Windows Event Log Analyzer — audit your event log settings to make sure you are capturing the evidence you need.
Cloud DFIR & threat hunting
Sigma-based threat hunting and fast forensics timeline generator for cloud logs.
Curated Sigma detection rules for cloud logs used in Suzaku.
Offline, open-source AWS CloudTrail DFIR & threat hunting platform — 100+ built-in hunts, Superset dashboards, AI chat and an AWS Config resource graph.
Logging · datasets · community
Documentation and scripts to properly enable Windows event logs — so you actually capture the evidence you need.
Sample .evtx files for testing Hayabusa detection rules and learning Windows event-log analysis.
Slides and materials from Yamato Security talks, workshops and conference presentations.
A collection of IT Yōkai — security and IT concepts reimagined as traditional Japanese supernatural beings (妖怪).