Yamato Security

Free, open-source tools for digital forensics, incident response & threat hunting — across Windows event logs and the cloud.

GitHub @SecurityYamato

Windows event log DFIR

Hayabusa
隼 · falcon

Sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

3.2k stars
Documentation GitHub
Hayabusa Rules
Sigma and Hayabusa detection rules

Curated Windows event log Sigma rules used in Hayabusa and Velociraptor.

222 stars
GitHub
鷹匠
Takajō
鷹匠 · falconer

A Hayabusa results analyzer — extract and pivot on the most important findings.

160 stars
Documentation GitHub
メカ
Mecha Hayabusa
メカ隼 · AI

AI analyzer for Hayabusa results — triage and summarize detections with LLMs.

22 stars
Documentation GitHub
WELA
ゑ羅 · event log analyzer

Windows Event Log Analyzer — audit your event log settings to make sure you are capturing the evidence you need.

103 stars
Documentation GitHub

Cloud DFIR & threat hunting

朱雀
Suzaku
朱雀 · vermillion bird

Sigma-based threat hunting and fast forensics timeline generator for cloud logs.

181 stars
GitHub
千里
Senrigan
千里眼 · clairvoyance

Offline, open-source AWS CloudTrail DFIR & threat hunting platform — 100+ built-in hunts, Superset dashboards, AI chat and an AWS Config resource graph.

3 stars
Documentation GitHub

Logging · datasets · community

設定
EnableWindowsLogSettings
設定 · log settings

Documentation and scripts to properly enable Windows event logs — so you actually capture the evidence you need.

708 stars
GitHub
検体
Hayabusa Sample EVTX
検体 · sample logs

Sample .evtx files for testing Hayabusa detection rules and learning Windows event-log analysis.

69 stars
GitHub
講演
Presentations
講演 · talks & slides

Slides and materials from Yamato Security talks, workshops and conference presentations.

21 stars
GitHub
妖怪
IT-Yōkai
妖怪 · IT folklore

A collection of IT Yōkai — security and IT concepts reimagined as traditional Japanese supernatural beings (妖怪).

7 stars
GitHub