Skip to content

Projects & Ecosystem

Companion Projects

  • EnableWindowsLogSettings - Documentation and scripts to properly enable Windows event logs.
  • Hayabusa Encoded Rules - The same as Hayabusa Rules repository but the rules and config files are stored in one file and XORed to prevent false positives from anti-virus.
  • Hayabusa Rules - Hayabusa and curated Sigma detection rules used Hayabusa.
  • Hayabusa EVTX - A more maintained fork of the evtx crate.
  • Hayabusa Sample EVTXs - Sample evtx files to use for testing hayabusa/sigma detection rules.
  • Presentations - Presentations from talks that we have given about our tools and resources.
  • Sigma to Hayabusa Converter - Curates upstream Windows event log based Sigma rules into an easier to use form.
  • Takajo - An analyzer for hayabusa results.
  • WELA (Windows Event Log Analyzer) - An analyzer for Windows event logs written in PowerShell. (Deprecated and replaced by Takajo.)

Third-Party Projects That Use Hayabusa

  • AllthingsTimesketch - A NodeRED workflow that imports Plaso and Hayabusa results into Timesketch.
  • LimaCharlie - Provides cloud-based security tools and infrastructure to fit your needs.
  • OpenRelik - An open-source (Apache-2.0) platform designed to streamline collaborative digital forensic investigations.
  • Splunk4DFIR - Quickly spin up a splunk instance with Docker to browse through logs and tools output during your investigations.
  • Velociraptor - A tool for collecting host based state information using The Velociraptor Query Language (VQL) queries.