Home

Senrigan is an offline, open-source AWS CloudTrail DFIR & threat hunting platform by Yamato Security. Drop in your CloudTrail logs and get 100+ ready-to-run threat hunts, 80+ Superset dashboard charts, AI-assisted analysis and an AWS Config resource graph — all on your laptop with a single make up. No SIEM required, no cloud infrastructure needed.

Get Started Reference View on GitHub

---

Why Senrigan?

• Offline & self-contained

  ---

  Runs entirely on your laptop with a single make up — no SIEM, no cloud infrastructure.

• 100+ built-in hunts

  ---

  Ready-to-run AWS CloudTrail threat hunts covering compromise, privilege escalation and exfiltration.

• AI chat analysis

  ---

  Investigate your CloudTrail data in natural language with AI-assisted analysis.

• 80+ dashboard charts

  ---

  Pre-built Apache Superset BI dashboards to visualize activity at a glance.

• Reports & Suzaku

  ---

  Generate HTML threat-hunting reports and visualize Suzaku results.

• AWS Config resource graph

  ---

  Explore your account's resources and their relationships as a graph.

Quick links

• New here?

  Start with the Overview, then head to Getting Started to spin it up with Docker.

• Looking for a hunt or chart?

  Browse the Built-in Query & Dashboard Reference — 100+ hunts and 80+ charts.

• Going further?

  See the Modules and Architecture of the platform.