Skip to content

Home

Suzaku (朱雀) is a Sigma-based threat hunting and fast forensics timeline generator for cloud logs, created by Yamato Security and written in Rust. Imagine Hayabusa, but for cloud logs instead of Windows event logs — with native Sigma support for AWS CloudTrail (Azure and GCP planned).


Why Suzaku?

  • Cloud-native Sigma


    Native Sigma detection for cloud logs — AWS CloudTrail today, Azure and GCP planned. Correlation rules and nearly all field modifiers supported.

  • Fast forensics timelines


    Turn thousands of noisy cloud API calls into a single, easy-to-analyze DFIR timeline with only the events you need.

  • Blazing fast in Rust


    Memory-safe, multi-threaded and standalone. Scans .json and compressed .json.gz logs on Windows, Linux and macOS.

  • Attacker summaries


    Summarize API usage and attacker metrics — source IPs, geo-location, regions, user agents — to pivot quickly.

  • Behavior detection


    Surface abnormal activity without relying on signatures, so you don't miss novel attacks.

  • Flexible output


    Save results to CSV, JSON and JSONL for analysis in your tool of choice.