Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

Documentation and scripts to properly enable Windows event logs.

A high-speed forensic timeline engine for Windows forensic artifact CSV output built for DFIR investigators. Quickly consolidate CSV output from processed triage evidence for Eric Zimmerman (EZ Tools) Kape, Axiom, Hayabusa, Chainsaw and Nirsoft into a unified timeline.

Curated Windows event log Sigma rules used in Hayabusa and Velociraptor.

Takajō (鷹匠) is a Hayabusa results analyzer.

Pipeline that allows sending forensic artifacts to OpenRelik for automatic processing

SECUBIAN is a French Linux distribution focused on evidence processing during Incident Response.

Hayabusa to the SIEM made easy

Autorun script for Hayabusa Eventlog scanner

Menu-based scanner for Hayabusa intended for scanning mounted images and folders with EVTX files.

Lazy Windows event log fast forensics timeline generator and threat hunting script.

Running https://github.com/Yamato-Security/hayabusa in a Docker container with a Flask API wrapped around for on-demand cloud functions