Hayabusa

SIEM & Threat Detection

Windows event log fast forensics timeline generator and threat‑hunting tool written in Rust with full Sigma rule support

Track releases GitHub

Rust Latest v3.9.0 · 1mo ago Security brief →

Features

Generates consolidated CSV/JSON timelines from Windows event logs
Supports live and offline analysis of single or multiple systems
Integrates with Velociraptor for enterprise‑wide threat hunting
Full support for Sigma specification (including v2 correlation rules)
Written in memory‑safe Rust with multi‑threading for speed

Recent releases

View all 3 releases →

v3.9.0 New feature 1mo

Notable features

Support for MITRE ATT&CK v19

Full changelog

Anti-Virus False Positives

Warning: You will get false positives from certain anti-virus programs like Windows Defender and Web Browsers saying they have detected malicious files. They are detecting on Sigma .yml files that are not executable and just contain certain signatures from malware. They are not malicious. If you are running Hayabusa for live analysis and do not want to cause any anti-virus alerts, be sure to use the live response packages that use encoded Sigma rules.