Repositories list

• EventLog-Baseline-Guide

  Public
  Windows Event Log Audit Configuration Baselines and Guidelines. Automated monitoring of audit policy settings across different security frameworks.

  Batchfile

  •

  MIT License

  •22 forks•1010 stars•00 issues•00 pull requests•Updated Apr 25, 2026Apr 25, 2026

• hayabusa-rules

  Public
  Curated Windows event log Sigma rules used in Hayabusa and Velociraptor.

  windowsattacklog+ 6

  windowsattackloganalysiseventdfirmitresigmahayabusa

  Python

  •

  Other

  •2828 forks•217217 stars•33 issues•11 pull request•Updated Apr 24, 2026Apr 24, 2026

• hayabusa-encoded-rules

  Public
  Encoded Hayabusa and Sigma rules to avoid anti-virus false positives and reduce files stored on target systems.

  Rust

  •

  Other

  •00 forks•99 stars•11 issue•00 pull requests•Updated Apr 24, 2026Apr 24, 2026

• WELA

  Public
  WELA (Windows Event Log Analyzer, ゑ羅) is a tool for auditing Windows event log settings. Windows event logs are a vital source of information for Digital Forens…

  PowerShell

  •

  MIT License

  •77 forks•9696 stars•55 issues•00 pull requests•Updated Apr 24, 2026Apr 24, 2026

• hayabusa

  Public
  Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

  windowsrustsecurity+ 17

  windowsrustsecurityattackdetectionincident-responselogseventthreatforensics+ 10

  Rust

  •

  GNU Affero General Public License v3.0

  •263263 forks•3.1k3.1k stars•3535 issues•33 pull requests•Updated Apr 24, 2026Apr 24, 2026

• mecha-hayabusa

  Public
  AI analyzer for Hayabusa results.

  Python

  •

  GNU Affero General Public License v3.0

  •00 forks•1616 stars•00 issues•00 pull requests•Updated Apr 10, 2026Apr 10, 2026

• takajo

  Public
  Takajō (鷹匠) is a Hayabusa results analyzer.

  windowsnimlog+ 4

  windowsnimloganalysiseventnim-langhayabusa

  Nim

  •

  GNU Affero General Public License v3.0

  •1010 forks•157157 stars•1717 issues•00 pull requests•Updated Apr 6, 2026Apr 6, 2026

• suzaku

  Public
  Suzaku (朱雀) is a sigma-based threat hunting and fast forensics timeline generator for cloud logs.

  awssecurityengineering+ 15

  awssecurityengineeringmonitoringlogazuredetectiongcpidthreat+ 8

  Rust

  •

  GNU Affero General Public License v3.0

  •99 forks•174174 stars•33 issues•00 pull requests•Updated Mar 29, 2026Mar 29, 2026

• hayabusa-evtx

  Public
  A fork of the evtx Rust crate for Hayabusa

  Rust

  •

  Apache License 2.0

  •33 forks•1313 stars•44 issues•11 pull request•Updated Dec 13, 2025Dec 13, 2025

• suzaku-rules

  Public
  Other

  •33 forks•1111 stars•11 issue•11 pull request•Updated Dec 9, 2025Dec 9, 2025

• Presentations

  Public
  22 forks•2121 stars•00 issues•00 pull requests•Updated Nov 19, 2025Nov 19, 2025

• hayabusa-sample-evtx

  Public
  Sample evtx files to use for testing hayabusa detection rules

  44 forks•6464 stars•00 issues•00 pull requests•Updated Nov 5, 2025Nov 5, 2025

• IT-Yokai

  Public
  Collection of IT Yōkai (妖怪) (traditional Japanese supernatural beings)

  Other

  •11 fork•77 stars•00 issues•00 pull requests•Updated Oct 31, 2025Oct 31, 2025

• sigma-to-hayabusa-converter

  Public
  Documentation and tools to curate Sigma rules for Windows event logs into easier to parse rules.

  Python

  •

  GNU General Public License v3.0

  •00 forks•1515 stars•44 issues•00 pull requests•Updated Oct 22, 2025Oct 22, 2025

• WELA-RulesGenerator

  Public
  This repository generates rules to be used with WELA for auditing Windows event log audit settings.

  Rust

  •

  GNU General Public License v3.0

  •00 forks•55 stars•00 issues•00 pull requests•Updated Oct 9, 2025Oct 9, 2025

• EnableWindowsLogSettings

  Public
  Documentation and scripts to properly enable Windows event logs.

  windowssecurityauditing+ 8

  windowssecurityauditingmonitoringlogseventforensicsdfirsysmonsigma+ 1

  Batchfile

  •

  GNU General Public License v3.0

  •6666 forks•694694 stars•33 issues•00 pull requests•Updated Oct 3, 2025Oct 3, 2025

• suzaku-sample-data

  Public
  Sample cloud logs to test with Suzaku.

  22 forks•44 stars•00 issues•00 pull requests•Updated Sep 29, 2025Sep 29, 2025

• sigma-rust

  Public
  A fork of the Rust library for parsing and evaluating Sigma rules

  Rust

  •

  Apache License 2.0

  •88 forks•22 stars•11 issue•00 pull requests•Updated Jul 28, 2025Jul 28, 2025

• .github

  Public
  00 forks•11 star•00 issues•00 pull requests•Updated Apr 21, 2025Apr 21, 2025

• WELA-deprecated

  Public
  WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅（ウェラ）

  windowsloganalysis+ 10

  windowsloganalysistimelinelogseventthreatforensicsdfirresponse+ 3

  PowerShell

  •

  GNU General Public License v3.0

  •7979 forks•778778 stars•99 issues•00 pull requests•Updated Feb 3, 2023Feb 3, 2023

• RustyBlue

  Public archive
  RustyBlue is a rust implementation of DeepblueCLI, a forensics log analyzer for finding evidence of compromise from windows event logs.

  Rust

  •

  MIT License

  •66 forks•7272 stars•00 issues•00 pull requests•Updated Oct 13, 2022Oct 13, 2022