Skip to content
@Yamato-Security

Yamato Security 大和セキュリティ

README.md

Hi there まいど! 👋

About Yamato Security

Yamato Security is a security group created by Zach Mathis (@yamatosecurity) in 2012. At first, the main purpose was to provide security training to build a local security community in Western Japan but has grown to provide training, CTF events, webinars, etc... across the country for thousands of people.

Now, with a group of volunteer members, we are providing free open source DFIR tools such as Hayabusa, WELA, Takajo, Suzaku, etc...

Please contact us if you want to help out and contribute.

Main Projects

  • Hayabusa - (隼) A sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
  • Takajo - (鷹匠) An analyzer for Hayabusa results.
  • Suzaku - (朱雀) A sigma-based threat hunting and fast forensics timeline generator for cloud logs.
  • WELA - ゑ羅(ウェラ)(Windows Event Log Auditor): An auditing and configuration tool for Windows event logs.
  • Yamato Security's Windows Event Log Configuration Guide For DFIR And Threat Hunting - Documentation for how to configure proper Windows audit log settings and which categories and Event IDs are important to monitor.
  • Presentations - Presentations in English and Japanese.

Popular repositories Loading

  1. hayabusa hayabusa Public

    Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

    Rust 2.6k 218

  2. WELA-deprecated WELA-deprecated Public

    WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)

    PowerShell 781 82

  3. EnableWindowsLogSettings EnableWindowsLogSettings Public

    Documentation and scripts to properly enable Windows event logs.

    Batchfile 606 54

  4. hayabusa-rules hayabusa-rules Public

    Curated Windows event log Sigma rules used in Hayabusa and Velociraptor.

    Python 169 26

  5. takajo takajo Public

    Takajō (鷹匠) is a Hayabusa results analyzer.

    Nim 115 7

  6. suzaku suzaku Public

    Suzaku (朱雀) is a sigma-based threat hunting and fast forensics timeline generator for cloud logs.

    Rust 76 3

Repositories

Showing 10 of 17 repositories
  • suzaku Public

    Suzaku (朱雀) is a sigma-based threat hunting and fast forensics timeline generator for cloud logs.

    Rust 76 AGPL-3.0 3 12 0 Updated Apr 27, 2025
  • WELA Public

    Windows Event Log Auditor

    PowerShell 6 GPL-3.0 1 6 0 Updated Apr 27, 2025
  • hayabusa-encoded-rules Public

    Encoded Hayabusa and Sigma rules to avoid anti-virus false positives and reduce files stored on target systems.

    Rust 8 0 0 0 Updated Apr 26, 2025
  • suzaku-rules Public
    7 1 0 0 Updated Apr 25, 2025
  • hayabusa-rules Public

    Curated Windows event log Sigma rules used in Hayabusa and Velociraptor.

    Python 169 26 4 0 Updated Apr 25, 2025
  • suzaku-sample-data Public

    Sample cloud logs to test with Suzaku.

    2 0 0 0 Updated Apr 24, 2025
  • hayabusa Public

    Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

    Rust 2,562 AGPL-3.0 218 37 1 Updated Apr 23, 2025
  • takajo Public

    Takajō (鷹匠) is a Hayabusa results analyzer.

    Nim 115 AGPL-3.0 7 24 0 Updated Apr 22, 2025
  • WELA-RulesGenerator Public

    This repository generates rules to be used with WELA for auditing Windows event log audit settings.

    Rust 1 GPL-3.0 0 0 0 Updated Apr 21, 2025
  • .github Public
    1 0 0 0 Updated Apr 21, 2025
View all repositories

People

This organization has no public members. You must be a member to see who’s a part of this organization.

Top languages

Loading…

Most used topics

Loading…