Rapidly Search and Hunt through Windows Forensic Artefacts

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

The privacy-focused cryptocurrency

WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅（ウェラ）

Tenzir is the data pipeline engine for security teams.

Documentation and scripts to properly enable Windows event logs.

Bulletproofs are short non-interactive zero-knowledge proofs that require no trusted setup

This project is a SIEM with SIRP and Threat Intel, all in one.

Set of SIGMA rules (>350) mapped to MITRE ATT&CK tactic and techniques

Curated Windows event log Sigma rules used in Hayabusa and Velociraptor.

An IDE and translation engine for detection engineers and threat hunters. Be faster, write smarter, keep 100% privacy.

Code to retrieve data for the programming languages influence visualizations from Freebase

Resources To Learn And Understand SIGMA Rules

Suzaku (朱雀) is a sigma-based threat hunting and fast forensics timeline generator for cloud logs.

SIEGMA - Transform Sigma rules into SIEM consumables

Rustinel is an open-source endpoint detection runtime for Windows and Linux. It collects native telemetry from ETW and eBPF, normalizes events into Sysmon-style fields, evaluates Sigma, YARA, and IOC detections, and emits ECS-compatible NDJSON alerts.

Rocket powered machine learning. Create, compare, adapt, improve - artificial intelligence at the speed of thought.

Convert Sigma rules to SIEM queries, directly in your browser.

A Go implementation and parser for Sigma rules.