README.md
June 28, 2026 · View on GitHub
Windows event log fast forensics timeline generator and threat hunting tool.
Written in memory-safe Rust by
Yamato Security — the only open-source tool
with full Sigma support, including v2 correlation rules.
📖 Read the Documentation →
Available in 15 languages — English · 日本語 · 繁體中文 · 한국어 · Deutsch · Türkçe · Français · Español · Português (Brasil) · Українська · हिन्दी · Bahasa Indonesia · မြန်မာဘာသာ · ไทย · العربية🦅 About
Hayabusa is a Windows event log fast forensics timeline generator and threat hunting tool. It is multi-threaded for speed and consolidates events from a single host or thousands of systems into one CSV / JSON / JSONL timeline — ready for analysis in LibreOffice, Timeline Explorer, Elastic Stack, Timesketch and more. It can run live on a single system, gather logs for offline analysis, or hunt across the enterprise with Velociraptor.
📖 Documentation
All documentation now lives on a dedicated, searchable, multi-language site:
👉 yamato-security.github.io/hayabusa
| Section | |
|---|---|
| 🚀 Getting Started | Download, install and run Hayabusa |
| ⌨️ Command Reference | Every command and option, with examples |
| 📊 Timeline Output | Output profiles, fields and abbreviations |
| 🧩 Rules | Detection rules and Sigma compatibility |
| 🔎 Importing & Analysis | Elastic Stack, Timesketch, Timeline Explorer, jq |
⬇️ Download
Grab the latest signed binaries from the Releases page, or see Getting Started for live-response packages and building from source.
🗂️ Looking for the old README?
The previous single-page README is preserved unchanged:
- 📄 OLD-README.md — English
- 📄 OLD-README-Japanese.md — 日本語
🤝 Contributing & License
Contributions and bug reports are very welcome — see Contributing & Support. Hayabusa is released under the GNU AGPLv3 license; detection rules are released under the Detection Rule License (DRL) 1.1.