https://github.com/rpfilomeno/darahata

Lazy Windows event log fast forensics timeline generator and threat hunting script.
https://github.com/rpfilomeno/darahata

blueteam detection dfir-automation forensics hayabusa rust security siem sigma takajo threat-hunting windows

Last synced: 3 months ago
JSON representation

Lazy Windows event log fast forensics timeline generator and threat hunting script.

• Host: GitHub
• URL: https://github.com/rpfilomeno/darahata
• Owner: rpfilomeno
• Created: 2024-12-10T06:28:52.000Z (6 months ago)
• Default Branch: main
• Last Pushed: 2024-12-10T08:09:30.000Z (6 months ago)
• Last Synced: 2025-02-08T05:23:43.913Z (4 months ago)
• Topics: blueteam, detection, dfir-automation, forensics, hayabusa, rust, security, siem, sigma, takajo, threat-hunting, windows
• Language: Batchfile
• Homepage:
• Size: 8.79 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
![image](https://github.com/user-attachments/assets/5ac4f2af-2f01-45e4-8771-2421484fdc06)

``` Because.. one morning I woke in a panic wondering if I got hacked :3```

# DaraHaTa

Lazy Windows event logs fast forensics timeline generator and threat hunting script.

The project name is a wordplay on "Dara" which means Lazy, "Ha" for Hayabusa, and "Ta" for Takajo.

I created this project to scan my Windows laptop for threats lazily. Please refer to https://github.com/Yamato-Security for anything regarding Hayabusa and Takajo or using these tools in any production setting. 

## Setup

It is recommended to apply the [Yamato Security's Windows Event Log Configuration Guide For DFIR And Threat Hunting](https://github.com/Yamato-Security/EnableWindowsLogSettings) to capture most of the required events for analysis. A sample YamatoSecurityConfigureWinEventLogs.bat is included in this project. Please be advised that using this will allow your Event Logs to grow up to ~1 Gigabyte, so make sure you have enough disk space!