今天,稍微可以松口气了,毕竟是过节,有一个月的时间没来这里了。前期有很多舍不得,问我现在有什么感觉,直言“麻木”了,面临“生死”实在是顾不上了,“擂台赛”打得太惨烈,舍弃了很多。
今天,给大家推荐个工具,Hayabusa,Windows事件日志快速时间线生成器和威胁搜寻工具。
是这样介绍的:“Hayabusa is a Windows event log fast forensics timeline generator and threat hunting tool created by the Yamato Security group in Japan. ”
在github上有详细的用法介绍:
我觉得挺不错的,它的介绍中有段:“Windows event log analysis has traditionally been a very long and tedious process because Windows event logs are 1) in a data format that is hard to analyze and 2) the majority of data is noise and not useful for investigations. Hayabusa's goal is to extract out only useful data and present it in a concise as possible easy-to-read format that is usable not only by professionally trained analysts but any Windows system administrator. Hayabusa hopes to let analysts get 80% of their work done in 20% of the time when compared to traditional Windows event log analysis.”,能减少我们分析日志时的大工作量。
上面这是它的分析日志时使用的Sigma等规则的功能介绍。
这是分析完后,给出的分析结果。
至于好不好,用用!
https://github.com/Yamato-Security/hayabusa
下班,回家!