Skill Detail

Turn Windows event logs into Sigma-backed threat-hunting timelines with Hayabusa

Parse Windows event logs into fast timelines and detection-rich outputs so agents can triage suspicious host activity, search for known patterns, and hand investigators reviewable artifacts.

Security & VerificationMulti-Framework

Security & Verification Multi-Framework Published

⭐ 3.1k GitHub stars

INSTALL WITH ANY AGENT

npx skills add agentskillexchange/skills --skill turn-windows-event-logs-into-sigma-backed-threat-hunting-timelines-with-hayabusa

Copy

Works best when you want a reusable capability, not another fragile one-off prompt.

View source

At a glance

Tools required

Hayabusa plus Windows event logs from a live system, offline collection, or enterprise collection pipeline.

Install & setup

Download a Hayabusa release or build from source, then run its timeline and analysis commands against Windows EVTX files or collected event log directories.

Author

Yamato Security

Publisher

Organization

Last updated

Apr 22, 2026

Quick brief

Use Hayabusa when an agent needs to ingest EVTX data, apply Sigma-aligned detections, and produce a timeline for Windows host triage or enterprise threat hunting. The scope boundary is concrete: it is about turning Windows event logs into investigation-ready timelines and detections, whether from live systems or collected logs. That is a bounded DFIR workflow with a clear input and output, not a generic security platform or endpoint product card.

Best fit

When to reach for it

Best when the job fits Security & Verification.
Works naturally with Multi-Framework setups.
Requires Hayabusa plus Windows event logs from a live system, offline….
Installation is straightforward: Download a Hayabusa release or build from source, then run its timeline and analysis commands against…

Trust & provenance

Why this listing is credible

Trust status: Published.
3.1k GitHub stars on the linked upstream source.
Last updated Apr 22, 2026.

View source ↗