Fibratus vs Hayabusa
GitHub Stats
About Fibratus
Fibratus is a tool for exploration and tracing of the Windows kernel via Event Tracing for Windows (ETW). It captures process creation/termination, thread activity, file system operations, registry modifications, network connections, DLL loads, and driver events in real-time. Fibratus includes a rule engine for detecting suspicious behavior patterns (fileless malware indicators, persistence mechanisms, credential access). Events can be filtered with a powerful expression language and forwarded to Elasticsearch, AMQP, or console output. It provides deep kernel-level visibility for threat hunting, incident response, and understanding system behavior during malware detonation.
About Hayabusa
Hayabusa is a forensic tool designed to generate timelines from Windows event logs and facilitate threat hunting. Written in Rust, it integrates Sigma rule support to automatically detect suspicious activities, making it a powerful utility for digital forensics and incident response (DFIR) operations. Its fast processing capability allows security professionals to efficiently analyze large volumes of log data for potential security threats.
Platform Support
Tags
Fibratus only
Hayabusa only