CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

readme update

Browse Source
This commit is contained in:
Tanaka Zakku
2022-07-01 07:27:46 +09:00
parent 19da792271
commit 411ebcadfb
3 changed files with 53 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+5 -6
View File
@@ -48,7 +48,7 @@ Hayabusa is a **Windows event log fast forensics timeline generator** and **thre
- [macOS Compiling Notes](#macos-compiling-notes)
- [Linux Compiling Notes](#linux-compiling-notes)
- [Running Hayabusa](#running-hayabusa)
- [Caution: Anti-Virus/EDR Warnings](#caution-anti-virusedr-warnings)
- [Caution: Anti-Virus/EDR Warnings and Slow Runtimes](#caution-anti-virusedr-warnings-and-slow-runtimes)
- [Windows](#windows)
- [Linux](#linux)
- [macOS](#macos)
@@ -251,16 +251,17 @@ sudo yum install openssl-devel
# Running Hayabusa
## Caution: Anti-Virus/EDR Warnings
## Caution: Anti-Virus/EDR Warnings and Slow Runtimes
You may receive an alert from anti-virus or EDR products when trying to run hayabusa or even just when downloading the `.yml` rules as there will be keywords like `mimikatz` and suspicious PowerShell commands in the detection signature.
These are false positives so will need to configure exclusions in your security products to allow hayabusa to run.
If you are worried about malware or supply chain attacks, please check the hayabusa source code and compile the binaries yourself.
You may experience slow runtime especially on the first run after a reboot due to the real-time protection of Windows Defender. You can avoid this by temporarily turning real-time protection off or adding an exclusion to the hayabusa runtime directory. (Please take into consideration the security risks before doing these.)
## Windows
In Command Prompt or Windows Terminal, just run the 32-bit or 64-bit Windows binary from the hayabusa root directory.
Note: Slow at first run after PC boot is due to the real-time protection of Windows Defender. You can avoid it by doing real-time protection off, but we don't recommend it.
In a Command/PowerShell Prompt or Windows Terminal, just run the appropriate 32-bit or 64-bit Windows binary.
Example: `hayabusa-1.4.1-windows-x64.exe`
@@ -492,8 +493,6 @@ You can download the sample evtx files to a new `hayabusa-sample-evtx` sub-direc
git clone https://github.com/Yamato-Security/hayabusa-sample-evtx.git
```
> Note: You need to run the binary from the Hayabusa root directory.
# Hayabusa Output
When hayabusa output is being displayed to the screen (the default), it will display the following information: