Hayabusa
БесплатноНе проверенEnables Windows Event Log (EVTX) analysis by wrapping Hayabusa, exposing scan and rule retrieval tools.
Описание
Enables Windows Event Log (EVTX) analysis by wrapping Hayabusa, exposing scan and rule retrieval tools.
README
An MCP (Model Context Protocol) server that wraps Hayabusa
for EVTX (Windows Event Log) analysis, exposing scan_evtx, get_hayabusa_rules,
analyze_coverage, and suggest_rule tools, plus read-only detection:// resources
for browsing the bundled Sigma rule set (see Resources below).
Note: this README covers licensing and the Claude Desktop extension build step. Full setup/usage documentation is still in progress — see
HANDOFF.mdfor detailed background in the meantime.
Setup
./download_hayabusa.sh— downloads and checksum-verifies the Hayabusa binary into./hayabusa/pip install -r requirements.txt(or use a.venv)- Connect via
.mcp.json(Claude Code) or as a Claude Desktop extension (see below)
Tools
scan_evtx— runs Hayabusa against an EVTX file and returns findings as structured JSON, filterable by severity level.get_hayabusa_rules— lists/searches the bundled Hayabusa and Sigma detection rules by keyword.analyze_coverage— given a batch of MITRE ATT&CK technique IDs, reports binary local coverage (covered/not_covered) against the bundled rule set.suggest_rule— given one MITRE ATT&CK technique ID, returns existing matching rules if already covered, or a read-only draft rule template (never written to disk) if not.
A project-scoped skill at .claude/skills/detection-engineering/ packages the
rule-authoring workflow built on these tools — see that directory for details.
Slash commands
/investigate-evtx <evtx-path> [severity]— scans an EVTX file, resolves findings to MITRE ATT&CK tags, and writes a general investigation note underinvestigations/(gitignored), cross-linking prior investigations on verified technique/RuleID overlap./triage <evtx-path> [severity] [case-id]— the case-oriented counterpart: same scan → resolve-tags → coverage pipeline, plus a required triage outcome (escalate,investigate,investigate further,likely benign,insufficient evidence), writing toinvestigations/triage/(gitignored) and syncing reusabletechniques/<TechniqueID>.mdknowledge-base notes (tracked in git, case-data-free by design).
See .claude/commands/investigate-evtx.md and .claude/commands/triage.md
for the full step-by-step each command follows.
Hooks
Four Claude Code hooks live under .claude/hooks/ and are registered in
.claude/settings.json:
- SessionStart — read-only prerequisite check (Hayabusa binary present
and executable,
pyyamlimportable,hayabusa-mcpenabled), surfaced as context at the start of a session. - PreToolUse (
Write/Edit) — denies writes to sensitive paths: repo-internal/vendored directories (.git/,hayabusa/,lib/), the hook config itself (.claude/settings*.json), credential directories (.ssh/,.aws/,.gnupg/), credential/secret/key-shaped files (.envand variants,id_rsaand friends,credentials/credentials.json,.npmrc,.netrc, and.pem/.key/.pfx/.p12/.crt/.cer), or anything resolving outside the project root. Directory rules match at any depth, not just directly under the project root; matching is case-insensitive. - PostToolUse (
Write/Edit) — after a Sigma/Hayabusa rule YAML is written or edited, re-runs the same validator thedetection-engineeringskill uses (validate_rule.py) and reports any structural errors back to Claude. - Stop — fires when Claude finishes responding and sends a fixed,
generic desktop notification (
notify-send, if installed) reading "Task complete - review required". The notification text is always a literal, never built from hook input (no prompt, transcript, file path, or session data is ever passed tonotify-send); the only state written is a single timestamp in the OS temp dir, named by a hash of the project path rather than the raw path, used solely to debounce repeat notifications within 20 seconds. Never blocks the stop and never alters Claude's turn — exit code is always 0, with nodecision/continueoutput.
None of these hooks can auto-approve a tool call — manual approval is
unchanged for every file change and command except the narrow sensitive-path
denylist above, which is a hard deny, not an auto-allow. To disable all
hooks locally without touching the shared config, set
"disableAllHooks": true in a personal, gitignored
.claude/settings.local.json.
Prerequisites
- Python 3 with
pyyamlinstalled — already a project dependency (see Setup above);validate_rule_hook.pyandsession_start_check.pyboth import it. - A populated
.venv/at.venv/bin/python..claude/settings.jsoninvokes every hook as${CLAUDE_PROJECT_DIR}/.venv/bin/python ..., so if that interpreter doesn't exist the hook command itself fails to launch (see Troubleshooting below). - Nothing hook-specific requires
hayabusa/to be downloaded — a missing or non-executable Hayabusa binary is reported bySessionStartas a status line, not treated as an error. notify-sendis optional, used only byStop. If it isn't installed (checked viashutil.which), the hook exits 0 with no notification and no error — desktop notifications are a convenience, never a dependency.
Hook setup
No separate installation step: all four hooks are plain Python scripts under
.claude/hooks/, already registered in the git-tracked
.claude/settings.json. Completing this project's normal Setup
(download Hayabusa, pip install -r requirements.txt into .venv/) is
enough — Claude Code reads the hooks key automatically for any session
started in this project directory, with no extra step to enable any of
them.
Testing hooks
Run the hook test suite directly (no pytest, same convention as every other test in this repo):
.venv/bin/python .claude/hooks/tests/test_hooks.py
This drives each hook's pure logic (classify(), should_skip()/
looks_like_rule(), the session_start_check functions, and
stop_notify's should_notify()/state_file_path()/read_last_notified()/
write_last_notified()) directly rather than through stdin/stdout, matching
how test_scan_evtx.py and the other repo-root suites are run.
Restarting after a hook change
Claude Code's file watcher normally picks up edits to .claude/settings.json
and the hook scripts mid-session. If a change doesn't seem to take effect,
start a fresh Claude Code session in this directory to force a clean
reload — the same operational caveat this project already documents for
server.py changes and the MCP connection (see HANDOFF.md).
Troubleshooting
- A hook doesn't seem to fire at all: confirm the interpreter exists
(
ls .venv/bin/python) — a missing.venvmakes the hook command fail silently rather than raise a visible error. Re-runpip install -r requirements.txtinto.venv/if needed. protect_sensitive_paths.pyblocks a file you expected to write: read the denial reason shown — it names the specific rule that matched (a protected directory, a credential file name/extension, or "outside the project root"). Treat an unexpected match as a denylist bug to fix, not something to work around by disabling hooks project-wide.validate_rule_hook.pydoesn't flag an invalid rule you just wrote: it only validates files inside the project root, outsidehayabusa/and anytests/fixtures/path, that look Sigma/Hayabusa-rule-shaped (alogsourceordetectionkey present) — a file lacking both keys looks like "not a rule" to the heuristic and is silently skipped.- Need to disable a hook temporarily: set
"disableAllHooks": truein a personal.claude/settings.local.json(gitignored, machine-local) rather than editing the shared.claude/settings.json.
Limitations
protect_sensitive_paths.pyonly coversWrite/Edit. ABashcommand that mutates a sensitive path (rm,mv, shell redirection) isn't covered by this hook — Claude Code's own manual approval forBashstill applies regardless, so this is a defense-in-depth gap, not a missing safeguard.validate_rule_hook.py's "does this look like a rule" check (alogsourceordetectionkey) is a heuristic, not a guarantee — it could in principle miss an unusual rule dialect or flag an unrelated YAML file that happens to define one of those keys.- Hooks are local automation, not a substitute for reviewing a diff
yourself before committing — see
HANDOFF.mdfor the full known-limitations list and this project's standing sensitive-data-sweep practice.
Resources
Alongside the tools above, the server exposes four read-only detection:// MCP
resources for browsing the bundled Sigma/Hayabusa rule set and looking up
MITRE ATT&CK technique coverage:
detection://rules— a compact JSON index of the bundled rules (resource_id,id_source,title,levelonly — not full rule bodies). Capped at 500 entries per read;truncated/total_rulesin the response indicate when more exist.detection://rules/{rule_identifier}— the complete YAML text of one rule.rule_identifieris the rule's own YAMLid:(a UUID); a small number of rules missing a valididget a stablefallback-<hash>identifier instead — checkid_sourcein the index to tell them apart.detection://rules/by-technique/{technique_id}— rules tagged with a given MITRE ATT&CK technique ID (case-insensitive). A bare parent ID likeT1003matches its own tag plus any sub-technique tagged beneath it (labeledinherited_subtechniquein the response); a specific sub-technique query likeT1003.001matches only that exact tag, never its parent or sibling sub-techniques.detection://attack/techniques/{technique_id}— local coverage facts for a technique ID (match count,covered/not_covered), computed solely from the bundled rule set. This server does not bundle an ATT&CK technique-name/tactic/description dataset, so no such fields are returned — the response only contains what can be derived from local rule data.
Claude Desktop extension
The extension's manifest.json points PYTHONPATH at a vendored ./lib/
directory rather than any external virtualenv. lib/ is not tracked in git
(it contains compiled, platform-specific wheels) — build it locally with:
./package_extension.sh
This regenerates ./lib/ from requirements.txt and produces
dist/hayabusa-mcp.zip. You'll still need ./hayabusa/ populated separately
via download_hayabusa.sh before the extension can run.
License
This project is licensed under the MIT License.
Hayabusa itself is a separate project licensed under
AGPL-3.0.
It is downloaded at setup time by download_hayabusa.sh and invoked as an
external subprocess — it is not vendored or linked into this repository.
Установка Hayabusa
У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.
▸ github.com/Pirate-Kitty/hayabusa-mcp-security-scannerFAQ
Hayabusa MCP бесплатный?
Да, Hayabusa MCP бесплатный — установка в пару кликов через Unyly без оплаты.
Нужен ли API-ключ для Hayabusa?
Нет, Hayabusa работает без API-ключей и переменных окружения.
Hayabusa — hosted или self-hosted?
Self-hosted: сервер запускается локально на твоей машине командой из раздела установки.
Как установить Hayabusa в Claude Desktop, Claude Code или Cursor?
Открой Hayabusa на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.
Похожие MCP
GitHub
PRs, issues, code search, CI status
автор: GitHubFilesystem
Secure file operations with configurable access controls.
Memory
Knowledge graph-based persistent memory system.
Template MCP Server
A CLI tool to create a new Model Context Protocol server project with TypeScript support, dual transport options, and an extensible structure
автор: mcpdotdirectCompare Hayabusa with
Не уверен что выбрать?
Найди свой стек за 60 секунд
Автор?
Embed-бейдж для README
Похожее
Все в категории development
