Training
Featured CourseView All Courses
Get a free hour of SANS training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
Cloud Security Training
Can't find what you are looking for?

Let us help.

Contact us
Community Resources

SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

AI Risk & Readiness

Explore expert-driven guidance, training, and tools to help defend against AI-powered threats and adopt AI securely.

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations

Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Talk With an Expert
Talk With an Expert

Improving Windows Event Log Analysis With Yamato Security Tools and The Evolving Cyber Threat Landscape: A SANS Perspective

  • Wed, Mar 12, 2025
  • 6:30PM - 8:45PM UTC
  • English
  • Zachary Mathis & Rich Greene
  • Technical Presentation
Login to register
Webcast Hero

Improving Windows Event Log Analysis With Yamato Security Tools

As approximately 75% of desktop computers are using Windows, this is still the main operating system that attackers will target and hence the main OS that incident responders have to respond to and figure out how the computer was compromised, what did the attackers do, what other systems were compromised, etc... Unfortunately, the default log settings are completely inadequate and do not provide enough details for the investigators. Furthermore, even when proper logging is enabled, analysts face various challenges such as Windows logs are mostly noise, logs are separated across hundreds of files, fields are not normalized, messages are often cryptic, etc... making log analysis traditionally a very tedious and unpleasant task. Zach Mathis, the project leader for the Yamato Security tools, will explain about how to properly configure your logs in a practical manner and how to perform easy and scalable analysis with Hayabusa and Takajo, two free open-source tools. Hayabusa is a fast forensics timeline generator and threat hunting tool utilizing over 4000+ open-source Sigma detection rules. It is currently the only free and open-source tool that fully supports the Sigma specification letting your analysts detect the most complex attacks with the highest precision and customization. Takajo will further automate the most common analysis tasks as well as provide a dynamic web report to quickly triage alerts and compromised computers.

The Evolving Cyber Threat Landscape: A SANS Perspective

The Evolving Cyber Threat Landscape: A SANS Perspective,” we examine the leading cyber threats organisations face today and how adversaries exploit both technological and human vulnerabilities. From increasingly targeted ransomware and social engineering tactics to the misuse of AI-driven tools, we highlight the real-world impact of these attacks across critical industries. We then discuss proactive defenses such as Zero Trust architectures, threat hunting, and secure AI deployment to provide actionable steps for strengthening security postures in a rapidly changing threat environment.  

Meet the speakers

Zachary Mathis

Zachary Mathis

Founder

A graduate of Purdue University with dual degrees in Computer Science and East Asian studies, Zach is a trailblazing security professional in Japan. He has founding a security team and deliveried various services from pen-testing to DFIR since 2006.

Learn more
Rich Greene

Rich Greene

Senior Solutions Engineer

Rich is a seasoned cybersecurity professional with over two decades of experience in the cyber domain. He has participated in offensive and defensive cyber operations for the Department of Defense (DoD) in more than 17 countries.

Learn more