James D

icon indicating a website link https://www.securehat.co.uk

Results 5 comments of James D

Documentation or guidance on expanding Chainsaw's functionality

Thanks for raising this issue, this is really valuable feedback. I'll work on building out some clearer documentation on how chainsaw uses the mapping file to apply the Sigma rule...

Documentation or guidance on expanding Chainsaw's functionality

I took a stab at improving some of the documentation today. If you check out the 'How to add support for more rules' section of the readme (it's at the...

Definition of "logsource" values like product or category.

Hey @Maspital I'm guessing you're running chainsaw with the `sigma-event-logs-all.yml` mapping file. This mapping file does not filter based on provider name or category which means that some Sigma rules...

Microsoft Defender / Antivirus detections removed in new releases

Hey @AnthoLaMalice Thanks for flagging this. I'll take a look next week and get back to you after I've figured out what's going on.

[Bug] MFT DataStreams Field Appears Cut Off for SmartScreen

Hmm, interesting. Thanks for the report. I can replicate the bug on my end, and it looks like the issue exists in the underlying MFT parsing library we use. I'm...