chainsaw

chainsaw copied to clipboard

Support for more F-Secure alerts / log providers

2

Request to add support for more event log providers related to F-Secure alerts. The built-in support for F-Secure alerts consumes events from the "F-Secure Ultralight SDK" provider. My limited research...

einarssonm

Documentation or guidance on expanding Chainsaw's functionality

15

Hello, Would it be possible for some documentation or guidance on how to expand the functionality of Chainsaw using sigma rules and chainsaw's mapping file? I've spoken with a number...

tomnewman86

Chainsaw for Windows does not run in Windows 7? Is there a Version that will run in Windows 7? However it does run in Windows 10. Kenneth

kenrmayfield

chrono-tz phf dependency

1

Trying to compile this in Kali 5.5.0-kali2-amd64 and getting the error below. I tried deleting the ./cargo/registry folder according to this [https://blog.illixion.com/2021/10/fix-failed-to-select-a-version-cargo/](url) but that yielded the same results. Is this...

chronocrate

Feature Request: Event Log ID / Sigma Summary

1

Would be helpful if chainsaw could provide high level stats detailing the frequency of event code IDs observed in an Event Log, like Eric Zimmerman's `evtxecmd tool`. Potential usage would...

ssnkhan

Looking for clarity for mft yaml 'filter' issue

3

im working a on a particular issue where the use of chainsaw has been very welcome and essential, but im unfamiliar with a great deal in cybersecurity for the sake...

gr3y56

chainsaw project name collides with another rust project

2

Hello, please note there has been published different project "chainsaw" on the crates.io. https://crates.io/crates/chainsaw So there is now a name clash which might make it more difficult to package the...

xambroz

Definition of "logsource" values like product or category.

12

Hey, I am currently using chainsaw + SIGMA to evaluate log datasets and stumbled upon the following issue: Certain SIGMA rules produce an abnormally high number of false positives, to...

Maspital

v2.9.1 mac X86 64 binary is actual an ARM64, not x86

2

hi there, I would like to parse some evtx files on my X86 mac... thought I'd try chainsaw. **while the apple binary is labelled x86 it seems to be ARM64?**...

rsulliva

Microsoft Defender / Antivirus detections removed in new releases

7

Hey guys, I have observed that the latest version of Chainsaw no longer seems to report Microsoft Defender/AV detection. I ran both v2.9.0 and v2.8.0 on the same log set,...

AnthoLaMalice