chainsaw hunt -r rules/ evtx_attack_samples -s sigma/rules -mapping mappings/sigma-event-logs-all.yml -level critical □ Can be run on MacOS, Linux and Windows.□ Output results in a variety of formats, such as ASCII table format, CSV format, and JSON format.□ Create execution timelines by analysing Shimcache artefacts and enriching them with Amcache data.□ Document tagging (detection logic matching) provided by the TAU Engine Library.⚡ Lightning fast, written in rust, wrapping the EVTX parser library by □ Clean and lightweight execution and output formats without unnecessary bloat.□ Search and extract forensic artefacts by string matching, and regex patterns.□ Hunt for threats using Sigma detection rules and custom Chainsaw detection rules.Chainsaw offers a generic and fast method of searching through event logs for keywords, and by identifying threats using built-in support for Sigma detection rules, and via custom Chainsaw detection rules. Rapidly Search and Hunt through Windows Forensic ArtefactsĬhainsaw provides a powerful ‘first-response’ capability to quickly identify threats within Windows forensic artefacts such as Event Logs and MFTs.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |