0007550: Chainsaw - Windows Event Log Parser (DFIR)

ID	Project	Category	View Status	Date Submitted	Last Update

0007550	Kali Linux	Queued Tool Addition	public	2022-01-29 01:56	2023-03-27 11:32

Reporter	doublezero	Assigned To
Priority	normal	Severity	minor	Reproducibility	N/A
Status	acknowledged	Resolution	open

Summary	0007550: Chainsaw - Windows Event Log Parser (DFIR)
Description	Name - Chainsaw Version - Latest Homepage - https://github.com/countercept/chainsaw Chainsaw provides a powerful ‘first-response’ capability to quickly identify threats within Windows event logs. It offers a generic and fast method of searching through event logs for keywords, and by identifying threats using built-in detection logic and via support for Sigma detection rules. Install - You can find pre-compiled versions of chainsaw in the releases section of this Github repo, or you can clone the repo (and the submodules) by running: git clone --recurse-submodules https://github.com/countercept/chainsaw.git You can then compile the code yourself by running: cargo build --release. Once the build has finished, you will find a copy of the compiled binary in the target/release folder. Make sure to build with the --release flag as this will ensure significantly faster execution time.

Date Modified	Username	Field	Change
2022-01-29 01:56	doublezero	New Issue
2022-03-25 13:40	g0tmi1k	Note Added: 0015937
2022-03-25 13:40	g0tmi1k	Category	New Tool Requests => Queued Tool Addition
2022-05-04 12:54	g0tmi1k	Status	new => acknowledged

g0tmi1k 2022-03-25 13:40 administrator ~0015937	@kali-team, please could this be packaged up. @author, If you want to help the packaging process, you can check the documentation here ~ https://www.kali.org/docs/development/public-packaging